October 15, 2021

The future is hybrid

grosser-somebody.JPGEvery longstanding annual event-turned-virtual these days has a certain tension.

"Next year, we'll be able to see each other in person!" says the host, beaming with hope. Excited nods in the Zoom windows and exclamation points in the chat.

Unnoticed, about a third of the attendees wince. They're the folks in Alaska, New Zealand, or Israel, who in normal times would struggle to attend this event in Miami, Washington DC, or London because of costs or logistics.

"We'll be able to hug!" the hosts say longingly.

Those of us who are otherwhere hear, "It was nice having you visit. Hope the rest of your life goes well."

When those hosts are reminded of this geographical disability, they immediately say how much they'd hate to lose the new international connections all these virtual events have fostered and the networks they have built. Of course they do. And they mean it.

"We're thinking about how to do a hybrid event," they say, still hopefully.

At one recent event, however, it was clear that hybrid won't be possible without considerable alterations to the event as it's historically been conducted - at a rural retreat, with wifi available only in the facility's main building. With concurrent sessions in probably six different rooms and only one with the basic capability to support remote participants, it's clear that there's a problem. No one wants to abandon the place they've used every year for decades. So: what then? Hybrid in just that one room? Push the facility whose selling point is its woodsy distance from modern life to upgrade its broadband connections? Bring a load of routers and repeaters and rig up a system for the weekend? Create clusters of attendees in different locations and do node-to-node Zoom calls? Send each remote participant a hugging pillow and a note saying, "Wish you were here"?

I am convinced that the future is hybrid events, if only because businesses sound so reluctant to resume paying for so much international travel, but the how is going to take a lot of thought, collaboration, and customization.


Recent events suggest that the technology companies' own employees are a bigger threat to business-as-usual than portending regulation and legislation. Facebook's had two major whistleblowers - Sophie Zhang and Frances Haugen in the last year, and basically everyone wants to fix the site's governance. But Facebook is not alone...

At Uber, a California court ruled in August that drivers are employees; a black British driver has filed a legal action complaining that Uber's driver identification face-matching algorithm is racist; and Kenyan drivers are suing over contract changes they say have cut their takehome pay to unsustainably low levels.

Meanwhile, at Google and Amazon, workers are demanding the companies pull out of contracts with the Israeli military. At Amazon India, a whistleblower has handed Reuters documents showing the company has exploited internal data to copy marketplace sellers' products and rig its search engine to display its own versions first. *And* Amazon's warehouse workers continue to consider unionizing - and some cities back them.

Unfortunately, the bigger threat of the legislation being proposed in the US, UK, New Zealand, Canada is *also* less to the big technology companies than to the rest of the Internet. For example, in reading the US legislation Mike Masnick finds intractable First Amendment problems. Last week I liked this idea of focusing on content social media companies' algorithms amplify, but Masnick persuasively argues it's not so simple, citing Daphne Koller, who thought more critically about the First Amendment problems that will arise in implementing that idea.


The governor of Missouri, Mike Parson, has accused Josh Renaud, a journalist with the St Louis Post-Dispatch, of hacking into a government website to view several teachers' social security numbers. From the governor's description, it sounds like Renaud hit either CTRL-U or hit F12, looked at the HTML code, saw startlingly personal data, and decided correctly that the security flaw was newsworthy. (He also responsibly didn't publish his article until he had notified the website administrators and they had fixed the issue.)

Parson disagrees about the legitimacy of all this, and has called for a criminal investigation into this incident of "hacking" (see also scraping). The ability to view the code that makes up a web page and tells the browser how to display it is a crucial building block of the web; when it was young and there were no instruction manuals, that was how you learned to make your own page by copying. A few years ago, the Guardian even posted technical job ads in its pages' HTML code, where the right applicants would see them. No password, purloined or otherwise, is required. The code is just sitting there in plain sight on a publicly accessible server. If it weren't, your web page would not display.

Twenty-five years ago, I believed that by now governments would be filled with 30-somethings who grew up with computers and the 2000-era exploding Internet and could restrain this sort of overreaction. I am very unhappy to be wrong about this. And it's only going to get worse: today's teens are growing up with tablets, phones, and closed apps, not the open web that was designed to encourage every person to roll their own.

Illustrations: Exhibit from Ben Grosser's "Software for Less, reimagining Facebook alerts, at the Arebyte Gallery until end October.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 20, 2021


Thumbnail image for Jacinda_Ardern_at_the_University_of_Auckland_(cropped).jpg"One case!" railed a computer industry-adjacent US libertarian on his mailing list recently. He was scathing about the authoritarianism he thought implicit in prime minister Jacinda Ardern's decision to lock down New Zealand because one covid-positive case had been found in Auckland.

You would think that an intelligent guy whose life has been defined by the exponential growth of Moore's Law would understand by now. One *identified* case of unknown origin means a likely couple of dozen others who are all unknowingly going to restaurants, bars, concerts, and supermarkets and infecting other people. Put together the highly-transmissible Delta variant, which has ravaged India, caused huge spikes in the UK and Israel despite relatively high vaccination levels, and is vacuuming up ICU beds in vaccine-resistant US states, and the fact that under 20% of New Zealanders are vaccinated. Ardern, whose covid leadership has been widely admired all along, has absorbed the lessons of elsewhere. Locking down for a few days with so few cases buys time to do forwards and backwards contact tracing, 26 deaths, not tens of thousands, and an unstressed health care system. New Zealand has had months of normality punctuated by days of lockdown instead of, as elsewhere, months of lockdown punctuated by days of nervous attempts at socializing. Her country agrees with her. What more do you want?

The case was found Tuesday; lockdown began Wednesday. By Thursday, the the known case count was 21, with models predicting that the number of infected people was probably around 100. If all those people were walking around, that one case - imported, it now appears, from Australia - would be instigating thousands. Ardern has, you should excuse the expression, balls - and a touch of grace. I can't think of any other national leader who's taken the trouble to *thank* the index case for coming forward to get tested and thereby saving countless of his fellow citizens' lives.

Long ago - March 2020 - Ardern's public messaging included the advice "Be kind". This message could usefully be copied elsewhere - for example, the US, where anti-maskers are disrupting school board meetings andclassrooms, and anti-vaccination protests have left a man stabbed in Los Angeles. On Twitter and in other media, some states' medical staff report that among their hospitals'97%-unvaccinated covid caseloads are some who express regret, too late. Timothy Bella reports at the Washington Post that a Mobile, Alabama doctor has told patients that as of October 1 he won't treat anyone who is not vaccinated against covid. Alabama's vaccination rate, 36%, is the lowest in the US, the state is reporting nearly 4,000 new cases per day, and its hospitals have run out of ICU beds. His reaction is understandable. Useful motto for 2021: everyone is entitled to be anxious about the pandemic however they want.

Twitter has several "more of this, please"-type reactions. Tempting: there's the risk to other patients in the waiting room; the desire to push people to get vaccinated; the human reluctance to help people who won't help themselves to avoid dying of a preventable illness; the awareness of the frustration, burn-out, stress, and despair of hospital-based counterparts. And yet. This doctor isn't required by lack of resources to do triage. He just doesn't want to invest in treating people and be forced to watch their miserable, preventable deaths. I understand. But it's dangerous when doctors pick and choose whom they treat. Yes, barring medical contraindications, refusing covid vaccinations is generally a mistake. But being wrong isn't a reason to deny health care.

Ardern has - as she says - the advantage of being last. Working with less information, countries scrambling earlier to cope with new variants will inevitably make more mistakes. At the Atlantic, Howard Markel argues that we need to stop looking back to 1918 for clues to handling this one.

It's certainly true that the 1918 model has led us astray in significant ways, chiefly consequences of confusing covid with flu. In the UK, that confusion led the government to focus on washing hands and cleaning surfaces and ignore ventilation, a mistake it still hasn't fully rectified 18 months later. In the US, "it's a mild flu" is many people's excuse for refusing masks, vaccines, and other cautions. The 1918 example was, however, valuable as a warning of how devastating a pandemic can be without modern tools to control it. Even with today's larger population, 100 million deaths is too significant to ignore. For them, masks, ventilation, and lockdowns were the only really available tools. For us, they bought time for science to create better ones - vaccines. What we lack, however, is societal and political trust (whether or not you blame the Internet) and the will to spread manufacturing across the world. In 1918, the future, post-pandemic and post-war, was a "roaring" decade of celebration. Our post-pandemic future is more pandemics unless we pay attention to public health and building pandemic resistance, especially as climate change brings new microbes into direct contact with humans,

Markel is a professor at the University of Michigan, and his uncomfortable message is this: we are in uncharted territory. No wonder we cling to the idea that the pandemic of 2020-present is kinda-sorta 1918: without that precedent we are facing conditions of radical uncertainty. Be kind.

Illustrations: New Zealand prime minister Jacinda Ardern campaigning in 2017 (Brigitte Neuschwander-Kasselordner, via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

June 18, 2021

Libera me man walks into his bar and one there.

OK, so the "man" was me, and the "bar" was a Reddit-descended IRC channel devoted to tennis...but the shock of emptiness was the same. Because tennis is a global sport, this channel hosts people from Syracuse NY, Britain, Indonesia, the Netherlands. There is always someone commenting, checking the weather wherever tennis is playing, checking scores, or shooting (or befriending) the channel's frequent flying ducks.

Not now: blank, empty void, like John Oliver's background for the last, no-audience year. Those eight listed users are there in nickname only.

A year ago at this time, this channel's users were comparing pandemic restrictions. In our lockdowns, I liked knowing there was always someone in another time zone to type to in real time. So: slight panic. Where *are* they?

IRC dates to the old cooperative Internet. It's a protocol, not a service, so anyone can run an IRC server, and many people do, even though the mainstream, especially the younger mainstream, long since moved on through instant messaging and on to Twitter, WhatsApp groups, Telegram channels, Slack, and Discord. All of these undoubtedly look prettier and are easier to use, but the base functionality hasn't changed all that much.

IRC's enduring appeal is that it's all plain text and therefore bandwidth-light, it can host any size of conversation from a two-person secret channel to a public channel of thousands, multiple clients are available on every platform, and it's free. Genuinely free, not pay-with-data free - no ads! Accordingly, it's still widely used in the open source community. Individual channels largely set their own standards and community norms...and their own games. Circa 2003, I played silly trivia quizzes on a TV-related channel. On this one...ducks. A sample:

゜゜・。 ​ 。・゜゜\_o​< FLAP​ FLAP!

However, the fact that anyone *can* run their own server doesn't mean that everyone *does*, and like other Internet services (see also: open web, email), IRC gravitated towards larger networks that enable discovery. If you host your own server, strangers can only find it if you let them; on a large network users can search for channels, find topics they're interested in, and connect to the nearest server. While many IRC networks still survive, in recent years by far the biggest, according to Netsplit, is Freenode, largely because of its importance in providing connections and support for the open source community. Freenode is also where the missing tennis channel was hosted until about Tuesday, three days before I noticed it was silent. As you'll see in the Netsplit image above, that was when Freenode traffic plummeted, countered by a near-vertical rise in traffic on Libera Chat. That is where my channel turned out to be restored to its usual bustling self.

What happened is both complicated and pretty simple: ownership changed hands without anyone's quite realizing what it was going to mean. To say that IRC is free to use does not mean there are no costs: besides computers and bandwidth, the owners of IRC servers must defend their networks against attacks. Freenode, Wikipedia explains, began as a Linux support channel on another network run by four people, who went on to set up their own network, which eventually became the largest support network for the open source community. A series of ownership changes led from a California charity through a couple of steps to today's owner, the UK-based private company Freenode Ltd, which is owned by Andrew Lee, a technology entrepreneur and founder of the Private Internet Access VPN. No one appears to have thought much about this until last month, when 20 to 30 of the volunteers who run Freenode ("staff") resigned accusing Lee of executing a hostile takeover. Some of them promptly set up Libera as an alternative.

What makes this story about a somewhat arcane piece of the old Internet interesting - aside from the book that demands to be written about IRC's rich history, culture, and significance - is that this is the second time in the last 18 months that a significant piece of the non-profit infrastructure has been targeted for private ownership. The other was the .org top-level domain. These underpinnings need better protection.

On the day traffic plummeted, Lee made deciding to move really easy: as part of changing the network's underlying software, he decided to remove the entire database of registered names and channels - committing suicide, some called it. Because, really: if you're going to have to reregister and reconstruct everything anyway, the barrier to moving to that identical new network over there with all the familiar staff and none of the new owner mishegoss is gone. Hence the mass exodus.

This is why IRC never spawned a technology giant: no lock-in. Normally when you move a conversation it dies. In this case, the entire channel, with its scripts and games and familiar interface, could be recreated at speed and resume as if nothing had happened. All they had to do was tell people. Five minutes after I posted a plaintive query on Reddit, someone came to retrieve me.

So, now: a woman logs into an IRC channel and finds all the old regulars. A duck flaps past. I have forgotten the ".bang" command. I type ".bef" instead. The duck is saved.

Illustrations: Netsplit's graph of IRC network traffic from June 2021.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 7, 2021

Decision not decision

Screenshot from 2021-01-07 13-17-20.pngIt is the best of decisions, it is the worst of decisions.

For some, this week's decision by Facebook's Oversight Board in the matter of "the former guy" Donald J. Trump is a deliberate PR attempt at distraction. For many, it's a stalling tactic. For a few, it is a first, experimental stab at calling the company to account.

It can be all these things at once.

But first, some error correction. Nothing the Facebook Oversight Board does or doesn't do tells us anything much about governing the Internet. Although there are countries where zero-rating deals with telcos make Facebook effectively the only online access most people have, Facebook is not the Internet and it's not the web. Facebook is a commercial company's walled garden that is reached over the Internet and via both the web and apps that bypass the web entirely. Governing Facebook is about how we regulate and govern commercial companies that use the Internet to achieve global reach. Like Trump, Facebook has no exact peer, so it is difficult to generalize from decisions about either to reach wider principles of content moderation.

It's also important to recognize that Trump used/uses different social media sites in different ways. Facebook was important to Trump for organizing campaigns and advertising, as well as getting his various messages amplified and spread by supporters. But there's little doubt that personally he'd rather have Twitter back; its public nature and instant response made it his id-to-fingers direct connection to the media. Twitter fed him the world's attention. Those were the postings that had everyone waking up in the middle of the night panicked in case he had abruptly declared war on North Korea. After his ban, the service was full of tweets expressing relief at the silence.

The board's decision has several parts. First, it says the company was right to suspend Trump's account. However, it goes on to say, the company erred in applying an "indeterminate and standardless penalty of indefinite suspension". It goes on to tell Facebook to develop "clear, necessary, and proportionate policies that promote public safety and freedom of expression". The board's charter requires Facebook to make an initial response within 30 days, and the decision itself orders Facebook to review the case to "determine and justify a proportionate response that is consistent with the rules that are applied to other users of its platform". It appears that the board is at least trying not to let itself be used as a shield.

At the New York Times, Kara Swisher calls the non-decision kind of perfect. At the Washington Post, Margaret Sullivan calls the board a high-priced fig leaf. At Lawfare, Evelyn Douek believes the decision shows promise but deplores the board's reluctance to constrain Facebook, On Wednesday's episode of Ben Wittes's and Kate Klonick's In Lieu of Fun, panelists speculated what indicators would show the board was achieving legitimacy. Carole Cadwalladr, who broke the Cambridge Analytica story in 2016, calls Facebook, simply, cancer and views the oversight board as a "dangerous distraction".

When the board first began issuing decisions, Jeremy Lewin commented that the only way the board - "a dangerous sham" - could show independence was to reverse Facebook's decisions, which in all cases, that would mean restoring deleted posts since the board has no role in evaluating decisions to retain posts. It turns out that's not true. In the Trump decision, the board found a third way: calling out Facebook for refusing to answer its questions, failing to establish and follow clear procedures, and punting on its responsibilities.

However, despite the decision's legalish language, the Oversight Board is not a court, and Facebook's management is not a government. For both good and bad: as Orin Kerr reminds Facebook can't fine, jail, or kill its users; as many others will note, as a commercial company its goals are profits and happy shareholders, not fairness, transparency, or a commitment to uphold democracy. If it adopts any of those latter goals, it's because the company has calculated that it will cost more not to. Therefore, *every* bit of governance it attempts is a PR exercise. In pushing the ultimate decision back to Facebook and demanding that the company write and publish clear rules the board is trying to make itself more than that. We will know soon whether it has any hope of success.

But even if the board succeeds in pushing Facebook into clarifying its approach to this case, "success" will be constrained. Here's the board's mission: "The purpose of the board is to protect free expression by making principled, independent decisions about important pieces of content and by issuing policy advisory opinions on Facebook's content policies." Nothing there permits the board to raise its own cases, examine structural defects, or query the company's business model. There is also no option for the board to survey Trump's case and the January 6 Capitol invasion and place it in the context of evidence on Facebook's use to incite violence in other countries - Myanmar, Sri Landa, Kindia, Indonesia, Mexico, Germany, and Ethiopia. In other words, the board can consider individual cases when it is assigned them, but not the patterns of behavior that Facebook facilitates and are in greatest need of disruption. That will take governments and governance.

Illustrations: The January 6 invasion of the US Capitol.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

April 23, 2021

Fast, free, and frictionless

Sinan-Aral-20210422_224835.jpg"I want solutions," Sinan Aral challenged at yesterday's Social Media Summit, "not a restatement of the problems". Don't we all? How many person-millennia have we spent laying out the issues of misinformation, disinformation, harassment, polarization, platform power, monopoly, algorithms, accountability, and transparency? Most of these have been debated for decades. The big additions of the last decade are the privatization of public speech via monopolistic social media platforms, the vastly increased scale, and the transmigration from purely virtual into physical-world crises like the January 6 Capitol Hill invasion and people refusing vaccinations in the middle of a pandemic.

Aral, who leads the MIT Initiative on the Digital Economy and is author of the new book The Hype Machine, chose his panelists well enough that some actually did offer some actionable ideas.

The issues, as Aral said, are all interlinked. (see also 20 years of net.wars). Maria Ressla connected the spread of misinformation to system design that enables distribution and amplification at scale. These systems are entirely opaque to us even while we are open books to them, as Guardian journalist Carole Cadwalladr noted, adding that while US press outrage is the only pressure that moves Facebook to respond, it no longer even acknowledges questions from anyone at her newspaper. Cadwalladr also highlighted the Securities and Exchange Commission's complaint that says clearly: Facebook misled journalists and investors. This dismissive attitude also shows in the leaked email, in which Facebook plans to "normalize" the leak of 533 million users' data.

This level of arrogance is the result of concentrated power, and countering it will require antitrust action. That in turn leads back to questions of design and free speech: what can we constrain while respecting the First Amendment? Where is the demarcation line between free speech and speech that, like crying "Fire!" in a crowded theater, can reasonably be regulated? "In technology, design precedes everything," Roger McNamee said; real change for platforms at global or national scale means putting policy first. His Exhibit A of the level of cultural change that's needed was February's fad, Clubhouse: "It's a brand-new product that replicates the worst of everything."

In his book, Aral opposes breaking up social media companies as was done incases such as Standard Oil, the AT&T. Zephyr Teachout agreed in seeing breakup, whether horizontal (Facebook divests WhatsApp and Instagram, for example) or vertical (Google forced to sell Maps) as just one tool.

The question, as Joshua Gans said, is, what is the desired outcome? As Federal Trade Commission nominee Lina Khan wrote in 2017, assessing competition by the effect on consumer pricing is not applicable to today's "pay-with-data-but-not-cash" services. Gans favors interoperability, saying it's crucial to restoring consumers' lost choice. Lock-in is your inability to get others to follow when you want to leave a service, a problem interoperability solves. Yes, platforms say interoperability is too difficult and expensive - but so did the railways and telephone companies, once. Break-ups were a better option, Albert Wenger added, when infrastructures varied; today's universal computers and data mean copying is always an option.

Unwinding Facebook's acquisition of WhatsApp and Instagram sounds simple, but do we want three data hogs instead of one, like cutting off one of Lernean Hydra's heads? One idea that emerged repeatedly is slowing "fast, free, and frictionless"; Yael Eisenstat wondered why we allow experimental technology at global scale but policy only after painful perfection.

MEP Marietje Schaake (Democrats 66-NL) explained the EU's proposed Digital Markets Act, which aims to improve fairness by preempting the too-long process of punishing bad behavior by setting rules and responsibilities. Current proposals would bar platforms from combining user data from multiple sources without permission; self-preferencing; and spying (say, Amazon exploiting marketplace sellers' data), and requires data portability and interoperability for ancillary services such as third-party payments.

The difficulty with data portability, as Ian Brown said recently, is that even services that let you download your data offer no way to use data you upload. I can't add the downloaded data from my current electric utility account to the one I switch to, or send my Twitter feed to my Facebook account. Teachout finds that interoperability isn't enough because "You still have acquire, copy, kill" and lock-in via existing contracts. Wenger argued that the real goal is not interoperability but programmability, citing open banking as a working example. That is also the open web, where a third party can write an ad blocker for my browser, but Facebook, Google, and Apple built walled gardens. As Jared Sine told this week's antitrust hearing, "They have taken the Internet and moved it into the app stores."

Real change will require all four of the levers Aral discusses in his book, money, code, norms, and laws - which Lawrence Lessig's 1996 book, Code and Other Laws of Cyberspace called market, software architecture, norms, and laws - pulling together. The national commission on democracy and technology Aral is calling for will have to be very broadly constituted in terms of disciplines and national representation. As Safiya Noble said, diversifying the engineers in development teams is important, but not enough: we need "people who know society and the implications of technologies" at the design stage.

Illustrations: Sinan Aral, hosting the summit.l

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

March 26, 2021

Curating the curators

Zuck-congress-20210325_212525.jpgOne of the longest-running conflicts on the Internet surrounds whether and what restrictions should be applied to the content people post. These days, those rules are known as "platform governance", and this week saw the first conference by that name. In the background, three of the big four CEOs returned to Congress for more questioning, the EU is planning the Digital Services Act; the US looks serious about antitrust action, and debate about revising Section 230 of the Communications Decency Act continues even though few understandwhat it does; and the UK continues to push "online harms.

The most interesting thing about the Platform Governance conference is how narrow it makes those debates look. The second-most interesting thing: it was not a law conference!

For one thing, which platforms? Twitter may be the most-studied, partly because journalists and academics use it themselves and data is more available; YouTube, Facebook, and subsidiaries WhatsApp and Instagram are the most complained-about. The discussion here included not only those three but less "platformy" things like Reddit, Tumblr, Amazon's livestreaming subsidiary Twitch, games, Roblox, India's ShareChat, labor platforms UpWork and Fiverr, edX, and even VPN apps. It's unlikely that the problems of Facebook, YouTube, and Twitter that governments obsess over are limited to them; they're just the most visible and, especially, the most *here*. Granting differences in local culture, business model, purpose, and platform design, human behavior doesn't vary that much.

For example, Jenny Domino reminded - again - that the behaviors now sparking debates in the West are not new or unique to this part of the world. What most agree *almost* happened in the US on January 6 *actually* happened in Myanmar with far less scrutiny despite a 2018 UN fact-finding mission that highlighted Facebook's role in spreading hate. We've heard this sort of story before, regarding Cambridge Analytica. In Myanmar and, as Sandeep Mertia said, India, the Internet of the 1990s never existed. Facebook is the only "Internet". Mertia's "next billion users" won't use email or the web; they'll go straight to WhatsApp or a local or newer equivalent, and stay there.

Mehitabel Glenhaber, whose focus was Twitch, used it to illustrate another way our usual discussions are too limited: "Moderation can escape all up and down the stack," she said. Near the bottom of the "stack" of layers of service, after the January 6 Capitol invasion Amazon denied hosting services to the right-wing chat app Parler; higher up the stack, Apple and Google removed Parler's app from their app stores. On Twitch, Glenhaber found a conflict between the site's moderatorial decision the handling of that decision by two browser extensions that replace text with graphics, one of which honored the site's ruling and one of which overturned it. I had never thought of ad blockers as content moderators before, but of course they are, and few of us examine them in detail.

Separately, in a recent lecture on the impact of low-cost technical infrastructure, Cambridge security engineer Ross Anderson also brought up the importance of the power to exclude. Most often, he said, social exclusion matters more than technical; taking out a scammer's email address and disrupting all their social network is more effective than taking down their more easily-replaced website. If we look at misinformation as a form of cybersecurity challenge - as we should, that's an important principle.

One recurring frustration is our general lack of access to the insider view of what's actually happening. Alice Marwick is finding from interviews that members of Trust and Safety teams at various companies have a better and broader view of online abuse than even those who experience it. Their data suggests that rather than being gender-specific harassment affects all groups of people; in niche groups the forms disagreements take can be obscure to outsiders. Most important, each platform's affordances are different; you cannot generalize from a peer-to-peer site like Facebook or Twitter to Twitch or YouTube, where the site's relationships are less equal and more creator-fan.

A final limitation in how we think about platforms and abuse is that the options are so limited: a user is banned or not, content stays up or is taken down. We never think, Sarita Schoenebeck said, about other mechanisms or alternatives to criminal justice such as reparative or restorative justice. "Who has been harmed?" she asked. "What do they need? Whose obligation is it to meet that need?" And, she added later, who is in power in platform governance, and what harms have they overlooked and how?

In considering that sort of issue, Bharath Ganesh found three separate logics in his tour through platform racism and the governance of extremism: platform, social media, and free speech. Mark Zuckerberg offers a prime example of the latter, the Silicon Valley libertarian insistence that the marketplace of ideas will solve any problems and that sees the First Amendment freedom of expression as an absolute right, not one that must be balanced against others - such as "freedom from fear". Following the end of the conference by watching the end of yesterday's Congressional hearings, you couldn't help thinking about that as Mark Zuckerberg embarked on yet another pile of self-serving "Congressman..." rather than the simple "yes or no" he was asked to deliver.

Illustrations: Mark Zuckerberg, testifying in Congress on March 25, 2021.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

March 5, 2021

Covid's children

LSE-Livingstone-panel-2021-03.pngI wonder a lot about how the baby downstairs will develop differently because of his September 2020 birth date. In his first five months, the only humans who have been in close contact are his two parents, a smattering of doctors and nurses, and a stray neighbor who occasionally takes him for walks. Walks, I might add, in which he never gets out of his stroller but in which he exhibits real talent for staring contests (though less for intelligent conversation). His grandparents he only knows through video calls. His parents think he's grasped that they're real, though not present, people. But it's hard to be sure.

The effects of the pandemic are likely to be clear a lot sooner for the older children and young people whose lives and education have been disrupted over the past year. This week, as part of the LSE Post-Covid World Festival, Sonia Livingstone (for whose project I wrote some book reviews a few years ago) led a panel to discuss those effects.

Few researchers in the UK - Livingstone, along with Andy Phippen, is one of the exceptions, as is, less formally, filmmaker and House of Lords member Beeban Kidron, whose 2013 film InRealLife explores teens' use of the Internet - ever bother to consult children to find out what their online experiences and concerns really are. Instead, the agenda shaped by politicians and policy makers centers on adults' fears, particularly those that can be parlayed into electoral success. The same people who fret that social media is posing entirely new problems today's adults never encountered as children refuse to find out what those problems look like to the people actually experiencing them. Worse, the focus is narrow: protecting children from pornography, grooming, and radicalization is everywhere, but protecting them from data exploitation is barely discussed. In the UK, as Jen Persson, founder of DefendDigitlMe, keeps reminding us, collecting children's data is endemic in education.

This was why the panel was interesting: all four speakers are involved in projects aimed to understand and amplify children's and young people's own concerns. From that experience, all four - Konstantinos Papachristou, the youth lead for the #CovidUnder19 project, Maya Götz, who researches children, youth, and television, Patricio Cuevas-Parra, who is part of a survey of 10,000 children and young people, and Laurie Day - highlighted similar issues of lack of access and inequality - not just to the Internet but also to vaccines and good information.

In all countries, the shift to remote leaning has been abrupt, exposing infrastructure issues that were always urgent, but never quite urgent enough to fix. Götz noted that in some Asian countries and Chile she's seeing older technologies being pressed into service to remedy some of this - technologies like broadcast TV and radio; even in the UK, after the first lockdown showed how many low-income families could not afford sufficient data plans, the the BBC began broadcasting curriculum-based programming.

"Going back to normal," Day said, "needs a rethink of what support is needed." Yet for some students the move to online learning has been liberating, lightening social and academic pressures and giving space to think about their values and the opportunity to be creative. We don't hear so much about that; British media focus on depression and loss.

By the time the baby downstairs reaches school age, the pandemic will be over, but its footprint will be all over how his education proceeds.

Persson, who focuses on the state's use of data in education, says that one consequence of the pandemic is that Microsoft and Google have entrenched themselves much more deeply into the UK's education infrastructure.

"With or without covid, schools are dependent on them for their core infrastructure now, and that's through platforms joining up their core personal data about students and staff - email addresses, phone numbers, names, organizational data - and joining all that up," she says. Parents are encouraged to link to their children's accounts, and there is, for the children concerned, effectively, "no privacy". The software, she adds, was really designed for business and incompletely adapted for education. For example, while there are controls schools can use for privacy protection, the defaults, as always, are towards open sharing. In her own children's school, which has 2,000 students, the software was set up so every user could see everyone else's email address.

"It's a huge contrast to [the concern about] online harms, child safety, and the protection mantra that we have to watch everything because the world is so unsafe," she says. Partly, this is also a matter of perception: policy makers tend to focus on "stranger danger" and limiting online content rather than ID theft, privacy, and how all this collected data may be used in the future. The European Digital Rights Initiative (EDRi) highlights the similar thinking behind European Commission proposals to require the platforms to scan private communications as part of combating child sexual abuse online.

All this awaits the baby downstairs. The other day, an 18-month-old girl ran up to him, entranced. Her mother pulled her back before she could touch him or the toys tied to his stroller. For now, he, like other pandemic babies, is surrounded by an invisible barrier. We won't know for several decades what the long-term effect will be.

Illustrations: Illustrations: Sonia Livingstone's LSE panel.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 5, 2021

Dead cat trampoline

If you want to understand the story of why a bunch of Redditors have used Gamestop shares to squeeze a load of profitability out of a couple of hedge funds you could do worse than to read the 1994 Wired article about the time the Usnet newsgroup alt.tasteless invaded rec.pets.cats, by Josh Quittner. A horde of "little guys" invading the protected territory of a handful of stodgy, entitled billionaires and hedge fund managers could be the Internet's origin story. For example: bitcoin.

In brief, for those who've missed the breathless coverage: the "troubled" retail chain Gamestop. whose share price opened 2021 at around $17 and which dropped as low as $2.57 during 2020, suddenly spiked (briefly) last week to $483. The technical explanation is that this is an extreme version of a short squeeze, a vicious spiral in which a company's rising share price forces traders who have bet that it will go down scramble to cover their losses before they can escalate further.

Rule of thumb: when your get-rich-quick strategy appears on CNBC, it's time to cash out.

Calling Gamestop "troubled" is polite. Offline retail in general and particularly malls, where Gamestop outlets are located, are struggling. The company's revenues slid badly in 2019. That December - still 2019 - the best suggestions for recovery were to leverage the company's 5,600 physical locations to create experiences that can't be replicated online and to build its own line of products while it waited for the launch of new game consoles to goose its business. *Then* came the pandemic and its shutdowns to accelerate the spiral downwards. The company seems unlikely to be able to mount a comeback. Terrible for its employees, terrible for the malls and towns that depended on sales and other taxes, terrible for other local dependent businesses, but an opportunity for short sellers who get their timing exactly right.

In January, a Reddit group (subReddit Wall Street Bets) spotted that short sellers' commitments amounted to more than double the number of outstanding Gamestop shares and correctly recognized that they were looking at a spring-loaded slingshot. Ordinary retail investors can't, individually, buy enough to set a squeeze in motion, but a crowdsourcing, coordinated through an online forum, could indeed move the needle. The Redditors were also aided by 2019's industry-wide elimination of commissions on retail stock trades, which makes very small trades newly viable. The persistence of friction-inducing costs is why the Reddit scenario is unlikely to be replicated in the UK: British brokers still charge commissions on trades and the government adds stamp duty.

The markets are broken, short seller Carson Block tells Julia LaRoche at Yahoo Finance, in response to this incident. Like many over the last four years, he notes the widening gap between fundamental value and market pricing, between the real economy in which millions of Americans were struggling to afford rent even before the pandemic and the market, where 84% of the value is held by 10% of Americans, a level of inequality seen in England in 1966. This is not good news. WallStreetBets may be a messenger telling us that things are worse than we thought, but decades of underlying trends have fueled today's overpriced market: the extraordinarily low interest rates since 2008, the lack of alternatives for small, ongoing savings, the decades of replacing pensions with shares-filled 401(k) plans, and most recently Trump's tax cuts. The result is distorting the entire economy and robbing working Americans of a decent living.

Much of the Reddit action centered on Robinhood, a brokerage that markets itself as democratizing finance. At Slate, Alex Kershner says no: Robinhood's retail investors are the product, and Robinhood's real customers are Wall Street's market makers, who pay for the privilege of executing its stock orders. This arcane subject is best explained by Michael Lewis in Flash Boys. Because of the way it reduced friction for small-time retail traders - free commissions, instant access to deposited money, margin trading - Robinhood contributed to the volatility, but it's not really the story by itself. It is merely the last stop on a decades-old journey toward making it possible for retail investors to take risks previously limited to people who could provably afford the losses. The good side of that approach is to protect ordinary people from losing their homes; the bad side is to reserve the biggest profits for people who don't really need them.

If past decades are any guide, breaking those protections will hurt people. On Monday, February 1, Gamestop dropped 75%; on Tuesday it dropped 60%. On Wednesday, it rose slightly - about 2.5% in what experienced investors would call a "dead cat bounce", as Thursday saw it drop another 42%. Price Thursday night: $53.33. No one who bought at $483 will get their money back. As Farhad Manjou warns at the New York Times, in the end the house always wins. In the long term, fundamentals *should* matter. because the value of having the market in the first place isn't to make people rich but to help channel investment to viable businesses. If it doesn't fulfill that function it's time for real reform.

Illustrations: Chart of Gamestop's share price for the three months ending close of business February 4, 2021 (from Big Charts.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 22, 2021

In the balance

Thumbnail image for 800px-Netherlands-4589_-_Lady_of_Justice_&_William_of_Orange_Coat-o-Arms_(12171086413).jpgAs the year gets going, two conflicts look like setting precedents for Internet regulation: Australia's push to require platforms to pay license fees for linking to their articles; and Facebook's pending decision whether to make former president Donald Trump's ban permanent, as Twitter already has.

Facebook has referred Trump's case to its new Oversight Board and asked it to make policy recommendations for political leaders. The Board says it will consider whether Trump's content violated Facebook community standards and "values", and whether its removal respected human rights standards. It expects to report within 90 days; the decision will be binding on Facebook.

On Twitter, Kate Klonick, an assistant professor at St. John's University of Law, who has been following the Oversight Board's creation and development in detail, says the important aspect is not the inevitably polarizing decision itself, but the creation of what she hopes will be a "transparent global process to adjudicate these human rights issues of speech". In a Yale Law Journal articledocumenting the board's history so far, she suggests that it could set a precedent for collaborative governance of private platforms.

Or - and this seems more likely - it could become the place where Facebook dumps the controversial cases where making its own decision gains the company nothing. Trump is arguably one of these. No matter how much money Trump's presidential campaign (which seems unlikely to have any future) netted the company, it surely must be a drop in the ocean of its overall revenues. With antitrust suits pending and a politically controversial decision, why *wouldn't* Facebook want to hand it off? Would the company do the same in a case where the company's business model was at stake, though? If it does and the decision goes against Facebook's immediate business interests, will shareholders sue?

Those questions won't be answered for some years. Meanwhile, this initial case will be a milestone in Internet history, as Klonick says. If the board does not create durable principles that can be applied across other countries and political systems, it will have failed. The larger question, however, which is the circulation of deliberate lies and misinformation, is more complex.

For that, letters sent this week by US Congress members Anna Eshoo (D-CA) and Tom Malinowski (D-NJ) may be more germane: they have asked the CEOs of Facebook, Google, YouTube, and Twitter to alter their algorithms to stop promoting conspiracy theories at scale. Facebook has been able to ignore previous complaints it was inciting violence in markets less essential to its bottom line and of less personal significance.

The Australian case is smaller, and kind of a rerun, but still interesting. We noted in September that the Australian government had announced the draft News Media Bargaining Code, a law requiring Google and Facebook (to start with) to negotiate license fees for displaying snippets of news articles. By including YouTube, user postings, and search engine results, Australia hoped to ensure the companies could not avoid the law by shutting down, which was what happened in 2014 when Spain enacted a similar law that caught only Google News. Early reports indicated that its withdrawal resulted in a dramatic loss of traffic to publishers' sites.

However, by 2015, Spain's Association of Newspaper Editor was saying members were reporting just a 12% loss of traffic, and a 2019 assessment argues that in fact the closure (which persists) made little long-term difference to publishers. If this is true, it's unarguably better for publishers not to be dependent on a third-party company to send them traffic out of the goodness of their hearts. The more likely underlying reality, however, is that people have learned to use generic search engines and social media to find news stories - in which case the Australian law could still be damaging to publishers' revenues.

It is, as journalist Michael West points out, exceptionally difficult to tease out what portion of Google's or Facebook's revenues are attributable to news content. West argues that a better solution to those companies' rise is regulating their power and taxing them appropriately; neither Google nor Facebook is in the business of reporting the news and are not in direct competition with the traditional publishers - the biggest of which, in Australia, are owned by Rupert Murdoch and so filled with climate change denial that Murdoch's own son left the company because of it.

In December, Google and Facebook won a compromise that will allow Google to include in the negotiations the value it brings in the form of traffic; limit the data it has to share with publishers; and lower the requirement for platforms to share algorithm changes with the publishers. Prediction: the publishers aren't going to wind up getting much out of this.

For the rest of us, though, the notion that users could be stopped from sharing news links (as Facebook is threatening) should be alarming; open, royalty-free linking, as web inventor Tim Berners-Lee told Bloomberg above, is the fundamental characteristic of the web. We take the web so much for granted now that it's easy to forget that the biggest decision Berners-Lee made, with the backing of his employers at CERN, was to make it open instead of proprietary. The Australian law is the latest attempt to modify that decision. I wish I could say it will never catch on.

Illustrations: Justitia outside the Delft Town Hall, the Netherlands (via Dennis Jarvis at Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 15, 2021

One thousand

net.wars-the-book.gifIn many ways, this 1,000th net.wars column is much like the first (the count is somewhat artificial, since net.wars began as a 1998 book, then presaged by four years of news analysis pieces for the Daily Telegraph, and another book in 2001...and a lot of my other writing also fits under "computers, freedom, and privacy"; *however*). That November 2001 column was sparked by former Home Office minister Jack Straw's smug assertion that after 9/11 those of us who had defended access to strong cryptography must be feeling "naive". Here, just over a week after the Capitol invasion, three long-running issues are pertinent: censorship; security and the intelligence failures that enabled the attack; and human rights when demands for increased surveillance capabilities surface, as they surely will.

Censorship first. The US First Amendment only applies to US governments (a point that apparently requires repeating). Under US law, private companies can impose their own terms of service. Most people expected Twitter would suspend Donald Trump's account approximately one second after he ceased being a world leader. Trump's incitement of the invasion moved that up, and led Facebook, including its subsidiaries Instagram and WhatsApp, Snapchat, and, a week after the others, YouTube to follow suit. Less noticeably, a Salesforce-owned email marketing company ceased distributing emails from the Republican National Committee.

None of these social media sites is a "public square", especially outside the US, where they've often ignored local concerns. They are effectively shopping malls, and ejecting Trump is the same as throwing out any other troll. Trump's special status kept him active when many others were unjustly banned, but ultimately the most we can demand from these services is clearly stated rules, fairly and impartially enforced. This is a tough proposition, especially when you are dependent on social media-driven engagement.

Last week's insurrection was planned on numerous openly accessible sites, many of which are still live. After Twitter suspended 70,000 accounts linked to QAnon, numerous Republicans complaining they had lost followers seemed to be heading to Parler, a relatively new and rising alt-right Twitterish site backed by Rebekah Mercer, among others. Moving elsewhere is an obvious outcome of these bans, but in this crisis short-term disruption may be helpful. The cost will be longer-term adoption of channels that are harder to monitor.

By January 9 Apple was removing Parler from the App Store, to be followed quickly by Android (albeit less comprehensively, since Android allows side-loading). Amazon then kicked Parler off its host, Amazon Web Services. It is unknown when, if ever, the site will return.

Parler promptly sued Amazon claiming an antitrust violation. AWS retaliated with a crisp brief that detailed examples of the kinds of comments the site felt it was under no obligation to host and noted previous warnings.

Whether or not you think Parler should be squashed - stipulating that the imminent inauguration requires an emergency response - three large Silicon Valley platforms have combined to destroy a social media company. This is, as Jillian C. York, Corynne McSherry, and Danny O'Brien write at EFF, a more serious issue. The "free speech stack", they write, requires the cooperation of numerous layers of service providers and other companies. Twitter's decision to ban one - or 70,000 - accounts has limited impact; companies lower down the stack can ban whole populations. If you were disturbed in 2010, when, shortly after the diplomatic cables release, Paypal effectively defunded Wikleaks after Amazon booted it off its servers, then you should be disturbed now. These decisions are made at obscure layers of the Internet where we have little influence. As the Internet continues to centralize, we do not want just these few oligarchs making these globally significant decisions.

Security. Previous attacks - 9/11 in particular - led to profound damage to the sense of ownership with which people regard their cities. In the UK, the early 1990s saw the ease of walking into an office building vanish, replaced by demands for identification and appointments. The same happened in New York and some other US cities after 9/11. Meanwhile, CCTV monitoring proliferated. Within a year of 9/11, the US passed the PATRIOT Act, and the UK had put in place a series of expansions to surveillance powers.

Currently, residents report that Washington, DC is filled with troops and fences. Clearly, it can't stay that way permanently. But DC is highly unlikely to return to the openness of just ten days ago. There will be profound and permanent changes, starting with decreased access to government buildings. This will be Trump's most visible legacy.

Which leads to human rights. Among the videos of insurrectionists shocked to discover that the laws do apply to them were several in which prospective airline passengers discovered they'd been placed preemptively on the controversial no-fly list. Many others who congregated at the Capitol were on a (separate) terrorism watch list. If the post-9/11 period is any guide, the fact that the security agencies failed to connect any of the dots available to them into actionable intelligence will be elided in favor of insisting that they need more surveillance powers. Just remember: eventually, those powers will be used to surveil all the wrong people.

Illustrations: net.wars, the book at the beginning.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 7, 2021

The most dangerous game

Screenshot from 2021-01-07 13-17-20.pngThe chaos is the point.

Among all the things to note about Wednesday's four-hour occupation of the US Capitol Building - the astoundingly ineffective blue line of police, the attacks on journalists, the haphazard mix of US, Trump, Confederate, and Nazi costumes and flags, the chilling in a hotel lobby - is this: no one seemed very clear about the plan. In accounts and images, once inside, some of the mob snap pictures, go oh, look! emails!, and grab mementos like dangerous and destructive tourists. Let's not glorify them and their fantasies of heroism; they are vandals, they are criminals, they are incipient felons, they are thugs. They are certainly not patriots.

One reason, of course, is that their leader, having urged them to storm the Capitol, went home to his protective Secret Service and the warmth of watching the wreckage on TV inside one of the most secure buildings on the planet. Trump is notoriously petty and vengeful against anyone who has crossed him. Why wouldn't he push the grievance-filled conspiracy theorists whose anger he harnessed for personal gain to destroy the country that dared to reject him? The festering anger that Trump's street-bully smarts (and those of his detonator, Roger Stone) correctly spotted as a political opportunity was perfectly poised for Trump's favorite chaos creation game: "Let's you and him fight".

"We love you," and "You are very special," Trump told the rioters to close out the video clip he issued to tell them to go home, as if this were a Hollywood movie and with a bit of sprinkled praise his special effects crew could cage the Kraken until he next wanted it.

The someday child studying this period in history class will marvel at our willful blindness to white violence openly fomented while applying maximum deterrence to Black Lives Matter.

Our greatest ire should be reserved for the cynically exploitative, opportunistic Trump and supporting senators Josh Hawley (R-MO) and Ted Cruz (R-TX), whom George F. Will says will permanently wear a scarlet "S" for "seditionist" and Trump's many other politicians and enablers who consciously lied, a list to which Marcy Wheeler adds senator Tommy Tuberville (R-AL). It's fashionable to despise former Trump fixer-lawyer Michael Cohen, but we should listen to him; his book, Disloyal, is an addict's fourth and fifth steps (moral inventory and admitting wrongs) that unflinchingly lays bare his collaboration in Trump's bullying exploitation.

The invasion perversely hastened Biden/Harris's final anointing; Republicans dropped most challenges in the interests of Constitutional honor (read: survival). Mitch McConnell (R-KY), who as Senate Majority Leader has personally made governance impossible, sounded like a man abruptly defibrillated into sanity, and Senator Lindsey Graham's (R-SC) careening wait-for-his-laugh "That's it! I'm done!" speech led some on Twitter to surmise he was drunk. Only Hawley (R-MO), earlier seen fist-pumping the rioters-in-waiting, seemed undeterred.

High-level Trump administration members - those who can afford health insurance are fleeing. Apparently we have finally found the line they won't cross, though it may not be the violence but the prospect of having to vote on invoking the 25th Amendment.

An under-discussed aspect of the gap between politics - Beltway or Westminster - and life as ordinary people know it is that for many politicians and media, making proposterous claims they don't really believe is a game. Playing exhibitionist contrarian for provocation is a staple of British journalism. Boris Johnson famously wrote pre-referendum columns arguing both Leave and Remain before choosing pro-Leave's personal opportunities. They appear to care little for the consequences, measured in covid deaths, food bank use, deportations, and shattered lives.

All these posturers score against each other from comfortable berths and comfortably assume they are beyond repercussions. It's the same dynamic as the one at work among the advocates of letting the virus rip through the population at large, as if infection is for the little people and our desperately overstressed, traumatized health care workers are replaceable parts rather than a precious resource.

Perhaps the most extraordinary aspect is that this entire thing was planned out in the open. There was no need to backdoor encryption. They had merch; Trump repeatedly tweeted his intentions; planning was on public forums. In September, the Department of Homeland Security warned that white supremacy is the "most lethal threat" to the US. On Tuesday, Bellingcat warned that a dangerous meld of numerous right-wing constituencies was setting out for DC. Talia Lavin's 2020 book, Culture Warlords, thoroughly documented the online hate growing into real-world violence.

Wednesday also saw myriad mostly peaceful statehouse protests: Texas, Utah, Michigan, California, Oregon, Arizona, Arkansas, Kansas, Wisconsin, Nevada (with a second protest in Las Vegas), Florida, and Georgia. Pause to remember Wednesday's opener: Democrats Jon Ossoff and Raphael Warnock won Georgia's Senate seats.

Trump has 12 more days. Twitter and Facebook, which CNN reporter Donie Sullivan calls complicit, have locked Trump's accounts; Shopify has closed his shops. The far-right forums are considering the results while the FBI makes arrests and Biden builds his administration.

The someday child will know the next part faster than we will.

Illustrations: Screenshot of Wednesday's riot in progress.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 31, 2020

Build back

New_Years_2014_Fireworks_-_London_Eye-WM.jpgIn my lifetime there has never been a New Year that has looked so bleak. At 11pm last night, Big Ben tolled the final severance of the UK's participation in the European Union. For the last few days, as details of the trade agreement agreed last night become known, Twitter has been filling up with graphics and text explaining the new bureaucracy that will directly or indirectly affect every UK resident and the life complications still facing the 3 million EU citizens resident in the UK and the UK expatriates in the EU. Those who have pushed for this outcome for many years will I'm sure rejoice, but for many of us it's a sad, sad moment and we fear the outcome.

The bright spot of the arriving vaccines is already being tarnished by what appears to be a panic response pushing to up-end the conditions under which they were granted an emergency license. Case numbers are rising out of control, and Twitter is filled with distress signals from exhausted, overwhelmed heath care workers. With Brexit completed and Trump almost gone, 2021 will be a year of - we hope - renewed sanity and sober remediation, not just of the damage done this year in specific but of the accrued societal and infrastructural technical debt that made everything in 2020 so much worse. It is already clear that the cost of this pandemic will be greater than all the savings ever made by cuts to public health and social welfare systems.

Still, it *is* a new year (because of human-made calendars), and because we love round numbers - defining "round" as the number of digits our hands happen to have - there's a certain amount of "that was the decade" about it. There is oddly less chatter about the twenty years since the turn of the millennium, which surprises me a bit: we've completed two-fifths of the 21st century!

Even the pre-pandemic change was phenomenal. Ten years ago - 2010 - was when smartphones really took off, pouring accelerant on Facebook, Twitter, and other social media, which were over-credited for 2011's "Arab Spring" ("useful but not sufficient", the linked report concludes). At Gikii 2019, Andres Guademuz described this moment as "peak cyber-utopia". In fact, it was probably the second peak, the first having been circa 1999, but who's counting? Both waves of cyber-utopianism seem quaint now, in the face of pandemic-fueled social and economic disruption. We may - we do - look to social media for information - but we've remembered we need governments for public health measures, economic support, and leadership. The deliberate thinning of the institutions we now need to save us in countries like the US and UK is one legacy of the last 30 years of technology-fueled neoliberalism. Ronald Reagan, US president from 1980 to 1988, liked to say that the most frightening words in the English language were "I'm from the government and I'm here to help". Far more frightening is the reality of a government that can't, won't, or chooses not to help.

Twenty years ago - 2000 - was the year of the dot-com peak, when AOL disastrously merged with Time-Warner. The crash was well underway when 9/11 happened and ushered in 20 years of increasing surveillance: first an explosion of CCTV cameras in the physical world and, on the Internet, data retention and interception, and finally, in the last year or so, the inescapability of automated facial recognition, rolled out without debate or permission.

Despite having argued against all these technologies as they've come along, I wish I could report that investing in surveillance instead of public health had paid dividends in the Year of Our Pandemic 2020. Contact tracing apps, which we heard so much about earlier in the year, have added plenty of surveillance capabilities and requirements to our phones and lives, but appear to have played little part in reducing infection rates. Meanwhile, the pandemic is fueling the push to adopt the sort of MAGIC flowthrough travel industry execs have imagined since 2013. Airports and our desire to travel will lead the way to normalizing pervasive facial recognition, fever-scanning cameras, and, soon, proof of vaccination.

This summer, many human rights activists noted the ethical issues surrounding immunity passports. Early in the year this was easy pickings because the implementations were in China. Now, however, anyone traveling to countries like Canada and the US must be able to show a negative covid test within 72 hours before traveling from the UK. Demand for vaccination certificates is inevitable. Privacy International taken the view that " Until everyone has access to an effective vaccine, any system requiring a passport for entry or service will be unfair." Being careful about this is essential, because unfairness entrenched while we rebuild will be *very* hard to dislodge.

So, two big things to work towards in 2021. The first is to ensure that new forms of unfairness do not become the new normal. The second, which will take a lot of luck, even more diligence, and a massive scientific effort, is to ensure that one item on the Mindset list of 2040's 18-year-olds will be "There has never been a pandemic."

Happy new year.

Illustrations: New year's eve fireworks in London, 2014 (via Clarence Ji).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 25, 2020

Year out

Katalin_Kariko.jpgSometime like five or 15 years from now, I imagine someone will look back and see that the seeds of some wonderful new technology were sown off-camera during this year and be surprised we never noticed. But the reality is that from March onwards the coronavirus swallowed up the news, challenged only - and only in the UK - by the awful crawl to Brexit.

Even the advance in AI - or what passes for it - represented by DeepMind's having solved protein folding only occupied the news for a day or so, then sank under the unrelenting sameness of watching the latest case numbers and getting by, a day at a time (and that was the *privileged* version of life in the pandemic). In retrospect, the overwhelming information technology trend was the culmination of years of rising awareness of the many adverse consequences of the things net.wars complains about: consolidation, centralization, and users' loss of privacy and autonomy.

The giant exception to both the general inattention and technological discontent was the collaborative scientific muscle on display in biotech, from the first rapid sequencing of the novel coronavirus's genome to the successful, cavalry-to-the-rescue arrival of the new mRNA vaccine platform that has been in the making for 20-odd years. In this case, the Internet delivered as promised, from enabling scientists to exchange preprint research and collaborate across the globe to giving individuals direct access to solid science, to providing a safe and necessary alternative to high-risk in-person action.

Three big technology stories did achieve traction:

- The new and aggressive push in the US to rein in the four biggest technology companies. Forty-six states, plus Guam and Washington, DC, and the Federal Trade Commission have filed antitrust suits against Facebook, which elsewhere is being described as a Doomsday Machine that may wipe out the planet. Ten states and the Department of Justice have filed suits against Google. Amazon, already subject to antitrust action in the EU surely won't be far behind. Apple, the last of the four whom Congress summoned last summer, won't escape even if it's never sued directly because the Google suit targets the $8 to $12 billion it pays Apple every year to make its search engine the default.

- The discovery that Russia has mounted a long and successful cyber attack on US federal agencies, with slowly-emerging ramifications for countries and companies all over the world.

- The speed with which both governments and industry jumped on surveillance technologies in response to the health crisis. Some of it is not bad. Wastewater epidemiology, a polite term for surveilling sewage for early warnings of virus outbreaks, isn't personal and is a longstanding public health technique, although one can conceive of unfair and intrusive implementations. Many other technologies - immunity passports, fever scanning, and contact tracing apps most obviously, but also automated facial recognition - have yet to fully take hold, but it seems likely that despite warnings about unfairness and intrusion they will be too tempting for governments to resist in the name of safety, particularly for travel. All of this will be hard to dislodge later. The UK in particular has ignored expert advice to take advantage of the person-centuries of contact tracing experience in local authorities, instead paying billions to cronies and companies like Serco. Palantir in particular appears to be embedding itself for the longer term.

Everything else is dithering.

Prominent among the dithering is Section 230 of the Communications Decency Act, which Jeff Kosseff, the law's biographer, has explained all year on Twitter. Every content moderation discontent is being blamed on this short law limiting intermediary liability. With the antitrust suits pending and so many other crises - and with repeal-happy Donald Trump's departure from power - it's hard to believe that this law will change in 2021.

In the UK, the last-second Brexit deal leaves data protection and the online harms legislation lurking in wait.

The big lessons of this tortured year:

- Basic research can pay off in unexpected ways. As Charles Arthur has noted, the speed of the novel coronavirus's genetic sequencing was a result of the Human Genome Project, whose value at the time was purely speculative. The carrot was personalized medicine, which, with a few exceptions, has yet to fulfill its imagined promise. DNA sequencing did, however, spawn an industry of genealogical sites and services promising to use DNA for everything from finding your soul mate to predicting your medical future; I'm not a fan or either for both privacy and scientific validity reasons. But that blue-sky project is now saving both our individual lives and our civilization.

- It really is, as Bruce Schneier writes, long past time to stop imagining that "we" "good guys" deserve exceptional access to the rest of the world's computers. It. Does. Not. Work. As I keep writing, a hole is a hole. Neither the coronavirus nor the hole cares about race, wealth, class, or perceived virtue. This applies as much to the long-running battle over requiring backdoors in encryption as to a nation's broader cybersecurity. Politicians and PR people take the view that the best defense is a good offense; in this case, the best offense is a good defense.

Merry Christmas. Only one more week before 2021.

Illustrations: Katalin Karikó, the Hungarian biochemist behind the mRNA vaccines.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 11, 2020

Facebook in review

parliament-whereszuck.jpgLed by New York attorney general Letitia James, this week 46 US states, plus Guam, and Washington, DC, and, separately, the Federal Trade Commission filed suits against Facebook alleging that it has maintained an illegal monopoly while simultaneously reducing privacy protections and services to boost its bottom line. The four missing states: Alabama, Georgia, South Carolina, and South Dakota.

As they say, we've had this date from the beginning.

It's seemed likely for months that legal action against Facebook was on the way. There were the we-mean-business Congressional hearings and the subsequent committee report, followed by the suit against Google the Department of Justice filed in October.

Facebook seems peculiarly deserving. It began in 2004 as a Harvard-only network, using its snob appeal to expand to the other Ivy League schools, then thousands of universities and high schools, and finally the general public. Mass market adoption grew in tandem with the post-2009 explosion of smart phones. By then, Facebook had frequently tweaked its privacy settings and repeatedly annoyed users with new privacy-invasive features in the (sadly correct) and arrogant belief they'd never leave. By 2010, Zuckerberg was claiming that "privacy is no longer a social norm", adding that were he starting then he would make everything public by default, like Twitter.

It's hard to pick Facebook's creepiest moments out of so many, but here are a few: in 2011 it began auto-recognizing user photographs, in 2012 it dallied with in-network "democracy" - a forerunner of today's unsatisfactory oversight board, and in 2014 it tested emotionally manipulating its users.

In 2011, based on the rise and fall of earlier services like CompuServe, AOL, Geocities, LiveJournal, and MySpace you can practically carbon-date people by their choice of social media - some of us wrongly surmised that perhaps Facebook had peaked. "The [online] party keeps moving" is certainly true; what was different was that Zuckerberg knew it and launched his program of aggressive and defensive acquisitions.

The 2012 $1 billion acquisition of Instagram and 2014 $19 billion purchase of WhatsApp are the heart of the suits. The lawsuits suggest that without Facebook's intervention we'd have social media successfully competing on privacy. In his summary, Matt Stoller credits this idea to Dina Srinivasan, who argued in 2019 that Facebook saw off then-dominant MySpace by presenting itself as "privacy-centered" at a time when the press was claiming that MySpace's openness made it unsafe for children. Once in pole position, Facebook began gradually pushing greater openness on its users - bait and switch, I called it in 2010.

I'm less convinced that MySpace's continued existence could have curbed Facebook's privacy invasion. In 2004, the year of Facebook's birth, Australian privacy activist Roger Clarke surveyed the earliest social networks - chiefly Plaxo - and predicted that all social networks would inevitably exploit their users. "The only logical business model is the value of consumers' data," he told me for the Independent (TXT). I think, therefore, that the privacy-destructive race to the bottom-of-the-business-model was inevitable given the US's regulatory desert. Google began heading that way soon after its 2004 IPO; by 2006 privacy advocates were already warning of its danger.

Srinivasan details Facebook's progressive privacy invasion: the cooption of millions of third parties via logins and the Like button propagandize its service to collect and leverage vast amounts of personal data while it became a vector for the unscrupulous to hack elections. This is all without considering non-US issues such as Free Basics, which has made Facebook effectively the only Internet service in parts of the world. Facebook also had Silicon Valley's venture capital ethos at its back and Facebook's share structure, which awards Zuckerberg full and permanent control.

In a useful paper on nascent competitors, Tim Wu and C. Scott Hemphill discuss how to spot anticompetitive acquisitions. As I recall, though, many - notably the ever-prescient Jeff Chester - protested the WhatsApp and Instagram acquisitions at the time; the EU only agreed because Facebook promised not to merge the user databases, and issued a €110 million fine when it realized the company lied. Last year Facebook announced it would merge the databases, which critics saw as a preemptive move to block a potential breakup. Allowing the mergers to go ahead seems less dumb, however, if you remember that it took until 2017 and Lina Khan to realize that the era of two guys in a garage up-ending entrenched monopolists was over.

The suits ask the court to find Facebook guilty under Section 2 of the Sherman Act (which is a felony) and Section 7 of the Clayton Act, block it from making further acquisitions valued at $10 million or above, and require it to divest or restructure illegally acquired companies or current Facebook assets or business lines. Restoring some competition to the Internet ecosystem in general and social media in particular seems within reach of this action - though there are many other cases that also need attention. It won't be enough to fixing the damage to democracy and privacy, but perhaps the change in attitude it represents will ensure the next Facebook doesn't become a monster.

Illustrations: Mark Zuckerberg's empty chair at last year's Grand Committee hearing.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 27, 2020

Data protection in review

Thumbnail image for 2015_Max_Schrems_(17227117226).jpgA tax on small businesses," a disgusted techie called data protection, circa 1993. The Data Protection Directive became EU law in 1995, and came into force in the UK in 1998.

The narrow data protection story of the last 25 years, like that of copyright, falls into three parts: legislation, government bypasses to facilitate trade, and enforcement. The broader story, however, includes a power struggle between citizens and both public and private sector organizations; a brewing trade war; and the difficulty of balancing conflicting human rights.

Like free software licenses, data protection laws seed themselves across the world by requiring forward compliance. Adopting this approach therefore set the EU on a collision course with the US, where the data-driven economy was already taking shape.

Ironically, privacy law began in the US, with the Fair Credit Reporting Act (1970), which gives Americans the right to view and correct the credit files that determine their life prospects. It was joined by the Privacy Act (1974), which covers personally identifiable information held by federal agencies, and the Electronic Communications Privacy Act (1986), which restricts government wiretaps on transmitted and stored electronic data. Finally, the 1996 Health Insurance Portability and Accountability Act protect health data (with now-exploding exceptions. In other words, the US's consumer protection-based approach leaves huge unregulated swatches of the economy. The EU's approach, by contrast, grew out of the clear historical harms of the Nazis' use of IBM's tabulation software and the Stasi's endemic spying on the population, and regulates data use regardless of sector or actor, minus a few exceptions for member state national security and airline passenger data. Little surprise that the results are not compatible.

In 1999, Simon Davies saw this as impossible to solve for Scientific American (TXT): "They still think that because they're American they can cut a deal, even though they've been told by every privacy commissioner in Europe that Safe Harbor is inadequate...They fail to understand that what has happened in Europe is a legal, constitutional thing, and they can no more cut a deal with the Europeans than the Europeans can cut a deal with your First Amendment." In 2000, he looked wrong: the compromise Safe Harbor agreement enabled EU-US data flows.

In 2008, the EU began discussing an update to encompass the vastly changed data ecosystem brought by Facebook, YouTube, and Twitter, the smartphone explosion, new types of personally identifiable information, and the rise and fall of what Andres Guadamuz last year called "peak cyber-utopianism". By early 2013, it appeared that reforms might weaken the law, not strengthen it. Then came Snowden, whose revelations reanimated privacy protection. In 2016, the upgraded General Data Protection Regulation was passed despite a massive opposing lobbying operation. It the month before GDPR came into force">came into force in 2018, but even now many US sites still block European visitors rather than adapt because "you are very important to us".

Everyone might have been able to go on pretending the fundamental incompatibility didn't exist but for two things. The first is the 2014 European Court of Justice decision requiring Google to honor "right to be forgotten" requests (aka Costeja). Americans still see Costeja as a terrible abrogation of free speech; Europeans more often see it as a balance between conflicting rights and a curb on the power of large multinational companies to determine your life.

The second is Austrian lawyer Max Schrems. While still a student, Schrems saw that Snowden's revelations utterly up-ended the Safe Harbor agreement. He filed a legal case - and won it, in 2016, just as GDPR was being passed.The EU and US promptly negotiated a replacement, Privacy Shield. Schrems challenged again. And won again, this year. "There must be no Schrems III!", EU politicians said in September. In other words: some framework must be found to facilitate transfers that passes muster within the law. The US's approach appears to be trying to get data protection and localization laws barred via trade agreements despite domestic opposition. One of the Trump administration's first acts was to require federal agencies to exempt foreigners from Privacy Act protections.

No country is more affected by this than the UK, which as a new non-member can't trade without an adequacy decision and no longer gets the member-state exception for its surveillance regime. This dangerous high-wire moment for the UK traps it in that EU-US gap.

Last year, I started hearing complaints that "GDPR has failed". The problem, in fact, is enforcement. Schrems took action because the Irish Data Protection Regulator, in pole position because companies like Facebook have sited their European headquarters there, was failing to act. The UK's Information Commissioner's Office was under-resourced from the beginning. This month, the Open Rights Group sued the ICO to force it to act on the systemic breaches of the GDPR it acknowledged in a June 2019 report (PDF) on adtech.

Equally a problem are the emerging limitations of GDPR and consent, which areentirely unsuited for protecting privacy in the onrushing "smart" world in which you are at the mercy of others' Internet of Things. The new masses of data that our cities and infrastructure will generate will need a new approach.

Illustrations: Max Schrems in 2015.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 20, 2020

Open access in review

Edward_Jenner._Oil_painting._Wellcome_V0023503.jpgLast week's review of 30 years of writing about the Internet and copyright focused on rightsholders' efforts to protect a business model developed for physical media and geographical restrictions in the face of new, global, digital media. Of the counter-efforts, mainstream attention has focused on the illegal ones; I squeezed in links to most of my past writing on "pirate" sites, although I missed pieces on The Pirate Bay, BitTorrent, and new business models. I also missed out discussing large-scale appropriation by companies that are apparently too big to sue, such as Google books and the more recent fuss over the Internet Archive's Controlled Digital Lending and National Emergency Library.

More interesting, however, are the new modes of access the Internet clearly could open up to niche material and frustrated artists, creators, and collaborators. At the MIT Media Lab's 1994 open day (TXT), a remarkable collection of Hollywood producers, and creative artists predicted that the Internet would unlock a flood of (American) creativity that previously had no outlet (although Penn Jillette doubted the appeal of interactive storytelling).

Lots of this has actually happened. Writers have developed mainstream audiences through self-publishing; web-based publishing enabled generations of cartoonists; and YouTube and TikTok offer options that would never fit into a TV schedule. Mass collaboration has also flourished: Wikipedia, much despised in some quarters 15 years ago, has ripened into an invaluable resource (despite its flaws that need fixing), as has OpenStreetMap, which was outed this week as a crucial piece of infrastructure for Facebook, Apple, Amazon, and Microsoft.

Developing new forms of copyright law has been a critical element in all this, beginning with the idea of copyleft, first used in 1976 and fleshed out in more detail by Richard Stallman in 1985. Traditionally, either you copyrighted the work and claimed all rights or you put the work into the public domain for everyone to use for free, as the satirist Tom Lehrer has recently done.

Stallman, however, wanted to ensure that corporate interests couldn't appropriate the work of volunteers, and realized that he could write a copyright license that dictates those terms, paving the way for today's open source community. In 2001, Lawrence Lessig, Hal Abelson, and Eric Eldred founded Creative Commons to make it easy for people posting new material to the web to specify whether and how others can use it. It's easy to forget now how big an undertaking it was to create licenses that comply with so many legal systems. I would argue that it's this, rather than digital rights management that has enabled widespread Internet creative publishing.

The third piece of this story has played a crucial role in this pandemic year of A.D. 2020. In the halls of a mid-1990s Amsterdam conference on copyright, a guy named Christopher Zielinski made this pitch: a serious problem was brewing around early paywall experiments. How were people in poorer countries going to gain access to essential scientific and medical information? He had worked for the WHO, I think; in a later email I remember a phrase about information moving through disadvantaged countries in "armored trucks".

Zielinski was prescient. In 2015, the Ebola virus killed 10,000 people in Liberia, Sierra Leone, and Guinea, in part because received wisdom held that Ebola was not present in West Africa, slowing the initial response. It was only later that three members of a team drafting Liberia's Ebola recovery plan discover that scientific researchers had written articles establishing its presence as long ago as 1982. None of the papers were co-written with Liberian scientists, and they were published in European journals, which African researchers cannot afford. In this case, as writers Bernice Dahn, Vera Mussah, and Cameron Nutt laid out, closed access cost lives: "Equity must be an indispensable goal in protecting from threats like Ebola, and in the quality of care delivered when prevention fails."

Meanwhile, in another part of the early as 1991 others saw the potential of using the Internet to speed up scientific publishing and peer review, leading Paul Ginsparg to respond by creating the arXiv repository to share preprints of physics journal articles. Numerous copies for other fields followed. In 2003, leading research, scientific, and cultural institutions created and signed the Berlin Declaration on Open Access to Knowledge in the Sciences and Humanities laying out steps to promote the Internet as a medium for disseminating global knowledge. By 2006, the six-year-old Public Library of Science had set up PLOS ONE, the first peer-reviewed open access scientific journal for primary research in science and medicine.

While there are certainly issues to be solved, such as the proliferation of fake journals, improving peer review, and countering enduring prejudice that ties promotions and prestige to traditional proprietary journals, open access continues to grow. Those who believe that the Internet is going to destroy science are likely to be wrong, and publishers who don't plan for this future are likely to crater.

The global distribution accessible to artists and creators is valuable, but openness is critical to the scientific method of building knowledge. The open approach has been critical during the pandemic. As vaccine candidates prepare for takeoff, we can thank the Internet and the open access movement that it's taken a year, not decades.

Illustrations: Edward Jenner, who created the first vaccine, for smallpox (from the Wellcome images collection, via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

October 2, 2020

Searching for context

skyler-gundason-social-dilemma.pngIt's meant, I think, to be a horror movie. Unfortunately, Jeff Orlowski's The Social Dilemma comes across as too impressed with itself to scare as thoroughly as it would like.

The plot, such as it is: a group of Silicon Valley techies who have worked on Google, Facebook, Instagram, Palm (!), and so on present mea culpas. "I was co-inventor...of the Like button," Tristan Harris says by way of introduction. It seems such a small thing to include. I'm sure it wasn't that easy, but Slashdot was upvoting messages when Mark Zuckerberg was 14. The techies' thoughts are interspersed with those of outside critics. Intermittently, the film inserts illustrative scenarios using actors, a technique better handled in The Big Short. In these, Vincent Kartheiser plays a multiplicity of evil algorithmic masterminds doing their best to exploit their target, a fictional teenage boy (Skyler Gisondo) who has accepted the challenge of giving up his phone for a week with the predictable results of an addiction film. As he becomes paler and sweatier, you expect him to crash out in a grotty public toilet, like Julia Ormond's character in Traffik. Instead, he face-plants when the police arrest him at Charlottesville.

The first half of the movie is predominantly a compilation of favorite social media nightmares: teens are increasingly suffering from depression and other mental health issues; phone addiction is a serious problem; we are losing human connection; and so on. As so often, causality is unclear. The fact that these Silicon Valley types consciously sought to build addictive personal tracking and data crunching systems and change the world does not automatically tie every social problem to their products.

I say this because so much of this has a long history the movie needs for context. The too-much-screen-time of my childhood was TV, though my (older) parents worried far more about the intelligence-drainage perpetrated by comic books. Girls who now seek cosmetic surgery in order to look more like filter-enhanced Instagram images were preceded by girls who starved themselves to look like air-brushed, perfect models in teen magazines. Today's depressed girls could have been those profiled in Mary Pipher's 1994 Reviving Ophelia, and she, too, had forerunners. Claims about Internet addiction go back more than 20 years, and until very recently were focused on gaming. Finally, though data does show that teens are going out less, less interested in learning to drive, and are having less sex and using less drugs, is social media the cause or the compensation for a coincidental overall loss of physical freedom? Even pre-covid they were growing up into a precarious job market and a badly damaged planet; depression might just be the sane response.

In the second half the film moves on to consider social media divisions as assault on democracy. Here, it's on firmer ground, but really only because the much better film The Great Hack has already exposed how Facebook (in particular) was used to spark violence and sway elections even before 2016. And then it wraps up: people are trapped, the companies have no incentive to change, and (says Jaron Lanier) the planet will die. As solutions, the film's many spokespeople suggest familiar ideas: regulation, taxation, withdrawal. Shoshana Zuboff is the most radical: outlaw them. (Please don't take Twitter! I learn so much from Twitter!)

"We are allowing technologists to frame this as a problem that they are equipped to solve," says data scientist Cathy O'Neil. "That's a lie." She goes on to say that AI can't distinguish truth. Even if it could, truth is not part of the owners' business model.

Fair enough, but remove Facebook and YouTube, and you still have Fox News, OANN, and the Daily Mail inciting anger and division with expertise honed over a century of journalistic training - and amoral world leaders. This week, a study published this week from Cornell University found that Donald Trump is implicated in 38% of the coronavirus misinformation circulating on online and traditional media. Knock out a few social media sites...and that still won't change because his pulpit is too powerful.

Most of the film's speakers eventually close by recommending we delete our social media accounts. It seems a weak response, in part because the movie does a poor job of disentangling the dangers of algorithmic manipulation from the myriad different reasons why people use phones and social media: they listen to music, watch TV, connect with their friends, play games, take pictures, and navigate unfamiliar locations. It's absurd to ask them to give that up without suggesting alternatives for fulfilling those functions.

A better answer may be that offered this week by the 25-odd experts who have formed an independent Facebook oversight board (the actual oversight board Facebook announced months ago is still being set up and won't begin meeting until after the US presidential election). The expertise assembled is truly impressive, and I hope that, like the Independent SAGE group of scientists who have been pressuring the UK government into doing a better job on coronavirus, they will have a mind-focusing effect on our Facebook overlords, perhaps later to be copied for other sites. The problem - an aspect also omitted from The Social Dilemma - is that under the company's shareholder structure Zuckerberg is under no requirement to listen.

Illustrations: Skyler Gisondo as Ben, in The Social Dilemma.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 11, 2020


sfo-fires-hasbrouck.jpegA new complaint surfaced on Twitter this week. Anthony Ryan may have captured it best: "In San Francisco everyone is trying unsuccessfully to capture the hellish pall that we're waking up to this morning but our phone cameras desperately want everything to be normal." california-fires-sffdpio.jpegIn other words: as in these pictures, the wildfires have turned the Bay Area sky dark orange ("like dusk on Mars," says one friend), but people attempting to capture it on their phone cameras are finding that the automated white balance correction algorithms recalibrate the color to wash out the orange in favor of grey daylight.

At least that's something the computer is actually doing, even if it's counter-productive. Also this week, the Guardian ran an editorial that it boasted had been "entirely" written by OpenAI's language generator, GPT-3. Here's what they mean by "written" and "entirely": the AI was given a word length, a theme, and the introduction, from which it produced eight unique essays, which the Guardian editors chopped up and pieced together into a single essay, which they then edited in the usual way, cutting lines and rearranging paragraphs as they saw fit. Trust me, human writers don't get to submit eight versions of anything; we'd be fired when the first one failed. But even if we did, editing, as any professional writer will tell you, is the most important part of writing anything. As I commented on Twitter, the whole thing sounds like a celebrity airily claiming she's written her new book herself, with "just some help with the organizing". I'd advise that celebrity (name withheld) to have a fire extinguisher ready for when her ghostwriter reads that and thinks of all the weeks they spent desperately rearranging giant piles of rambling tape transcripts into a (hopefully) compelling story.

The Twitter discussion of this little foray into "AI" briefly touched on copyright. It seems to me hard to argue that the AI is the author given the editors' recombination of its eight separately-generated pieces (which likely took longer than if one of them had simply written the piece). Perhaps you could say - if you're willing to overlook the humans who created, coded, and trained the AI - that the AI is the author of the eight pieces that became raw material for the essay. As things are, however, it seems clear that the Guardian is the copyright owner, just as it would be if the piece had been wholly staff-written (by humans).

Meanwhile, the fallout from Max Schrems' latest win continues to develop. The Irish Data Protection Authority has already issued a preliminary order to suspend data transfers to the US; Facebook is appealing. The Swiss data protection authority has issued a notice that the Swiss-US Privacy Shield is also void. During a September 3 hearing before the European Parliament Committee on Civil Liberties, Justice, and Home Affairs, MEP Sophie in't Veld said that by bringing the issue to the courts Schrems is doing the job data protection authorities should be doing themselves. All agreed that a workable - but this time "Schrems-proof" - solution must be found to the fundamental problem, which Gwendolyn Delbos-Corfield summed up as "how to make trade with a country that has decided to put mass surveillance as a rule in part of its business world". In't Veld appeared to sum up the entire group's feelings when she said, "There must be no Schrems III."

Of course we all knew that the UK was going to get caught in the middle between being able to trade with the EU, which requires a compatible data protection regime (either the continuation of the EU's GDPR or a regime that is ruled equal), and the US, which wants data to be free-flowing and which has been trying to use trade agreements to undermine the spread of data protection laws around the world (latest newcomer: Brazil). What I hadn't quite focused on (although it's been known for a while) is that, just like the US surveillance system, the UK's own surveillance regime could disqualify it from the adequacy ruling it needs to allow data to go on flowing. When the UK was an EU member state, this didn't arise as an issue because EU data protection law permits member states to claim exceptions for national security. Now that the UK is out, that exception no longer applies. It was a perk of being in the club.

Finally, the US Senate, not content with blocking literally hundreds of bills passed by the House of Reprsentatives over the last few years, has followed up July's antitrust hearings with the GAFA CEOs with a bill that's apparently intended to answer Republican complaints that conservative voices are being silenced on social media. This is, as Eric Goldman points out in disgust one of several dozen bits of legislation intended to modify various pieces of S230 or scrap it altogether. On Twitter, Tarleton Gillespie analyzes the silliness of this latest entrant into the fray. While modifying S230 is probably not the way to go about it, right now curbing online misinformation seems like a necessary move - especially since Facebook CEO Mark Zuckerberg has stated outright that Facebook won't remove anti-vaccine posts. Even in a pandemic.

Illustrations: The San Francisco sky on Wednesday ("full sun, no clouds, only smoke"), by Edward Hasbrouck; accurate color comparison from the San Francisco Fire Department.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 4, 2020

The Internet as we know it

Internet_map_1024-2005-the Opte Project.jpgIt's another of those moments when people to whom the Internet is still a distinctive and beloved medium fret that it's about to be violently changed into all everything they were glad it wasn't when it began. That this group is a minority is in itself a sign. Circa 1994, almost every Internet user was its defender. Today, for most people, the Internet just *is* and ever has been - until someone comes along and wants to delete their favorite service.

Fears of splintering the Internet are as old as the network itself. Different people have focused on different mechanisms: TV and radio-style corporate takeover (see for example Robert McChesney's work); incompatible censorship and data protection regimes, technical incompatibilities born of corporate overreach, and so on. In 2013, four seemed significant: copyright, localizing data storage (data protection), censorship; losing network neutrality, and splitting the addressing system.

Then, the biggest threats appeared to be structural censorship and losing network neutrality. Both are still growing. In 2019, Access Now says, 213 Internet shutdowns in 33 countries collectively disrupted 1,706 days of Internet access. No one imagined this in the 1990s, when all countries vied to reap the benefits of getting their citizens online. More conceivable were government regulation, shifting technological standards, corporate ownership, copyright laws, and unequal access...but we never expected the impact of the eventual convergence with the mobile world, a clash of cultures that got serious after 2010, when social media and smartphones began mutually supercharging.

A couple of weeks ago, James Ball introduced a new threat, writing disapprovingly about US president Donald Trump's executive order declaring the video-sharing app TikTok a national emergency. Ball rightly calls this ban "generational vandalism, but then he writes that banning an app solely because of the nationality of its owner, he writes, "could be an existential threat to the Internet as we know it".

If that's true, then the Internet is already not "the Internet as we know it". So much depends on when your ideas of "the Internet" were formed and where you live. As Ball himself acknowledges in his new book, The System: Who Owns the Internet and How It Owns Us, in some countries Facebook is synonymous with the Internet because of the zero-rating deals the company has struck with mobile phone operators. In China, "the Internet", contrary to what most people believed was possible in the 1990s, is a giant, firewalled nationally controlled space. TikTok, as primarily a mobile phone app lives in a highly curated "the Internet" of app stores. Finally, even though "the Internet" in the 1990s sense is still with us in that people can still build their new ideas, most people's "the Internet" is now confined to the same few sites that exercise extraordinary control over what is read, seen, and heard.

The Australian Competition and Consumer Commission's new draft News Media Bargaining Code provides an example. It requires Google and Facebook (and, eventually, others) to negotiate in good faith to pay news media companies for use of their content when users share links and snippets. Unlike Spain's previous similar attempt, Google can't escape by shutting down its news service because it also serves up news through its search engine and YouTube. Facebook has said it will block Australian users from sharing local or international news on Facebook and Instagram if the code becomes mandatory. But, as Alex Hern writes, the problem is that "One of the big ways that Facebook and Google have been bad for the news industry has been by becoming indispensable to the news industry". Australia can push this code into force, but when it does Google won't pay publishers *and* publishers will lose most of their traffic, exactly as happened in Spain and Germany. But misinformation will flourish.

This is still an upper network layer problem, albeit simplified by corporate monopoly. On the 1995-2010 web, there would be too many site owners to contend with, just as banning apps (see also India) is vastly simplified by needing to negotiate with just two app store owners. Censoring the open Internet required China to build a national firewall and hire maintainers while millions of new sites and services arrived every day. When they started, no one believed it could even be done.

The mobile world is not and never has been "the Internet as we know it", built to facilitate openness for scientists. Telephone companies have always been happiest with controlled systems and walled gardens, and before 2006, manufacturers like Nokia, Motorola, and Psion had to tailor their offerings to telco specifications. The iPhone didn't just change the design and capabilities of the slab in your hand; it also changed the makeup and power structures of the industry as profoundly as the PC had changed computing before it.

But these are still upper layers. Far more alarming, as Milton Mueller writes at the Internet Governance Project, is Trump's policy of excluding Chinese businesses from Internet infrastructure - and China's ideas for "new IP". This is a crucialthreat to the interoperable bedrock of "the network of all networks". As the Internet Society explains, it is that cooperative architecture "with no central authority" that made the Internet so successful. This is the first principle that built the Internet as we know it.

Illustrations: Map of the Internet circa 2005 (via The Opte Project at Wikimedia Commons.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 24, 2020

The invisible Internet

1964 world's fair-RCA_Pavilion-Doug Coldwell.jpgThe final session of this week's US Internet Governance Forum asked this question: what do you think Internet governance will look like five, ten, and 25 years from now?

Danny Weizner, who was assigned 25 years, started out by looking back 25 years to 1995, and noted that by and large we have the same networks, and he therefore thinks we will have largely the same networks in 2045. He might have - but didn't - point out how many of the US-IGF topics were the same ones we were discussing in 1995: encryption and law enforcement access, control of online content, privacy, and cyber security. The encryption panel was particularly nostalgic; it actually featured three of the same speakers I recall from the mid-1990s on the same topic. The online content one owed its entertainment value to the presence of one of the original authors of Section 230, the liability shield written into the 1996 Communications Decency Act. There were newcomers: 5G; AI, machine learning, and big data; and some things to do with the impact of the pandemic.

As Laura DeNardis then said, looking back to the past helps when thinking about the future, if only to understand how much change can happen in that time. Through that lens, although the Internet has changed enormously in 25 years in many ways the *debates* and *issues* have barely altered - they're just reframed. But here's your historical reality: 25 years ago we were reading Usenet newsgroups to find interesting websites and deploring the sight of the first online ads.

This is a game anyone can play, and so we will. We will try to avoid seeing the November US presidential election as a hinge.

The big change of the last ten years is the transformation of every Internet debate into a debate about a few huge companies, none of which were players in the mid-1990s. The rise of the mobile Internet was predicted by 2000, but it wasn't until 2006 and the arrival of the iPhone that it became a mass-market reality and began the merger of the physical and online worlds, followed by machine learning, and AI as the next big wave. Now, as DiNardis correctly said, we're beginning to see the Internet moving into the biological world. She predicted, therefore, that the Internet will be both very small (the biological cellular level) and very large (Vint Cerf's galactic Internet). "The Internet will have to move out of communications issues and into environmental policy, consumer safety, and health," she said. Meanwhile, Danny Weizner suggested that data scientists will become the new priests - almost certainly true, because if we do nothing to rein in technology they will be the people whose algorithms determine how decisions are made.

But will we really take no control? The present trend is toward three computing power blocs: China, the United States, and the EU. Chinese companies are beginning to move into the West, either by operating (such as TikTok, which US president Donald Trump has mooted banning) or by using their financial clout to push Westerners to conform to their values. The EU is only 28 years old (dating from the Maastricht Treaty), but in that time has emerged as the only power willing to punish US companies by making them pay taxes, respect privacy law, or accept limits on acquisitions. Will it be as willing to take on Chinese companies if they start to become equally dominant in the West and as willing to violate the fundamental rights enshrined in data protection law?

In his 1998 book, The Invisible Computer, usability pioneer Donald Norman predicted that computers would become invisible, embedded inside all sorts of devices, like electric motors before them. Yesterday, Brenda Leong made a similar prediction by asking the AI session how we will think about robots when they've become indistinguishable. Her analogy, the Internet itself, which in the 1990s was something you had to "go to" by dialing up and waiting for modems to wait, but somewhere around 2010 began to simply be wherever you go, there you are.

So my prediction for 25 years from now is that there will effectively be no such thing as today's "Internet governance"; it will have disappeared into every other type of governance, though engineering and standards bodies will still work to ensure that the technical underpinnings remain robust and reliable. I'd like to think that increasingly technical standards will be dominated by climate change, so that emerging technologies that, like cryptocurrencies, use more energy than entire countries, will be sent back to the drawing board because someone will do the math at the design stage.

Today's debates will merge with their offline counterparts, just as data protection law no longer differentiates between paper-based and electronic data. As the biological implants DiNardis mentioned - and Andrea Matwyshyn has been writing about 2016 - come into widespread use, they will be regulated as health care. We will regulate Internet *companies*, but regulating Facebook (in Western countries) is not governing the Internet.

Many conflicts will persist. Matwyshyn's Internet of Bodies is the perfect example, as copyright laws written for the entertainment industry are invoked by medical device manufacturers. A final prediction, therefore: net.wars is unlikely to run out of subjects in my lifetime.

Illustrations: A piece of the future as seen at the 1964 New York World's Fair (by Doug Coldwell.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 29, 2020


sbisson-parrot-49487515926_0c97364f80_o.jpgAnyone who's ever run an online forum has at some point grappled with a prolific poster who deliberately spreads division, takes over every thread of conversation, and aims for outraged attention. When your forum is a few hundred people, one alcohol-soaked obsessive bent on suggesting that anyone arguing with him should have their shoes filled with cement before being dropped into the nearest river is enormously disruptive, but the decision you make about whether to ban, admonish, or delete their postings matters only to you and your forum members. When you are a public company, your forum is several hundred million people, and the poster is a world leader...oy.

Some US Democrats have been calling Donald Trump's outrage this week over having two tweets labeled with a fact-check an attempt to distract us all from the terrible death toll of the pandemic under his watch. While this may be true, it's also true that the tweets Trump is so fiercely defending form part of a sustained effort to spread misinformation that effectively acts as voter suppression for the upcoming November election. In the 12 hours since I wrote this column, Trump has signed an Executive Order to "prevent online censorship", and Twitter has hidden, for "glorifying violence", Trump tweets suggesting shooting protesters in Minneapolis. It's clear this situation will escalate over the coming week. Twitter has a difficult balance to maintain: it's important not to hide the US president's thoughts from the public, but it's equally important to hold the US president to the same standards that apply to everyone else. Of course he feels unfairly picked on.

Rewind to Tuesday. Twitter applied its recently-updated rules regarding election integrity by marking two of Donald Trump's tweets. The tweets claimed that conducting the November presidential election via postal ballots would inevitably mean electoral fraud. Trump, who moved his legal residence to Florida last year, voted by mail in the last election. So did I. Twitter added a small, blue line to the bottom of each tweet: "! Get the facts about mail-in ballots". The link leads to numerous articles debunking Trump's claim. At OneZero, Will Oremus explains Twitter's decision making process. By Wednesday, Trump was threatening to "shut them down" and sign an Executive Order on Thursday.

Thursday morning, a leaked draft of the proposed executive order had been found, and Daphne Keller had color coded it to show which bits matter. In a fact-check of what power Trump actually has for Vox, Shirin Ghaffary quotes a tweet from Lawrence Tribe, who calls Trump's threat "legally illiterate". Unlike Facebook, Twitter doesn't accept political ads that Trump can threaten to withdraw, and unlike Facebook and Google, Twitter is too small for an antitrust action. Plus, Trump is addicted to it. At the Washington Post, Tribe adds that Trump himself *is* violating the First Amendment by continuing to block people who criticize his views, a direct violation of a 2019 court order.

What Trump *can* do - and what he appears to intend to do - is push the FTC and Congress to tinker with Section 230 of the Communications Decency Act (1996), which protects online platforms from liability for third-party postings spreading lies and defamation. S230 is widely credited with having helped create the giant Internet businesses we have today; without liability protection, it's generally believed that everything from web comment boards to big social media platforms will become non-viable.

On Twitter, US Senator Ron Wyden (D-OR), one of S230's authors, explains what the law does and does not do. At the New York Times, Peter Baker and Daisuke Wakabayashi argue, I think correctly, that the person a Trump move to weaken S230 will hurt most is...Trump himself. Last month, the Washington Post put the count of Trump's "false or misleading claims" while in office at 18,000 - and the rate has grown over time. Probably most of them have been published on Twitter.

As the lawyer Carrie A. Goldberg points out on Twitter, there are two very different sets of issues surrounding S230. The victims she represents cannot sue the platforms where they met serial rapists who preyed on them or continue to tolerate the revenge porn their exes have posted. Compare that very real damage to the victimhood conservatives are claiming: that the social media platforms are biased against them and disproportionately censor their posts. Goldberg wants access to justice for the victims she represents, who are genuinely harmed, and warns against altering S230 for purposes such as "to protect the right to spread misinformation, conspiracy theory, and misinformation".

However, while Goldberg's focus on her own clients is understandable, Trump's desire to tweet unimpeded about mail-in ballots or shooting protesters is not trivial. We are going to need to separate the issue of how and whether S230 should be updated from Trump's personal behavior and his clearly escalating war with the social medium that helped raise him from joke to viable presidential candidate. The S230 question and how it's handled in Congress is important. Calling out Trump when he flouts clearly stated rules is important. Trump's attempt to wield his power for a personal grudge is important. Trump versus Twitter, which unfortunately is much easier to write about, is a sideshow.

Illustrations: Drunk parrot in a Putney garden (by Simon Bisson; used by permission).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 22, 2020

The pod exclusion

Vintage_Gloritone_Model_27_Cathedral-Tombstone_Style_Vacuum_Tube_Radio,_AM_Band,_TRF,_Circa_1930_(14663394535).jpgThis week it became plain that another bit of the Internet is moving toward the kind of commercialization and control the Internet was supposed to make difficult in the first place: podcasts. The announcement that one of the two most popular podcasts, the Joe Rogan Experience, will move both new episodes and its 11-year back catalogue to Spotify exclusively in a $100 million multiyear deal is clearly a step change. Spotify has also been buying up podcast networks, and at the Verge, Ashley Carman suggests the podcast world will bifurcate into twin ecosystems, Spotify versus Everyone Else.

Like a few hundred million other people, I am an occasional Rogan listener, my interest piqued by a web forum mention of his interview with Jeff Novitzky, the investigator in the BALCO doping scandal. Other worth-the-time interviews from his prolific output include Lawrence Lessig, epidemiologist Michael Osterholm (particularly valuable because of its early March timing), Andrew Yang, and Bernie Sanders. Parts of Twitter despise him; Rogan certainly likes to book people (usually, but not always, men - for example Roseanne Barr) who are being pilloried in the news and jointly chew over their situation. Even his highest-profile interviewees rarely find, anywhere else, the two to three hours Rogan spends letting them talk quietly about their thinking. He draws them out by not challenging them much, and his predilection for conspiracy theories and interest in unproven ideas about nutrition make it advisable to be selective and look for countervailing critiques.

It's about 20 years since I first read about Dave Winers early experiments in "audio blogging", renamed "podcast" after the 2001 release of the iPod eclipsed all previously existing MP3 players. The earliest podcasts tended to be the typical early-stage is-this-thing-on? that leads the unimaginative to dismiss the potential. But people with skills honed in radio were obviously going to do better, and within a few years (to take one niche example) the skeptical world was seeing weekly podcasts like Skepchick (beginning 2005) and The Pod Delusion (2009-2014). By 2014, podcast networks were forming, and an estimated 20% of Americans were listening to podcasts at least once a month.

That era's podcasts, although high-quality, were - and in some cases still are - produced by people seeking to educate or promote a cause, and were not generally money-making enterprises in their own right. The change seems to have begun around 2010, as the acclerating rise of smartphones made podcasts as accessible as radio for mobile listening. I didn't notice until late 2016, when the veteran screenwriter and former radio announcer and DJ Ken Levine announced on his daily 11-year-old blog that he was starting up Hollywood & Levine and I discovered the ongoing influx of professional comedians, actors, and journalists into podcasting. Notably, they all carried ads for the same companies - at the minimum, SquareSpace and Blue Apron. Like old-time radio, these minimal-production ads were read by the host, sometimes making the whole affair feel uncomfortably fake. Per the Wall Street Journal, US advertising revenue from podcasting was $678.7 million last year, up 42% over 2018.

No wonder advertisers like podcasts: users can block ads on a website or read blog postings via RSS, but no matter how you listen to a podcast the ads remain in place, and if you, like most people, listen to podcasts (like radio) when your hands are occupied, you can't easily skip past them. For professional communicators, podcasts therefore provide direct access to revenues that blogging had begun to offer before it was subsumed by social media and targeted advertising.

The Rogan deal seems a watershed moment that will take all this to a new level. The key element really isn't the money, as impressive as it sounds at first glance; it's the exclusive licensing. Rogan built his massive audience by publishing his podcast in both video and audio formats widely on multiple platforms, primarily his own websites and YouTube; go to any streaming site and you're likely to find it listed. Now, his audience is big enough that Spotify apparently thinks that paying for exclusivity will net the company new subscribers. If you prefer downloads to streaming, however, you'll need a premium subscription. Rogan himself apparently thinks he will lose no control over his show; he distrusts YouTube's censorship.

At his blog on corporate competition, Matt Stoller proclaims that the Rogan deal means the death of independent podcasting. While I agree that podcasts circa 2017-2020 are in a state similar to the web in the 2000s, I don't agree this means the death of all independent podcasting - but it will be much harder for their creators to find audiences and revenues as Spotify becomes the primary gatekeeper. This is what happened with blogs between 2008 and 2015 as social media took over.

Both Carman's and Stoller's predictions are grim: that podcasts will go the way of today's web and become a vector for data collection and targeted advertising. Carman, however, imagines some survival for a privacy-protecting, open ecosystem of podcasts. I want to believe this. But, like blogging now, that ecosystem will likely have to find a new business model.

Illustrations: 1930s vacuum tube radio (via Joe Haupte).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 15, 2020


Thumbnail image for sidewalklabs-streetcrossing.pngIn the last few weeks, unlike any other period in the 965 (!) previous weeks of net.wars columns: there were *five* pieces of (relatively) good news in the (relatively) restricted domain of computers, freedom, and privacy.

One: Google sibling Sidewalk Labs has pulled out of the development it had planned with Waterfront Toronto. This project has been contentious ever since the contract was signed in 2017 to turn a 12-acre section of Toronto's waterfront into a data-driven, sensor-laden futuristic city. In 2018, leading Canadian privacy pioneer Ann Cavoukian quit the project after Sidewalk Labs admitted that instead of ensuring the data it collected wouldn't be identifiable it actually would grant third parties access to it. At a panel on smart city governance at Computers, Privacy, and Data Protection 2019, David Murakami Wood gave the local back story (go to 43:30) on the public consultations and the hubris on display. Now, blaming the pandemic-related economic conditions, Sidewalk Labs has abandoned the plan altogether; its public opponents believe the scheme was really never viable in the first place. This is good news, because although technology can help some of urban centers' many problems, it should always be in the service of the public, not an opportunity for a private company to seize control.

Two: The Internet Corporation for Assigned Names and Numbers has rejected the Internet Society's proposal to sell PIR, the owner of the .org generic top-level domain, to the newly created private equity firm Ethos Capital, Timothy B. Lee reports at Ars Technica. Among its concerns, ICANN cited the $360 million in debt that PIR would have been required to take on, Ethos' lack of qualifications to run such a large gTLD, and the lack of transparency around the whole thing. The decision follows an epistolary intervention by California's Attorney General, who warned ICANN that it thought that the deal "puts profit above the public interest" and that ICANN was "abandoning its core duty to protect the public interest". As the overseer of both it (as a non-profit) and the sale, the AG was in a position to make its opinion hurt. At the time when the sale was announced, the Internet Society claimed there were other suitors. Perhaps now we'll find out who those were.

Three: The textbook publishers Cengage and McGraw-Hill have abandoned their plan to merge, saying that antitrust enforcers' requirements that they divest their overlapping businesses made the merger uneconomical. The plan had attracted pushback from students, consumer groups, libraries, universities, and bookstores, as well as lawmakers and antitrust authorities.

Four: Following a similar ruling from the UK Intellectual Property Office, the US Patent and Trademark Office has rejected two patents listing the Dabus AI system as the inventor. The patent offices argue that innovations must be attributed to humans in order to avoid the complications that would arise from recognizing corporations as inventors. There's been enough of a surge in such applications that the World Intellectual Property Organization held a public consultation on this issue that closed in February. Here again my inner biological supremacist asserts itself: I'd argue that the credit for anything an AI creates belongs with the people who built the AI. It's humans all the way down.

Five: The US Supreme Court has narrowly upheld the right to freely share the official legal code of the state of Georgia. Carl Malamud, who's been liberating it-ought-to-be-public data for decades - he was the one who first got Securities and Exchange Commission company reports online in the 1990s, and on and on - had published the Official Code of Georgia Annotated. The annotations in question, which include summaries of judicial opinions, citations, and other information about the law, are produced by Lexis-Nexus under contract to the state of Georgia. No one claimed the law itself could be copyrighted, but the state argued it owned copyright in the annotations, with Lexis-Nexus as its contracted commercial publisher. The state makes no other official version of its code available, meaning that someone consulting the non-annotated free version Lexis-Nexus does make available would be unaware of later court decisions rejecting parts of some of the laws the legislature passed. So Malamud paid the hundreds of dollars to buy a full copy of the official annotated version, and published it in full on his website for free access. The state sued. Public.Resource lost in the lower courts but won on appeal - and, in a risky move, urged the Supreme Court to take the case and set the precedent. The vote went five to four. The impact will be substantial. Twenty-two other states publish their legal code under similar arrangements with Lexis-Nexus. They will now have to rethink.

All these developments offer wins for the public in one way or another. None should be cause for complacence. Sidewalk Labs and other "surveillance city" purveyors will try again elsewhere with less well-developed privacy standards - and cities still have huge problems to solve. The future of .org, the online home for the world's non-profits and NGOs, is still uncertain. Textbook publishing is still disturbingly consolidated. The owners of AIs will go on seeking ways to own their output. And ensuring that copyright does not impede access to the law that governs those 23 American states does not make those laws any more just. But, for a brief moment, it's good.


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

This week's net.wars, "Quincunx", wakes up to discover a confluence of (relatively) good news in the last few weeks of computers, freedom, and privacy:

May 1, 2020

A life in three lockdowns

squires-rainbow.jpg"For most people it's their first lockdown," my friend Eva said casually a couple of weeks ago. "It's my third."

Third? Third?!

Eva is Eva Pascoe, whose colorful life story so far includes founding London's first cybercafe in 1994, setting up Cybersalon as a promulgator of ideas and provocations, and running a consultancy for retailers. She drops hints of other activities: mining cryptocurrencies in Scandinavia using renewable energy, for example. I'm fairly sure it's all true.

So: three lockdowns.

Eva's first lockdown was in 1981, when the Communist Party in her home country, Poland, decided to preempt Russian intervention against the Solidarity workers' movement and declared martial law. One night the country's single TV channel went blank; the next morning they woke up to sirens and General Wojciech Jaruzelski banning public gatherings and instituting a countrywide curfew under which no one could leave their house after 6pm. Those restrictions still left everyone going to work every day and, as it turned out crucially, kept the churches open for business.

Her second was in 1987, and was unofficial. On April 26, 1986, her nuclear physics student flatmate noticed that the Geiger counter in his lab at Warsaw's Nuclear Institute was showing extreme - and consistent - levels of radiation. The Russian Communist Party was saying nothing, and the rest of Poland wouldn't find out until four days later, but Chernobyl had blown up. Physicists knew and spread the news by word of mouth. The drills they'd had in Polish schools told them what to do: shelter indoors, close all windows, admit no fresh air. Harder was getting others to trust their warnings at a time without mobile phones and digital cameras to show the Geiger counter's readings.

Those two lockdowns had similarities. First, they were abrupt, arriving overnight with no time to prepare. That posed a particular difficulty in the second lockdown, when outside food couldn't be trusted because of radioactive fallout, and it wasn't clear whether the water in the taps was safe. "As in COVID-19," she wrote in a rough account I asked her to create, "we had to protect against an invisible enemy with no clear knowledge of the surface risks already in the flat, and no ability to be sure when the danger passes." After 14 days, with no sick pay available, they had to re-emerge and go to work. With the Communist Party still suggesting the radiation was mostly harmless, "In the absence of honest government information, many myths about cures for fallout circulated, some looking more promising than others."

Their biggest asset in both lockdowns was the basement tunnels that connect Warsaw's ten-story blocks of flats, each equipped with six to ten entrances leading to separate staircases. A short run through these corridors enabled inhabitants to connect with the hundreds of other people in the same block when it was too dangerous to go outside. Even under martial law, with deaths and thousands of arrests on the streets, mostly of Solidarity activists, those basement corridors enabled parties featuring home-brewed beer and vodka, pickled cabbage, mushrooms, and herring, and "sausages smuggled in from Grandma's house in the countryside". Most important was the vodka.

The goal of martial law was to stop the spread of ideas, in this case, the Polish freedom movement. The connections made in those basement corridors - and the churches - ensured it failed. After 18 months, the lockdown ended because it was unsustainable. Communist rule ended in 1989, as in many other eastern European countries.

Chernobyl's effects were harder to shake. When the government eventually admitted the explosion had taken place, it downplayed the danger, suggesting that vegetables would be safe to eat if scrubbed with hot water, that the level of radiation was about the same as radon - at the time, thought to be safe - and insisted the population should participate in the May 1 Labor Day marches. Eventually, Polish leaders broke ranks, advised people to stay at home and stop eating food from the affected 40% of Poland, and organized supplies of Lugol for young people to try to mitigate the effects of the radioactive iodine Chernobyl had spread. Eva, a few years too old to qualify, calls her Hashimoto's thyroiditis "a lifelong reminder of why we must not blindly trust government health advice during large-scale medical emergencies".

Eva's lessons: always have a month's supply of food stocks; make friends with virologists, as this will not be our last pandemic; buy a gas mask and make sure everyone knows how to put it on. Most important, buy home-brew equipment. "It not only helps to pass time, but alcohol becomes a currency when the value of money disappears."

This lockdown gave us advance notice; if you were paying attention, you could see it forming on the horizon a month out. Anyone who was stocked for a no-deal Brexit was already prepared. But ironically, the thing that provided safety, society, and survival during Eva's first two lockdowns would be lethal if applied in this one, which finds her in a comfortable London house with a partner and two children. Basement tunnels connecting households would be spreading disease and death, not ideas and safety in which to hatch them. Our tunnels are the Internet and social media; our personal connections are strengthening, even with hugs on pause.

Illustrations: Sign posted on the front door of a local shop that had to close temporarily.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

April 17, 2020

Anywhere but here

Jacinda_Ardern_at_the_University_of_Auckland_(cropped).jpgThe international comparisons that feature in every chart of infection curves are creating a new habit. Expatriates are unusually prone to this sort of thing anyway, as I've written before, but right now almost everyone appears to have some form of leader envy. Eventually, history will judge, but for now the unquestioned leader on the leader leaderboard is New Zealand prime minister Jacinda Ardern, who this week followed up her decisive and undeniably effective early action by taking a 20% pay cut in solidarity with her country's workers. Also much admired this week - even subtitled! - is Germany's Angela Merkel, whose press conference explaining that small margins in infection rates make huge differences when translated into hospital beds over time, was widely circulated for its honest clarity. Late yesterday New York state governor Andrew Cuomo appeared to have copied it for his own presentation.

Cuomo's daily briefings have become must-see-TV for many of us with less forthcoming leaders; they start with facts, follow with frank interpretation, and end with rambling empathy. Cuomo's rise - which has led many to wonder why he wasn't a presidential candidate - is greeted more cautiously among New York state residents and by those who note the effectiveness of governors Jay Inslee (Washington) and Gavin Newsom (California)). On Sunday's edition of Last Week Tonight, John Oliver said, "I never really liked Andrew Cuomo before this, but I will admit he's doing admirably well, and I can't wait to get to the other side of this when I can go back to being irritated by him again.". He may already have his chance: yesterday evening Cuomo announced he'd signed up McKinsey to plan a strategy for ending the lockdown. Meanwhile, in a tiny unrepresentative sample of local contacts "what world leader do you wish you had in this crisis?", the only British leader mentioned was Scottish first minister Nicola Sturgeon. Only the US federal vacuum can make us feel better about our present government.


One unexpected entertainment in this unfolding disaster is the peeks inside people's homes afforded by their appearances on TV or Zoom. I am finally getting to browse at least a small portion of the bookshelves and artwork or admire the ceiling cornices belonging to people I've known for decades but have never had the chance to visit. How TV commentators set themselves up is revealing, too. Adam Schiff appears to unfortunately dress his broadcast corner like a stage set. And one MSNBC commentator sits in an immaculate kitchen, the expanse of whiteness broken only by a pink dishtowel whose movements are fun to chart. Presumably, right before broadcast someone goes through frantically cleaning.


This year appears to be the Year of New York. Even before the pandemic, the first Democratic presidential primaries were (however briefly) dominated by three 70-something New Yorkers: Michael Bloomberg, an aristocrat from Manhattan's Upper East Side (even if he was nominally born in Boston), whose campaign ads were expensive but entertaining; Bernie Sanders, whom no amount of Vermont-washing can change from an unmistakable Brooklyn Jew; and Donald Trump, the kid from Queens. In the Washington Post in February - so long ago! - Howard Fineman highlighted this inter-borough dispute and concluded: "The civil way to settle this is to put Trump, Sanders, and Bloomberg on a Broadway park bench and let them argue politics while they feed the pigeons." Two months on, the most visible emerging US leaders in the pandemic are Fauci, Brooklyn-born of Italian descent; Cuomo, Queens-born, also of Italian descent; and Trump.

Fauci was already a familiar name to readers of what a friend calls "plague books". He has been director of the National Institute of Allergy and Infectious Diseases since 1984, and played a crucial role in the AIDS crisis (see Randy Shilts' 1987 book, And the Band Played On) and ebola epidemic (see Laurie Garrett's 1995 title, The Coming Plague), and on and on to today. When he emerged as a member of the White House task force, the natural reaction was, "Of course" and "Thank God". And then: "How old is he, anyway?" He is 79 and looks incredibly fit. Still, one frets. Does he have to be kept standing there mute for two hours? He could be sleeping. He could be working. He could be...well, doing almost anything else, more usefully. We are all incredibly lucky to have him and he should be treated as a precious resource.


The loss of things to go to that provoke ideas for things to write about has me scrambling around the Internet looking for virtual stand-ins. For those interested in net.wars-type issues (and why else would you be here?), the Open Rights Group is hosting a weekly discussion group on Fridays at 16:30 London time (that is BST, or GMT+1), and ORG offshoots such as ORG Glasgow are also holding virtual events. I can also recommend the Meetup group London Futurists, which is hosting regular discussions that sound crazier than they actually are. Further afield, I'm sampling events in New York at Data & Society, and in California, at UC Berkeley's Center for Law & Technology. Why not? Anything with live humans trying to think about hard problems, and I'm there. Virtually.

Illustrations: New Zealand prime minister Jacinda Ardern campaigning in 2017 (Brigitte Neuschwander-Kasselordner, via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

March 20, 2020

The beginning of the world as we don't know it

magnolia-1.jpgOddly, the most immediately frightening message of my week was the one from the World Future Society, subject line "URGENT MESSAGE - NOT A DRILL". The text began, "The World Future Society over its 60 years has been preparing for a moment of crisis like this..."

The message caused immediate flashbacks to every post-disaster TV show and movie, from The Leftovers (in which 2% of the world's population mysteriously vanishes) to The Last Man on Earth (in which everyone who isn't in the main cast has died of a virus). In my case, it also reminds unfortunately of the very detailed scenarios I saw posted in the late 1990s to the Usenet newsgroup, in which survivalists were certain that the Millennium Bug would cause the collapse of society. In one scenario I recall, that collapse was supposed to begin with the banks failing, pass through food riots and cities burning, and end with four-fifths of the world's population dead: the end of the world as we know it (TEOTWAWKI). So what I "heard" in the World Future Society's tone was that the "preppers", who built bunkers, stored sacks of beans, rice, dried meat, and guns, were finally right and this was their chance to prove it.

Naturally, they meant no such thing. What they *did* mean was that futurists have long thought about the impact of various types of existential risks, and that what they want is for as many people as possible to join their effort to 1) protect local government and health authorities, 2) "co-create back-up plans for advanced collaboration in case of societal collapse", and 3) collaborate on possible better futures post-pandemic. Number two still brings those flashbacks, but I like the first goal very much, and the third is on many people's minds. If you want to see more, it's here.

It was one of the notable aspects of the early Internet that everyone looked at what appeared to be a green field for development and sought to fashion it in their own desired image. Some people got what they wanted: China, for example, defying Western pundits who claimed it was impossible, successfully built a controlled national intranet. Facebook, while coming along much later, through zero rating deals with local telcos for its Free Basics, is basically all the Internet people know in countries like Ghana and the Philippines, a phenomenon Global Voices calls "digital colonialism". Something like that mine-to-shape thinking is visible here.

I don't think WFS meant to be scary; what they were saying is in fact what a lot of others are saying, which is that when we start to rebuild after the crisis we have a chance - and a need - to do things differently. At Wired, epidemiologist Larry Brilliant tells Steven Levy he hopes the crisis will "cause us to reexamine what has caused the fractional division we have in [the US]".

At Singularity University's virtual summit on COVID-19 this week, similar optimism was on display (some of it probably unrealistic, like James Ehrlich's land-intensive sustainable villages). More usefully, Jamie Metzl compared the present moment to 1941, when US president Franklin Delano Roosevelt began to imagine how the world might be reshaped after the war would end in the Atlantic charter. Today, Metzl said, "We are the beneficiaries of that process." Therefore, like FDR we should start now to think about how we want to shape our upcoming different geopolitical and technological future. Like net.wars last week and John Naughton at the Guardian, Metzl is worried that the emergency powers we grant today will be hard to dislodge later. Opportunism is open to all.

I would guess that the people who think it's better to bail out businesses than support struggling people also fear permanence will become true of the emergency support measures being passed in multiple countries. One of the most surreal aspects of a surreal time is that in the space of a few weeks actions that a month ago were considered too radical to live are suddenly happening: universal basic income, grounding something like 80% of aviation, even support for *some* limited free health care and paid sick leave in the US.

The crisis is also exposing a profound shift in national capabilities. China could build hospitals in ten days; the US, which used to be able to do that sort of thing, is instead the object of charity from Chinese billionaire Alibaba founder Jack Ma, who sent over half a million test kits and 1 million face masks.

Meanwhile, all of us, with a few billionaire exceptions are turning to the governments we held in so little regard a few months ago to lead, provide support, and solve problems. Libertarians who want to tear governments down and replace all their functions with free-market interests are exposed as a luxury none of us can afford. Not that we ever could; read Paulina Borsook's 1996 Mother Jones article Cyberselfish if you doubt this.

"It will change almost everything going forward," New York State governor Andrew Cuomo said of the current crisis yesterday. Cuomo, who is emerging as one of the best leaders the US has in an emergency, and his counterparts are undoubtedly too busy trying to manage the present to plan what that future might be like. That is up to us to think about while we're sequestered in our homes.

Illustrations:: A local magnolia tree, because it *is* spring.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 10, 2020

The forever bug

Bug_de_l'an_2000.jpgY2K is back, and this time it's giggling at us.

For the past few years, there's been a growing drumbeat on social media and elsewhere to the effect that Y2K - "the year 2000 bug" - never happened. It was a nothingburger. It was hyped then, and anyone saying now it was a real thing is like, ok boomer.

Be careful what old averted messes you dismiss; they may come back to fuck with you.

Having lived through it, we can tell you the truth: Y2K *was* hyped. It was also a real thing that was wildly underestimated for years before it was taken as seriously as it needed to be. When it finally registered as a genuine and massive problem, millions of person-hours were spent remediating software, replacing or isolating systems that couldn't be fixed, and making contingency and management plans. Lots of things broke, but, because of all that work, nothing significant on a societal scale. Locally, though, anyone using a computer at the time likely has a personal Y2K example. In my own case, an instance of Quicken continued to function but stopped autofilling dates correctly. For years I entered dates manually before finally switching to GnuCash.

The story, parts of which Chris Stokel-Walker recounts at New Scientist, began in 1971, when Bob Bemer published a warning about the "Millennium Bug", having realized years earlier that the common practice of saving memory space by using two digits instead of four to indicate the year was storing up trouble. He was largely ignored, in part, it appeared, because no one really believed the software they were writing would still be in use decades later.

It was the mid-1990s before the industry began to take the problem seriously, and when they did the mainstream coverage broke open. In writing a 1997 Daily Telegraph article, I discovered that mechanical devices had problems, too.

We had both nay-sayers, who called Y2K a boondoggle whose sole purpose was to boost the computer industry's bottom line, and doommongers, who predicted everything from planes falling out of the sky to total societal collapse. As Damian Thompson told me for a 1998 Scientific American piece (paywalled), the Millennium Bug gave apocalyptic types a *mechanism* by which the crash would happen. In the Usenet newsgroup, I found a projected timetable: bank systems would fail early, and by April 1999 the cities would start to burn... When I wrote that society would likely survive because most people wanted it to, some newsgroup members called me irresponsible, and emailed the editor demanding he "fire this dizzy broad". Reconvening ten years later, they apologized.

Also at the extreme end of the panic spectrum was the then-head of Deutsche Bank, Ed Yardeni, who repeatedly predicted that Y2K would cause a worldwide recession; it took him until 2002 to admit his mistake, crediting the industry's hard work.

It was still a real problem, and with some workarounds and a lot of work most of the effects were contained, if not eliminated. Reporters spent New Year's Eve at empty airports, in case there was a crash. Air travel that night, for sure, *was* a nothingburger. In that limited sense, nothing happened.

Some of those fixes, however, were not so much fixes as workarounds. One of these finessed the rollover problem by creating a "window" and telling systems that two-digit years fell between 1920 and 2020, rather than 1900 and 2000. As the characters on How I Met Your Mother might say: "It's a problem for Future Ted and Future Marshall. Let's let those guys handle it."

So, it's 2020, we've hit the upper end of the window, the bug is back, and Future Ted and Future Marshall are complaining about Past Ted and Past Marshall, who should have planned better. But even if they had...the underlying issue is temporary thinking that leads people to still - still, after all these decades - believe that today's software will be long gone 20 years from now and therefore they need only worry about the short term of making it work today.

Instead, the reality is, as we wrote in 2014, that software is forever.

That said, the reality is also that Y2K is forever, because if the software couldn't be rewritten to take a four-digit year field in 1999 it probably can't be today, either. Everyone stresses the need to patch and update software, but a lot - for an increasing value of "a lot" as Internet of Things devices come on the market with no real idea of how long they were be in service - of things can't be updated for one reason or another. Maybe the system can't be allowed to go down; maybe it's a bespoke but crucial system whose maintainers are long gone; maybe the software is just too fragile and poorly documented to change; maybe old versions propagated all over the place and are laboring on in places where they've simply been forgotten. All of that is also a reason why it's not entirely fair for Stokel-Walker to call the old work "a lazy fix". In a fair percentage of cases, creating and moving the window may have been the only option.

But fret ye not. We will get through this. And then we can look forward to 2038, when the clocks run out in Linux. Future Ted and Future Marshall will handle it.

Illustrations: Millennium Bug manifested at a French school (via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 3, 2020

Chronocentric circles

We wrapped up 2018 with a friend's observation that there was no excitement around technology any more; we conclude the Year of the Bedbug with the regularly heard complaint that the Internet isn't *fun* any more. The writer of this last piece, Brian Koerber, is at least a generation later in arriving online than I was, and he's not alone: where once the Internet was a venue for exploring the weird and unexpected and imagining a hopeful future, increasingly it's a hamster wheel of the same few, mostly commercial, sites and services, which may be entertaining but do not produce any sense of wonder in their quest to exploit us all. Phillip Maciak expands the trend by mourning the death of innovative web publishing, while Abid Omar calls today's web an unusable, user-hostile wasteland. In September, Andres Guadamuz wondered if boredom would kill the Internet; we figure it's a tossup between that and the outrageous energy consumption.

The feeling of sameness is exacerbated by the fact that so many of this year's stories have been mutatis mutandis variations on those of previous years. Smut-detecting automated bureaucrats continue to blame perfectly good names for their own deficiencies, 25 years after AOLbarred users from living in Scunthorpe; the latest is Lyft. Less amusingly, for the ninth year in a row, Freedom House finds that global Internet freedom has declined; of the 65 countries it surveys, only 16 have seen improvement, and that only marginal.

Worse, the year closed with the announcement of perhaps the most evil invention of recent years, the toilet designed to deter lingering. "Most evil", because the meanness is intentional, rather than the result of a gradual drift away from founding values.

Meanwhile, the EU passed a widely disliked copyright-tightening bill. The struggle to change it from threat to opportunity burned out yet another copyright warrior; now-former MEP Julia Reda. It appears increasingly impossible to convince national governments that there is no such thing as a hole - in a wall or in encryption software - that only "good guys" can use (and still less that "good guys" is entirely in the eyes of the beholder). After four years of effort to invent mechanisms for it, age verification may have died...or it may come back as a "duty of care" in whatever legislation builds upon the Online Harms white paper - or in the EU's Audiovisual Media Services Directive. And, nearly three years on, US sites are still ghosting EU residents for fear of GDPR and its potentially massive fines. With the January 1 entry into force of the California Consumer Privacy Act, the US west coast seems set to join us. Hot times for corporate lawyers!

The most noticeable end-of-year trend, however, has been the return of the decade as a significant timeframe and the future as ahead of us. In 2010, the beginning of a decade in which people went from boasting about their smartphones to boasting about how little they used them, no one mentioned the end-of-decade, perhaps because we were all still too startled to be living in the third millennium and the 21st century, known as "the future" for the first decades of my life. Alternatively, perhaps, as a friend suggests, it's because the last couple of years have been so exhausting and depressing that people are clinging to anything that suggests we might now be in for something new.

At Vanity Fair, Nick Bolton has a particularly disturbing view of 2030, and he doesn't even consider climate change, water supplies, the rise of commercial podcasts or cybersecurity.

I would highlight instead a couple of small green shoots of optimism. The profligate wastage exposed by the WeWork IPO appears to be sparking a very real change in both the Silicon Valley venture capital funding ethos (good) and the cost basis of millennial lifestyles (more difficult), or "counterfeit capitalism", as Matt Stoller calls it. Even Wired is suggesting that the formerly godlike technology company founder is endangered. Couple that with 2019's dramatic and continuing rise in employee activism within technology companies and increasing regulatory pressure, particularly on Uber and Airbnb, and there might be some cause to hope for change. Even though company founders like Mark Zuckerberg and Sergey Brin and Larry Page have made themselves untouchable by controlling the majority of voting shares in their companies, they won't *have* companies if they can't retain the talent. The death of the droit de genius ethos that the Jeffrey Epstein case exposed can't come soon enough.

I also note the sudden rebirth of personal and organizational online forums, based on technology such as Mastodon and Soapbox. Some want to focus on specific topics and restrict members to trusted colleagues; some want a lifeboat (paywall) in case of a Twitter ban; WT Social wants to change the game away from data exploitation. Whether any of thesewill have staying power is an open question; a decade ago, when Diaspora, tried to decentralize social media, it failed to gain traction. This time round, with greater consciousness of the true price of pay-with-data "free" services, these return-to-local efforts may have better luck.

Happy new year.

Illustrations:Roborovski hamster (via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 21, 2019

The choices of others

vlcsnap-2019-11-21-21h32m40s545.pngFor the last 30 years, I've lived in the same apartment on a small London street. So small, in fact, that even though London now has so many CCTV cameras - an estimated 627,707 - that the average citizen is captured on camera 300 times a day, it remains free of these devices. Camera surveillance and automated facial recognition are things that happen when I go out to other places.

Until now.

It no longer requires state-level resources to put a camera in place to watch your front door. This is a function that has been wholly democratized. And so it is that my downstairs neighbors, whose front door is side by side with mine, have inserted surveillance into the alleyway we share via an Amazon Ring doorbell.

Now, I understand there are far worse things, both as neighbors go and as intrusions go. My neighbors are mostly quiet. We take in each other's packages. They would never dream of blocking up the alleyway with stray furniture. And yet it never occurred to them that a 180-degree camera watching their door is, given the workings of physics and geography, also inevitably watching mine. And it never occurred to them to ask me whether I minded.

I do mind.

I have nothing to hide, and I mind.

Privacy advocates have talked and written for years about the many ways that our own privacy is limited by the choices of others. I use Facebook very little - but less-restrained friends nonetheless tag me in photographs, and in posts about shared activities. My sister's decision to submit a DNA sample to a consumer DNA testing service in order to get one of those unreliable analyses of our ancestry inevitably means that if I ever want to do the same thing the system will find the similarity and identify us as relatives, even though it may think she's my aunt.

We have yet to develop social norms around these choices. Worse, most people don't even see there's a problem. My neighbor is happy and enthusiastic about the convenience of being able to remotely negotiate with package-bearing couriers and be alerted to possible thieves. "My office has one," he said, explaining that they got it after being burgled several times to help monitor the premises.

We live down an alleyway so out of the way that both we and couriers routinely leave packages on our doorsteps all day.

I do not want to fight with my neighbor. We live in a house with just two flats, one up, one down, on a street with just 20 households. There is no possible benefit to be had from being on bad terms. And yet.

I sent him an email: would he mind walking me through the camera's app so I can see what it sees? In response, he sent a short video; the image above, taken from it, shows clearly that the camera sees all the way down the alleyway in both directions.

So I have questions: what does Amazon say about what data it keeps and for how long? If the camera and microphone are triggered by random noises and movements, how can I tell whether they're on and if they're recording?

Obviously, I can read the terms and conditions for myself, but I find them spectacularly unclear. Plus, I didn't buy this device or agree to any of this. The document does make mention of being intended for monitoring a single-family residence, but I don't think this means Amazon is concerned that people will surveil their neighbors; I think it means they want to make sure they sell a separate doorbell to every home.

Examination of the video and the product description reveals that camera, microphone, and recording are triggered by movement next to his - and therefore also next to my - door. So it seems likely that anyone with access to his account can monitor every time I come or go, and all my visitors. Will my privacy advocate friends ever visit me again? How do my neighbors not see why I think this is creepy?

Even more disturbing is the cozy relationship Amazon has been developing with police, especially in the US, where the company has promoted the doorbells by donating units for neighborhood watch purposes, effectively allowing police to build private surveillance networks with no public oversight. The Sun reports similar moves by UK police forces.

I don't like the idea of the police being able to demand copies of recordings of innocent people - couriers, friends, repairfolk - walking down our alleyway. I don't want surveillance-by-default. But as far as I can tell, this is precisely what this doorbell is delivering.

A lawyer friend corrects my impression that GDPR does not apply. The Information Commissioner's Office is clear that cameras should not be pointed at other people's property or shared spaces, and under GDPR my neighbor is now a data controller. My friends can make subject access requests. Even so: do I want to pick a fight with people who can make my life unpleasant? All over the country, millions of people are up against the reality that no matter how carefully they think through their privacy choices they are exposed by the insouciance of other people and robbed of agency not by police or government action but by their intimate connections - their neighbors, friends, and family..

Yes, I mind. And unless my neighbor chooses to care, there's nothing I can practically do about it.

Illustrations: Ring camera shot of alleyway.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

October 18, 2019

I never paid for it in my life

lanier-lrm-2017.jpgSo Jaron Lanier is back, arguing that we should be paid for our data. He was last seen in net.wars two years back, arguing that if people had started by charging for email we would not now be the battery fuel for "behavior modification empires". In a 2018 TED talk, he continued that we should pay for Facebook and Google in order to "fix the Internet".

Lanier's latest disquisition goes like this: the big companies are making billions from our data. We should have some of it. That way lies human dignity and the feeling that our lives are meaningful. And fixing Facebook!

The first problem is that fixing Facebook is not the same as fixing the Internet, a distinction Lanier surely understands. The Internet is a telecommunications network; Facebook is a business. You can profoundly change a business by changing who pays for its services and how, but changing a telecommunications network that underpins millions of organizations and billions of people in hundreds of countries is a wholly different proposition. If you mean, as Lanier seems to, that what you want to change is people's belief that content on the Internet should be free, then what you want to "fix" is the people, not the network. And "fixing" people at scale is insanely hard. Just ask health professionals or teachers. We'd need new incentives,

Paying for our data is not one of those incentives. Instead of encouraging people to think more carefully about privacy, being paid to post to Facebook would encourage people to indiscriminately upload more data. It would add payment intermediaries to today's merry band of people profiting from our online activities, thereby creating a whole new class of metadata for law enforcement to claim it must be able to access.

A bigger issue is that even economists struggle to understand how to price data; as Diane Coyle asked last year, "Does data age like fish or like wine?" Google's recent announcement that it would allow users to set their browser histories to auto-delete after three or 12 months has been met by the response that such data isn't worth much three months on, though the privacy damage may still be incalculable. We already do have a class of people - "influencers" - who get paid for their social media postings, and as Chris Stokel-Walker portrays some of their lives, it ain't fun. Basically, while paying us all for our postings would put a serious dent into the revenues of companies like Google, and Facebook, it would also turn our hobbies into jobs.

So a significant issue is that we would be selling our data with no concept of its true value or what we were actually selling to companies that at least know how much they can make from it. Financial experts call this "information asymmetry". Even if you assume that Lanier's proposed "MID" intermediaries that would broker such sales will rapidly amass sufficient understanding to reverse that, the reality remains that we can't know what we're selling. No one happily posting their kids' photos to Flickr 14 years ago thought that in 2014 Yahoo, which owned the site from 2005 to 2015, was going to scrape the photos into a database and offer it to researchers to train their AI systems that would then be used to track protesters, spy on the public, and help China surveil its Uighur population.

Which leads to this question: what fire sales might a struggling company with significant "data assets" consider? Lanier's argument is entirely US-centric: data as commodity. This kind of thinking has already led Google to pay homeless people in Atlanta to scan their faces in order to create a more diverse training dataset (a valid goal, but oh,.the execution).

In a paywalled paper for Harvard Business Review, Lanier apparently argues that instead he views data as labor. That view, he claims, opens the way to collective bargaining via "data labor unions" and mass strikes.

Lanier's examples, however, are all drawn from active data creation: uploading and tagging photos, writing postings. Yet much of the data the technology companies trade in is stuff we unconsciously create - "data exhaust" - as we go through our online lives: trails of web browsing histories, payment records, mouse movements. At Tech Liberation, Will Rinehart critiques Lanier's estimates, both the amount (Lanier suggests a four-person household could gain $20,000 a year) and the failure to consider the differences between and interactions among the three classes of volunteered, observed, and inferred data. It's the inferences that Facebook and Google really get paid for. I'd also add the difference between data we can opt to emit (I don't *have* to type postings directly into Facebook knowing the company is saving every character) and data we have no choice about (passport information to airlines, tax data to governments). The difference matters: you can revise, rethink, or take back a posting; you have no idea what your unconscious mouse movements reveal and no ability to edit them. You cannot know what you have sold.

Outside the US, the growing consensus is that data protection is a fundamental human right. There's an analogy to be made here between bodily integrity and personal integrity more broadly. Even in the US, you can't sell your kidney. Isn't your data just as intimate a part of you?

Illustrations: Jaron Lanier in 2017 with Luke Robert Mason (photo by Eva Pascoe).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

October 11, 2019

The China syndrome

800px-The_Great_wall_-_by_Hao_Wei.jpgAbout five years ago, a friend commented that despite the early belief - promulgated by, among others, then-US president Bill Clinton and vice-president Al Gore - that the Internet would spread democracy around the world, so far the opposite seemed to be the case. I suggested perhaps it's like the rising sea level, where local results don't give the full picture.

Much longer ago, I remember wondering how Americans would react when large parts of the Internet were in Chinese. My friend shrugged. Why should they care? They don't have to read them.

This week's news shows that we may both have been wrong in both cases. The reality, as the veteran technology journalist Charles Arthur suggested in the Wednesday and Thursday editions of his weekday news digest, The Overspill, is that the Hong Kong protests are exposing and enabling the collision between China's censorship controls and Western standards for free speech, aided by companies anxious to access the Chinese market. We may have thought we were exporting the First Amendment, but it doesn't apply to non-government entities.

It's only relatively recently that it's become generally acknowledged that governments can harness the Internet themselves. In 2008, the New York Times thought there was a significant domestic backlash against China's censors; by 2018, the Times was admitting China's success, first in walling off its own edited version of the Internet, and second in building rival giant technology companies and speeding past the US in areas such as AI, smartphone payments, and media creation.

So, this week. On Saturday, Demos researcher Carl Miller documented an ongoing edit war at Wikipedia: 1,600 "tendentious" edits across 22 articles on topics such as Taiwan, Tiananmen Square, and the Dalai Lama to "systematically correct what [officials and academics from within China] argue are serious anti-Chinese biases endemic across Wikipedia".

On Sunday, the general manager of the Houston Rockets, an American professional basketball team, withdrew a tweet supporting the Hong Kong protesters after it caused an outcry in China. Who knew China was the largest international market for the National Basketball Association? On Tuesday, China responded that it wouldn't show NBA pre-season games, and Chinese fans may boycott the games scheduled for Shanghai. The NBA commissioner eventually released a statement saying the organization would not regulate what players or managers say. The Americanness of basketball: restored.

Also on Tuesday, Activision Blizzard suspended Chung Ng Wai, a professional player of the company's digital card game, Hearthstone, after he expressed support for the Hong Kong protesters in a post-win official interview and fired the interviewers. Chung's suspension is set to last for a year, and includes forfeiting his thousands of dollars of 2019 prize money. A group of the company's employees walked out in protest, and the gamer backlash against the company was such that the moderators briefly took the Blizzard subreddit private in order to control the flood of angry posts (it was reopened within a day). By Wednesday, EU-based Hearthstone gamers were beginning to consider mounting a denial-of-service-attack against Blizzard by sending so many subject access requests under the General Data Protection Regulation that it will swamp the company's resources complying with the legal requirement to fulfill them.

On Wednesday, numerous media outlets reported that in its latest iOS update Apple has removed the Taiwan flag emoji from the keyboard for users who have set their location to Hong Kong or Macau - you can still use the emoji, but the procedure for doing so is more elaborate. (We will save the rant about the uselessness of these unreadable blobs for another time.)

More seriously, also on Wednesday, the New York Times reported that Apple has withdrawn the app that Hong Kong protesters were using to track police after China's state media accusing and protecting the protesters.

Local versus global is a long-standing variety of net.war, dating back to the 1991 Amateur Action bulletin board case. At Stratechery, Ben Thompson discusses the China-US cultural clash, with particular reference to TikTok, the first Chinese company to reach a global market; a couple of weeks ago, the Guardian revealed the site's censorship policies.

Thompson argues that, "Attempts by China to leverage market access into self-censorship by U.S. companies should also be treated as trade violations that are subject to retaliation." Maybe. But American companies can't win at this game.

In her recent book, The Big Nine, Amy Webb discusses China AI advantage as it pours resources and, above all, data into becoming the world leader via Baidu, Ali Baba, and Tencent, which have grown to rival Google, Amazon, and Facebook, without ever needing to leave home. Beyond that, China has been spreading its influence by funding telecommunications infrastructure. The Belt and Road initiative has projects in 152 countries. In this, China is taking advantage of the present US administration's inward turn and worldwide loss of trust.

After reviewing the NBA's ultimate decision, Thompson writes, "I am increasingly convinced this is the point every company dealing with China will reach: what matters more, money or values?" The answer will always be money; whose values count will depend on which market they can least afford to alienate. This week is just a coincidental concatenation of early skirmishes; just wait for the Internet of Things.

Illustrations: The Great Wall of China (by Hao Wei, via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 23, 2019


rotated-gchq-secure-phone.jpegFor many reasons, I've never wanted to use my mobile phone for banking. For one thing, I have a desktop machine with three 24-inch monitors and a full-size functioning keyboard; why do I want to poke at a small screen with one finger?

Even if I did, the corollary is that mobile phones suck for typing passwords. For banking, you typically want the longest and most random password you can generate. For mobile phone use, you want something short, easy to remember and type. There is no obvious way to resolve this conflict, particularly in UK banking, where you're typically asked to type in three characters chosen from your password. It is amazingly easy to make mistakes counting when you're asked to type in letter 18 of a 25-character random string. (Although: I do admire the literacy optimism one UK bank displays when it asks for the "antepenultimate" character in your password. It's hard to imagine an American bank using this term.)

Beyond that, mobile phones scare me for sensitive applications in general; they seem far too vulnerable to hacking, built-in vulnerabilities, SIM swapping, and, in the course of wandering the streets of London, loss, breakage, or theft. So mine is not apped up for social media, ecommerce, or anything financial. I accept that two-factor authentication is a huge step forward in terms of security, but does it have to be on my phone? In this, I am, of course, vastly out of step with the bulk of the population, who are saying instead: "Can't it be on my phone?" What I want, however, is a 2FA device I can turn off and stash out of harm's way in a drawer at home. That approach would also mean not having to give my phone number to an entity that might, like Facebook has in the past, coopt it into their marketing plans.

So, it is with great unhappiness that I discover that the combination of the incoming Payment Services Directive 2 and the long-standing effort to get rid of cheques are combining to force me to install a mobile banking app.

PSD2 possibly will may perhaps not have been the antepenultimate gift from the EU28. At Wired, Laurie Clark explains the result of the directive's implementation, which is that ecommerce sites, as well as banks, must implement two-factor authentication (2FA) by September 14. Under this new regime, transactions above £30 (about $36.50, but shrinking by the Brexit-approaching day) will require customers to prove at least two of the traditional three security factors: something they have (a gadget such as a smart phone, a specific browser on a specific machine, or a secure key,, something they know (passwords and the answers to secondary questions), and something they are (biometrics, facial recognition). As Clark says, retailers are not going to love this, because anything that adds friction costs them sales and customers.

My guess is that these new requirements will benefit larger retailers and centralized services at the expense of smaller ones. Paypal, Amazon, and eBay already have plenty of knowledge about their customers to exploit to be confident of the customer's identity. Requiring 2FA will similarly privilege existing relationships over new ones.

So far, retail sites don' t seem to be discussing their plans. UK banking sites, however, began adopting 2FA some years ago, mostly in the form of secure keys that they issued and replaced as needed - credit card-sized electronic one-time pads. Those sites now are simply dropping the option of logging on with limited functionality without the key. These keys have their problems - especially non-inclusive design with small, fiddly keys and hard-to-read LCD screens - but I liked the option.

Ideally, this would be a market defined by standards, so people could choose among different options - such as the Yubikey, Where the banks all want to go, though, is to individual mobile phone apps that they can also use for marketing and upselling. Because of the broader context outlined above, I do not want this.

One bank I use is not interested in my broader context, only its own. It has ruled: must download app. My first thought was to load the app onto my backup, second-to-last phone, figuring that its unpatched vulnerabilities would be mitigated by its being turned off, stuck in a drawer, and used for nothing else. Not an option: its version of Android is two decimal places too old. No app for *you*!

At Bentham's Gaze, Steven Murdoch highlights a recent Which? study that found that those who can't afford, can't use, or don't want smartphones or who live with patchy network coverage will be shut out of financial services.

Murdoch, an expert on cryptography and banking security, argues that by relying on mobile apps banks are outsourcing their security to customers and telephone networks, which he predicts will fail to protect against criminals who infiltrate the phone companies and other threats. An additional crucial anti-consumer aspect is the refusal of phone manufacturers to support ongoing upgrades, forcing obsolescence on a captive audience, as we've complained before. This can only get worse as smartphones are less frequently replaced while being pressed into use for increasingly sensitive functions.

In the meantime, this move has had so little press that many people are being caught by surprise. There may be trouble ahead...


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 2, 2019

Unfortunately recurring phenomena

JI-sunrise--2-20190107_071706.jpgIt's summer, and the current comprehensively bad news is all stuff we can do nothing about. So we're sweating the smaller stuff.

It's hard to know how seriously to take it, but US Senator Josh Hawley (R-MO) has introduced the Social Media Addiction Reduction Technology (SMART) Act, intended as a disruptor to the addictive aspects of social media design. *Deceptive* design - which figured in last week's widely criticized $5 billion FTC settlement with Facebook - is definitely wrong, and the dark patterns site has long provided a helpful guide to those practices. But the bill is too feature-specific (ban infinite scroll and autoplay) and fails to recognize that one size of addiction disruption cannot possibly fit all. Spending more than 30 minutes at a stretch reading Twitter may be a dangerous pastime for some but a business necessity for journalists, PR people - and Congressional aides.

A better approach, might be to require sites to replay the first video someone chooses at regular intervals until they get sick of it and turn off the feed. This is about how I feel about the latest regular reiteration of the demand for back doors in encrypted messaging. The fact that every new home secretary - in this case, Priti Patel - calls for this suggests there's an ancient infestation in their office walls that needs to be found and doused with mathematics. Don't Patel and the rest of the Five Eyes realize the security services already have bulk device hacking?

Ever since Microsoft announced it was acquiring the software repository Github, it should have been obvious the community would soon be forced to change. And here it is: Microsoft is blocking developers in countries subject to US trade sanctions. The formerly seamless site supporting global collaboration and open source software is being fractured at the expense of individual PhD students, open source developers, and others who trusted it, and everyone who relies on the software they produce.

It's probably wrong to solely blame Microsoft; save some for the present US administration. Still, throughout Internet history the communities bought by corporate owners wind up destroyed: CompuServe, Geocities, Television without Pity, and endless others. More recently, Verizon, which bought Yahoo and AOL for its Oath subsidiary (now Verizon Media), de-porned Tumblr. People! Whenever the online community you call home gets sold to a large company it is time *right then* to begin building your own replacement. Large companies do not care about the community you built, and this is never gonna change.

Also never gonna change: software is forever, as I wrote in 2014, when Microsoft turned off life support for Windows XP. The future is living with old software installations that can't, or won't, be replaced. The truth of this resurfaced recently, when a survey by Spiceworks (PDF) found that a third of all businesses' networks include at least one computer running XP and 79% of all businesses are still running Windows 7, which dies in January. In the 1990s the installed base updated regularly because hardware was upgraded so rapidly. Now, a computer's lifespan exceeds the length of a software generation, and the accretion of applications and customization makes updating hazardous. If Microsoft refuses to support its old software, at least open it to third parties. Now, there would be a law we could use.

The last few years have seen repeated news about the many ways that machine learning and AI discriminate against those with non-white skin, typically because of the biased datasets they rely on. The latest such story is startling: Wearables are less reliable in detecting the heart rate of people with darker skin. This is a "huh?" until you read that the devices use colored light and optical sensors to measure the volume of your blood in the vessels at your wrist. Hospital-grade monitors use infrared. Cheaper devices use green light, which melanin tends to absorb. I know it's not easy for people to keep up with everything, but the research on this dates to 1985. Can we stop doing the default white thing now?

Meanwhile, at the Barbican exhibit AI: More than Human...In a video, a small, medium-brown poodle turns his head toward the camera with a - you should excuse the anthropomorphism - distinct expression of "What the hell is this?" Then he turns back to the immediate provocation and tries again. This time, the Sony Aibo he's trying to interact with wags its tail, and the dog jumps back. The dog clearly knows the Aibo is not a real dog: it has no dog smell, and although it attempts a play bow and moves its head in vaguely canine fashion, it makes no attempt to smell his butt. The researcher begins gently stroking the Aibo's back. The dog jumps in the way. Even without a thought bubble you can see the injustice forming, "Hey! Real dog here! Pet *me*!"

In these two short minutes the dog perfectly models the human reaction to AI development: 1) what is that?; 2) will it play with me?; 3) this thing doesn't behave right; 4) it's taking my job!

Later, I see the Aibo slumped, apparently catatonic. Soon, a staffer strides through the crowd clutching a woke replacement.

If the dog could talk, it would be saying "#Fail".

Illustrations: Sunrise from the 30th floor.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 19, 2019

The Internet that wasn't

Bambi-forest.jpgThis week on Twitter, writer and Georgia Tech professor Ian Bogost asked this: "There's a belief that the internet was once great but then we ruined it, but I'm struggling to remember the era of incontrovertible greatness. Lots of arguing from the start. Software piracy. Barnfuls of pornography. Why is the fall from grace story so persistent and credible?"

My reply: "Mostly because most of the people who are all nostalgic either weren't there, have bad memories, or were comfortable with it. Flaming has existed in every online medium that's ever been invented. The big difference: GAFA weren't profiting from it."

Let's expand on that here. Not only was there never a period of peace and tranquility on the Internet, there was never a period of peace and tranquility on the older, smaller, more contained systems that proliferated in the period when you had to dial up and wait through the modems' mating calls. I only got online in 1991, but those 1980s systems - primarily CIX (still going), the WELL (still going), and CompuServe (bought by AOL) - hosted myriad "flame wars". The small CompuServe UK journalism forum I co-managed had to repeatedly eject a highly abusive real-life Fleet Street photographer who obsessively returned with new name, same behavior. CompuServe finally blocked his credit card, an option unavailable to pay-with-data TWIFYS (Twitter-WhatsApp-Instagram-Facebook-YouTube-Snapchat). The only real answer to containing abuse and abusers was and is human moderators.

The quick-trigger abuse endemic on Twitter has persisted since the beginning, as Sara Kiesler and Lee Sproull documented in their 1992 book, Connections, based on years of studies of mailing lists within large organizations. Even people using their real names and job descriptions within a professional context displayed online behavior they would never display offline. The distancing effect appears inherent to the medium and the privacy in which we experience it. Meanwhile, urgency of response rises with each generation. The etiquette books of my childhood recommended rereading angry letters after a day or two before sending; who has the attention span for that now?

Three documented examples of early cyberbullying provide perspective. In Josh Quittner's 1994 Wired story about Usenet, the rec.pets.cats successfully repelled invaders from alt.tasteless when a long-time poster and software engineer taught the others her tools; when she began getting death threats a phone call to the leader's ISP made him back down for fear of losing his Internet access. In Julian Dibbell's A Rape in Cyberspace "Mr Bungle took over another user's avatar in the virtual game space Lambda MOO, and forced it into virtual sex. After inconclusive community consideration, a single administrator quietly expelled Bungle. Finally, in my own piece about Scientology's early approach to the Internet, disputes over disclosing secret scriptures in the newsgroup alt.religion.scientology led to police raids, court cases, and attempts to smother the newsgroup with floods of pro-Scientology postings, also countered by a mix of community practices and purpose-built tools. Nonetheless, even in 1997 in 1997 people complained that tolerating abuse shouldn't be the price of participation.

Software "piracy" was born right alongside the commercial software business. In 1976, a year after Bill Gates and Paul Allen launched Microsoft's first product, a BASIC language interpreter for the early Altair computer, Gates published an open letter to hobbyists begging them to make the new industry viable by buying the software rather than circulate copies. The tug of war over copyrighted material, unauthorized copies, and business models has continued ever since in a straight line from Gates's open letter through Napster to today's battles over the right to repair. The shift moving modifiable software into copyright control was the spark that got Richard Stallman building GNU, the bulk of "Linux".

"Barnfuls of pornography" is slightly exaggerated, especially before search engines simplified finding it. Still, pornography producers are adept at colonizing new technology, from cave paintings to videocassettes, and the Internet was no exception. It was certainly popular: the University of Delft took down its pornography archive because the traffic swamped its bandwidth. In 1994, students protested when Carnegie-Mellon removed sexually explicit newsgroups, and conflicting US states' standards landed Robert and Carleen Thomas in jail.

Some of the Internet's steamy reputation was undeserved. Time magazine's shock-horror 1995 Cyberporn Cyberporn cover story was based on a fraudulent study. That sloppy reporting's fallout included the 1996 passage of the Communications Decency Act, antecedent of today's online harms and age verification.

So why does the myth persist? First, anyone under 35 probably wasn't there. Second, the early Internet was more homogeneous and more open, and you lost less by abandoning a community to create a new one when you mostly interacted with strangers. As previously noted, 1980s online forums did not profit from abuse; today, ramping up "engagement" to fuel ad-bearing traffic is TWIFYS' business model. More important, these scaled-up, closed systems do not offer us the ability to create and deploy tools or enforce our own fine-grained rules.

Crucially, the early Internet seemed *ours* - no expanding privacy policies or data collection. The first spammers, hackers, and virus writers were *amateurs*. Today, as Craig Silverman pointed out on Twitter, "There are tens of thousands of people whose entire job it is to push out spam on Facebook." We were free to imagine this new technology would bring a better world, however dumb that seemed even at the time. The Internet was *magic*.

Tl;dr: human behavior hasn't changed. The Internet hasn't changed. It's just not magic any more.

Illustrations: Bambi, before Man enters the forest.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

April 26, 2019

This house

2001-hal.pngThis house may be spying on me.

I know it listens. Its owners say, "Google, set the timer for one minute," and a male voice sounds: "Setting the timer for one minute."

I think, one minute? You need a timer for one minute? Does everyone now cook that precisely?

They say, "Google, turn on the lamp in the family room." The voice sounds: "Turning on the lamp in the family room." The lamp is literally sitting on the table right next to the person issuing the order.

I think, "Arm, hand, switch, flick. No?"

This happens every night because the lamp is programmed to turn off earlier than we go to bed.

I do not feel I am visiting the future. Instead, I feel I am visiting an experiment that years from now people will look back on and say, "Why did they do that?"

I know by feel how long a minute is. A child growing up in this house would not. That child may not even know how to operate a light switch, even though one of the house's owners is a technical support guy who knows how to build and dismember computers, write code, and wire circuits. Later, this house's owner tells me, "I just wanted a reminder."

It's 16 years since I visited Microsoft's and IBM's visions of the smart homes they thought we might be living in by now. IBM imagined voice commands; Microsoft imagined fashion advice-giving closets. The better parts of the vision - IBM's dashboard with a tick-box so your lawn watering system would observe the latest municipal watering restrictions - are sadly unavailable. The worse parts - living in constant near-darkness so the ubiquitous projections are readable - are sadly closer. Neither envisioned giant competitors whose interests are served by installing in-house microphones on constant alert.

This house inaudibly alerts its owner's phones whenever anyone approaches the front door. From my perspective, new people mysteriously appear in the kitchen without warning.

This house has smartish thermostats that display little wifi icons to indicate that they're online. This house's owners tell me these are Ecobee Linux thermostats; the wifi connection lets them control the heating from their phones. The thermostats are not connected to Google.

None of this is obviously intrusive. This house looks basically like a normal house. The pile of electronics in the basement is just a pile of electronics. Pay no attention to the small blue flashing lights behind the black fascia.

One of this house's owners tells me he has deliberately chosen a male voice for the smart speaker so as not to suggest that women are or should be subservient to men. Both owners are answered by the same male voice. I can imagine personalized voices might be useful for distinguishing who asked what, particularly in a shared house or a company, and ensuring only the right people got to issue orders. Google says its speakers can be trained to recognize six unique voices - a feature I can see would be valuable to the company as a vector for gathering more detailed information about each user's personality and profile. And, yes, it would serve users better.

Right now, I could come down in the middle of the night and say, "Google, turn on the lights in the master bedroom." I actually did something like this once by accident years ago in a friend's apartment that was wirelessed up with X10 controls. I know this system would allow it because I used the word "Google" carelessly in a sentence while standing next to a digital photo frame, and the unexpected speaker inside it woke up to say, "I don't understand". This house's owner stared: "It's not supposed to do that when Google is not the first word in the sentence". The photo frame stayed silent.

I think it was just marking its territory.

Turning off the fan in their bedroom would be more subtle. They would wake up more slowly, and would probably just think the fan had broken. This house will need reprogramming to protect itself from children. Once that happens, guests will be unable to do anything for themselves.

This house's owners tell me there are many upgrades they could implement, and they will but: managing them needs skill and thought to segment and secure the network and implement local data storage. Keeping Google and Amazon at bay requires an expert.

This house's owners do not get their news from their smart speakers, but it may be only a matter of time. At a recent Hacks/Hackers, Nic Newman gave the findings of a recent Reuters Institute study: smart speakers are growing faster than smartphones at the same stage, they are replacing radios, and "will kill the remote control". So far, only 46% use them to get news updates. What was alarming was the gatekeeper control providers have: on a computer, the web could offer 20 links; on a smartphone there's room for seven, Just one answer to, "What's the latest news on the US presidential race?"

At OpenTech in 2017, Tom Steinberg observed that now that his house was equipped with an Amazon Echo, homes without one seemed "broken". He predicted that this would become such a fundamental technology that "only billionaires will be able to opt out". Yet really, the biggest advance since the beginning of remote controls is that now your garage door opener can collect your data and send it to Google.

My house can stay "broken".

Illustrations: HAL (what else?).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

March 29, 2019


Philip Seymour Hoffman in Doubt.jpgA few months ago, Max Reid published an article at New York Magazine commenting that increasingly most of the Internet is fake. He starts with Twitter bots and fake news and winds up contemplating the inauthenticity of self. Fake traffic, automatically-generated content, and advertising fraud are not necessarily lethal. What *is* lethal is the constant nagging doubt about what you're seeing or, as Reid puts it, "the uncanny sense that what you encounter online is not 'real' but is also undeniably not 'fake', and indeed may be both at once, or in succession, as you turn it over in your head". It's good not to take everything you read at face value. But the loss of confidence can be poisonous. Navigating that is exhausting.

And it's pervasive. Last weekend, a couple of friends began arguing about whether the epetition to revoke Article 50 was full of fraud. At the time, 40,000 to 50,000 people were signing per hour and the total had just passed 4 million. The petition is hosted on a government site, whose managers have transparently explained their handling of the twin challenges of scale and combating fraud. JJ Patrick's independent analysis concurs: very little bot participation. Even Theresa May defended its validity during Wednesday's Parliamentary debate, even though her government went on to reject it.

Doubt is very easily spread, sometimes correctly. One of the most alarming things about the Boeing 737 MAX 8 crashes is the discovery that the Federal Aviation Administration is allowing the company to self-certify the safety of its planes. Even if the risk there is only perception, it's incredibly dangerous for an industry that has displayed enormous intelligence in cooperating to make air travel safe.

Another example: last year Nextdoor, a San Francisco-based neighborhood-focused social networking service, sent postcards inviting my area to join Think of it as a corporately-owned chain of community bulletin boards. Across the tracks from me, one street gossips on a private community bulletin board one of them has set up, where I'm told they have animated discussions of their micro issues. By comparison, Nextdoor sounded synthetic; still, I signed up.

Most postings ask for or recommend window cleaners and piano tuners, buildes and babysitters. Yet the site's daily email persistently gives crime and safety the top spot: two guys on a moped peering into car windows reacted aggressively to challenges; car broken into at Tesco; stolen bike; knife attack; police notices. I can't tell if this is how the site promotes "engagement" or whether its origin is deliberate strategy or algorithmic accident. But I do note the rising anxiety among people's responses, and while crime is rising in the UK, likely attributable to police cuts, my neighborhood remains a safer place than Nextdoor suggests...I think. What is certain is that I doubt my neighbors more; you can easily imagine facing their hostile inquisition for being a perfectly innocent hoodie-wearing young male on a moped using a flashlight to look for dropped keys.

Years ago, some of us skeptics considered mounting a hoax - a fake UFO to be found in someone's garden, for example - to chart its progress through the ranks of believers and the media. In the end, we decided it was a bad idea, because such things never die, and then you have to spend the rest of your life debunking them. There are plenty of examples; David Langford's UFO hoax, published as an account found in his attic and written by William Robert Loosley still circulates as true, goosed since then by a mention in a best-selling book by Whitley Strieber. As the Internet now proves every day, once a false story is embedded, you can never fully dig it out again. Worse, even when you don't believe it, repeated encounters can provoke doubt despite yourself.

Andrew Wakefield is a fine case in point. Years after the British Medical Journal retracted his paper and called it a hoax, the damage continues to escalate. Recently, the World Health Organization called vaccine hesitancy is a top-ten threat to health worldwide. Hesitancy is right. I am an oddity in having been born in 1954 but having somehow escaped all the childhood diseases. "You probably just don't remember you had them," the nurse said when I inquired about getting the MMR, now that every week you read of a measles outbreak somewhere. True, I *don't* remember having them. But I *do* remember, clearly, my mother asking me, "Were you *close* to them?" every time the note came home from school that another kid had one of them. We made an appointment for the shot.

I then realized that years of exposure to anti-vaccination arguments have had their effect. Hundreds of millions of people have had these vaccines with little to no ill-effects, and yet: what if? How stupid would I feel if I broke my own health? "It's just fear of illness," someone carped on Twitter, trying to convince me that vaccines were not safety-tested and only a fool would get one. Well, yes, and some illnesses *should* be feared, particularly as you age.

"I know," the nurse said, when I commented that spreading doubt has been a terrible effect of all this. She pushed the plunger. Two days later, a friend living in north London emailed: she has mumps. It feels like I had a close call.

Illustrations: Philip Seymour Hoffman in John Patrick Shanley's DOUBT.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 14, 2019


Anti-copyright.svg.pngJust a couple of weeks ago it looked like the EU's proposed reform of the Copyright Directive, last updated in 2001, was going to run out of time. In the last three days, it's revived, and it's heading straight for us. As Joe McNamee, the outgoing director of European Digital Rights (EDRi), said last year, the EU seems bent on regulating Facebook and Google by creating an Internet in which *only* Facebook and Google can operate.

We'll start with copyright. As previously noted, the EU's proposed reforms include two particularly contentious clauses: Article 11, the "link tax", which would require anyone using more than one or two words to link to a news article elsewhere to get a license, and Article 13, the "upload filter", which requires any site older than three years *or* earning more than €10,000,000 a year in revenue to ensure that no user posts anything that violates copyright, and sites that allow user-generated content must make "best efforts" to buy licenses for anything they might post. So even a tiny site - like net.wars, which is 13 years old - that hosted comments would logically be required to license all copyrighted content in the known universe, just in case. In reviewing the situation at TechDirt, Mike Masnick writes, "If this becomes law, I'm not sure Techdirt can continue publishing in the EU." Article 13, he continues, makes hosting comments impossible, and Article 11 makes their own posts untenable. What's left?

Thumbnail image for Thumbnail image for Julia Reda-wg-2016-06-24-cropped.jpgTo these known evils, the German Pirate Party MEP Julia Reda finds that the final text adds two more: limitations on text and data mining that allow rights holders to opt out under most circumstances, and - wouldn't you know it? - the removal of provisions that would have granted authors the right to proportionate remuneration (that is, royalties) instead of continuing to allow all-rights buy-out contracts. Many younger writers, particularly in journalism, now have no idea that as recently as 1990 limited contracts were the norm; the ability to resell and exploit their own past work was one reason the writers of the mid-20th century made much better livings than their counterparts do now. Communia, an association of digital rights organizations, writes that at least this final text can't get any *worse*.

Well, I can hear Brexiteers cry, what do you care? We'll be out soon. No, we won't - at least, we won't be out from under the Copyright Directive. For one thing, the final plenary vote is expected in March or April - before the May European Parliament general election. The good side of this is that UK MEPs will have a vote, and can be lobbied to use that vote wisely; from all accounts the present agreed final text settled differences between France and Germany, against which the UK could provide some balance. The bad side is that the UK, which relies heavily on exports of intellectual property, has rarely shown any signs of favoring either Internet users or creators against the demands of rights holders. The ugly side is that presuming this thing is passed before the UK brexits - assuming that happens - it will be the law of the land until or unless the British Parliament can be persuaded to amend it. And the direction of travel in copyright law for the last 50 years has very much been toward "harmonization".

Plus, the UK never seems to be satisfied with the amount of material its various systems are blocking, as the Open Rights Group documented this week. If the blocks in place weren't enough, Rebecca Hill writes at the Register: under the just-passed Counter-Terrorism and Border Security Act, clicking on a link to information likely to be useful to a person committing or preparing an act of terrorism is committing an offense. It seems to me that could be almost anything - automotive listings on eBay, chemistry textbooks, a *dictionary*.

What's infuriating about the copyright situation in particular is that no one appears to be asking the question that really matters, which is: what is the problem we're trying to solve? If the problem is how the news media will survive, this week's Cairncross Review, intended to study that exact problem, makes some suggestions. Like them or loathe them, they involve oversight and funding; none involve changing copyright law or closing down the Internet.

Similarly, if the problem is market dominance, try anti-competition law. If the problem is the increasing difficulty of making a living as an author or creator, improve their rights under contract law - the very provisions that Reda notes have been removed. And, finally, if the problem is the future of democracy in a world where two companies are responsible for poisoning politics, then delving into campaign finances, voter rights, and systemic social inequality pays dividends. None of the many problems we have with Facebook and Google are actually issues that tightening copyright law solves - nor is their role in spreading anti-science, such as this, just in from Twitter, anti-vaccination ads targeted at pregnant women.

All of those are problems we really do need to work on. Instead, the only problem copyright reform appears to be trying to solve is, "How can we make rights holders happier?" That may be *a* problem, but it's not nearly so much worth solving.

Illustrations: Anti-copyright symbol (via Wikimedia); Julia Reda MEP in 2016.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 8, 2019

Doing without

kashmir-hill-untech-gizmodo.pngOver at Gizmodo, Kashmir Hill has conducted a fascinating experiment: cutting, in turn, Amazon, Facebook, Google, Microsoft, and Apple, culminating with a week without all of them. Unlike the many fatuous articles in which privileged folks fatuously boast about disconnecting, Hill is investigating a serious question: how deeply have these companies penetrated into our lives? As we'll see, this question encompasses the entire modern world.

For that reason, it's important. Besides, as Hill writes, it's wrong to answer objections to GAFAM's business practices - or their privacy policies - with, "Well, don't use them, then." It may be to buy from smaller sites and local suppliers, delete Facebook, run Linux, switch to AskJeeves and OpenStreetMap, and dump the iPhone, but doing so requires a substantial rethink of many tasks. As regulators consider curbing GAFAM's power, Hill's experiment shows where to direct our attention.

Online, Amazon is the hardest to avoid. As Lina M. Khan documented last year, Amazon underpins an ever-increasing amount of Internet infrastructure. Netflix, Signal, the WELL, and Gizmodo itself all run on top of Amazon's cloud services, AWS. To ensure she blocked all of them, Hill got a technical expert to set up a VPN that blocked all IP addresses owned by each company and monitored attempted connections. Even that, however, was complicated by the use of content delivery networks, which mask the origin of network traffic.

Barring Facebook also means dumping Instagram and WhatsApp, and, as Hill notes, changing the signin procedure for any website where you've used your Facebook ID. Even if you are a privacy-conscious net.wars reader who would never grant Facebook that pole position, the social media buttons on most websites and ubiquitous trackers also have to go.

For Hill, blocking Apple - which seems easy to us non-Apple users - was "devastating". But this is largely a matter of habit, and habits can be re-educated. The killer was the apps: because iMessage reroutes texts to its own system, some of Hill's correspondents' replies never arrive, and she can't FaceTime her friends. Her conclusion: "It's harder to get out of Apple's ecosystem than Google's." However, once out she found it easy to stay that way - as long as she could resist her friends pulling her back in.

Google proved easier than expected despite her dependence on its services - Maps, calendar, browser. Here the big problem was email. The amount of stored information made it impossible to simply move and delete the account; now we know why Google provides so much "free" storage space. Like Amazon, the bigger issue was all the services Google underpins - trackers, analytics, and, especially, Maps, which Uber, Lyft, and Yelp depend. Hill should be grateful she didn't have a Nest thermostat and doesn't live in Minnesota. The most surprising bit is that so many sites load Google *fonts*. Also, like Facebook, Google has spread logins across the web, and Hill had to find an alternative to Dropbox, which uses Google to verify users.

In our minds, Microsoft is like Apple. Don't like Windows? Get a Mac or use Linux. Ah, but: I have seen the Windows Blue Screen of Death on scheduling systems on both the London Underground and Philadelphia's SEPTA. How many businesses that I interact with depend on Microsoft products? PCs, Office, and Windows servers and point of sale systems are everywhere. A VPN can block LinkedIn, Skype, and (sadly) Github - but it can't block any of those - or the back office systems at your bank. You can sell your Xbox, but even the local film society shows movies using VLC on Windows.

Hill's final episode, in which she eliminates all five simultaneously, posted just last night. As expected, she struggles to find alternative ways to accomplish many tasks she hasn't had to think about before. Ironically, this is easier if you're an Old Net Curmudgeon: as soon as she says large file, can't email, I go, "FTP!" while various web services all turn out to behosted on AWS, and she eventually lands on "command line". It's a definite advantage if you remember how you did stuff *before* the Internet - cash can pay the babysitter (or write a check!), and old laptops can be repurposed to run Linux. Even so, complete avoidance is really only realistic for a US Congressman. The hardest for me personally would be giving up my constant compaion, DuckDuckGo, which is hosted on...AWS.

Several things need to happen to change this - and we *should* change it because otherwise we're letting them pwn us, as in Dave Eggers' The Circle. The first is making the tradeoffs visible, so that we understand who we're really benefiting and harming with our clicks. The second is also regulatory: Lina Khan described in 2017 how to rethink antitrust law to curb Amazon. Facebook, as Marc Rotenberg told CNBC last week, should be required to divest Instagram and WhatsApp. Both Facebook and Google should spin off or discontinue their identity verification and web-wide login systems into separate companies. Third, we should encourage alternatives by using them.

But the last thing is the hardest: we must convince all our friends that it's worth putting up with some inconvenience. As a lifelong non-drinker living in pub-culture Britain, I can only say: good luck with that.

Illustrations: Kashmir Hill and her new technology.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 25, 2019

Reversal of fortunes

Seabees_remove_corroded_zinc_anodes_from_an_undersea_cable._(28073762161).jpgIt may seem unfair to keep busting on the explosion of the Internet's origin myths, but documenting what happens to the beliefs surrounding the beginning of a new technology may help foster more rational thinking next time.

Today's two cherished early-Internet beliefs: 1) the Internet was designed withstand a bomb outage; 2) the Internet is impossible to censor. The first of these is true - the history books are clear on this - but it was taken to mean that the Internet could withstand all damage. That's just not true; it can certainly be badly disrupted on a national or regional basis.

While the Internet was new, a favorite route to overload was introducing a new application - the web, for example. Around 1996, Peter Dawe, the founder of one of Britain's first two ISPs, predicted that video would kill the Internet. For "kill" read "slow down horribly". Bear in mind that this was BB - before broadband - so an 11MB video file took hours to trickle in. Stream? Ha!

In 1995, Bob Metcalfe, the co-inventor of ethernet, predicted that the Internet would start to collapse in 1996. In 1997, he literally ate his column as penance for being wrong.

It was weird: with one of their brains people were staking their lives on online businesses, yet with another part the Internet was always vulnerable. My favorite was Simson Garfinkel, writing "Fifty Ways to Kill the Internet" for Wired in 1997 who nailed the best killswitch: "Buy ten backhoes." Underneath all the rhetoric about virtuality the Internet remains a physical network of cables. You'd probably need more than ten backhoes today, but it's still a finite number.

People have given up these worries even though parts of the Internet are actually being blacked out - by governments. In the acute form either access providers (ISPs, mobile networks) are ordered to shut down, or the government orders blocks on widely-used social media that people use to distribute news (and false news) and coordinate action, such as Twitter, Facebook, or WhatsApp.

In 2018 , governments shutting down "the Internet" became an increasingly frequent fixture of the the fortnightly Open Society Foundation Information Program News Digest. The list for 2018 is long, as Access Now says. At New America, Justin Sherman predicts that 2019 will see a rise in Internet blackouts - and I doubt he'll have to eat his pixels. The Democratic Republic of Congo was first, on January 1, soon followed by Zimbabwe.

There's general agreement that Internet shutdowns are bad for both democracy and the economy. In a 2016 study, the Brookings Institution estimated that Internet shutdowns cost countries $2.4 billion in 2015 (PDF), an amount that surely rises as the Internet becomes more deeply embedded in our infrastructure.

But the less-worse thing about the acute form is that it's visible to both internal and external actors. The chronic form, the second of our "things they thought couldn't be done in 1993", is long-term and less visible, and for that reason is the more dangerous of the two. The notion that censoring the Internet is impossible was best expressed by EFF co-founder John Gilmore in 1993: "The Internet perceives censorship as damage and routes around it". This was never a happy anthropomorphization of a computer network; more correctly, *people* on the Internet... Even today, ejected Twitterers head toGab; disaffected 4chan users create 8chan. But "routing around the damage" only works as long as open protocols permit anyone to build a new service. No one suggests that *Facebook* regards censorship as damage and routes around it; instead, Facebook applies unaccountable censorship we don't see or understand. The shift from hundreds of dial-up ISPs to a handful of broadband providers is part of this problem: centralization.

The country that has most publicly and comprehensively defied Gilmore's aphorism is China; in the New York Times, Raymond Zhong recently traced its strategy. At Technology Review, James Griffiths reports that the country is beginning to export its censorship via malware infestations and DDoS attacks, while Abdi Latif Dahir writes at Quartz that it is also exporting digital surveillance to African countries such as Morocco, Egypt, and Libya inside the infrastructure it's helping them build as part of its digital Silk Road.

The Guardian offers a guide to what Internet use is like in Russia, Cuba, India, and China. Additional insight comes from Chinese professor Bai Tongdong, who complains in the South China Morning Post that Westerners opposing Google's Dragonfly censored search engine project do not understand the "paternalism" they are displaying in "deciding the fate of Chinese Internet users" without considering their opinion.

Mini-shutdowns are endemic in democratic countries: unfair copyright takedowns, the UK's web blocking, and EU law limiting hate speech. "From being the colonizers of cyberspace, Americans are now being colonized by the standards adopted in Brussels and Berlin," Jaccob Mchangama complains at Quillette.

In the mid-1990s, Americans could believe they were exporting the First Amendment. Another EFF co-founder, John Perry Barlow, was more right than he'd have liked when, in a January 1992 column for Communications of the ACM, he called the US First Amendment "a local ordinance". That is much less true of the control being built into our infrastructure now.

Illustrations: The old threat model: Seabees remove corroded zinc anodes from an undersea cable (via Wikimedia, from the US Navy site.)

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 17, 2019


European_Court_of_Justice_(ECJ)_in_Luxembourg_with_flags.jpg"It's amazing. We're all just sitting here having lunch like nothing's happening, but..." This was on Tuesday, as the British Parliament was getting ready to vote down the Brexit deal. This is definitely a form of privilege, but it's hard to say whether it's confidence born of knowing your nation's democracy is 900 years old, or aristocrats-on-the-verge denial as when World War I or the US Civil War was breaking out.

Either way, it's a reminder that for many people historical events proceed in the background while they're trying to get lunch or take the kids to school. This despite the fact that all of us in the UK and the US are currently hostages to a paralyzed government. The only winner in either case is the politics of disgust, and the resulting damage will be felt for decades. Meanwhile, everything else is overshadowed.

One of the more interesting developments of the past digital week is the European advocate general's preliminary opinion that the right to be forgotten, part of data protection law, should not be enforceable outside the EU. In other words, Google, which brought the case, should not have to prevent access to material to those mounting searches from the rest of the world. The European Court of Justice - one of the things British prime minister Theresa May has most wanted the UK to leave behind since her days as Home Secretary - typically follows these preliminary opinions.

The right to be forgotten is one piece of a wider dispute that one could characterize as the Internet versus national jurisdiction. The broader debate includes who gets access to data stored in another country, who gets to crack crypto, and who gets to spy on whose citizens.

This particular story began in France, where the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection regulator, fined Google €100,000 for selectively removing a particular person's name from its search results on just its French site. CNIL argued that instead the company should delink it worldwide. You can see their point: otherwise, anyone can bypass the removal by switching to .com or On the other hand, following that logic imposes EU law on other countries, such as the US's First Amendment. Americans in particular tend to regard the right to be forgotten with the sort of angry horror of Lady Bracknell contemplating a handbag. Google applied to the European Court of Justice to override CNIL and vacate the fine.

A group of eight digital rights NGOs, led by Article 19 and including Derechos Digitales, the Center for Democracy and Technology, the Clinique d'intérêt public et de politique d'Internet du Canada (CIPPIC), the Electronic Frontier Foundation, Human Rights Watch, Open Net Korea, and Pen International, welcomed the ruling. Many others would certainly agree.

The arguments about jurisdiction and censorship were, like so much else, foreseen early. By 1991 or thereabouts, the question of whether the Internet would be open everywhere or devolve to lowest-common-denominator censorship was frequently debated, particularly after the United States v. Thomas case that featured a clash of community standards between Tennessee and California. If you say that every country has the right to impose its standards on the rest of the world, it's unclear what would be left other than a few Disney characters and some cat videos.

France has figured in several of these disputes: in (I think) the first international case of this kind, in 2000, it was a French court that ruled that the sale of Nazi memorabilia on Yahoo!'s site was illegal; after trying to argue that France was trying to rule over something it could not control, Yahoo! banned the sales on its French auction site and then, eventually, worldwide.

Data protection law gave these debates a new and practical twist. The origins of this particular case go back to 2014, when the European Court of Justice ruled in Google Spain v AEPD and Mario Costeja González that search engines must remove links to web pages that turn up in a name search and contain information that is irrelevant, inadequate, or out of date. This ruling, which arguably sought to redress the imbalance of power between individuals and corporations publishing information about them and free expression. Finding this kind of difficult balance, the law scholar Judith Rauhofer argued at that year's Computers, Freedom, and Privacy, is what courts *do*. The court required search engines to remove from the search results that show up in a *name* search the link to the original material; it did not require the original websites to remove it entirely or require the link's removal from other search results. The ruling removed, if you like, a specific type of power amplification, but not the signal.

How far the search engines have to go is the question the ECJ is now trying to settle. This is one of those cases where no one gets everything they want because the perfect is the enemy of the good. The people who want their past histories delinked from their names don't get a complete solution, and no one country gets to decide what people in other countries can see. Unfortunately, the real winner appears to be geofencing, which everyone hates.


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 10, 2019

Secret funhouse mirror room

Lost_City_-_Fun_House.jpg"Here," I said, handing them an old pocket watch. "This is your great-grandfather's watch." They seemed a little stunned.

As you would. A few weeks earlier, one of them had gotten a phone call from a state trooper. A cousin they'd never heard of had died, and they might be the next of kin.

"In this day and age," one of them told me apologetically, "I thought it must be a scam."

It wasn't. Through the combined offices of a 1940 divorce and a lifetime habit of taciturnity on personal subjects, a friend I'd known for 45 years managed to die without ever realizing his father had an extensive tree of living relatives. They would have liked each other, I think.

So they came to the funeral and met their cousin through our memories and the family memorabilia we found in his house. And then they went home bearing the watch, understandably leaving us to work out the rest.

Whenever someone dies, someone else inherits a full-time job. In our time, that full-time job is located at the intersection of security, privacy - and secrecy, the latter a complication rarely discussed. In the eight years since I was last close to the process of closing out someone's life, very much more of the official world has moved online. This is both help and hindrance. I was impressed with the credit card company whose death department looked online for obits to verify what I was saying instead of demanding an original death certificate (New York state charges $15 per copy). I was also impressed with - although a little creeped out by - the credit card company that said, "Oh, yes, we already know." (It had been three weeks, two of them Christmas and New Year's.)

But those, like the watch, were easy, accounts with physical embodiments - that is, paper statements. It's the web that's hard. All those privacy and security settings that we advocate for live someones fall apart when they die without disclosing their passwords. We found eight laptops, the most recent an actively hostile mid-2015 MacBook Pro. Sure, reset the password, but doing so won't grant access to any other stored passwords. If File Vault is turned on, a beneficent fairy - or a frustrated friend trying to honor your stated wishes that you never had witnessed or notarized - is screwed. I'd suggest an "owner deceased" mode, but how do you protect *that* for a human rights worker or a journalist in a war zone holding details of at-risk contacts? Or when criminals arrive knowing how to unlock it? Privacy and security are essential, but when someone dies they turn into secrecy that - I seem to recall predicting in 1997 - means your intended beneficiaries *don't* inherit because they can't unlock your accounts.

It's a genuinely hard problem, not least because most people don't want to plan for their own death. Personal computers operate in binary mode: protect everything, or nothing, and protect it all the same way even though exposing a secret not-so-bad shame is a different threat model from securing a bank account. But most people do not think, "After I'm dead, what do I care?" Instead, they think, "I want people to remember me the way I want and this thing I'm ashamed of they must never, ever know, or they'll think less of me." It takes a long time in life to arrive at, "People think of me the way they think of me, and I can't control that. They're still here in my life, and that must count for something." And some people never realize that they might feel more secure in their relationships if they hid less.

So, the human right to privacy bequeaths a problem: how do you find your friend's long-lost step-sibling, who is now their next of kin, when you only know their first name and your friend's address book is encrypted on a hard drive and not written, however crabbily, in a nice, easily viewed paper notebook?

If there's going to be an answer, I imagine it lies in moving away from binary mode. It's imaginable that a computer operating system could have a "personal rescue mode" that would unlock some aspects of the computer and not others, an extension of the existing facilities for multiple accounts and permissions, though these are geared to share resources, not personal files. The owner of such a system would have to take some care which information went in which bucket, but with a system like that they could give a prospective executor a password that would open the more important parts.

No such thing exists, of course, and some people wouldn't use it even if it did. Instead, the key turned out to be the modest-sized-town people network, which was and is amazing. It was through human connections that we finally understood the invoices we found for a storage unit. Without ever mentioning it, my friend had, for years, at considerable expense, been storing a mirror room from an amusement park funhouse. His love of amusement parks was no surprise. But if we'd known, the mirror room would now be someone's beloved possession instead of broken up in a scrapyard because a few months before he died my friend had stopped paying his bills - also without telling anyone.

Illustrations: The Lost City Fun House (via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 21, 2018

Behind you!

640px-Aladdin_pantomime_Nottingham_Playhouse_2008.jpgFor one reason or another - increasing surveillance powers, increasing awareness of the extent to which online activities are tracked by myriad data hogs, Edward Snowden - crypto parties have come somewhat back into vogue over the last few years after a 20-plus-year hiatus. The idea behind crypto parties is that you get a bunch of people together and they all sign each other's keys. Fun! For some value of fun.

This is all part of the web of trust that is supposed to accrue when you use public key cryptography software like PGP or GPG: each new signature on a person's public key strengthens the trust you can have that the key truly belongs to that person. In practice, the web of trust, also known as "public key infrastructure", does not scale well, and the early 1990s excitement about at least the PGP version of the idea died relatively quickly.

A few weeks ago, ORG Norwich held such a meeting and I went along to help workshop about when and how you want to use crypto. Like any security mechanism, encrypting email has its limits. Accordingly, before installing PGP and saying, "Secure now!" a little threat modeling is a fine thing. As bad as it can be to operate insecurely, it is much, much worse to operate under the false belief that you are more secure than you are because the measures you've taken don't fit the risks you face.

For one thing, PGP does nothing to obscure metadata - that is, the record of who sent email to whom. Newer versions offer the option to encrypt the subject line, but then the question arises: how do you get busy people to read the message?

For another thing, even if you meticulously encrypt your email, check that the recipient's public key is correctly signed, and make no other mistakes, you are still dependent on your correspondent to take appropriate care of their archive of messages and not copy your message into a new email and send it out in plain text. The same is true of any other encrypted messaging program such as Signal; you depend on your correspondents to keep their database encrypted and either password-protect their phone and other devices or keep them inaccessible. And then, too, even the most meticulous correspondent can be persuaded to disclose their password.

For that reason, in some situations it may in fact be safer not to use encryption and remain conscious that anything you send may be copied and read. I've never believed that teenagers are innately better at using technology than their elders, but in this particular case they may provide role models: research has found that they are quite adept at using codes only they understand. To their grown-ups, it just looks like idle Facebook chatter.

Those who want to improve their own and others' protection against privacy invasion therefore need to think through what exactly they're trying to achieve.

Some obvious questions are, partly derived from Steve Bellovin's book Thinking Security:

- Who might want to attack you?
- What do they want?
- Are you a random target, the specific target, or a stepping stone to mount attacks on others?
- What do you want to protect?
- From whom do you want to protect it?
- What opportunities do they have?
- When are you most vulnerable?
- What are their resources?
- What are *your* resources?
- Who else's security do you have to depend on whose decisions are out of your control?

At first glance, the simple answer to the first of those is "anyone and everyone". This helpful threat pyramid shows the tradeoff between the complexity of the attack and the number of people who can execute it. If you are the target of a well-funded nation-state that wants to get you, just you, and nobody else but you, you're probably hosed. Unless you're a crack Andromedan hacker unit (Bellovin's favorite arch-attacker), the imbalance of available resources will probably be insurmountable. If that's your situation, you want expert help - for example, from Citizen Lab.

Most of us are not in that situation. Most of us are random targets; beyond a raw bigger-is-better principle, few criminals care whose bank account they raid or which database they copy credit card details from. Today's highly interconnected world means that even a small random target may bring down other, much larger entities when an attacker leverages a foothold on our insignificant network to access the much larger ones that trusts us. Recognizing who else you put at risk is an important part of thinking this through.

Conversely, the point about risks that are out of your control is important. Forcing everyone to use strong, well-designed passwords will not matter if the site they're used for stores them in with inadequate protections.

The key point that most people forget: think about the individuals involved. Security is about practice, not just technology; as Bruce Schneier likes to say, it's a process not a product. If the policy you implement makes life hard for other people, they will eventually adopt workarounds that make their lives more manageable. They won't tell you what they've done, and you won't have anyone to shout to warn you where the risk is lurking.

Illustrations: Aladdin panomime at Nottingham Playhouse, 2008 (via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

October 25, 2018

The Rochdale hypothesis

Unity_sculpture,_Rochdale_(1).JPGFirst, open a shop. Thus the pioneers of Rochdale, Lancashire, began the process of building their town. Faced with the jobs and loss of income brought by the Industrial Revolution, a group of 28 people, about half of them weavers, designed the set of Rochdale principles, and set about finding £1 each to create a cooperative that sold a few basics. Ten years later, Wikipedia tells us, Britain was home to thousands of imitators: cooperatives became a movement.

Could Rochdale form the template for building a public service internet?

This was the endpoint of a day-long discussion held as part of MozFest and led by a rogue band from the BBC. Not bad, considering that it took us half the day to arrive at three key questions: What is public? What is service? What is internet?


To some extent, the question's phrasing derives from the BBC's remit as a public service broadcaster. "Public service" is the BBC's actual mandate; broadcasting the activity it's usually identified with, is only the means by which it fulfills that mission. There might be - are - other choices. To educate, inform, to entertain, those are its mandate. Neither says radio or TV.

Probably most of the BBC's many global admirers don't realize how broadly the BBC has interpreted that. In the 1980s, it commissioned a computer - the Acorn, which spawned ARM, whose chips today power smartphones - and a series of TV programs to teach the nation about computing. In the early 1990s, it created a dial-up Internet Service Provider to help people get online. Some ten or 15 years ago I contributed to an online guide to the web for an audience with little computer literacy. This kind of thing goes way beyond what most people - for example, Americans - mean by "public broadcasting".

But, as Bill Thompson explained in kicking things off, although 98% of the public has some exposure to the BBC every week, the way people watch TV is changing. Two days later, the Guardian reported that the broadcasting regulator, Ofcom, believes the BBC is facing an "existential crisis" because the younger generation watches significantly less television. An eighth of young people "consume no BBC content" in any given week. When everyone can access the best of TV's back catalogue on a growing array of streaming services, and technology giants like Netflix and Amazon are spending billions to achieve worldwide dominance, the BBC must change to find new relevance.

So: the public service Internet might be a solution. Not, as Thompson went on to say, the Internet to make broadcasting better, but the Internet to make *society* better. Few other organizations in the world could adopt such a mission, but it would fit the BBC's particular history.

Few of us are happy with the Internet as it is today. Mozilla's 2018 Internet Health Report catalogues problems: walled gardens, constant surveillance to exploit us by analyzing our data, widespread insecurity, and increasing censorship.

So, again: what does a public service Internet look like? What do people need? How do you avoid the same outcome?

"Code is law," said Thompson, citing Lawrence Lessig's first book. Most people learned from that book that software architecture could determine human behaviour. He took a different lesson: "We built the network, and we can change it. It's just a piece of engineering."

Language, someone said, has its limits when you're moving from rhetoric to tangible service. Canada, they said, renamed the Internet "basic service" - but it changed nothing. "It's still concentrated and expensive."

Also: how far down the stack do we go? Do we rewrite TCP/IP? Throw out the web? Or start from outside and try to blow up capitalism? Who decides?

At this point an important question surfaced: who isn't in the room? (All but about 30 of the world's population, but don't get snippy.) Last week, the Guardian reported that the growth of Internet access is slowing - a lot. UN data to be published next month by the Web Foundation, shows growth dropped from 19% in 2007 to less than 6% in 2017. The report estimates that it will be 2019, two years later than expected, before half the world is online, and large numbers may never get affordable access. Most of the 3.8 billion unconnected are rural poor, largely women, and they are increasingly marginalized.

The Guardian notes that many see no point in access. There's your possible starting point. What would make the Internet valuable to them? What can we help them build that will benefit them and their communities?

Last week, the New York Times suggested that conflicting regulations and norms are dividing the Internet into three: Chinese, European, and American. They're thinking small. Reversing the Internet's increasing concentration and centralization can't be by blowing up the center because it will fight back. But decentralizing by building cooperatively at the edges...that is a perfectly possible future consonant with its past, even we can't really force clumps of hipsters to build infrastructure in former industrial towns, by luring them there with cheap housing prices. Cue Thompson again: he thought of this before, and he can prove it: here's his 2000 manifesto on e-mutualism.

Building public networks in the many parts of Britain where access is a struggle...that sounds like a public service remit to me.

Illustrations: Illustrations: The Unity sculpture, commemorating the 150th anniversary of the Rochdale Pioneers (via Wikimedia.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 21, 2018

Facts are screwed

vlad-enemies-impaled.gif"Fake news uses the best means of the time," Paul Bernal said at last week's gikii conference, an annual mingling of law, pop culture, and technology. Among his examples of old media turned to propaganda purposes: hand-printed woodcut leaflets, street singers, plays, and pamphlets stuck in cracks in buildings. The big difference today is data mining, profiling, targeting, and the real-time ability to see what works and improve it.

Bernal's most interesting point, however, is that like a magician's plausible diversion the surface fantasy story may stand in front of an earlier fake news story that is never questioned. His primary example was Vlad, the Impaler, the historical figure who is thought to have inspired Dracula. Vlad's fame as a vicious and profligate killer, derives from those woodcut leaflets. Bernal suggests the reasons: a) Vlad had many enemies who wrote against him, some of it true, most of it false; b) most of the stories were published ten to 20 years after he died; and c) there was a whole complicated thing about the rights to Transylvanian territory.

"Today, people can see through the vampire to the historical figure, but not past that," he said.

His main point was that governments' focus on content to defeat fake news is relatively useless. A more effective approach would have us stop getting our news from Facebook. Easy for me personally, but hard to turn into public policy.

Soon afterwards, Judith Rauhofer outlined a related problem: because Russian bots are aimed at exacerbating existing divisions, almost anyone can fall for one of the fake messages. Spurred on by a message from the Tumblr powers that be advising that she had shared a small number of messages that were traced to now-closed Russian accounts, Rauhofer investigated. In all, she had shared 18 posts - and these had been reblogged 2.7 million times, and are still being recirculated. The focus on paid ads means there is relatively little research on organic and viral sharing of influential political messages. Yet these reach vastly bigger audiences and are far more trusted, especially because people believe they are not being influenced by them.

In the particular case Rauhofer studied, "There are a lot of minority groups under attack in the US, the UK, Germany, and so on. If they all united in their voting behavior and political activity they would have a chance, but if they're fighting each other that's unlikely to happen." Divide and conquer, in other words, works as well as it ever has.

The worst part of the whole thing, she said, is that looking over those 18 posts, she would absolutely share them again and for the same reason: she agreed with them.

Rauhofer's conclusion was that the combination of prioritization - that is, the ordering of what you see according to what the site believes you're interested in - and targeting form "a fail-safe way of creating an environment where we are set against each other."

So in Bernal's example, an obvious fantasy masks an equally untrue - or at least wildly exaggerated - story, while in Rauhofer's the things you actually believe can be turned into weapons of mass division. Both scenarios require much more nuance and, as we've argued here before, many more disciplines to solve than are currently being deployed.

Andrea Matwyshyn, in providing five mini-fables as a way of illustrating five problems to consider when designing AI - or, as she put it, five stories of "future AI failure". These were:

- "AI inside" a product can mean sophisticated machine learning algorithms or a simple regression analysis; you cannot tell from the outside what is real and what's just hype, and the specifics of design matter. When Google's algorithm tagged black people as "gorillas", the company "fixed" the algorithm by removing "gorilla" from its list of possible labels. The algorithm itself wasn't improved.

- "Pseudo-AI" has humans doing the work of bots. Lots of historical examples for this one, most notably the mechanical Turk; Matwyshyn chose the fake autonomaton the Digesting Duck.

- Decisions that bring short-term wins may also bring long-term losses in the form of unintended negative consequences that haven't been thought through. Among Matwyshyn's examples were a number of cases where human interaction changed the analysis such as the failure of Google flu trends and Microsoft's Tay bot.

- Minute variations or errors in implementation or deployment can produce very different results than intended. Matwyshyn's prime example was a pair of electronic hamsters she thought could be set up to repeat each other w1ords to form a recursive loop. Perhaps responding to harmonics less audible to humans, they instead screeched unintelligibly at each other. "I thought it was a controlled experiment," she said, "and it wasn't."

- There will always be system vulnerabilities and unforeseen attacks. Her example was squirrels that eat power lines, but ten backhoes is the traditional example.

To prevent these situations, Matwyshyn emphasized disclosure about code, verification in the form of third-party audits, substantiation in the form of evidence to back up the claims that are made, anticipation - that is, liability and good corporate governance, and remediation - again a function of good corporate governance.

"Fail well," she concluded. Words for our time.

Illustrations: Woodcut of Vlad, with impaled enemies.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 14, 2018

Hide by default

Beeban-Kidron-Dubai-2016.jpgLast week, defenddigitalme, a group that campaigns for children's data privacy and other digital rights, and Livingstone's group at the London School of Economics assembled a discussion of the Information Commissioner's Office's consultation on age-appropriate design for information society services, which is open for submissions until September 19. The eventual code will be used by the Information Commissioner when she considers regulatory action, may be used as evidence in court, and is intended to guide website design. It must take into account both the child-related provisions of the child-related provisions of the General Data Protection Regulation and the United National Convention on the Rights of the Child.

There are some baseline principles: data minimization, comprehensible terms and conditions and privacy policies. The last is a design question: since most adults either can't understand or can't bear to read terms and conditions and privacy policies, what hope of making them comprehensible to children? The summer's crop of GDPR notices is not a good sign.

There are other practical questions: when is a child not a child any more? Do age bands make sense when the capabilities of one eight-year-old may be very different from those of another? Capacity might be a better approach - but would we want Instagram making these assessments? Also, while we talk most about the data aggregated by commercial companies, government and schools collect much more, including biometrics.

Most important, what is the threat model? What you implement and how is very different if you're trying to protect children's spaces from ingress by abusers than if you're trying to protect children from commercial data aggregation or content deemed harmful. Lacking a threat model, "freedom", "privacy", and "security" are abstract concepts with no practical meaning.

There is no formal threat model, as the Yes, Minister episode The Challenge (series 3, episode 2), would predict. Too close to "failure standards". The lack is particularly dangerous here, because "protecting children" means such different things to different people.

The other significant gap is research. We've commented here before on the stratification of social media demographics: you can practically carbon-date someone by the medium they prefer. This poses a particular problem for academics, in that research from just five years ago is barely relevant. What children know about data collection has markedly changed, and the services du jour have different affordances. Against that, new devices have greater spying capabilities, and, the Norwegian Consumer Council finds (PDF), Silicon Valley pays top-class psychologists to deceive us with dark patterns.

Seeking to fill the research gap are Sonia Livingstone and Mariya Stoilova. In their preliminary work, they are finding that children generally care deeply about their privacy and the data they share, but often have little agency and think primarily in interpersonal terms. The Cambridge Analytica scandal has helped inform them about the corporate aggregation that's taking place, but they may, through familiarity, come to trust people such as their favorite YouTubers and constantly available things like Alexa in ways their adults disl. The focus on Internet safety has left many thinking that's what privacy means. In real-world safety, younger children are typically more at risk than older ones; online, the situation is often reversed because older children are less supervised, explore further, and take more risks.

The breath of passionate fresh air in all this, is Beeban Kidron, an independent - that is, appointed - member of the House of Lords who first came to my attention by saying intelligent and measured things during the post-referendum debate on Brexit. She refuses to accept the idea that oh, well, that's the Internet, there's nothing we can do. However, she *also* genuinely seems to want to find solutions that preserve the Internet's benefits and incorporate the often-overlooked child's right to develop and make mistakes. But she wants services to incorporate the idea of childhood: if all users are equal, then children are treated as adults, a "category error". Why should children have to be resilient against systemic abuse and indifference?

Kidron, who is a filmmaker, began by doing her native form of research: in 2013 she made a the full-length documentary InRealLife that studied a number of teens using the Internet. While the film concludes on a positive note, many of the stories depressingly confirm some parents' worst fears. Even so it's a fine piece of work because it's clear she was able to gain the trust of even the most alienated of the young people she profiles.

Kidron's 5Rights framework proposes five essential rights children should have: remove, know, safety and support, informed and conscious use, digital literacy. To implement these, she proposes that the industry should reverse its current pattern of defaults which, as is widely known, 95% of users never change (while 98% never read terms and conditions). Companies know this, and keep resetting the defaults in their favor. Why shouldn't it be "hide by default"?

This approach sparked ideas. A light that tells a child they're being tracked or recorded so they can check who's doing it? Collective redress is essential: what 12-year-old can bring their own court case?

The industry will almost certainly resist. Giving children the transparency and tools with which to protect themselves, resetting the defaults to "hide"...aren't these things adults want, too?

Illustrations: Beeban Kidron (via Wikimedia)

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 30, 2018


GDPR-LATimes.pngThree months after the arrival into force of Europe's General Data Protection Regulation, Nieman Lab finds that more than 1,000 US newspapers are still blocking EU visitors.

"We are engaged on the issue", says the placard that blocks access to even the front pages of the New York Daily News and the Chicago Tribune, both owned by Tronc, as well as the Los Angeles Times, which was owned by Tronc until very recently. Ironically, Wikipedia tells us that the silly-sounding name "Tronc" was derived from "Tribune Online Content"; you'd think a company whoe name includes "online" would grasp the illogic of blocking 500 million literate readers. Nieman Lab also notes that Tronc is for sale, so I guess the company has more urgent problems.

Also apparently unable to cope with remediating its systems, despite years of notice, is Lee Enterprises, which owns numerous newspapers including the Carlisle, PA Sentinel and the Arizona Daily Star; these return "Error 451: Unavailable due to legal reasons", and blame GDPR as the reason "access cannot be granted at this time". Even the giant retail chain Williams-Sonoma has decided GDPR is just too hard, redirecting would-be shoppers to a UK partner site that is almost, but not quite, entirely unlike Williams-Sonoma - and useless if you want to ship a gift to someone in the US.

If you're reading this in the US, and you want to see what we see, try any of those URLs in a free proxy such as Hide Me, setting set your location to Amsterdam. Fun!

Less humorously, shortly after GDPR came into force a major publisher issued new freelance contracts that shift the liability for violations onto freelances. That is, if I do something that gets the company sued for GDPR violations, in their world I indemnify them.

And then there are the absurd and continuing shenanigans of ICANN, which is supposed to be a global multi-stakeholder modeling a new type of international governance, but seems so unable to shake its American origins that it can't conceive of laws it can't bend to its will.

Years ago, I recall that the New York Times, which now embraces being global, paywalled non-US readers because we were of no interest to their advertisers. For that reason, it seems likely that Tronc and the others see little profit in a European audience. They're struggling already; it may be hard to justify the expenditure on changing their systems for a group of foreign deadbeats. At the same time, though, their subscribers are annoyed that they can't access their home paper while traveling.

On the good news side, the 144 local daily newspapers and hundreds of other publications belonging to GateHouse Media seem to function perfectly well. The most fun was NPR, which briefly offered two alternatives: accept cookies or view in plain text. As someone commented on Twitter, it was like time-traveling back to 1996.

The intended consequence has been to change a lot of data practices. The Reuters Institute finds that the use of third-party cookies is down 22% on European news sites in the three months GDPR has been in force - and 45% on UK news sites. A couple of days after GDPR came into force, web developer Marcel Freinbichler did a US-vs-EU comparison on USA Today: load time dropped from 45 seconds to three, from 124 JavaScript files to zero, and a more than 500 requests to 34.

gdpr-unbalanced-cookingsite.jpgBut many (and not just US sites) are still not getting the message, or are mangling it. For example, numerous sites now display boxes displaying the many types of cookies they use and offering chances to opt in or out. A very few of these are actually well-designed, so you can quickly opt out of whole classes of cookies (advertising, tracking...) and get on with reading whatever you came to the site for. Others are clearly designed to make it as difficult as possible to opt out; these sites want you to visit a half-dozen other sites to set controls. Still others say that if you click the button or continue using the site your consent will be presumed. Another group say here's the policy ("we collect your data"), click to continue, and offer no alternative other than to go away. Not a lawyer - but sites are supposed to obtain explicit consent for collecting data on an opt-in basis, not assume consent on an an opt-out basis while making it onerous to object.

The reality is that it is far, far easier to install ad blockers - such as EFF's Privacy Badger - than to navigate these terrible user interfaces. In six months, I expect to see surveys coming from American site owners saying that most people agree to accept advertising tracking, and what they will mean is that people clicked OK, trusting their ad blockers would protect them.

None of this is what GDPR was meant to do. The intended consequence is to protect citizens and redress the balance of power; exposing exploitative advertising practices and companies' dependence on "surveillance capitalism" is a good thing. Unfortunately, many Americans seem to be taking the view that if they just refuse service the law will go away. That approach hasn't worked since Usenet.

Illustrations: Personally collected screenshots.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 9, 2018


On Wednesday evening, Joanna Geary posted a challenge to all and sundry on Twitter.

To wit:

"OK, choose your own adventure! It is an early summer morning. You wake up to the sound of constant buzzing on your phone. Reading many messages you discover your name has been picked in a compulsory lottery. You are now Lord High Ruler of the Internet. What do you do next?"


Observation: she capitalized "Internet". So nostalgic. We all should, but the Associated Press style book is against us.

I tried answering: "Convene a wise council."

Geary: "You have chosen to convene a wise council. Your first task is to produce a list of names for the council and justify why they are the wisest for the job. Who do you choose?"

Me (muttering, "That should be *whom*"): "Depends. What's the job? And what would *you* do? (Yes, I know it's your game.)"

Geary: "You have chosen to ask host. ... ... Cannot contact the specified host. The host may not be available on the network or to keep consistency this host may not be responding."

Right. I know where I am now. It's a text-based online game. We who came before the generation who grew up on graphical games remember these things from the 1980s, when Richard Bartle and Roy Trubshaw's MUD launched a genre and Douglas Adams tortured many people with the game version of Hitchhiker's Guide to the Galaxy, a time-sink series of frustrating puzzles. How Geary spent her childhood is now clear.

I reply: "*Go north." In response, she sends me to Canada and repeats: "What do you want to do next?" (She's got me on the wrong continent, but I digress.)

Geary, a former journalist and director of curation at Twitter, is also founder of London's edition of Hacks/Hackers, a gathering that smashes together journalists and computer hackers for mutual benefit.

Geary's main question is the same one everyone has been struggling with ever since 1980-something, when John Connolly reportedly demanded, "Who's in charge?" of a roomful of engineers. Connolly had a right to ask: he was the guy at the National Science Foundation who funded what eventually became the Internet backbone. We're no nearer an answer now.

The history of the Internet is littered with "wise councils" working to solve things for the greater good. In the early days, they were mostly engineers: IETF, ISOC, Jon Postel. It was Postel and his group who allocated the country code domain name registries, deciding to adopt the ISO list to determine whether the UK should be .uk or .gb, for example.

"The IANA [Internet Assigned Numbers Authority] is not in the business of deciding what is and is not a country," Postel wrote in RFC 1591 in 1994. "The selection of the ISO 3166 list as a basis for country code top-level domain names was made with the knowledge that ISO has a procedure for determining which entities should be and should not be on that list."

In that statement, Postel, the nearest thing to Geary's Lord High Ruler the Internet has ever had, provided a useful model for Internet governance: he set limits; deferred to established processes and the knowledgeable experts who created them after serious study; and published the reasoning. "RFC", "request for comments", was deliberately chosen for collaboration. Before the big money came in, someone told me at a policy conference circa 1998, anyone pushing a proposal's adoption because it would be good for their company would have been booed off the stage. Today, even the Tim Berners Lee-led W3C struggles to resist corporate influence.

By the mid-1990s, it was clear Internet governance needed more disciplines: civil society, international relations, economists, security practitioners...lawyers. Just one lawyer present when the domain name system was created, Michael Froomkin said at We Robot 2015, could have averted decades of disputes. Postel himself was replaced in 1998 by ICANN, which is currently proving that despite its multistakeholder model it's so resolutely American that it thinks it can cut a deal with GDPR.

In Code and Other Laws of Cyberspace, Lawrence Lessig argued that there are four means of regulation: market, code/architecture, social norms, and law. The market beloved of libertarians is failing in all sorts of ways, most notably privacy; law struggles to cross international borders; much code has become pwned by the largest Internet companies; and no one can agree on norms.

In a coda, Barlow added, "In the absence of law, ethics and responsibility is [sic] what you have to have." But again: who defines the ethics and the responsibility?

So we are back to Geary's challenge, having eliminated most avenues of approach. Grumpily lifting my crown, I think I would start with access, primarily through municipal and cooperatively built networks. In Cybersalon's unscientific poll at the 2015 Web We Want Festival it was the number one complaint, even in some areas of London. Improving access will continue to enlarge the tranche of existing problems: security, privacy, literacy, education, insufficient competition, network neutrality, centralization, public and private investment, law enforcement, security, protection for democratic processes, moderating toxic human behavior, governance, control, censorship, bullying and intimidation, and technical development. All that will need many wise councils.

But first: let there be light.

Illustrations: Screenshot of Geary's Twitter post.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 3, 2018

JAQing off

benjaminfranklin-pd.jpgYears ago, when I used to be called in to do various types of discussion TV and radio programs as the token skeptic, a friend said I should turn these invitations down. He had done so himself, on the basis that absent specialists to provide "the other side" of the debate, the programs would drop the item.

I was less sure, because before The Skeptic was founded, those programs did still run - with the opposition provided by a different type of anti-science. Programs featuring mediums and ghost-seers would debate religious representatives who saw these activities and apparitions as evil, but didn't doubt their existence or discuss the psychology of belief. So I thought the more likely outcome was that the programs would run anyway, but be more damaging to the public perception of science.

I did, however, argue (I think in a piece for New Scientist that matters of fact should not be fodder for "debate" on TV. "Balance" was much-misused even in the early 1990s, and I felt that if you defined it as "presenting two opposing points of view" then every space science story would require a quote from the Flat Earth Society. Fortunately, no one has gone that far in demanding "balance". Yet.

Deborah Lipstadt, opened her book Denying the Holocaust with an argument like my friend's. She refuses to grant Holocaust deniers the apparent legitimacy of a platform. This is ultimately an economic question: if the producers want spectacular mysteries, then the skeptic is there partly as a decorative element and partly to absolve the producers of the accusation that they're promoting nonsense. The program runs if you decline. If they want Deborah Lipstadt as their centerpiece, then she is in a position to demand that her fact-based work not be undermined by some jackass presenting "an alternative view".

Maybe that should be JAQass. A couple of weeks ago, Slate ran a piece by AskHistorians subreddit volunteer moderator Johannes Breit. He and his fellow moderators, who sound like they come from the Television without Pity school of moderation, keep AskHistorians high-signal, low-noise by ruthlessly stamping on speculation, abuse, and anything that smacks of denial of established fact. The Holocaust and Nazi Germany are popular topics, so Holocaust denial is a particular target of their efforts.

"Conversation is impossible if one side refuses to acknowledge the basic premise that facts are facts," he writes. And then: "Holocaust denial is a form of political agitation in the service of bigotry, racism, and anti-Semitism." For these reasons, he argues that Mark Zuckerberg's announced plan to control anti-Semitic hate speech on Facebook is to remove only postings that advocate violence will not work: In Breit's view, "Any attempt to make Nazism palatable again is a call for violence." Accordingly, the AskHistorians moderators have a zero-tolerance policy even for "just asking questions" - or JAQing, a term I hadn't noticed before - which in their experience is not innocent questioning at all, but deliberate efforts to sow doubt in the audiences' minds.

"Just asking questions" was apparently also Gwyneth Paltrow's excuse for not wanting to comply with Conde Nast's old-fangled rules about fact checking. It appears in HIV denial (that is, early 1990s Sunday Times-style refusal to accept the scientific consensus about the cause of AIDS).

One reason the AskHistorians moderators are so unforgiving, Breit writes, is because it shares a host - Reddit - with myriad other subcommunities that are "notorious for their toxicity". I'd argue this is a feature as well as a bug: AskHistorians' regime would be vastly harder to maintain if there weren't other places where people can blow off steam and vent their favorite anti-matter. As much as I loathe a business that promotes dangerous and unhealthy practices in the name of "wellness", I'm still a free speech advocate - actual free speech, not persecuted-conservative-mythology free speech.

I agree with Breit that Zuckerberg's planned approach for Facebook won't work. But Breit's approach isn't applicable either because of scale: AskHistorians, with a clearly defined mission and real expert commenters, has 37 moderators. I can't begin to guess how many that would translate to for Facebook, where groups are defined but the communities that form around each individual poster are not. That said, if you agree with Breit about the purpose of JAQ, his approach is close to the one I've always favored: distinguishing between content and behavior.

Mostly , we need principles. Without them, we have a patchwork of reactions but no standards to debate. We need not to confuse Google and Facebook with the internet. And we need to think about the readers as well as posters. Finally, we need to understand the tradeoffs. History teaches us a lot about the price of abrogating free speech. The events of the last two years have taught us that our democracies can be undermined by hostile actors turning social media to their own purposes.

My suspicion is that it's the economic incentives underlying these businesses that have to be realigned, and that the solution to today's problems is less about limiting speech than about changing business models to favor meaningful connection rather than "engagement" (aka, outrage). That probably won't be enough by itself, but it's the part of the puzzle that is currently not getting enough attention..

Illustrations: Benjamin Franklin, who said, "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 6, 2018

This is us

Thumbnail image for ACTA_Protest_Crowd_in_London.JPGAfter months of anxiety among digital rights campaigners such as the Open Rights Group and the Electronic Frontier Foundation, the European Parliament has voted 318-278 against fast-tracking a particularly damaging set of proposed changes to copyright law.

There will be a further vote on September 10, so as a number of commentators are reminding us on Twitter, it's not over yet.

The details of the European Commission's alarmingly wrong-headed approach have been thoroughly hashed out for the last year by Glyn Moody. The two main bones of contention are euphoniously known as Article 11 and Article 13. Article 11 (the "link tax") would give publishers the right to require licenses (that is, payment) for the text accompanying links shared on social media, and Article 13 (the "upload filter") would require sites hosting user content to block uploads of copyrighted material.

In a Billboard interview with MEP Helga Trüpel, Muffett quite rightly points out the astonishing characterization of the objections to Articles 11 and 13 as "pro-Google". There's a sudden outburst of people making a similar error: Even the Guardian's initial report saw the vote as letting tech giants (specifically, YouTube) off the hook for sharing their revenues. Paul McCartney's last-minute plea hasn't helped this perception. What was an argument about the open internet is now being characterized as a tussle over revenue share between a much-loved billionaire singer/songwriter and a greedy tech giant that exploits artists.

Yet, the opposition was never about Google. In fact, probably most of the active opponents to this expansion of copyright and liability would be lobbying *against* Google on subjects like privacy, data protection, tax avoidance, and market power, We just happen to agree with Google on this particular topic because we are aware that forcing all sites to assume liability for the content their users post will damage the internet for everyone *else*. Google - and its YouTube subsidiary - has both the technology and the financing to play the licensing game.

But licensing and royalties are a separate issue from mandating that all sites block unauthorized uploads. The former is about sharing revenues; the latter is about copyright enforcement, and conflating them helps no one. The preventive "copyright filter" that appears essential for compliance with Article 13 would fail the "prior restraint" test of the US First Amendment - not that the EU needs to care about that. As copyright-and-technology consultant Bill Rosenblatt writes, licensing is a mess that this law will do nothing to fix. If artists and their rights holders want a better share of revenues, they could make it a *lot* easier for people to license their work. This is a problem they have to fix themselves, rather than requiring lawmakers to solve it for them by placing the burden on the rest of us. The laws are what they are because for generations they made them.

Article 11, which is or is not a link tax depending who you listen to, is another matter. Germany (2013) and Spain (2014) have already tried something similar, and in both cases it was widely acknowledged to have been a mistake. So much so that one of the opponents to this new attempt is the Spanish newspaper El País.

My guess is that those who want these laws passed are focusing on Google's role in lobbying against them - for example, Digital Music News reports that Google spent more than $36 million on opposing Article 13 - is preparation for the next round in September. Google and Facebook are increasingly the targets people focus on when they're thinking about internet regulation. Therefore, if you can recast the battle as being one between deserving artists and a couple of greedy American big businesses, they think it will be an easier sell to legislators.

But there are two of them and billions of us, and the opposition to Articles 11 and 13 was never about them. The 2012 SOPA and PIPA protests and the street protests against ACTA were certainly not about protecting Google or any other large technology company. No one goes out on the street or dresses up their website in protest banners in order to advocate for *Google*. They do it because what's been proposed threatens to affect them personally.

There's even a sound economic argument: had these proposed laws been in place in 1998, when Sergey Brin and Larry Page were meeting in dorm rooms, Google would not exist. Nor would thousands of other big businesses. Granted, most of these have not originated in the EU, but that's not a reason to wreck the open internet. Instead, that's a reason to find ways to make the internet hospitable to newcomers with bright ideas.

This debate is about the rest of us and our access to the internet. We - for some definition of "we" - were against these kinds of measures when they first surfaced in the early 1990s, when there were no tech giants to oppose them, and for the same reasons: the internet should be open to all of us.

Let the amendments begin.

Illustrations: Protesters against ACTA in London, 2012 (via Wikimedia)

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

April 6, 2018


Facebook-76536_640.pngWell, what's 37 million or 2 billion scraped accounts more or less among friends? The exploding hairball of the Facebook/Cambridge Analytica scandal keeps getting bigger. And, as Rana Dasgubta writes in the Guardian, we are complaining now because it's happening to us, but we did not notice when these techniques were tried out first in third-world countries. Dasgupta has much to say about how nation-states will have to adapt to these conditions.

Given that we will probably never pin down every detail of how much data and where it went, it's safest to assume that all of us have been compromised in some way. The smug "I've never used Facebook" population should remember that they almost certainly exist in the dataset, by either reference (your sister posts pictures of "my brother's birthday") or inference (like deducing the existence, size, and orbit of an unseen planet based on its gravitational pull on already-known objects).

Downloading our archives tells us far less than people recognize. My own archive had no real surprises (my account dates in 2007, but I post little and adblock the hell out of everything). The shock many people have experienced of seeing years of messages and photographs laid out in front of them, plus the SMS messages and call records that Facebook shouldn't have been retaining in the first place, hides the fact that these archives are a very limited picture of what Facebook knows about us. It shows us nothing about information posted about us by others, photos others have posted and tagged, or comments made in response to things we've posted.

The "me-ness" of the way Facebook and other social media present themselves was called out by Christian Fuchs in launching his book Digital Demagogue: Authoritarian Capitalism in the Age of Trump and Twitter. "Twitter is a me-centred medium. 'Social media' is the wrong term, because it's actually anti-social, Me media. It's all about individual profiles, accumulating reputation, followers, likes, and so on."

Saying that, however, plays into Facebook's own public mythology about itself. Facebook's actual and most significant holdings about us are far more extensive, and the company derives its real power from the complex social graphs it has built and the insights that can be gleaned from them. None of that is clear from the long list of friends. Even more significant is how Facebook matches up user profiles to other public records and social media services and with other brokers' datasets - but the archives give us no sense of that either. Facebook's knowledge of you is also greatly enhanced - as is its ability to lock you in as a user - if you, like many people, have opted to use Facebook credentials to log into third-party sites. Undoing that is about as easy and as much fun as undoing all your direct debit payments in order to move your bank account.

Facebook and the other tech companies are only the beginning. There's a few people out there trying to suggest Google is better, but Zeynep Tufekci discovered it had gone on retaining her YouTube history even though she had withdrawn permission to do so. As Tufekci then writes, if a person with a technical background whose job it is to study such things could fail to protect her data, how could others hope to do so?

But what about publishers and the others dependent on that same ecosystem? As Doc Searls writes, the investigative outrage on display in many media outlets glosses over the fact that they, too, are compromised. Third party trackers, social media buttons, Google analytics, and so on all deliver up readers to advertisers in increasing detail, feeding the business plans of thousands of companies all aimed at improving precision and targeting.

And why stop with publishers? At least they have the defense of needing to make a living. Government sites, libraries, and other public services do the same thing, without that justification. The Richmond Council website shows no ads - but it still uses Google Analytics, which means sending a steady stream of user data Google's way. Eventbrite, which everyone now uses for event sign-ups, is constantly exhorting me to post my attendance to Facebook. What benefit does Eventbrite get from my complying? It never says.

Meanwhile, every club, member organization, and creative endeavor begs its adherents to "like my page on Facebook" or "follow me on Twitter". While they see that as building audience and engagement, the reality is that they are acting as propagandists for those companies. When you try to argue against doing this, people will say they know, but then shrug helplessly and say they have to go where the audience is. If the audience is on Facebook, and it takes page likes to make Facebook highlight your existence, then what choice is there? Very few people are willing to contemplate the hard work of building community without shortcuts, and many seem to have come to believe that social media engagement as measured in ticks of approval is community, like Mark Zuckerberg tried to say last year.

For all these reasons, it's not enough to "fix Facebook". We must undo its leverage.

Illustrations: Facebook logo.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

March 30, 2018

Conventional wisdom

Hague-Grote_Markt_DH3.JPGOne of the problems the internet was always likely to face as a global medium was the conflict over who gets to make the rules and whose rules get to matter. So far, it's been possible to kick the can down the road for Future Government to figure out while each country makes its own rules. It's clear, though, that this is not a workable long-term strategy, if only because the longer we go on without equitable ways of solving conflicts, the more entrenched the ad hoc workarounds and because-we-can approaches will become. We've been fighting the same battles for nearly 30 years now.

I didn't realize how much I longed for a change of battleground until last week's Internet Law Works-in-Progress paper workshop, when for the first time I heard an approach that sounded like it might move the conversation beyond the crypto wars, the censorship battles, and the what-did-Facebook-do-to-our-democracy anguish. The paper was presented by Asaf Lubin, a Yale JSD candidate whose background includes a fellowship at Privacy International. In it, he suggested that while each of the many cases of international legal clash has been considered separately by the courts, the reality is that together they all form a pattern.

asaf-lubin-yale.pngThe cases Lubin is talking about include the obvious ones, such as United States v. Microsoft, currently under consideration in the US Supreme Court and Apple v. FBI. But they also include the prehistoric cases that created the legal environment we've lived with for the last 25 years: 1996's US v. Thomas, the first jurisdictional dispute, which pitted the community standards of California against those of Tennessee (making it a toss-up whether the US would export the First Amendment Puritanism); 1995's Stratton Oakmont v. Prodigy, which established that online services could be held liable for the content their users posted; and 1991's Cubby v. CompuServe, which ruled that CompuServe was a distributor, not a publisher and could not be held liable for user-posted content. The difference in those last two cases: Prodigy exercised some editorial control over postings; CompuServe did not. In the UK, notice-and-takedown rules were codified after the Godfrey v. Demon Internet extended defamation law to the internet..

Both access to data - whether encrypted or not - and online content were always likely to repeatedly hit jurisdictional boundaries, and so it's proved. Google is arguing with France over whether right-to-be-forgotten requests should be deindexed worldwide or just in France or the EU. The UK is still planning to require age verification for pornography sites serving UK residents later this year, and is pondering what sort of regulation should be applied to internet platforms in the wake of the last two weeks of Facebook/Cambridge Analytica scandals.

The biggest jurisdictional case, United States v. Microsoft, may have been rendered moot in the last couple of weeks by the highly divisive Clarifying Lawful Overseas Use of Data (CLOUD) Act. Divisive because: the technology companies seem to like it, EFF and CDT argue that it's an erosion of privacy laws because it lowers the standard of review for issuing warrants, and Peter Swire and Jennifer Daskal think it will improve privacy by setting up a mechanism by which the US can review what foreign governments do with the data they're given; they also believe it will serve us all better than if the Supreme Court rules in favor of the Department of Justice (which they consider likely).

Looking at this landscape, "They're being argued in a siloed approach," Lubin said, going on to imagine the thought process of the litigants involved. "I'm only interested in speech...or I'm a Mutual Legal Assistance person and only interested in law enforcement getting data. There are no conversations across fields and no recognition that the problems are the same." In conversation at conferences, he's catalogued reasons for this. Most cases are brought against companies too small to engage in too-complex litigation and who fear antagonizing the judge. Larger companies are strategic about which cases they argue and in front of whom; they seek to avoid having "sticky precedents" issued by judges who don't understand the conflicts or the unanticipated consequences. Courts, he said, may not even be the right forums for debating these issues.

The result, he went on to say, is that these debates conflate first-order rules, such as the right balance on privacy and freedom of expression, with second-order rules, such as the right procedures to follow when there's a conflict of laws. To solve the first-order rules, we'd need something like a Geneva Convention, which Lubin thought unlikely to happen.

To reach agreement on the second-order rules, however, he proposes a Hague Convention, which he described as "private international law treaties" that could address the problem of agreeing the rules to follow when laws conflict. As neither a lawyer nor a policy wonk, the idea sounded plausible and interesting: these are not debates that should be solved by either "Our lawyers are bigger and more expensive than your lawyers" or "We have bigger bombs." (Cue Tom Lehrer: "But might makes right...") I have no idea if such an idea can work or be made to happen. But it's the first constructive new suggestion I've heard anyone make for changing the conversation in a long, long time.

Illustrations: The Hague's Grote Markt (via Wikimedia; Asaf Lubin.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

March 9, 2018

Signaling intelligence

smithsam-ASIdemo-slides.pngLast month, the British Home Office announced that it had a tool that can automatically detect 94% of Daesh propaganda with 99.995% accuracy. Sophos summarizes the press release to say that only 50 out of 1 million videos would require human review.

"It works by spotting subtle patterns in the extremist videso that distinguish them from normal content..." Mark Werner, CEO of London-based ASI Data Science, the company that developed the classifier, told Buzzfeed.

Yesterday, ASI, which numbers Skype co-founder Jaan Tallinn among its investors, presented its latest demo day in front of a packed house. Most of the lightning presentations focused on various projects its Fellows have led using its tools in collaboration with outside organizations such as Rolls Royce and the Financial Conduct Authority. Warner gave a short presentation of the Home Office extremism project that included little more detail than the press reports a month ago, to which my first reaction was: it sounds impossible.

That reaction is partly due to the many problems with AI, machine learning, and big data that have surfaced over the last couple of years. Either there are hidden biases, or the media reports are badly flawed, or the system appears to be telling us only things we already know.

Plus, it's so easy - and so much fun! - to mock the flawed technology. This week, for example, neural network trainer Janelle Shane showed off the results of some of her pranks. After confusing image classifiers with sheep that don't exist, goats in trees (birds! or giraffes!) and sheep painted orange (flowers!), she concludes, "...even top-notch algorithms are relying on probability and luck." Even more than humans, it appears that automated classifiers decide what they see based on what they expect to see and apply probability. If a human is holding it, it's probably a cat or dog; if it's in a tree it's not going to be a goat. And so on. The experience leads Shane to surmise that surrealism might be the way to sneak something past a neural net.

Some of this approach appears to be what ASI's classifier probably also does (we were shown no details). As Sophos suggests, a lot of the signals ASI's algorithm is likely to use have nothing to do with the computer "seeing" or "interpreting" the images. Instead, it likely looks for known elements such as logos and facial images matched against known terrorism photos or videos. In addition it can assess the cluster of friends surrounding the account that's posted the video and look for profile information that shows the source is one that has been known to post such material in the past. And some will be based on analyzing the language used in the video. From what ASI was saying, it appears that the claim the company is making is fairly specific: the algorithm is supposed to be able to detect (specifically) Daesh videos, with a false positive rate of 0.005%, and 94% of true positives.

These numbers - assuming they're not artifacts of computerish misunderstanding about what it's looking for - of course represent tradeoffs, as Patrick Ball explained to us last year. Do we want the algorithm to block all possible Daesh videos? Or are we willing to allow some through in the interests of honoring the value of freedom of expression and not blocking masses of perfectly legal and innocent material? That policy decision is not ASI's job.

What was more confusing in the original reports is that the training dataset was said to have been "over 1,000 videos". That seems an incredibly small sample for testing a classifier that's going to be turned loose on a dataset of millions. At the demonstration, Warner's one new piece of information is that because that training set was indeed small, the project developed "synthetic data" to enlarge the training set to sufficient size. As gaming-the-system as that sounds, creating synthetic data to augment training data is a known technique. Without knowing more about the techniques ASI used to create its synthetic data it's hard to assess that work.

We would feel a lot more certain of all of these claims if the classifier had been through an independent peer review. The sensitivity of the material involved makes this tricky; and if there has been an outside review we haven't been told about it.

But beyond that, the project to remove this material rests on certain assumptions. As speakers noted at the first conference run by VOX-Pol, an academic research network studying violent online political extremism, the "lone wolf" theory posits that individuals can be radicalized at home by viewing material on the internet. The assumption that this is true underpins the UK's censorship efforts. Yet this theory is contested: humans are highly social animals. Radicalization seems unlikely to take place in a vacuum. What - if any - is the pathway from viewing Daesh videos to becoming a terrorist attacker?

All these questions are beyond ASI's purview to answer. They'd probably be the first to say: they're only a hill of technology beans being asked to solve a mountain of social problems.

Illustrations: Slides from the demonstration (Sam Smith).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 9, 2018

RIP John Perry Barlow (1947-2018)

Thumbnail image for John_Perry_Barlow.jpgThere's a certain irony about the fact that John Perry Barlow, who styled himself "cognitive dissident" and whose early 1990s writings set the tone of so much discourse about the internet and inspired so many thousands of activists, has died in the same week that Conde Nast has put up a paywall around Wired, the magazine of record of that era. If you haven't crossed the free limit, I can recommend Steven Levy's obit.

I first encountered Barlow when I began writing about computer crime, around 1990, and called the office of the newly formed Electronic Frontier Foundation, which Barlow co-founded with John Gilmore and Mitch Kapor. A chat with Mike Godwin produced, soon afterwards, a fat paper folder Barlow's founding documents, "Crime and Puzzlement", parts one and two, along with a Harper's Forum discussion of computer hacking and the disproportionate law enforcement response. The first Computers, Freedom, and Privacy to get hackers and law enforcement talking to each other soon followed. I finally met the man himself at my first CFP in 1994.

Barlow's ideas are everywhere in modern internet activism. The EFF itself became a role model for dozens of other digital rights organizations across the world, including Britain's Open Rights Group, which was originally pitched as "a British EFF". The Economy of Ideas: Selling Wine Without Bottles, written in 1992-1993, discusses the "crisis in intellectual property" and how creators will make a living, issues still with us today. EFF has a helpful archive of his internet-related writing, and all of it is worth reading whether or not you agree with him or think, as Barlow claimed Kapor did, that he needed a hyperbolectomy.

His most famous piece, A Declaration of the Independence of Cyberspace, met with embarrassment from many of us when he wrote it in 1996. Yet of everything he wrote it's the one that is still the most widely cited, critiqued, and discussed. To many of us at the time the notion that government had no role to play in cyberspace was either naive or too libertarian for words. In a contemporaneous critique, Reilly Jones (PDF) said Barlow's vision would lead inexorably to universal tyranny. It was clear in conversation with Barlow that he thought the internet was creating libertarians by the million, but I thought government regulation would be an inevitable consequence of ecommerce, and that people would be quick to welcome it to protect them from fraud, theft, and other crimes.

It was clear to anyone who'd talked with him, though, that the ideas he expressed in A Declaration were not the work of a moment's anger at the passage of the Communications Decency Act as part of the 1996 Telecommunications Act. In April 1995, in an interview for the Guardian, he told me, "Cyberspace is naturally sovereign for a variety of reasons...If the terms and conditions of the place are so different from the terms and conditions of the colonial power, sooner or later it becomes obvious that it makes better sense for it to be self-ordering or self-governing." His example was the British Empire: "One of the things that happened quite frequently with the British empire is that Britain realized that from a purely economic standpoint its self-interest was better served by a more or less equal relationship with the former colony as a member of the Commonwealth rather than having it as being an ungovernable, restless, and angry colony. And that analogy applies very well in this instance, because the citizens of cyberspace are going to become more restless and intractable as time goes on, and less willing to be governed by terrestrial principles."

So it's no surprise that 20 years later, Barlow told Wired he stood by its central concept: that cyberspace has a "natural immunity" to nation-state interference. Around the same time he called Wikileaks a "foreign power".

The world he wrote about has both changed and stayed the same. "Cyberspace" dates his views terribly: it's an increasingly meaningless concept to those who've never had to wait to connect, and for whom everything they do online is inextricably entangled with their physical lives. Many younger people are not, as they're so often called, "digital natives", but people to whom the internet has always been a giant surveillance platform delivering cat videos and homework. Yet the battles he wrote about - the right to use encryption, copyright, privacy, openness - are all still being hammered out all around us. So is the key piece of the reason to found the EFF, which he expressed in Crime and Puzzlement, part 2, as "to ensure that the Constitution will continue to apply to digital media". Politicians have long been fond of saying that what is illegal offline should be illegal online, but are less fond of saying the equally important converse: what is legal offline should be legal online.

In his obit for TechDirt, Godwin suggests that in dissecting Barlow's A Declaration we all missed the point. Barlow, he writes, "was writing to inspire activism, not to prescribe a new world order, and his goal was to be lyrical and aspirational, not legislative." In that, Barlow certainly succeeded.

Illustrations: John Perry Barlow.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 29, 2017


Science_Museum_-_Robots_-_Metropolis_(32781591336).jpgThe end of the year seems a good moment for complaints. The Guardian has gone all out with 2017 as the year the world turned against Silicon Valley. This is a more modest bitchfest.

First is the distressing tendency for journalists - who should know better - to anthropomorphize robots, both physical and virtual, by assigning them "gender". Pepper looks cute, but it's still just a fancy hammer. Plus, as came out at We Robot in 2016, while Westerners see Pepper as female, Asians identify it as male. I don't care how curvaceous or evil that robot looks, or what kind of voice it has, it's an it.


At the fifth birthday party for the Open Data Institute, co-founder Tim Berners-Lee gave an uncharacteristically depressed speech, in which he said, "We can't go on as though nothing's changed". A couple of weeks earlier, interviewed in the Guardian, he spoke despairingly about the reversal of network neutrality, the issues surrounding fake news and propaganda, ad revenues and clickbait, and manipulative "dark ads" that bypass democratic accountability.

Yet some would argue that Berners-Lee and his W3C have added to the mess by accepting digital rights management into the web's standards without requiring rights holders to promise not to use copyright law to attack people who bypass DRM for legal reasons (such as accessibility and security research). For such a long-term advocate of the internet as a permissionless space, it's a startling decision.


The web continues to embrace unreadability in the form of skinny, grey, low-contrast fonts, and the problem is spreading to new devices. Maybe it's not young geeks that are at fault, but all those video autoplay bandits, who would vastly prefer it if we didn't read anything.


Returning to robots, in August Edward Hasbrouck saw one behaving badly on a San Francisco Caltrain platform. In all those robot panics, no one considered how to share physical public space. Now, congestion on already-clogged sidewalks has led the City of San Francisco to require permits and human chaperones for the city's thousands (so far) of delivery robots, and also to restrict where they may roam. I would expect many cities - such as London, where so many sidewalks are cramped, medieval affairs - to follow suit. At least, until the robots have learned some manners.


Waterdrops_(4648726722).jpgSometime around mid-November, I became conscious of a new and frequently-heard sound: Ding!

Inquiry established that it is the noise made by current iPhones when they receive messages. It dings so often and so unpredictably that I now hear the sound when others can't. It's so deeply embedded into my head that I may have begun to hallucinate it, just as, half-waking at 7:30 AM I used to "hear" non-existent doorbells.


I imagine the circumstances of this sound's birth. A design team roved northern California looking for inspiring landscapes. Eventually, they chose a piece of land and built a Japanese garden in which they locked themselves. There, they were taught to reflect on the qualities of the desired sound: quietness, elegance, simplicity, peace, the best qualities of the best-trained and most deferential butlers. They imagined the sound that would capture these qualities: melodious, brief, undemanding yet piercingly sweet, intended to let you know you had a message without adding stress or harassment to your already-busy life, the equivalent of holding out a handwritten calling card on an exquisitely engraved and polished silver tray.

Googlers would have picked two dozen frequencies and conducted A/B tests to determine which of the candidate sounds came closest to getting people to open their messages. But this is Apple, so instead they discussed the sounds as if they were fine wines. They used the words "minimalist" and "custom frequencies" a lot.


Finally, one was chosen and deployed: a crystalline, clear, not-quite-pure tone that conveys the sense of a glistening drop of water falling into a placid pool, leaving behind the slightest of expanding circles.

I have never hated a sound more. The harsh, penetrating, high-pitched tone of the doors on Southwest trains and London Underground elevators, or the needle through the occipital bone that accompanies the dentist's ultrasonic cleaner are far more horrible noises, but you know when you are going to hear them. Apple's noise is pure Chinese water torture in its unpredictability, because a) you have no idea when other people might receive messages or who in your vicinity owns one of these devices, and b) it's designed to be so mellifluous and charming that no iPhone owner can imagine it could ever be offensive and so they do not set their phones to silent.


The reason it's so enraging, of course, is that its apparent politeness - "so sorry to disturb you but it's only for a split second and I sound beautiful, and then I'll leave you alone" - is utterly meretricious. Its real purpose is to say, "HEY, YOU, PAY ATTENTION TO ME." And you, the iPhone refusenik, can do nothing about it because the designers don't care about you-not-their-customer, you. You can divorce Google, but you can't divorce other people's phones.

Happy New Year.

Illustrations: Metropolis's Maria at the Science Museum (via Matt Brown), Water Drops (via Sander van der Wel).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 22, 2017

Hidden figures

betteroffted-malcolm-barrett.jpgIn the last half of this year, I've become aware of one of the less obvious casualties of the decline in local journalism: talking newspapers.

Probably most people don't know these exist; I certainly didn't. But around the UK there is a string of these things, which exist to give blind and visually impaired people access to their local newspaper.

This is the kind of thing the existence of the internet tends to lead us to dismiss as no longer necessary. Surely screen readers and the web have provided such access? But as I learned years ago, wandering the web with a screen reader is not easy. The Talking Newspapers provides uninterrupted content; screen readers can't always distinguish between content, navigational aids, and other clutter. As information density goes, the Talking Newspaper wins.

The Richmond one, which began in 1979, works like this: four people meet on a Friday evening and spread out copies of the Richmond and Twickenham Times. They look over the paper and share out the stories. Then they take turns reading them out into microphones and a recorder, which runs specific software for this sort of purpose. A production engineer oversees the recording. Later, others oversee the business of assembling the files and making copies onto USB sticks. Separately, a couple of administrators extract returned sticks from their envelopes and prepare envelopes to send out the new batch. (They do modern times, too, and you can download the output from the website.)

Here's the thing: The Richmond and Twickenham Times is about half the size it was ten years ago, and it's not getting any bigger. A single edition no longer fills enough space.

The team are coping by getting permission to use some material from the BBC, and there are some obvious untapped sources of content in the form of newsletters and articles from local churches, historical societies, arts groups, and that glossy magazine that plonks through the door that you don't know what it's for that's mostly advertising and the printed equivalent of infomercials but there's probably an article or two per issue that's usable.

To those of us who spend our time mulling the doings of largely automated services that count their users by the billion, a labor-intensive service like this that counts them in dozens seems like a rounding error. Surely it's the wrong scale for the 21st century? And for a huge city like London? Yet Europe's first megacity, though it's generally treated in the media as an amorphous whole, in reality is made up of quite distinct neighborhoods. The area surrounding Richmond is made up of many formerly separate small towns, each with its own town center, shops, and community life. What's left of newspapers and newsletters still provides connective tissue within these subcommunities

To some extent, this is a story about older people and isolation. When lessening physical ability shrinks your world, remaining connected in other ways rises in importance. A friend who has long worked on local newspapers tells me their older readers are their most dedicated - although by and large most advertisers don't care much about them. It's not easy to develop and learn new sources of connection after reading has become difficult; ideally, you need to prepare in advance, but no one does.

At the other end of the scale, this week Pro Publica caught Facebook and a bunch of other companies (including Amazon and Verizon) in a new form of age discrimination: using Facebook's advertising platform to target job ads at specific age groups. Under present US, UK, and EU law, a newspaper ad could never say, "Must be 25 to 36", but on Facebook it doesn't need to. All an advertiser has to do is tick the appropriate boxes, and anyone outside of the desired age group simply won't ever see the ad.

It's fair to say that one of the difficulties with new technology is that you just don't know how people are going to use it to bypass the law. However, Facebook's reply to this claim has been to compare the practice to running ads in magazines that target specific age groups, and argue that age-based targeting for recruitment ads is "standard industry practice". Yet there is an obvious difference: anyone can pick up a magazine and read it whether they fit the target demographic or not, but on Facebook you can only see what the system decides to show you. Be 37, and that job does not exist in your reality.

The company's response brings to mind the TV show Better Off Ted and the dysfunctional company in which it is set, Veridian Dynamics. Specifically, the moment in Season 1 episode 4, "Racial Sensitivity", when Veronica (Portia di Rossi) explains to Ted (Jay Harrington) why the building control system, which automates everything from lights and water fountains to elevators, lighting, and doors by responding to reflections of light off the skin, is not racist. "The company's position is that it's actually the opposite of racist because it's not targeting black people, it's just ignoring them."

Illustrations: Malcolm Barrett, trying to be seen by the motion sensors in Better Off Ted.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 8, 2017

Plastures of plenty

Thumbnail image for windows-xp-hilltop.jpegIt was while I was listening to Isabella Henriques talk about children and consumerism at this week's Children's Global Media Summit that it occurred to me that where most people see life happening advertisers see empty space.

Henriques, like Kathryn Montgomery earlier this year, is concerned about abusive advertising practices aimed at children. So much UK rhetoric around children and the internet focuses on pornography and extremism - see, for example, this week's Digital Childhood report calling for a digital environment that is "fit for childhood" - that it's refreshing to hear someone talk about other harms. Such as: teaching kids "consumerism". Under 12, Henriques said, children do not understand the persuasiveness and complexity of advertising. Under six, they don't identify ads (like the toddler who watched 12 minutes of Geico commercials). And even things that are *effectively* ads aren't necessarily easily identifiable as such, even by adults: unboxing videos, product placement, YouTube kids playing with branded toys, and in-app "opportunities" to buy stuff. Henriques' research finds that children influence family purchases by up to 80%. That's not a baby you're expecting; it's a sales promoter.

When we talk about the advertising arms race, we usually mean the expanding presence and intrusiveness of ads in places where we're already used to seeing them. That escalation has been astonishing.

To take one example: a half-hour sitcom episode on US network television in 1965 - specifically, the deservedly famous Coast to Coast Big Mouth episode of The Dick Van Dyke Show - was 25:30 minutes long. A 2017 episode of the top-rated US comedy, The Big Bang Theory, barely ekes out 18. That's over a third less content, double the percentage of time watching ads, or simply seven and a half extra minutes. No wonder people realized automatic ad marking and fast-forwarding would sell.

The internet kicked this into high gear. The lack of regulation and the uncertainty about business models led to legitimate experimentation. But it also led to today's complaints, both about maximally intrusive and attention-demanding ads and the data mining advertisers and their agencies use to target us, and also to increasingly powerful ad blockers - and ad blocker blockers.

The second, more subtle version of the arms race is the one where advertisers see every open space where people congregate as theirs to target. This was summed up for me once at a lunchtime seminar run by the UK's Internet Advertising Bureau in 2003, when a speaker gave an enthusiastic tutorial on marketing via viral email: "It gets us into the office. We've never been able to go there before." You could immediately see what office inboxes looked like to them: vast green fields just waiting to be cultivated. You know, the space we thought of as "work". And we were going to be grateful.

Childhood, as listening to Henriques, Montgomery, and the Campaign for a Commercial-Free Childhood makes plain, is one of those green fields advertisers have long fought to cultivate. On broadcast media, regulators were able to exercise some control. Even online, the Childhood Online Privacy Protection Act has been of some use.

Thumbnail image for isabella-henriques.jpegAdvertisers, like some religions, aim to capture children's affections young, on the basis that the tastes and habits you acquire in childhood are the hardest for an interloper to disrupt. The food industry has long been notorious unhealthy foods into finding ways around regulations that limit how they target children on broadcast and physical-world media. But the internet offers new options: "Smart" toys are one set of examples; Facebook's new Messenger Kids app is another. This arms race variant will escalate as the Internet of Things offers advertisers access to new areas of our lives.

Part of this story is the vastly increased quantities of data that will be available to sell to advertisers for data mining. On the web, "free" has long meant "pay with data". With the Internet of Things, no device will be free, but we will pay with data anyway. The cases we wrote about last week are early examples. As hardware becomes software, replacement life cycles become the manufacturer's choice, not yours. "My" mobile phone is as much mine as "my library book" - and a Tesla is a mobile phone with a chassis and wheels. Think of the advertising opportunities when drivers are superfluous to requirements, , beginning with the self-driving car;s dashboard and windshield. The voice-operated Echo/Home/Dot/whatever is clearly intended to turn homes into marketplaces.

A more important part is the risk of turning our homes into walled gardens, as Geoffrey A. Fowler writes in the Washington Post of his trial of Amazon Key. During the experiment, Fowler found strangers entering his house less disturbing than his sense of being "locked into an all-Amazon world". The Key experiment is, in Fowler's estimation, the first stab at Amazon's goal of becoming "the operating system for your home". Will Amazon, Google, and Apple homes be interoperable?

Henriques is calling for global regulation to limit the targeting of children for food and other advertising. It makes sense: every country is dealing with the same multinational companies, and most of us can agree on what "abusive advertising" means. But then you have to ask: why do they get a pass on the rest of us?

Illustrations: Windows XP start-up screen

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 17, 2017


Thumbnail image for lanier-lrm-2017.jpgOn Tuesday evening, virtual reality pioneer and musician Jaron Lanier, in London to promote his latest book, Dawn of the New Everything, suggested the internet took a wrong turn in the 1990s by rejecting the idea of combating spam by imposing a tiny - "homeopathic" - charge to send email. Think where we'd be now, he said. The mindset of paying for things would have been established early, and instead of today's "behavior modification empires" we'd have a system where people were paid for the content they produce.

Lanier went on to invoke the ghost of Ted Nelson who began his earliest work on Project Xanadu in 1960, before ARPAnet, the internet, and the web. The web fosters copying. Xanadu instead gave every resource a permanent and unique address, and linking instead of copying meant nothing ever lost its context.

The problem, as Nelson's 2011 autobiography Possiplex and a 1995 Wired article, made plain, is that trying to get the thing to work was a heartbreaking journey filled with cycles of despair and hope that was increasingly orthogonal to where the rest of the world was going. While efforts continue, it's still difficult to comprehend, no matter how technically visionary and conceptually advanced it was. The web wins on simplicity.

But the web also won because it was free. Tim Berners-Lee is very clear about the importance he attaches to deciding not to patent the web and charge licensing fees. Lanier, whose personal stories about internetworking go back to the 1980s, surely knows this. When the web arrived, it had competition: Gopher, Archie, WAIS. Each had its limitations in terms of user interface and reach. The web won partly because it unified all their functions and was simpler - but also because it was freer than the others.

Suppose those who wanted minuscule payments for email had won? Lanier believes today's landscape would be very different. Most of today's machine learning systems, from IBM Watson's medical diagnostician to the various quick-and-dirty translation services rely on mining an extensive existing corpus of human-generated material. In Watson's case, it's medical research, case studies, peer review, and editing; in the case of translation services it's billions of side-by-side human-translated pages that are available on the web (though later improvements have taken a new approach). Lanier is right that the AIs built by crunching found data are parasites on generations of human-created and curated knowledge. By his logic, establishing payment early as a fundamental part of the internet would have ensured that the humans that created all that data would be paid for their contributions when machine learning systems mined it. Clarity would result: instead of the "cruel" trope that AIs are rendering humans unnecessary, it would be obvious that AI progress relied on continued human input. For that we could all be paid rather than being made "wards of the state".

Consider a practical application. Microsoft's LinkedIn is in court opposing HiQ, a company that scrapes LinkedIn's data to offer employers services that LinkedIn might like to offer itself. The case, which was decided in HiQ's favor in August but is appeal-bound, pits user privacy (argued by EPIC) against innovation and competition (argued by EFF). Everyone speaks for the 500 million whose work histories are on LinkedIn, but no one speaks for our individual ownership of our own information.

Let's move to Lanier's alternative universe and say the charge had been applied. Spam dropped out of email early on. We developed the habit of paying for information. Publishers and the entertainment industry would have benefited much sooner, and if companies like Facebook and LinkedIn had started, their business models would have been based on payments for posters and charges for readers (he claims to believe that Facebook will change its business model in this direction in the coming years; it might, but if so I bet it keeps the advertising).

In that world, LinkedIn might be our broker or agent negotiating terms with HiQ on our behalf rather than in its own interests. When the web came along, Berners-Lee might have thought pay-to-click logical, and today internet search might involve deciding which paid technology to use. If, that is, people found it economic to put the information up in the first place. The key problem with Lanier's alternative universe: there were no micropayments. A friend suggests that China might be able to run this experiment now: Golden Shield has full control, and everyone uses WeChat and AliPay.

I don't believe technology has a manifest destiny, but I do believe humans love free and convenient, and that overwhelms theory. The globally spreading all-you-can-eat internet rapidly killed the existing paid information services after commercial access was allowed in 1994. I'd guess that the more likely outcome of charging for email would have been the rise of free alternatives to email - instant messaging, for example, which happened in our world to avoid spam. The motivation to merge spam with viruses and crack into people's accounts to send spam would have arisen earlier than it did, so security would have been an earlier disaster. As the fundamental wrong turn, I'd instead pickcentralization.

Lanier noted the culminating irony: "The left built this authoritarian network. It needs to be undone."

The internet is still young. It might be possible, if we can agree on a path.

Illustrations: Jaron Lanier in conversation with Luke Robert Mason (Eva Pascoe);

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

October 27, 2017

The opposite of privilege

new-22portobelloroad.jpgA couple of weeks ago, Cybersalon held an event to discuss modern trends in workplace surveillance. In the middle, I found myself reminding the audience, many of whom were too young to remember, that 20 or so years ago mobile phones were known locally as "poserphones". "Poserphone" because they were still expensive enough recently enough that they were still associated with rich businessmen who wanted to show off their importance.

The same poseurship today looks like this: "I'm so grand I don't carry a mobile phone." In a sort of rerun of the 1997 anti-internet backlash, which was kicked off by Clifford Stoll's Silicon Snake-Oil, all over the place right now we're seeing numerous articles and postings about how the techies of Silicon Valley are disconnecting themselves and removing technology from the local classrooms. Granted, this has been building for a while: in 2014 the New York Times reported that Steve Jobs didn't let his children use iPhones or iPads.

It's an extraordinary inversion in a very short time. However, the notable point is that the people profiled in these stories are people with the agency to make this decision and not suffer for it. In April, Congressman Jim Sensenbrenner (R-WI), claimed airily that "Nobody has to use the internet", a statement easily disputed. A similar argument can be made about related technology such as phones and tablets: it's perfectly reasonable to say you need downtime or that you want your kids to have a solid classical education with plenty of practice forming and developing long-form thinking. But the option to opt out depends on a lot of circumstances outside of most people's control. You can't, for example disconnect your phone if your zero-hours contracts specifies you will be dumped if you don't answer when they call, nor if you're in high-urgency occupations like law, medicine, or journalism; nor can you do it if you're the primary carer for anyone else. For a homeless person, their mobile phone may be their only hope of finding a job or a place to live.

Battery concerns being what they are, I've long had the habit of turning off wifi and GPS unless I'm actively using them. As Transport for London increasingly seeks to use passenger data to understand passenger flow through the network and within stations, people who do not carry data-generating devices are arguably anti-social because they are refusing to contribute to improving the quality of the service. This argument has been made in the past with reference to NHS data, suggesting that patients who declined to share their data didn't deserve care.

cybersalon-october.jpgToday's employers, as Cybersalon highlighted and as speakers have previously pointed out at the annual Health Privacy Summit, may learn an unprecedented amount of intimate information about their employees via efforts like wellness programs and the data those capture from devices like Fitbits and smart watches. At Cornell, Karen Levy has written extensively about the because-safety black box monitoring coming to what historically has been the most independent of occupations, truck driving. At Middlesex Phoebe Moore is studying the impact of workplace monitoring on white collar workers. How do you opt out of monitoring if doing so means "opting out" of employment?

The latest in facial recognition can identify people in the backgrounds of photos, making it vastly harder to know which of the sidewalk-blockers around you snapping pictures of each other on their phones may capture and upload you as well, complete with time and location. Your voice may be captured by the waiting speech-driven device in your friend's car or home; ever tried asking someone to turn off Alexa-Siri-OKGoogle while you're there?

For these reasons, publicly highlighting your choice to opt out reads as, "Look how privileged I am", or some much more compact and much more offensive term. This will be even more true soon, when opting out will require vastly more effort than it does now and there will be vastly fewer opportunities to do it. Even today, someone walking around London has no choice about how many CCTV cameras capture them in motion. You can ride anonymously on the tube and buses as long as you are careful to buy, and thereafter always top up, your Oyster smart card with cash. But the latest in facial recognition can identify people in the backgrounds of photos, making it vastly harder to know which of the sidewalk-blockers around you snapping pictures of each other on their phones may capture and upload you as well, complete with time and location.

It's clear "normal" people are beginning to know this. This week, in a supermarket well outside of London, I was mocking a friend for paying for some groceries by tapping a credit card. "Cash," I said. "What's wrong with nice, anonymous cash?" "It took 20 seconds!" my friend said. The aging cashier regarded us benignly. "They can still track you by the mobile phones you're carrying," she said helpfully. Touché.

Illustrations: George Orwell's house at 22 Portobello road; Cybersalon (Phoebe Moore, center).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 22, 2017


original-LOC-opper-newspaper.png"Fake news is not some unfortunate consequence," the writer and policy consultant Maria Farrell commented at the UK Internet Governance Forum last week. "It is the system working as it should in the attention economy."

The occasion was a panel featuring Simon Milner, Facebook's UK policy director; Carl Miller, from the Demos think tank, James Cook, Business Insider UK's technology editor; the MP and shadow minister for industrial strategy Chi Onwurah (Labour - Newcastle upon Tyne Central); and, as moderator, Nominet chair Mark Wood.

cropped-Official_portrait_of_Chi_Onwurah.jpgThey all agreed to disagree on the definition of "fake news". Cook largely saw it as a journalism problem: fact checkers and sub-editors are vanishing. Milner said Facebook has a four-pronged strategy: collaborate with others to find industry solutions, as in the Facebook Journalism Project; disrupt the economic flow - that is, target clickbait designed to take people *off* Facebook to sites full of ads (irony alert); take down fake accounts (30,000 before the French election); try to build new products that improve information diversity and educate users. Miller wants digital literacy added to the national curriculum: "We have to change the skills we teach people. Journalists used to make those decisions on our behalf, but they don't any more." Onwurah, a chartered electrical engineer who has worked for Ofcom, focused on consequences: she felt the technology giants could do more to combat the problem, and expressed intelligent concern about algorithmic "black boxes" that determine what we see.

Boil this down. Onwurah is talking technology and oversight. Milner also wants technology: solutions should be content-neutral but identify and eliminate bad behavior at the scale of 2 billion users, who don't want to read terms and conditions or be repeatedly asked for ratings. Miller - "It undermines our democracy" - wants governments to take greater responsibility: "it's a race between politics and technology". Cook wants better journalism, but, "It's terrifying, as someone in technology, to think of government seeing inside the Facebook algorithm." Because other governments will want their privilege, too; Apple is censoring its app store in order to continue selling iPhones in China.

Thumbnail image for MariaFarrellPortrait.jpgIt was Farrell's comment, though, that sparked the realization that fake news cannot be solved by thinking of it as a problem in only one of the fields of journalism, international relations, economic inequality, market forces, or technology. It is all those things and more, and we will not make any progress until we take an approach that combines all those disciplines.

Fake news is the democratization of institutional practices that have become structural over many decades. Much of today's fake news uses tactics originally developed by publishers to sell papers. Even journalists often fail to ask the right questions, sometimes because of editorial agendas, sometimes because the threat of lost access to top people inhibits what they ask.

Everyone needs the traditional journalist's mindset of asking, "What's the source?" and "What's their agenda?" before deciding on a story's truth. But there's no future in blaming the people who share these stories (with or without believing them) or calling them stupid. Today we're talking about absurdist junk designed to make people share it; tomorrow's equivalent may be crafted for greater credibility and hence be far more dangerous. Miller's concern for the future of democracy is right. It's not just that these stories are used to poison the information supply and sow division just before an election; the incessant stream of everyday crap causes people to disengage because they trust nothing.

In 1987 I founded The Skeptic in 1987 to counter what the late, great Simon Hoggart called paranormal beliefs' "background noise, interfering with the truth". Of course it matters that a lie on the internet can nearly cause a shoot-out at a pizza restaurant. But we can't solve it with technology, fact-checking, or government fiat at it. Today's generation is growing up in a world where everybody cheats and then lies about it: sports stars.

What we're really talking about here is where to draw the line between acceptable fakery ("spin") and unacceptable fakery. Astrology columns get a pass. Apparently so do professional PR people, as in the 1995 book Toxic Sludge Is Good for You: Lies, Damn Lies, and the Public Relations Industry, by John Stauber and Sheldon Rampton (made into a TV documentary in 2002). In mainstream discussions we don't hear that Big Tobacco's decades-long denial about its own research or Exxon Mobil's approach to climate change undermine democracy. If these are acceptable, it seems harder to condemn the Macedonian teen seeking ad revenue.

This is the same imbalance as prosecuting lone, young, often neuro-atypical computer hackers while the really pressing issues are attacks by criminals and organized gangs.

That analogy is the point: fake news and cybersecurity are sibling problems. Both are tennis, not figure skating; that is, at all times there is an adversary actively trying to frustrate you. "Fixing the users" through training is only one piece of either puzzle.

Treating cybersecurity as a purely technical problem failed. Today's crosses many fields: computer science, philosophy, psychology, law, international relations, economics. So does the VOX-Pol project to study online extremism. This is what we need for fake news.

Illustrations: "The fin de siecle newspaper proprietor", by Frederick Burr Opper, 1894 (from the Library of Congress via Wikipedia); Chi Onwurah; Maria Farrell.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 11, 2017

The lost generation

jean-m-twenge-pr.png"I have young children at home. I have to be in touch." The woman next to me in the stalls at The Book of Mormon in 2013 was defensive and a little angry when I commented blandly during the intermission that her texting during the last third of the first act (!) was distracting. I'm old enough that when my parents went out they told the babysitter where they were going, and that was it.

"Somehow," I muttered to my companion, "*we* lived to grow up."

But time has moved on, and today's teen panic is about smartphones. Jean M. Twenge, writing in The Atlantic, asks, "Have smartphones destroyed a generation?" and predicts that today's teenagers are all on the verge of a mental health crisis. She has charts - how much they date, sleep, hang out with friends, feel lonely, have sex. All, she says, trending downward since 2007, when the iPhone was released. Cause! Or just correlation?

In a non-expert view, I think that this generation, too, will find their way. Some of these things aren't necessarily bad: less driving, given climate change, for example. It's also kind of hilarious to see someone concerned that teens are less sexually active; how can a dropping teen pregnancy rate be a bad thing?

But, Twenge says, teens are increasingly unhappy, and she does find a correlation with phone, or at least, *screen* use: based on annual Monitoring the Future surveys from the National Institute on Drug Abuse, she writes, "Teens who spend more time than average on screen activities are more likely to be unhappy, and those who spend more time than average on nonscreen activities are more likely to be happy."

misschildimage-milk_cartons_sm.gifThe 2016 MTF survey finds that teen drug use is also dropping, even marijuana, despite legalization (if you don't go out, where do you get your drugs?). In the results presentation, NIDA spokespeople suggest that social media, cellphone use, and videogaming might be providing substitute activities, which they thought is worth investigating. I can't find the questions about relative happiness that Twenge refers to. However, it's notable that on most of her charts - driving, dating, and hanging out - the trend line was already heading downwards years before the iPhone. Sex plateaued long before 2007, and turned downward only around 2013, as did sleeping less. So the only chart that really matches Twenge's claim is loneliness, which hit bottom in 2007 and has climbed ever since, passing 1991 levels in about 2012-2013. What did it look like before 1991? We don't know. How much of that loneliness can be traced to economic issues following the 2007 financial crisis? Ditto.

Nor do we know for sure if there is a cause-and-effect relationship - or, if there is, whether teens are more depressed because they're spending more time using screens or are screen-bound because they're depressed. At the Parenting,digital blog, Sonia Livingston raises exactly this point regarding new research from ParentZone that finds school principals attributing increasing levels of mental health problems among their students to...the internet. In this case, too, we don't, as Livingston writes, really know. What we do know, from many, many sources, is that people with mental illness struggle desperately to find help.

In the midst of all this angst, it's cheering to read William Vaughan's blog posting Trusting Our Kids and the World, in which he discusses the theme I began with: kids have far less physical independence than in any previous generation. The pictures of missing kids on milk cartons, the ads on TV when I was 20 asking, "It's 10 pm. Do you know where your child is?", and a load of other media-fanned fears about abduction, child abuse, and other dangers have all served to gradually enclose teens in their bedrooms. The screens may be the only thing that makes that enclosure tolerable. Say you limit screen time, as so many advisories recommend. Then what?

geico-gecko.jpgAt the Guardian, Emma Brockes ponders the right way to handle a reader's two-year-old's obsessive interest in her phone. Brockes notes her own toddlers' alarmingly addict-like behaviour when she tries to reclaim her phone, and hilariously frets over discovering that one of them spent 12 minutes watching Geico ads back to back. I surmise said child liked the *animated talking lizard*.

Brockes, however, hits the main point with absolute clarity: she worries more about her own screen time than her children's, because, like most people, when she's on her phone she's utterly absent from the world around her. It's patently unfair to load extra burdens on parents who are working two jobs and wondering if they can make rent, or get out of debt. But walking in my neighborhood in any direction you'll find parents engrossed in their phone while shepherding their kids somewhere. Now, I know that a one-year-old isn't always the best of company, but interacting with them is your investment in your mutual future. In her 2016 book, Reclaiming Conversation, Sherry Turkle found many children who wished their parents would stop Googling and talk to them. We should, she wrote, listen and obey. Maybe start there.

Illustrations: Jean M. Twenge; National Child Safety Council milk cartons; the Geico gecko.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 29, 2014

Shared space

What difference does the Internet make? This is the modern policy maker's equivalent of "To be, or not to be?" This question has underlain so many net.wars as politicians and activists have wrangled over whether and how the same laws should apply online as offline. Transposing offline law to the cyberworld is fraught with approximately the same dilemmas as transposing a novel to film. What do you keep? What do you leave out? What whole chapter can be conveyed in a single shot? In some cases it's obvious: consumer protection for purchases looks about the same. But the impact of changing connections and the democratization of worldwide distribution? Frightened people whose formerly safe, familiar world is slipping out of control often fail to make rational decisions.

This week's inaugural VOX-Pol conference, kept circling around this question. Funded under the EU's FP-7, the organizing group is meant to be an "academic research network focused on researching the prevalence, contours, functions, and impacts of Violent Online Political Extremism and responses to it". Attendees included researchers from a wide variety of disciplines from computer science to social science. If there was any group that was lacking, I'd say it was computer security practitioners and researchers, many of whose on-the-ground experience studying cyberattacks and investigating the criminal underground could be helpfully emulated by this group.

Some help could also perhaps be provided by journalists with investigative experience. In considering SOCMINT, for example - social media intelligence - people wondered how far to go in interacting with the extremists being studied. Are fake profiles OK? And can you be sure whether you're studying them...or they're studying us? The most impressive presentation on this sort of topic came from Aaron Zelin who, among other things, runs a Web-based clearinghouse for jihadi primary source material.

It's not clear that what Zelin does would be legal, or even possible in the UK. The "lone wolf" theory holds that someone alone in his house can be radicalized simply by accessing Web-based material; if you believe that, the obvious response is to block the dangerous material. Which, TJ McIntyre explained, is exactly what the UK does, unknown to most of its population.

McIntyre knows because he spent three years filing freedom of information requests to find out. So now we know: approximately 1,000 full URLs are blocked under this program, based on criteria derived from Sections 57 and 58 of the 2000 Terrorism Act and Sections 1 and 2 of the 2006 Terrorism Act. The system is "voluntary" - or rather, voluntary for ISPs, not voluntary for their subscribers. McIntyre's FOI answers have found no impact assessment or study of liability for wrongful blocking, and no review of compliance with the 1998 Human Rights Act. It also seems to contradict the Council of Europe's clear statement that filtering must be necessary and transparent.

This is, as Michael Jablonski commented on Twitter yesterday, one of very few conferences that begins by explaining the etiquette for showing gruesome images. Probably more frightening, though, was the presentations laying out the spread - and even mainstreaming - of interlinked extremist groups across the world. Many among Hungary's and Italy's extremist networks host their domains in the US, where the First Amendment ensures their material is not illegal.

This is why the First Amendment can be hard to love: defending free speech inevitably means defending speech you despise. Repeating that "The best answer to bad speech is more, better speech" is not always consoling. Trying to change the minds of the already committed is frustrating and thankless. Jihadi Trending(PDF), a report produced by the Quilliam Foundation, which describes itself as "the world's first counter-extremism think tank", reminds us that's not the piont. Released a few months ago and a fount of good sense, Nick Cohen reminds us in the foreword: "The true goal of debate, however, is not to change the minds of your opponents, but the minds of the watching audience."

Among the report's conclusions:
- The vast majority of radicalized individuals make contact first through offline socialization.
- Negative measures - censorship and filtering - are ineffective and potentially counter-productive.
- There are not enough positive measures - the "better speech" above to challenge extremist ideologies.
- Better ideas are to improve digital literacy and critical consumption skills and debunk propaganda.

So: what difference does the Internet make? It lets extremists use Twitter to tell each other what they had for breakfast. It lets them use YouTube to post videos of their cats. It lets them connect to others with similar views on Facebook, on Web forums, in chat rooms, virtual worlds, and dating sites, and run tabloid news sites that draw in large audiences. Just like everyone else, in fact. And, like the rest of us, they do not own the infrastructure.

The best answer came late on the second day, when someone commented that in the physical world neo-Nazi groups do not hang out with street gangs; extreme right hate groups don't go to the same conferences as jihadis; and Guantanamo detainees don't share the same physical space with white supremacists or teach other tactics. "But they will online."

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 23, 2012

Democracy theater

So Facebook is the latest to discover that it's hard to come up with a governance structure online that functions in any meaningful way. This week, the company announced plans to disband the system of voting on privacy changes that it put in place in 2009. To be honest, I'm surprised it took this long.

Techcrunch explains the official reasons. First, with 1 billion users, it's now too easy to hit the threshold of 7,000 comments that triggers a vote on proposed changes. Second, with 1 billion users, amassing the 30 percent of the user base necessary to make the vote count has become...pretty much impossible. (Look, if you hate Facebook's policy changes, it's easier to simply stop using the system. Voting requires engagement.) The company also complained that the system as designed encourages comments' "quantity over quality". Really, it would be hard to come up with an online system that didn't unless it was so hard to use that no one would bother anyway.

The fundamental problem for any kind of online governance is that no one except some lawyers thinks governmance is fun. (For an example of tedious meetings producing embarrassing results, see this week's General Synod.) Even online, where no one can tell you're a dog watching the Outdoor Channel while typing screeds of debate, it takes strong motivation to stay engaged. That in turn means that ultimately the people who participate, once the novelty has worn off, are either paid, obsessed, or awash in free time.

The people who are paid - either because they work for the company running the service or because they work for governments or NGOs whose job it is to protect consumers or enforce the law - can and do talk directly to each other. They already know each other, and they don't need fancy online governmental structures to make themselves heard.

The obsessed can be divided into two categories: people with a cause and troublemakers - trolls. Trolls can be incredibly disruptive, but they do eventually get bored and go away, IF you can get everyone else to starve them of the oxygen of attention by just ignoring them.

That leaves two groups: those with time (and patience) and those with a cause. Both tend to fall into the category Mark Twain neatly summed up in: "Never argue with a man who buys his ink by the barrelful." Don't get me wrong: I'm not knocking either group. The cause may be good and righteous and deserving of having enormous amounts of time spent on it. The people with time on their hands may be smart, experienced, and expert. Nonetheless, they will tend to drown out opposing views with sheer volume and relentlessness.

All of which is to say that I don't blame Facebook if it found the comments process tedious and time-consuming, and as much of a black hole for its resources as the help desk for a company with impenetrable password policies. Others are less tolerant of the decision. History, however, is on Facebook's side: democratic governance of online communities does not work.

Even without the generic problems of online communities which have been replicated mutatis mutandem since the first modem uploaded the first bit, Facebook was always going to face problems of scale if it kept growing. As several stories have pointed out, how do you get 300 million people to care enough to vote? As a strategy, it's understandable why the company set a minimum percentage: so a small but vocal minority could not hijack the process. But scale matters, and that's why every democracy of any size has representative government rather than direct voting, like Greek citizens in the Acropolis. (Pause to imagine the complexities of deciding how to divvy up Facebook into tribes: would the basic unit of membership be nation, family, or circle of friends, or should people be allocated into groups based on when they joined or perhaps their average posting rate?)

The 2009 decision to allow votes came a time when Facebook was under recurring and frequent pressure over a multitude of changes to its privacy policies, all going one way: toward greater openness. That was the year, in fact, that the system effectively turned itself inside out. EFF has a helpful timeline of the changes from 2005 to 2010. Putting the voting system in place was certainly good PR: it made the company look like it was serious about listening to its users. But, as the Europe vs Facebook site says, the choice was always constrained to old policy or new policy, not new policy, old policy, or an entirely different policy proposed by users.

Even without all that, the underlying issue is this: what company would want democratic governance to succeed? The fact is that, as Roger Clarke observed before Facebook even existed, social networks have only one business model: to monetize their users. The pressure to do that has only increased since Facebook's IPO, even though founder Mark Zuckerberg created a dual-class structure that means his decisions cannot be effectively challenged. A commercial company- especially a *public* commercial company - cannot be run as a democracy. It's as simple as that. No matter how much their engagement makes them feel they own the place, the users are never in charge of the asylum. Not even on the WELL.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series.

November 2, 2012

Survival instincts

The biggest divide in New York this week, in the wake of Hurricane Sandy has been, as a friend pointed out, between the people who had to worry about getting to work and the people who didn't. Reuters summed this up pretty well. Slightly differently, The Atlantic had it as three New Yorks: one underwater, one dark and dry, and one close to normal. The stories I've read since by people living in "dark and dry" emerging into the light at around 40th street bear out just how profound the difference is between the powerless and the empowered - in the electrical sense.

This is not strictly speaking about rich and poor (although the Reuters piece linked above makes the point that the city is more economically divided than it has been in some time); the Lower Manhattan area known as Tribeca, for example, is home to plenty of wealthy people - and was flooded. Instead, my friend's more profound divide is about whether you do the kind of work that requires physical presence. Freelance writers, highly paid software engineers, financial services personnel, and a load of other people can work remotely. If your main office is a magazine or a large high-technology company like, say, Google, whose New York building is at 15th and 8th, as long as you have failover systems in place so that your network and data centers keep operating, your staff can work from wherever they can find power and Internet access. Even small companies and start-ups can keep going if their systems are built on or can failover to the right technology.

One of my favorite New York retailers, J&R (they sell everything from music to computers from a series of stores in lower Manhattan, not far from last year's Occupy Wall Street site), perfectly demonstrated this digital divide. The Web site noted yesterday (Thursday) that its shops, located in "dark and dry", are all closed, but the Web site is taking orders as normal.

Plumbers, doormen, shop owners, restaurateurs, and fire fighters, on the other hand, have to be physically present - and they are vital in keeping the other group functioning. So in one sense the Internet has made cities much more resilient, and in another it hasn't made a damn bit of difference.

The Internet was still very young when people began worrying about the potential for a "digital divide". Concerns surfaced early about the prospects for digital exclusion of vulnerable groups such as the elderly and, the cognitively impaired, as well as those in rural areas poorly served by the telecommunications infrastructure and the poor. And these are the groups that, in the UK, efforts at digital engagement are intended to help.

Yet the more significant difference may be not who *is* online - after all, why should anyone be forced online who doesn't want to go? - but who can *work* online. Like traveling with only carry-on luggage, it makes for a more flexible life that can be altered to suit conditions. If your physical presence is not required, today you avoided long lines and fights at gas stations, traffic jams approaching the bridges and tunnels, waits for buses, and long trudges from the last open subway station to your actual destination.

This is not the place to argue about climate change. A single storm is one data point in a pattern that is measured in timespans longer than those of individual human lives.

Nonetheless, it's interesting to note that this storm may be the catalyst the the US needed to stop dragging its feet. As Business Week indicates , the status quo is bad for business, and the people making this point are the insurance companies, not scientists who can be accused of supporting the consensus in the interests of retaining their grant money (something that's been said to me recently by people who normally view a scientific consensus as worth taking seriously).

There was a brief flurry of argument this week on Dave Farber's list about whether the Internet was designed to survive a bomb outage or not. I thought this had been made clear by contemporary historians long ago: that while the immediate impetus was to make it easy for people to share files and information, DARPA's goal was very much also to build resilient networks. And, given that New York City is a telecommunications hub it's clear we've done pretty well with this idea, especially after the events of September 11, 2001 forced network operators to rethink their plans for coping with emergencies.

It seems clear that the next stage will be to do better at coming up with better strategies for making cities more resilient. Ultimately, the cause of climate change doesn't matter: if there are more and more "freak" weather patterns resulting on more and more extreme storms and natural disasters, then it's only common sense to try to plan for them: disaster recovery for municipalities rather than businesses. The world's reinsurance companies - the companies that eventually bear the brunt of the costs - are going to insist on it.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series.

April 13, 2012

The people perimeter

People with jobs are used to a sharp division between their working lives and their private lives. Even in these times, when everyone carries a mobile phone and may be on call at any moment, they still tend to believe that what they say to their friends is no concern of their employer's. (Freelances tend not to have these divisions; to a much larger extent we have always been "in public" most of the time.)

These divisions were always less in small towns, where teachers or clergy had little latitude, and where even less-folk would be well advised to leave town before doing anything they wouldn't want discussed in detail. Then came social media, which turns everywhere into a small town and where even if you behave impeccably details about you and your employer may be exposed without your knowledge.

That's all a roundabout way of leading to yesterday's London Tea camp, where the subject of discussion was developing guidelines for social media use by civil servants.

Civil servants! The supposedly faceless functionaries who, certainly at the senior levels, are probably still primarily understood by most people through the fictional constructs of TV shows like Yes, Minister and The Thick of It. All of the 50 or 60 people from across government who attended yesterday have Twitter IDs; they're on Facebook and Foursquare, and probably a few dozen other things that would horrify Sir Humphrey. And that's as it should be: the people administering the nation's benefits, transport, education, and health absolutely should live like the people they're trying to serve. That's how you get services that work for us rather than against us.

The problem with social media is the same as their benefit: they're public in a new and different way. Even if you never identify your employer, Foursquare or the geotagging on Twitter or Facebook checks you in at a postcode that's indelibly identified with the very large government building where your department is the sole occupant. Or a passerby photographs you in front of it and Facebook helpfully tags your photograph with your real name, which then pops up in outside searches. Or you say something to someone you know who tells someone else who posts it online for yet another person to identify and finally the whole thing comes back and bites you in the ass. Even if your Tweets are clearly personal, and even if your page says, "These are just my personal opinions and do not reflect those of my employer", the fact of where you can be deduced to work risks turning anything connected to you into something a - let's call it - excitable journalist can make into a scandal. Context is king.

What's new about this is the uncontrollable exposure of this context. Any Old Net Curmudgeon will tell you that the simple fact of people being caught online doing things their employers don't like goes back to the dawn of online services. Even now I'm sure someone dedicated could find appalling behavior in the Usenet archives by someone who is, 25 years on, a highly respected member of society. But Usenet was a minority pastime; Facebook, Twitter et al are mainstream.

Lots has been written by and about employers in this situation: they may suffer reputational damage, legal liability, or a breach that endangers their commercial secrets. Not enough has been written about individuals struggling to cope with sudden, unwanted exposure. Don't we have the right to private lives? someone asked yesterday. What they are experiencing is the same loss of border control that security engineers are trying to cope with. They call it "deperimeterization", because security used to mean securing the perimeter of your network and now security means coping with its loss. Adding wireless, remote access for workers at home, personal devices such as mobile phones, and links to supplier and partner networks have all blown holes in it.

There is no clear perimeter any more for networks - or individuals, either. Trying to secure one by dictating behavior, whether by education, leadership by example, or written guidelines, is inevitably doomed. There is, however, a very valid reason to have these things: to create a general understanding between employer and employee. It should be clear to all sides what you can and cannot get fired for.

In 2003, Danny O'Brien nailed a lot of this when he wrote about the loss of what he called the "private-intermediate sphere". In that vanishing country, things were private without being secret. You could have a conversation in a pub with strangers walking by and be confident that it would reach only the audience present at the time and that it would not unexpectedly be replayed or published later (see also Don Harmon and Chevy Chase's voicemail). Instead, he wrote, the Net is binary: secret or public, no middle ground.

What's at stake here is really not private life, but *social* life. It's the addition of the online component to our social lives that has torn holes in our personal perimeters.

"We'll learn a kind of tolerance for the private conversation that is not aimed at us, and that overreacting to that tone will be a sign of social naivete," O'Brien predicted. Maybe. For now, hard cases make bad law (and not much better guidelines) *First* cases are almost always hard cases.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 17, 2012

Foul play

You could have been excused for thinking you'd woken up in a foreign country on Wednesday, when the news broke about a new and deliberately terrifying notice replacing the front page of a previously little-known music site, RnBXclusive.

ZDNet has a nice screenshot of it; it's gone from the RnBXclusive site now, replaced by a more modest advisory.

It will be a while before the whole story is pieced together - and tested in court - but the gist so far seems to be that the takedown of this particular music site was under the fraud laws rather than the copyright laws. As far as I'm aware - and I don't say this often - this is the first time in the history of the Net that the owner of a music site has been arrested on suspicion of conspiracy to defraud (instead of copyright infringement ). It seems to me this is a marked escalation of the copyright wars.

Bearing in mind that at this stage these are only allegations, it's still possible to do some thinking about the principles involved.

The site is accused of making available, without the permission of the artists or recording companies, pre-release versions of new music. I have argued for years that file-sharing is not the economic enemy of the music industry and that the proper answer to it is legal, fast, reliable download services. (And there is increasing evidence bearing this out.) But material that has not yet been officially released is a different matter.

The notion that artists and creators should control the first publication of new material is a long-held principle and intuitively correct (unlike much else in copyright law). This was the stated purpose of copyright: to grant artists and creators a period of exclusivity in which to exploit their ideas. Absolutely fundamental to that is time in which to complete those ideas and shape them into their final form. So if the site was in fact distributing unreleased music as claimed, especially if, as is also alleged, the site's copies of that music were acquired by illegally hacking into servers, no one is going to defend either the site or its owner.

That said, I still think artists are missing a good bet here. The kind of rabid fan who can't wait for the official release of new music is exactly the kind of rabid fan who would be interested in subscribing to a feed from the studio while that music is being recorded. They would also, as a friend commented a few years ago, be willing to subscribe to a live feed from the musicians' rehearsal studio. Imagine, for example, being able to listen to great guitarists practice. How do they learn to play with such confidence and authority? What do they find hard? How long does it take to work out and learn something like Dave van Ronk's rendition, on guitar, of Scott Joplin rags with the original piano scoring intact?

I know why this doesn't happen: an artist learning a piece is like a dog with a wound (or maybe a bone): you want to go off in a forest by yourself until it's fixed. (Plus, it drives everyone around you mad.) The whole point of practicing is that it isn't performance. But musicians aren't magicians, and I find it hard to believe that showing the nuts and bolts of how the trick of playing music is worked would ruin the effect. For other types of artists - well, writers with works in progress really don't do much worth watching, but sculptors and painters surely do, as do dance troupes and theatrical companies.

However, none of that excuses the site if the allegations are true: artists and creators control the first release.

But also clearly wrong was the notice SOCA placed on the site, which displayed visitors' IP address, warned that downloading music from the site was a crime bearing a maximum penaltde y of up to ten years in prison, and claimed that SOCA has the capacity to monitor and investigate you with no mention of due process or court orders. Copyright infringement is a civil offense, not a criminal one; fraud is a criminal offense, but it's hard to see how the claim that downloading music is part of a conspiracy to commit fraud could be made to stick. (A day later, SOCA replaced the notice.) Someone browsing to The Pirate Bay and clicking on a magnet link is not conspiring to steal TV shows any more than someone buying a plane ticket is conspiring to destroy the ozone layer. That millions of people do both things is a contributing factor to the existence of the site and the airline, but if you accuse millions of people the term "organized crime" loses all meaning.

This was a bad, bad blunder on the part of authorities wishing to eliminate file-sharing. Today's unworkable laws against file-sharing are bringing the law into contempt already. Trying to scare people by misrepresenting what the law actually says at the behest of a single industry simply exacerbates the effect. First they're scared, then they're mad, and then they ignore you. Not a winning strategy - for anyone.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 10, 2012

Media cop

The behavior of The Times in the 2009 NightJack case, in which the paper outed an anonymous policeman blogging about his job, was always baffling since one of the key freedoms of the press is protecting sources. On occasion, journalists have gone to jail rather than give up a source's name, although it happens rarely enough that when it does, as in the Judith Miller case linked above, Hollywood makes movies about it. The principle at work here, writes NPR reporter David Folkenflik, who covered that case, is that, "You have to protect all of your sources if you want any of them to speak to you again."

Briefly, the background. In 2009, the first winner of the prestigious Orwell Prize for political blogging was a unidentified policeman. Blogging under the soubriquet of "NightJack", the blogger declined all interviews (I am not a media cop, he wrote ), sent a friend to deliver his acceptance speech, and had his prize money sent directly to charity. Shortly afterwards, he took The Times to court to prevent it from publishing his real-life identity. Controversially, Justice David Eady ruled for The Times on the basis that NightJack had no expectation of privacy - and freedom of expression was important. Ironic, since the upshot was to stifle NightJack's speech: his real-life alter ego, Richard Horton, was speedily reprimanded by his supervisor and the blog was deleted.

This is the case that has been reinvestigated this week by the Leveson inquiry into media phone hacking in the media. Justice Eady's decision seems to have rested on two prongs: first, that the Times had identified Horton from public sources, and second, that publication was in the public interest because Horton's blog posts disclosed confidential details about his police work. It seems clear from Times editor James Harding's testimony (PDF) that the first of these prongs was bent. The second seems to have been also: David Allen Green, who has followed this case closely, is arguing over at New Statesman (see the comments) that The Times's court testimony is the only source of the allegations that Horton's blog posts gave enough information that the real people in the cases he talked about could be identified. (In fact, I'd expect the cases are much more identifiable *after* his Times identification than before it.)

So Justice Eady's decision was not animated by research into the difficulty of real online anonymity. Instead, he was badly misled by incomplete, false evidence. Small wonder that Horton is suing.

One of the tools journalists use to get sources to disclose information they don't want tracked back to them is the concept of off-the-record background. When you are being briefed "on background", the rule is that you can't use what you're told unless you can find other sources to tell you the same thing on the record for publication. This is entirely logical because once you know what you're looking for you have a better chance of finding it. You now know where to start looking and what questions to ask.

But there should be every difference in an editor's mind between information willingly supplied under a promise not to publish and information obtained illegally. We can argue about whether NightJack's belief that he could remain anonymous was well-founded and whether he, like many people, did a poor job at securing his email account, but few would think he should have been outed as the result of a crime.

Once Foster knew Horton's name he couldn't un-know it - and, as noted, it's a lot easier to find evidence backing up things you already know. What should have happened is that Foster's managers should have barred him from pursuing or talking about the story. The paper should then either have dropped it or, if the editors really thought it sufficiently importance, assigned a different, uncontaminated reporter to start over with no prior knowledge and try to find the name from legal sources. Sounds too much like hard work? Yes. That this did not happen says a lot about the newsroom's culture: a focus on cheap, easy, quick, attention-getting stories acquired by whatever means. "I now see it was wrong" suggests that Harding and his editorial colleagues had lost all perspective.

Horton was, of course, not a source giving confidential information to one or more Times reporters. But it's so easy to imagine the Times - or any other newspaper - deciding to run a column written by "D.C. Plod" to give an intimate insight into how the police work. A newspaper running such a column would boast about it, especially if it won the Orwell Prize. And likely the only reason a rival paper would expose the columnist's real identity was if the columnist was a fraud.

Imagine Watergate if it had been investigated by this newsroom instead of that of the 1972 Washington Post. Instead of the President's malfeasance in seeking re-election, the story would be the identity of Deep Throat. Mark Felt would have gone to jail and Richard Milhous Nixon would have gone down in history as an honest man.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 3, 2012

Beyond the soup kitchen

"The whole idea of what a homeless service is, is a soup kitchen," one of the representatives for The Connection at St Martin-in-the-Fields said yesterday. But does it have to be?

It was in the middle of "Teacamp", a monthly series of meetings that sport the same mix of geeks, government, and do-gooders as the annual UK Govcamp we covered a couple of weeks back. Meetings like this seem to be going on all the time all over the place, trying to figure out ways to use technology to help people. Hardly anyone has any budget, yet that seems not to matter: the optimism is contagious. This week's Teacamp also featured Westminster in Touch, an effort to support local residents and charities; the organization runs a biannual IT Support Forum to brainstorm (the next is March 28).

I have to admit: when I first read about Martha Lane Fox's Digital Inclusion initiative my worst rebellious instincts were triggered: why should anyone be bullied online if they didn't want to go there? Maybe at least some of those 9 million people who have never used the Internet in Britain would like to be left in peace to read books and listen to - rather than use - the wireless.

But the "digital divide" predicted even in the earliest days of the Net is real: those 9 million are those in the most vulnerable sectors of society. According to research published on the RaceOnline site, the percentage of people who have never used the Net correlates closely with income. This isn't really much of a surprise, although you would expect to see a slight tick upwards again at the very top economic levels, where not so long ago people were too grand, too successful, and too set in their ways to feel the need to go online. But they have proxies: their assistants can answer their email and do their Web shopping.

When Internet access was tied to computers, the homeless in particular were at an extreme disadvantage. You can't keep a desktop computer if you have nowhere - or only a very tiny, insecure space - to put it or power it, and you can't afford broadband or a landline. A laptop presents only slightly fewer problems. Even assuming you can find free wifi to use somewhere, how do you keep the laptop from being stolen or damaged? Where and how do you keep it charged? And so The Connection, like libraries and other places, runs a day center with a computing area and resources to help, including computer training.

But even that, they said, hasn't been reaching the most excluded, the under-25s that The Connection sees. When you think about it, it's logical, but I had to be reminded to think about it. Having missed out on - or been failed by - school education, this group doesn't see the Net as the opportunity the rest of us imagine it to be for them.

"They have no idea of creating anything to help their involvement."

So rather than being "digital natives", their position might be comparable to people who have grown up without language or perhaps autistic children whose intelligence and ability to learn has been disrupted by their brain wiring and development so much that the gap between them and their normally wired peers keeps increasing. Today's elderly who lack the motivation, the cognitive functioning, or the physical ability to go online will be catered to, even if only by proxy, until they die out. But imagine being 20 today and having no digital life beyond the completely passive experience of watching a few clips on YouTube or glancing at a Facebook page and thinking they have nothing to do with you. You will go through your entire life at a progressively greater disadvantage. Just as we assume that today's 80-year-olds grew up with movies, radio, and postal mail, when *you* are 80 (if the planet hasn't run out of energy and water and been forced to turn off all the computers by then), in devising systems to help you society will assume you grew up with television, email, and ecommerce. Whatever is put in place to help you navigate whatever that complex future will be like, will be completely outside your grasp.

So The Connection is helping them to do some simple things: upload interviews about their lives, annotate YouTube clips, create comic strips - anything to break this passive lack of interest. Beyond that, there's a big opportunity in smart phones, which don't need charging so often and are easier to protect - and can take advantage of free wifi just as a laptop can. The Connection is working on things like an SMS service that goes out twice a day and provides weather reports, maps of food runs, and information about free things to do. Should you be technically skilled and willing, they're looking for geeky types to help them put these ideas together and automate them. There are still issues around getting people phones, of course - and around the street value of a phone - but once you have a phone where you can be contacted by friend, family, and agencies, it's a whole different life. As it is again if you can be convinced that the Net belongs to you, too, not just all those other people.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

January 21, 2012

Camping out

"Why hasn't the marvelous happened yet?" The speaker - at one of today's "unconference" sessions at this year's UK Govcamp - was complaining that with 13,000-odd data sets up on his organization's site there ought to be, you know, results.

At first glance, GovCamp seems peculiarly British: an incongruous mish-mash of government folks, coders, and activists, all brought together by the idea that technology makes it possible to remake government to serve us better. But the Web tells me that events like this are happening in various locations around Europe. James Hendler, who likes to collect government data sets from around the world (700,000 and counting now!), tells me that events like this are happening all over the US, too - except that there this size of event - a couple of hundred people - is New York City.

That's both good and bad: a local area in the US can find many more people to throw at more discrete problems - but on the other hand the federal level is almost impossible to connect with. And, as Hendler points out, the state charters mean that there are conversations the US federal government simply cannot have with its smaller, local counterparts. In the UK, if central government wants a local authority to do something, it can just issue an order.

This year's GovCamp is a two-day affair. Today was an "unConference": dozens of sessions organized by participants to talk about...stuff. Tomorrow will be hands-on, doing things in the limited time available. By the end of the day, the Twitter feed was filling up with eagerness to get on with things.

A veteran camper - I'm not sure how to count how many there have been - tells me that everyone leaves the event full of energy, convinced that they can change the world on Monday. By later next week, they'll have come down from this exhilarated high to find they're working with the same people and the same attitudes. Wonders do not happen overnight.

Along those lines, Mike Bracken, the guy who launched the Guardian's open data platform, now at the Cabinet Office, acknowledges this when he thanks the crowd for the ten years of persistence and pain that created his job. The user, his colleague Mark O'Neill said recently is at the center of everything they're working on. Are we, yet, past proving the concept?

"What should we do first?" someone I couldn't identify (never knowing who's speaking is a pitfall of unConferences) asked in the same session as the marvel-seeker. One offered answer was one any open-source programmer would recognize: ask yourself, in your daily life, what do you want to fix? The problem you want to solve - or the story you want to tell - determines the priorities and what gets published. That's if you're inside government; if you're outside, based on last summer's experience following the Osmosoft teams during Young Rewired State, often the limiting factor is what data is available and in what form.

With luck and perseverance, this should be a temporary situation. As time goes on, and open data gets built into everything, publishing it should become a natural part of everything government does. But getting there means eliminating a whole tranche of traditional culture and overcoming a lot of fear. If I open this data and others can review my decisions will I get fired? If I open this data and something goes wrong will it be my fault?

In a session on creative councils, I heard the suggestion that in the interests of getting rid of gatekeepers who obstruct change organizational structures should be transformed into networks with alternate routes to getting things done until the hierarchy is no longer needed. It sounds like a malcontent's dream for getting the desired technological change past a recalcitrant manager, but the kind of solution that solves one problem by breaking many other things. In such a set-up, who is accountable to taxpayers? Isn't some form of hierarchy inevitable given that someone has to do the hiring and firing?

It was in a session on engagement where what became apparent that as much as this event seems to be focused on technological fixes, the real goal is far broader. The discussion veered into consultations and how to build persistent networks of people engaged with particular topics.

"Work on a good democratic experience," advised the session's leader. Make the process more transparent, make people feel part of the process even if they don't get what they want, create the connection that makes for a truly representative democracy. In her view, what goes wrong with the consultation process now - where, for example, advocates of copyright reform find themselves writing the same ignored advice over and over again in response to the same questions - is that it's trying to compensate for the poor connections to their representatives that most people have. Building those persistent networks and relationships is only a partial answer.

"You can't activate the networks and not at the same time change how you make decisions," she said. "Without that parallel change you'll wind up disappointing people."

Marvels tomorrow, we hope.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

January 6, 2012

Only the paranoid

Yesterday's news that the Ramnit worm has harvested the login credentials of 45,000 British and French Facebook users seems to me a watershed moment for Facebook. If I were an investor, I'd wish I had already cashed out. Indications are, however, that founding CEO Mark Zuckerberg is in it for the long haul, in which case he's going to have to find a solution to a particularly intractable problem: how to protect a very large mass of users from identity fraud when his entire business is based on getting them to disclose as much information about themselves as possible.

I have long complained about Facebook's repeatedly changing privacy controls. This week, while working on a piece on identity fraud for Infosecurity, I've concluded that the fundamental problem with Facebook's privacy controls is not that they're complicated, confusing, and time-consuming to configure. The problem with Facebook's privacy controls is that they exist.

In May 2010, Zuckerberg enraged a lot of people, including me, by opining that privacy is no longer a social norm. As Judith Rauhofer has observed, the world's social norms don't change just because some rich geeks in California say so. But the 800 million people on Facebook would arguably be much safer if the service didn't promise privacy - like Twitter. Because then people wouldn't post all those intimate details about themselves: their kids' pictures, their drunken, sex exploits, their incitements to protest, their porn star names, their birth dates... Or if they did, they'd know they were public.

Facebook's core privacy problem is a new twist on the problem Microsoft has: legacy users. Apple was willing to make earlier generations of its software non-functional in the shift to OS X. Microsoft's attention to supporting legacy users allows me to continue to run, on Windows 7, software that was last updated in 1997. Similarly, Facebook is trying to accommodate a wide variety of privacy expectations, from those of people who joined back when membership was limited to a few relatively constrained categories to those of people joining today, when the system is open to all.

Facebook can't reinvent itself wholesale: it is wholly and completely wrong to betray users who post information about themselves into what they are told is a semi-private space by making that space irredeemably public. The storm every time Facebook makes a privacy-related change makes that clear. What the company has done exceptionally well is to foster the illusion of a private space despite the fact that, as the Australian privacy advocate Roger Clarke observed in 2003, collecting and abusing user data is social networks' only business model.

Ramnit takes this game to a whole new level. Malware these days isn't aimed at doing cute, little things like making hard drive failure noises or sending all the letters on your screen tumbling into a heap at the bottom. No, it's aimed at draining your bank account and hijacking your identity for other types of financial exploitation.

To do this, it needs to find a way inside the circle of trust. On a computer network, that means looking for an unpatched hole in software to leverage. On the individual level, it means the malware equivalent of viral marketing: get one innocent bystander to mistakenly tell all their friends. We've watched this particular type of action move through a string of vectors as the human action moves to get away from spam: from email to instant messaging to, now, social networks. The bigger Facebok gets, the bigger a target it becomes. The more information people post on Facebook - and the more their friends and friends of friends friend promiscuously - the greater the risk to each individual.

The whole situation is exacerbated by endemic, widespread, poor security practices. Asking people to provide the same few bits of information for back-up questions in case they need a password reset. Imposing password rules that practically guarantee people will use and reuse the same few choices on all their sites. Putting all the eggs in services that are free at point of use and that you pay for in unobtainable customer service (not to mention behavioral targeting and marketing) when something goes wrong. If everything is locked to one email account on a server you do not control, if your security questions could be answered by a quick glance at your Facebook Timeline and a Google search, if you bank online and use the same passwords have a potential catastrophe in waiting.

I realize not everyone can run their own mail server. But you can use multiple, distinct email addresses and passwords, you can create unique answers on the reset forms, and you can limit your exposure by presuming that everything you post *is* public, whether the service admits it or not. Your goal should be to ensure that when - it's no longer safe to say "if" - some part of your online life is hacked the damage can be contained to that one, hopefully small, piece. Relying on the privacy consciousness of friends means you can't eliminate the risk; but you can limit the consequences.

Facebook is facing an entirely different risk: that people, alarmed at the thought of being mugged, will flee elsewhere. It's happened before.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 23, 2011

Duck amuck

Back in about 1998, a couple of guys looking for funding for their start-up were asked this: How could anyone compete with Yahoo! or Altavista?

"Ten years ago, we thought we'd love Google forever," a friend said recently. Yes, we did, and now we don't.

It's a year and a bit since I began divorcing Google. Ducking the habit is harder than those "They have no lock-in" financial analysts thought when Google went public: as if habit and adaptation were small things. Easy to switch CTRL-K in Firefox to DuckDuckGo, significantly hard to unlearn ten years of Google's "voice".

When I tell this to Gabriel Weinberg, the guy behind DDG - his recent round of funding lets him add a few people to experiment with different user interfaces and redo DDG's mobile application - he seems to understand. He started DDG, he told The Rise to the Top last year, because of Google's increasing amount of spam. Frustration made him think: for many queries wouldn't searching just and Wikipedia produce better results? Since his first weekend mashing that up, DuckDuckGo has evolved to include over 50 sources.

"When you type in a query there's generally a vertical search engine or data source out there that would best serve your query," he says, "and the hard problem is matching them up based on the limited words you type in." When DDG can make a good guess at identifying such a source - such as, say, the National Institutes of Health - it puts that result at the top. This is a significant hint: now, in DDG searches, I put the site name first, where on Google I put it last. Immediate improvement.

This approach gives Weinberg a new problem, a higher-order version of the Web's broken links: as companies reorganize, change, or go out of business, the APIs he relies on vanish.

Identifying the right source is harder than it sounds, because the long tail of queries require DDG to make assumptions about what's wanted.

"The first 80 percent is easy to capture," Weinberg says. "But the long tail is pretty long."

As Ken Auletta tells it in Googled, the venture capitalist Ram Shriram advised Sergey Brin and Larry Page to sell their technology to Yahoo! or maybe Infoseek. But those companies were not interested: the thinking then was portals and keeping site visitors stuck as long as possible on the pages advertisers were paying for, while Brin and Page wanted to speed visitors away to their desired results. It was only when Shriram heard that, Auletta writes, that he realized that baby Google was disruptive technology. So I ask Weinberg: can he make a similar case for DDG?

"It's disruptive to take people more directly to the source that matters," he says. "We want to get rid of the traditional user interface for specific tasks, such as exploring topics. When you're just researching and wanting to find out about a topic there are some different approaches - kind of like clicking around Wikipedia."

Following one thing to another, without going back to a search engine...sounds like my first view of the Web in 1991. But it also sounds like some friends' notion of after-dinner entertainment, where they start with one word in the dictionary and let it lead them serendipitously from word to word and book to book. Can that strategy lead to new knowledge?

"In the last five to ten years," says Weinberg, "people have made these silos of really good information that didn't exist when the Web first started, so now there's an opportunity to take people through that information." If it's accessible, that is. "Getting access is a challenge," he admits.

There is also the frontier of unstructured data: Google searches the semi-structured Web by imposing a structure on it - its indexes. By contrast, Mike Lynch's Autonomy, which just sold to Hewlett-Packard for £10 billion, uses Bayesian logic to search unstructured data, which is what most companies have.

"We do both," says Weinberg. "We like to use structured data when possible, but a lot of stuff we process is unstructured."

Google is, of course, a moving target. For me, its algorithms and interface are moving in two distinct directions, both frustrating. The first is Wal-Mart: stuff most people want. The second is the personalized filter bubble. I neither want nor trust either. I am more like the scientists Linguamatics serves: its analytic software scans hundreds of journals to find hidden links suggesting new avenues of research.

Anyone entering a category that's as thoroughly dominated by a single company as search is now, is constantly asked: How can you possibly compete with ? Weinberg must be sick of being asked about competing with Google. And he'd be right, because it's the wrong question. The right question is, how can he build a sustainable business? He's had some sponsorship while his user numbers are relatively low (currently 7 million searches a month) and, eventually, he's talked about context-based advertising - yet he's also promising little spam and privacy - no tracking. Now, that really would be disruptive.

So here's my bet. I bet that DuckDuckGo outlasts Groupon as a going concern. Merry Christmas.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

July 29, 2011

Name check

How do you clean a database? The traditional way - which I still experience from time to time from journalist directories - is that some poor schnook sits in an office and calls everyone on the list, checking each detail. It's an immensely tedious job, I'm sure, but it's a living.

The new, much cheaper method is to motivate the people in the database to do it themselves. A government can pass a law and pay benefits. Amazon expects the desire to receive the goods people have paid for to be sufficient. For a social network it's a little harder, yet Facebook has managed to get 750 million users to upload varying amounts of information. Google hopes people will do the same with Google+,

The emotional connections people make on social networks obscure their basic nature as databases. When you think of them in that light, and you remember that Google's chief source of income is advertising, suddenly Google's culturally dysfunctional decision to require real names on |Google+ makes some sense. For an advertising company,a fuller, cleaner database is more valuable and functional. Google's engineers most likely do not think in terms of improving the company's ability to serve tightly targeted ads - but I'd bet the company's accountants and strategists do. The justification - that online anonymity fosters bad behavior - is likely a relatively minor consideration.

Yet it's the one getting the attention, despite the fact that many people seem confused about the difference between pseudonymity, anonymity, and throwaway identity. In the reputation-based economy the Net thrives on, this difference matters.

The best-known form of pseudonymity is the stage name, essentially a form of branding for actors, musicians, writers, and artists, who may have any of a number of motives for keeping their professional lives separate from their personal lives: privacy for themselves, their work mates, or their families, or greater marketability. More subtly, if you have a part-time artistic career and a full-time day job you may not want the two to mix: will people take you seriously as an academic psychologist if they know you're also a folksinger? All of those reasons for choosing a pseudonym apply on the Net, where everything is a somewhat public performance. Given the harassment some female bloggers report, is it any wonder they might feel safer using a pseudonym?

The important characteristic of pseudonyms, which they share with "real names", is persistence. When you first encounter someone like GrrlScientist, you have no idea whether to trust her knowledge and expertise. But after more than ten years of blogging, that name is a known quantity. As GrrlScientist writes about Google's shutting down her account, it is her "real-enough" name by any reasonable standard. What's missing is the link to a portion of her identity - the name on her tax return, or the one her mother calls her. So what?

Anonymity has long been contentious on the Net; the EU has often considered whether and how to ban it. At the moment, the driving justification seems to be accountability, in the hope that we can stop people from behaving like malicious morons, the phenomenon I like to call the Benidorm syndrome.

There is no question that people write horrible things in blog and news site comments pages, conduct flame wars, and engage in cyber bullying and harassment. But that behaviour is not limited to venues where they communicate solely with strangers; every mailing list, even among workmates, has flame wars. Studies have shown that the cyber versions of bullying and harassment, like their offline counterparts, are most often perpetrated by people you know.

The more important downside of anonymity is that it enables people to hide, not their identity but their interests. Behind the shield, a company can trash its competitors and those whose work has been criticized can make their defense look more robust by pretending to be disinterested third parties.

Against that is the upside. Anonymity protects whistleblowers acting in the public interest, and protesters defying an authoritarian regime.

We have little data to balance these competing interests. One bit we do have comes from an experiment with anonymity conducted years ago on the WELL, which otherwise has insisted on verifying every subscriber throughout its history. The lesson they learned, its conferencing manager, Gail Williams, told me once, was that many people wanted anonymity for themselves - but opposed it for others. I suspect this principle has very wide applicability, and it's why the US might, say, oppose anonymity for Bradley Manning but welcome it for Egyptian protesters.

Google is already modifying the terms of what is after all still a trial service. But the underlying concern will not go away. Google has long had a way to link Gmail addresses to behavioral data collected from those using its search engine, docs, and other services. It has always had some ability to perform traffic analysis on Gmail users' communications; now it can see explicit links between those pools of data and, increasingly, tie them to offline identities. This is potentially far more powerful than anything Facebook can currently offer. And unlike government databases, it's nice and clean, and cheap to maintain.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

May 20, 2011

The world we thought we lived in

If one thing is more annoying than another, it's the fantasy technology on display in so many TV shows. "Enhance that for me!" barks an investigator. And, obediently, his subordinate geek/squint/nerd pushes a button or few, a line washes over the blurry image on screen, and now he can read the maker's mark on a pill in the hand of the target subject that was captured by a distant CCTV camera. The show 24 ended for me 15 minutes into season one, episode one, when Kiefer Sutherland's Jack Bauer, trying to find his missing daughter, thrust a piece of paper at an underling and shouted, "Get me all the Internet passwords associated with that telephone number!" Um...

But time has moved on, and screenwriters are more likely to have spent their formative years online and playing computer games, and so we have arrived at The Good Wife, which gloriously wrapped up its second season on Tuesday night (in the US; in the UK the season is still winding to a close on Channel 4). The show is a lot of things: a character study of an archetypal humiliated politician's wife (Alicia Florrick, played by Julianna Margulies) who rebuilds her life after her husband's betrayal and corruption scandal; a legal drama full of moral murk and quirky judges ( Carob chip?); a political drama; and, not least, a romantic comedy. The show is full of interesting, layered men and great, great women - some of them mature, powerful, sexy, brilliant women. It is also the smartest show on television when it comes to life in the time of rapid technological change.

When it was good, in its first season, Gossip Girl cleverly combined high school mean girls with the citizen reportage of TMZ to produce a world in which everyone spied on everyone else by sending tips, photos, and rumors to a Web site, which picks the most damaging moment to publish them and blast them to everyone's mobile phones.

The Good Wife goes further to exploit the fact that most of us, especially those old enough to remember life before CCTV, go on about our lives forgetting that everywhere we leave a trail. Some are, of course, old staples of investigative dramas: phone records, voice messages, ballistics, and the results of a good, old-fashioned break-in-and-search. But some are myth-busting.

One case (S2e15, "Silver Bullet") hinges on the difference between the compressed, digitized video copy and the original analog video footage: dropped frames change everything. A much earlier case (S1e06, "Conjugal") hinges on eyewitness testimony; despite a slightly too-pat resolution (I suspect now, with more confidence, it might have been handled differently), the show does a textbook job of demonstrating the flaws in human memory and their application to police line-ups. In a third case (S1e17, "Heart"), a man faces the loss of his medical insurance because of a single photograph posted to Facebook showing him smoking a cigarette. And the disgraced husband's (Peter Florrick, played by Chris Noth) attempt to clear his own name comes down to a fancy bit of investigative work capped by camera footage from an ATM in the Cayman Islands that the litigator is barely technically able to display in court. As entertaining demonstrations and dramatizations of the stuff net.wars talks about every week and the way technology can be both good and bad - Alicia finds romance in a phone tap! - these could hardly be better. The stuffed lion speaker phone (S2e19, "Wrongful Termination") is just a very satisfying cherry topping of technically clever hilarity.

But there's yet another layer, surrounding the season two campaign mounted to get Florrick elected back into office as State's Attorney: the ways that technology undermines as well as assists today's candidates.

"Do you know what a tracker is?" Peter's campaign manager (Eli Gold, played by Alan Cumming) asks Alicia (S2e01, "Taking Control"). Answer: in this time of cellphones and YouTube, unpaid political operatives follow opposing candidates' family and friends to provoke and then publish anything that might hurt or embarrass the opponent. So now: Peter's daughter (Makenzie Vega) is captured praising his opponent and ham-fistedly trying to defend her father's transgressions ("One prostitute!"). His professor brother-in-law's (Dallas Roberts) in-class joke that the candidate hates gays is live-streamed over the Internet. Peter's son (Graham Phillips) and a manipulative girlfriend (Dreama Walker), unknown to Eli, create embarrassing, fake Facebook pages in the name of the opponent's son. Peter's biggest fan decides to (he thinks) help by posting lame YouTube videos apparently designed to alienate the very voters Eli's polls tell him to attract. (He's going to post one a week; isn't Eli lucky?) Polling is old hat, as are rumors leaked to newspaper reporters; but today's news cycle is 20 minutes and can we have a quote from the candidate? No wonder Eli spends so much time choking and throwing stuff.

All of this fits together because the underlying theme of all parts of the show is control: control of the campaign, the message, the case, the technology, the image, your life. At the beginning of season one, Alicia has lost all control over the life she had; by the end of season two, she's in charge of her new one. Was a camera watching in that elevator? I guess we'll find out next year.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

April 15, 2011

The open zone

This week my four-year-old computer had a hissy fit and demanded, more or less simultaneously, a new graphics card, a new motherboard, and a new power supply. It was the power supply that was the culprit: when it blew it damaged the other two pieces. I blame an incident about six months ago when the power went out twice for a few seconds each time, a few minutes apart. The computer's always been a bit fussy since.

I took it to the tech guys around the corner to confirm the diagnosis, and we discussed which replacements to order and where to order them from. I am not a particularly technical person, and yet even I can repair this machine by plugging in replacement parts and updating some software. (It's fine now, thank you.)

Here's the thing: at no time did anyone say, "It's four years old. Just get a new one." Instead, the tech guys said, "It's a good computer with a good processor. Sure, replace those parts." A watershed moment: the first time a four-year-old computer is not dismissed as obsolete.

As if by magic, confirmation turned up yesterday, when the Guardian's Charles Arthur asked whether the PC market has permanently passed its peak. Arthur goes on to quote Jay Chou, a senior research analyst at IDC, suggesting that we are now in the age of "good-enough computing" and that computer manufacturers will now need to find ways to create a "compelling user experience". Apple is the clear leader in that arena, although it's likely that if I'd had a Mac instead of a PC it would have been neither so easy nor so quick and inexpensive to fix my machine and get back to work on it, Macs are wonders of industrial design, but as I noted in 2007 when I built this machine, building PCs is now a color-by-numbers affair plugged together out of subsystem pieces that plug together in only one way. What it lacks in elegance compared to a Mac is more than made up for by being able to repair it myself.

But Chou is likely right that this is not the way the world is going.

In his 1998 book The Invisible Computer, usability pioneer Donald Norman projected a future of information appliances, arguing that computers would become invisible because they would be everywhere. (He did not, however, predict the ubiquitous 20-second delay that would accompany this development. You know, it used to be you could turn something on and it would work right away because it didn't have to load software into its memory?) For his model, Norman took electric motors: in the early days you bought one electric motor and used it to power all sorts of variegated attachments; later (now) you found yourself owning dozens of electric motors, all hidden inside appliances.

The trade-off is pretty much the same: the single electric motor with attachments was much more repairable by a knowledgeable end user than today's sealed black-box appliances are. Similarly, I can rebuild my PC, but I can only really replace the hard drive on my laptop, and the battery on my smart phone. Iphone users can't even do that. Norman, whose interest is usability, doesn't - or didn't, since he's written other books since - see this as necessarily a bad deal for consumers, who just want their technology to work intuitively so they can use it to get stuff done.

Jonathan Zittrain, though, has generally taken the opposite view, arguing in his book The Future of the Internet - and How to Stop It and in talks such as the one he gave at last year's Web science meeting that the general-purpose computer, which he dates to 1977, is dying. With it, to some extent, is going the open Internet; it was at that point that, to illustrate what he meant by curated content, he did a nice little morph from the ultra-controlled main menu of CompuServe circa 1992 to today's iPhone home screen.

"How curated do we want things to be?" he asked.

It's the key question. Zittrain's view, backed up by Tim Wu in The Master Switch is that security and copyright may be the levers used to close down general-purpose computers and the Internet, leaving us with a corporately-owned Internet that runs on black boxes to which individual consumers have little or no access. This is, ultimately, what the "Open" in Open Rights Group seems to me to be about: ensuring that the most democratic medium ever invented remains a democratic medium.

Clearly, there are limits. The earliest computer kits were open - but only to the relatively small group of people with - or willing to acquire - considerable technical skill. My computer would not be more open to me if I had to get out a soldering iron to fix my old motherboard and code my own operating system. Similarly, the skill required to deal with security threats like spam and malware attacks raises the technical bar of dealing with computers to the point where they might as well be the black boxes Zittrain fears. But somewhere between the soldering iron and the point-and-click of a TV remote control there has to be a sweet spot where the digital world is open to the most people. That's what I hope we can find.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 25, 2011

Return to the red page district

This week's agreement to create a .xxx generic top-level domain (generic in the sense of not being identified with a particular country) seems like a quaint throwback. Ten or 15 years ago it might have made mattered. Now, for all the stories rehashing the old controversies, it seems to be largely irrelevant to anyone except those who think they can make some money out of it. How can it be a vector for censorship if there is no prohibition on registering pornography sites elsewhere? How can it "validate" the porn industry any more than printers and film producers did? Honestly, if it didn't have sex in the title, who would care?

I think it was about 1995 when a geekish friend said, probably at the Computers, Freedom, and Privacy conference, "I think I have the solution. Just create a top-level domain just for porn."

It sounded like a good idea at the time. Many of the best ideas are simple - with a kind of simplicity mathematicians like to praise with the term "elegant". Unfortunately, many of the worst ideas are also simple - with a kind of simplicity we all like to diss with the term "simplistic". Which this is depends to some extent on when you're making the judgement..

In 1995, the sense was that creating a separate pornography domain would provide an effective alternative to broad-brush filtering. It was the era of Time magazine's Cyberporn cover story, which Netheads thoroughly debunked and leading up to the passage of the Communications Decency Act in 1996. The idea that children would innocently stumble upon pornography was entrenched and not wholly wrong. At that time, as PC Magazine points out while outlining the adult entertainment industry's objections to the new domain, a lot of Web surfing was done by guesswork, which is how the domain became famous.

A year or two later, I heard that one of the problems was that no one wanted to police domain registrations. Sure. Who could afford the legal liability? Besides, limiting who could register what in which domain was not going well: .com, which was intended to be for international commercial organizations, had become the home for all sorts of things that didn't fit under that description, while the .us country code domain had fallen into disuse. Even today, with organizations controlling every top-level domain, the rules keep having to adapt to user behavior. Basically, the fewer people interested in registering under your domain the more likely it is that your rules will continue to work.

No one has ever managed to settle - again - the question of what the domain name system is for, a debate that's as old as the system itself: its inventor, Paul Mockapetris, still carries the scars of the battles over whether to create .com. (If I remember correctly, he was against it, but finally gave on in that basis that: "What harm can it do?") Is the domain name system a directory, a set of mnemonics, a set of brands/labels, a zoning mechanism, or a free-for-all? ICANN began its life, in part, to manage the answers to this particular controversy; many long-time watchers don't understand why it's taken so long to expand the list of generic top-level domains. Fifteen years ago, finding a consensus and expanding the list would have made a difference to the development of the Net. Now it simply does not matter.

I've written before now that the domain name system has faded somewhat in importance as newer technologies - instant messaging, social networks, iPhone/iPad apps - bypass it altogether. And that is true. When the DNS was young, it was a perfect fit for the Internet applications of the day for which it was devised: Usenet, Web, email, FTP, and so on. But the domain name system enables email and the Web, which are typically the gateways through which people make first contact with those services (you download the client via the Web, email your friend for his ID, use email to verify your account).

The rise of search engines - first Altavista, then primarily Google - did away with much of consumers' need for a directory. Also a factor was branding: businesses wanted memorable domain names they could advertise to their customers. By now, though probably most people don't bother to remember more than a tiny handful of domain names now - Google, Facebook, perhaps one or two more. Anything else they either put into a search engine or get from either a bookmark or, more likely, their browser history.

Then came sites like Facebook, which take an approach akin to CompuServe in the old days or mobile networks now: they want to be your gateway to everything online (Facebook is going to stream movies now, in competition with NetFlix!) If they succeed, would it matter if you had - once - to teach your browser a user-unfriendly long, numbered address?

It is in this sense that the domain name system competes with Google and Facebook as the gateway to the Net. Of all the potential gateways, it is the only one that is intended as a public resource rather than a commercial company. That has to matter, and we should take seriously the threat that all the Net's entrances could become owned by giant commercial interests. But .xxx missed its moment to make history.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 4, 2011

Tax returns

In 1994, when Jeff Bezos was looking for a place to put the online bookseller he intended to grow into the giant, multi-faceted online presence it is today, he began with a set of criteria that included, high up on the list, avoiding liability for sales tax as much as possible. That meant choosing a small state, so that the vast majority of the new site's customers would be elsewhere.

Bezos could make this choice because of the 1992 Supreme Court decision in Quill Corp v. North Dakota, blocking states from compelling distance sellers to collect sales tax from customers unless the seller had a substantial physical operation (a "nexus") in the customer's state. Why, the reasoning went, should a company be required to pay taxes in a state where it receives no benefit in the form of public services? The decision helped fuel the growth of first mail-order sales and then ecommerce.

And so throughout the growth of electronic commerce Americans have gone along taking advantage of the relief from sales tax afforded by online sales. This is true despite the fact that many states have laws requiring their residents to declare and pay the sales tax on purchases over a certain amount. Until the current online tax disputes blew up, few knew about these laws - I only learned of them from a reader email some years ago - and as far as I'm aware it isn't enforced. Doing so would require comprehensive surveillance of ecommerce sites.

But this is the thing when something is new: those setting up businesses can take advantage of loopholes created for very different markets and conditions. A similar situation applies in the UK with respect to DVD and CD sales. Fulfilled by subsidiaries or partners based in the Channel Islands, the DVD and CD sales of major retailers such as Amazon, Tesco, and others take advantage of tax relief rules intended to speed shipments of agricultural products. Basically, any package valued under £18 is exempt from VAT. For consumers, this represents substantial savings; for local shops, it represents a tough challenge.

Even before that, in the early 1990s, CompuServe and AOL, as US-based Internet service providers, were able to avoid charging VAT in the UK based on a rule making services taxable based on their point of origin. That gave those two companies a significant - 17.5 percent - advantage over native ISPs like Demon and Pipex. There were many objections to this situation, and eventually the loophole was closed and both CompuServe and AOL began charging VAT.

You can't really blame companies for taking advantage of the structures that are there. No one wants to pay more tax - or pay for more administration - than is required by law, and anyone running those companies would make the same decisions. But as the recession continues to bite and state, federal, and central governments are all scrambling to replace lost revenues from a tax base that's been , the calls to level the playing field by closing off these tax-advantage workarounds are getting louder.

This type of argument is as old as mail order. But in the beginning there was a general view - implemented also in the US as a moratorium on taxing Internet services that was renewed as recently as 2007 - that exempting the Internet from as many taxes as possible would help the new medium take root and flourish. There was definitely some truth to the idea that this type of encouragement helped; an early FCC proposal to surcharge users for transmitting data was dropped after 10,000 users sent letters of complaint. Nonetheless, the FCC had to continue issuing denials for years as the dropped proposal continued to make the rounds as the "modem tax" hoax spam.

The arguments for requiring out-of-state sellers to collect and remit sales taxes (or VAT) are fairly obvious. Local retailers, especially small independents, are operating at a price disadvantage (even though customers must pay shipping and delivery charges when they buy online). Governments are losing one of their options for raising revenues to pay for public services. In addition, people buy online for many more reasons than saving money. Online shopping is convenient and offers greater choice. It is also true, though infrequently remembered, that the demographics of online shopping skew toward the wealthier members of our society - that is, the people who best afford to pay the tax.

The arguments against largely boil down to the fact that collecting taxes in many jurisdictions is administratively burdensome. There are some 8,000 different tax rates across the US's 50 states, and although there are many fewer VAT rates across Europe, once your business in a country has reached a certain threshold the rules and regulations governing each one can be byzantine and inconsistent. Creating a single, simple, and consistent tax rule to apply across the board to distance selling would answer these.

No one likes paying taxes (least of all us). But the fact that Amazon would apparently rather jettison the associates program that helped advertise and build its business than allow a state to claim those associates constitute a nexus exposing it to sales tax liability says volumes about how far we've come. And, therefore, how little the Net's biggest businesses now need the help.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 18, 2011

What is hyperbole?

This seems to have been a week for over-excitement. IBM gets an onslaught of wonderful publicity because it built a very large computer that won at the archetypal American TV game, Jeopardy. And Eben Moglen proposes the Freedom box, a more-or-less pocket ("wall wart") computer you can plug in and that will come up, configure itself, and be your Web server/blog host/social network/whatever and will put you and your data beyond the reach of, well, everyone. "You get no spying for free!" he said in his talk outlining the idea for the New York Internet Society.

Now I don't mean to suggest that these are not both exciting ideas and that making them work is/would be an impressive and fine achievement. But seriously? Is "Jeopardy champion" what you thought artificial intelligence would look like? Is a small "wall wart" box what you thought freedom would look like?

To begin with Watson and its artificial buzzer thumb. The reactions display everything that makes us human. The New York Times seems to think AI is solved, although its editors focus, on our ability to anthropomorphize an electronic screen with a smooth, synthesized voice and a swirling logo. (Like HAL, R2D2, and Eliza Doolittle, its status is defined by the reactions of the surrounding humans.)

The Atlantic and Forbes come across as defensive. The LA Times asks: how scared should we be? The San Francisco Chronicle congratulates IBM for suddenly becoming a cool place for the kids to work.

If, that is, they're not busy hacking up Freedom boxes. You could, if you wanted, see the past twenty years of net.wars as a recurring struggle between centralization and distribution. The Long Tail finds value in selling obscure products to meet the eccentric needs of previously ignored niche markets; eBay's value is in aggregating all those buyers and sellers so they can find each other. The Web's usefulness depends on the diversity of its sources and content; search engines aggregate it and us so we can be matched to the stuff we actually want. Web boards distributed us according to niche topics; social networks aggregated us. And so on. As Moglen correctly says, we pay for those aggregators - and for the convenience of closed, mobile gadgets - by allowing them to spy on us.

An early, largely forgotten net.skirmish came around 1991 over the asymmetric broadband design that today is everywhere: a paved highway going to people's homes and a dirt track coming back out. The objection that this design assumed that consumers would not also be creators and producers was largely overcome by the advent of Web hosting farms. But imagine instead that symmetric connections were the norm and everyone hosted their sites and email on their own machines with complete control over who saw what.

This is Moglen's proposal: to recreate the Internet as a decentralized peer-to-peer system. And I thought immediately how much it sounded like...Usenet.

For those who missed the 1990s: invented and implemented in 1979 by three students, Tom Truscott, Jim Ellis, and Steve Bellovin, the whole point of Usenet was that it was a low-cost, decentralized way of distributing news. Once the Internet was established, it became the medium of transmission, but in the beginning computers phoned each other and transferred news files. In the early 1990s, it was the biggest game in town: it was where the Linus Torvalds and Tim Berners-Lee announced their inventions of Linux and the World Wide Web.

It always seemed to me that if "they" - whoever they were going to be - seized control of the Internet we could always start over by rebuilding Usenet as a town square. And this is to some extent what Moglen is proposing: to rebuild the Net as a decentralized network of equal peers. Not really Usenet; instead a decentralized Web like the one we gave up when we all (or almost all) put our Web sites on hosting farms whose owners could be DMCA'd into taking our sites down or subpoena'd into turning over their logs. Freedom boxes are Moglen's response to "free spying with everything".

I don't think there's much doubt that the box he has in mind can be built. The Pogoplug, which offers a personal cloud and a sort of hardware social network, is most of the way there already. And Moglen's argument has merit: that if you control your Web server and the nexus of your social network law enforcement can't just make a secret phone call, they'll need a search warrant to search your home if they want to inspect your data. (On the other hand, seizing your data is as simple as impounding or smashing your wall wart.)

I can see Freedom boxes being a good solution for some situations, but like many things before it they won't scale well to the mass market because they will (like Usenet) attract abuse. In cleaning out old papers this week, I found a 1994 copy of Esther Dyson's Release 1.0 in which she demands a return to the "paradise" of the "accountable Net"; 'twill be ever thus. The problem Watson is up against is similar: it will function well, even engagingly, within the domain it was designed for. Getting it to scale will be a whole 'nother, much more complex problem.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

January 28, 2011


"You don't need this old math work," said my eighth grade geography teacher, paging through my loose-leaf notebook while I watched resentfully. It was 1967, the math work was no more than a couple of months old, and she was ahead of her time. She was an early prototype of that strange, new species littering the media these days: the declutterer.

People like her - they say "professional organizer", I say bully - seem to be everywhere. Their sudden visibility is probably due, at least in part, to the success of the US TV series Hoarders, in which mentally disordered people are forced to confront their pathological addiction to keeping and/or acquiring so much stuff that their houses are impassable, often hazardous. Of course, one person's pathological hoarder is another's more-or-less normal slob, packrat, serious collector, or disorganized procrastinator. Still, Newsweek's study of kids who are stuck with the clean-up after their hoarder parents die is decidedly sad.

But much of what I'm reading seems aimed at perfectly normal people who are being targeted with all the zealotry of an early riser insisting that late sleepers and insomniacs are lazy, immoral slugs who need to be reformed.

Some samples. LifeHacker profiles a book to help you estimate how much your clutter is costing you. The latest middle-class fear is that schools' obsession with art work will turn children into hoarders. The New York Times profiles a professional declutterer who has so little sympathy for attachment to stuff that she tosses out her children's party favors after 24 hours. At least she admits she's neurotic, and is just happy she's made it profitable to the tune of $150 an hour (well, Manhattan prices).

But take this comment from LifeHacker:

For example, look in your bedroom and consider the cost of unworn clothes and shoes, unread books, unworn jewelry, or unused makeup.

And this, from the Newsweek piece:

While he's thrown out, recycled, and donated years' worth of clothing, costume jewelry, and obvious trash, he's also kept a lot--including an envelope of clothing tags from items [his mother] bought him in 1972, hundreds of vinyl records, and an outdated tape recorder with corroded batteries leaking out the back.

OK, with her on the corroded batteries. (What does she mean, outdated? If it still functions for its intended purpose it's just old.) Little less sure about the clothing tags, which might evoke memories. But unread books? Unless you're talking 436 copies of The DaVinci Code, unread books aren't clutter. Unread books are mental food. They are promises of unknown worlds on a rainy day when the electricity goes bang. They are cultural heritage. Ditto vinyl records. Not all books and LPs are equally valuable, of course, but they should be presumed innocent until proven to be copies of Jeffrey Archer novels. Books are not shoeboxes marked "Pieces of string - too small to save".

Leaving aside my natural defensiveness at the suggestion that thousands of books, CDs, DVDs, and vinyl LPs are "clutter", it strikes me that one reason for this trend is that there is a generational shift taking place. Anyone born before about 1970 grew up knowing that the things they liked might become unavailable at any time. TV shows were broadcast once, books and records went out of print, and the sweater that sold out while you were saving up for it didn't reappear later on eBay. If you had any intellectual or artistic aspirations, building your own library was practically a necessity.

My generation also grew up making and fixing things: we have tools. (A couple of years ago I asked a pair of 20-somethings for a soldering iron; they stared as if I'd asked for a manual typewriter.) Plus, in the process of rebelling against our parents' largely cautious and thrifty lifestyles, Baby Boomers were the first to really exploit consumer credit. Put it together: endemic belief that the availability of any particular item was only temporary, unprecedented array of goods to choose from, extraordinary access to funding. The result: stuff.

To today's economically stressed-out younger generation, raised on reruns and computer storage, the physical manifestations of intellectual property must seem peculiarly unnecessary. Why bother when you can just go online and click a button? One of my 50-something writer friends loves this new world; he gives away or sells books as soon as he's read them, and buys them back used from Amazon or Alibris if he needs to consult them again. Except for the "buying it used" part, this is a business model the copyright industries ought to love, because you can keep selling the same thing over and over again to the same people. Essentially, it's rental, which means it may eventually be an even better business than changing the media format every decade or two so that people have to buy new copies. When 3D printers really get going, I imagine there will be people arguing that you really don't need to keep furniture around - just print it when you need it. Then the truly modern home environment will be just a bare floor and walls. If you want to live like that, fine, but on behalf of my home libraries, I say: ick.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

January 14, 2011

Face time

The history of the Net has featured many absurd moments, but this week was some sort of peak of the art. In the same week I read that a) based a $450 million round of investment from Goldman Sachs Facebook is now valued at $50 billion, higher than Boeing's market capitalization and b) Facebook's founder, Mark Zuckerberg, is so tired of the stress of running the service that he plans to shut it down on March 15. As I seem to recall a CS Lewis character remarking irritably, "Why don't they teach logic in these schools?" If you have a company worth $50 billion and you don't much like running it any more, you sell the damn thing and retire. It's not like Zuckerberg even needs to wait to be Time's Man of the Year.

While it's safe to say that Facebook isn't going anywhere soon, it's less clear what its long-term future might be, and the users who panicked at the thought of the service's disappearance would do well to plan ahead. Because: if there's one thing we know about the history of the Net's social media it's that the party keeps moving. Facebook's half-a-billion-strong user base is, to be sure, bigger than anything else assembled in the history of the Net. But I think the future as seen by Douglas Rushkoff, writing for CNN last week is more likely: Facebook, he argued based on its arguably inflated valuation, is at the beginning of its end, as MySpace was when Rupert Murdoch bought it in 2005 for $580 million. (Though this says as much about Murdoch's Net track record as it does about MySpace: Murdoch bought the text-based Delphi, at its peak moment in late 1993.)

Back in 1999, at the height of the dot-com boom, the New Yorker published an article (abstract; full text requires subscription) comparing the then-spiking stock price of AOL with that of the Radio Corporation of America back in the 1920s, when radio was the hot, new democratic medium. RCA was selling radios that gave people unprecedented access to news and entertainment (including stock quotes); AOL was selling online accounts that gave people unprecedented access to news, entertainment, and their friends. The comparison, as the article noted, wasn't perfect, but the comparison chart the article was written around was, as the author put it, "jolly". It still looks jolly now, recreated some months later for this analysis of the comparison.

There is more to every company than just its stock price, and there is more to AOL than its subscriber numbers. But the interesting chart to study - if I had the ability to create such a chart - would be the successive waves of rising, peaking, and falling numbers of subscribers of the various forms of social media. In more or less chronological order: bulletin boards, Usenet, Prodigy, Genie, Delphi, CompuServe, AOL...and now MySpace, which this week announced extensive job cuts.

At its peak, AOL had 30 million of those; at the end of September 2010 it had 4.1 million in the US. As subscriber revenues continue to shrink, the company is changing its emphasis to producing content that will draw in readers from all over the Web - that is, it's increasingly dependent on advertising, like many companies. But the broader point is that at its peak a lot of people couldn't conceive that it would shrink to this extent, because of the basic principle of human congregation: people go where their friends are. When the friends gradually start to migrate to better interfaces, more convenient services, or simply sites their more annoying acquaintances haven't discovered yet, others follow. That doesn't necessarily mean death for the service they're leaving: AOL, like CIX, the The WELL, and LiveJournal before it, may well find a stable size at which it remains sufficiently profitable to stay alive, perhaps even comfortably so. But it does mean it stops being the growth story of the day.

As several financial commentators have pointed out, the Goldman investment is good for Goldman no matter what happens to Facebook, and may not be ring-fenced enough to keep Facebook private. My guess is that even if Facebook has reached its peak it will be a long, slow ride down the mountain and between then and now at least the early investors will make a lot of money.

But long-term? Facebook is barely five years old. According to figures leaked by one of the private investors, its price-earnings ratio is 141. The good news is that if you're rich enough to buy shares in it you can probably afford to lose the money.

As far as I'm aware, little research has been done studying the Net's migration patterns. From my own experience, I can say that my friends lists on today's social media include many people I've known on other services (and not necessarily in real life) as the old groups reform in a new setting. Facebook may believe that because the profiles on its service are so complex, including everything from status updates and comments to photographs and games, users will stay locked in. Maybe. But my guess is that the next online party location will look very different. If email is for old people, it won't be long before Facebook is, too.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 10, 2010


A new word came my way while I was reviewing the many complaints about the Transportation Security Administration and its new scanner toys and pat-down procedures: "Chertoffed". It's how "security theater" (Bruce Schneier's term) has transformed the US since 2001.

The description isn't entirely fair to Chertoff, who was only the *second* head of the Bush II-created Department of Homeland Security and has now been replaced: he served from 2005-2009. But since he's the guy who began the scanner push and also numbers scanner manufacturers among the clients of his consultancy company, The Chertoff Group - it's not really unfair either.

What do you do after defining the travel experience of a generation? A little over a month ago, Chertoff showed up at London's RSA Data Security conference to talk about what he thought needed to happen in order to secure cyberspace. We need, he said, a doctrine to lay out the rules of the road for dealing with cyber attacks and espionage - the sort of thing that only governments can negotiate. The analogy he chose was to the doctrine that governed nuclear armament, which he said (at the press Q&A) "gave us a very stable, secure environment over the next several decades."

In cyberspace, he argued, such a thing would be valuable because it makes clear to a prospective attacker what the consequences will be. "The greatest stress on security is when you have uncertainty - the attacker doesn't know what the consequences will be and misjudges the risk." The kinds of things he wants a doctrine to include are therefore things like defining what is a proportionate response: if your country is on the receiving end of an attack from another country that's taking out the electrical power to hospitals and air traffic control systems with lives at risk, do you have the right to launch a response to take out the platform they're operating from? Is there a right of self-defence of networks?

"I generally take the view that there ought to be a strong obligation on countries, subject to limitations of practicality and legal restrictions, to police the platforms in their own domains," he said.

Now, there are all sorts of reasons many techies are against government involvement - or interference - in the Internet. First and foremost is time: the World Summit on the Information Society and its successor, the Internet Governance Forum, have taken years to one's quite sure what, while the Internet's technology has gone on racing ahead creating new challenges. But second is a general distrust, especially among activists and civil libertarians. Chertoff even admitted that.

"There's a capability issue," he said, "and a question about whether governments put in that position will move from protecting us from worms and viruses to protecting us from dangerous ideas."

This was, of course, somewhat before everyone suddenly had an opinion about Wikileaks. But what has occurred since makes that distrust entirely reasonable: give powerful people a way to control the Net and they will attempt to use it. And the Net, as in John Gilmore's famous aphorism, "perceives censorship as damage and routes around it". Or, more correctly, the people do.

What is incredibly depressing about all this is watching the situation escalate into the kind of behavior that governments have quite reasonably wanted to outlaw and that will give ammunition to those who oppose allowing the Net to remain an open medium in which anyone can publish. The more Wikileaks defenders organize efforts like this week's distributed denial-of-service attacks, the more Wikileaks and its aftermath will become the justification for passing all kinds of restrictive laws that groups like the Electronic Frontier Foundation and the Open Rights Group have been fighting against all along.

Wikileaks itself is staying neutral on the subject, according to the statement on its (Swiss) Web site: Wikileaks spokesman Kristinn Hrafnsson said: "We neither condemn nor applaud these attacks. We believe they are a reflection of public opinion on the actions of the targets."

Well, that's true up to a point. It would be more correct to say that public opinion is highly polarized, and that the attacks are a reflection of the opinion of a relatively small section of the public: people who are at the angriest end of the spectrum and have enough technical expertise to download and install software to make their machines part of a botnet - and not enough sense to realize that this is a risky, even dangerous, thing to do. Boycotting during its busiest time of year to express your disapproval of its having booted Wikileaks off its servers would be an entirely reasonable protest. Vandalism is not. (In fact the announced attack on Amazon's servers seems not to have succeeded, though others have.

I have written about the Net and what I like to call the border wars between cyberspace and real life for nearly 20 years. Partly because it's fascinating, partly because when something is new you have a real chance to influence its development, and partly because I love the Net and want it to fulfill its promise as a democratic medium. I do not want to have to look back in another 20 years and say it's been "Chertoffed". Governments are already mad about the utterly defensible publication of the cables; do we have to give them the bullets to shoot us with, too?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 3, 2010

Open diplomacy

Probably most people have by now lived through the embarrassment of having a (it was intended to be) private communication made public. The email your fingers oopsishly sent to the entire office instead of your inamorata; the drunken Usenet postings scooped into Google's archive; the direct Tweet that wound up in the public timeline; the close friend your cellphone pocket-dialed while you were trashing them.

Most of these embarrassments are relatively short-lived. The personal relationships that weren't already too badly damaged recover, if slowly. Most of the people who get the misdirected email are kind enough to delete it and never mention it again. Even the stock market learns to forgive those drunken Usenet postings; you may be a CEO now but you were only a frat boy back then.

But the art of government-level diplomacy is creating understanding, tolerance, and some degree of cooperation among people who fundamentally distrust each other and whose countries may have substantial, centuries-old reasons why that is utterly rational. (Sometimes these internecine feuds are carried to extremes: would you buy from a store that filed Greek and Turkish DVDs in the same bin?) It's hardly surprising if diplomats' private conversations resemble those of Hollywood agents, telling each person what they want to hear about the others and maneuvering them carefully to get the desired result. And a large part of that desired result is avoiding mass destruction through warfare.

For that reason, it's hard to simply judge Wikileaks' behavior by the standard of our often-expressed goal of open data, transparency, accountability, and net.freedoms. Is there a line? And where do you draw it?

In the past, it was well-established news organizations who had to make this kind of decision - the New York Times and the Washington Post regarding the Pentagon Papers, for example. Those organizations, rooted in a known city in a single country, knew that mistakes would see them in court; they had reputations, businesses, and personal liberty to lose. As Jay Rosen: the world's first stateless news organization. (culture, laws, norms) - contract with those who have information that can submit - will encrypt to disguise source from us as well as others - and publish - can't subpoena because stateless. Failure of the watchdog press under George Bush and anxiety on part of press derived from denial of their own death.

Wikileaks wasn't *exactly* predicted by Internet pioneers, but it does have its antecedents and precursors. Before collaborative efforts - wikis - became commonplace on the Web there was already the notion of bypassing the nation-state to create stores of data that could not be subjected to subpoenas and other government demands. There was the Sealand data bunker. There was physicist Timothy May's Crypto Anarchist Manifesto, which posited that, "Crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded."

Note, however, that a key element of these ideas was anonymity. Julian Assange has told Guardian readers that in fact he originally envisioned Wikileaks as an anonymous service, but eventually concluded that someone must be responsible to the public.

Curiously, the strand of Internet history that is the closest to the current Wikileaks situation is the 1993-1997 wrangle between the Net and Scientology, which I wrote about for Wired in 1995. This particular net.war did a lot to establish the legal practices still in force with respect to user-generated content: notice and takedown, in particular. Like Wikileaks today, those posting the most closely guarded secrets of Scientology found their servers under attack and their material being taken down and, in response, replicated internationally on mirror sites to keep it available. Eventually, sophisticated systems were developed for locating the secret documents wherever they were hosted on a given day as they bounced from server to server (and they had to do all that without the help of Twitter. Today, much of the gist is on Wikipedia. At the time, however, calling it a "flame war with real bullets" wasn't far wrong: some of Scientology's fiercest online critics had their servers and/or homes raided. When Amazon removed Wikileaks from its servers because of "copyright", it operated according to practices defined in response to those Scientology actions.

The arguments over Wikileaks push at many other boundaries that have been hotly disputed over the last 20 years. Are they journalists, hackers, criminals, or heroes? Is Wikileaks important because, as NYU professor Jay Rosen points out, journalism has surrendered its watchdog role? Or because it is posing, as Techdirt says, the kind of challenge to governments that the music and film industries have already been facing? On a technical level, Wikileaks is showing us the extent to which the Internet can still resist centralised control.

A couple of years ago, Stefan Magdalinski noted the "horse-trading in a fairly raw form" his group of civic hackers discovered when they set out to open up the United Nations proceedings - another example of how people behave when they think no one is watching. Utimately governments will learn to function in a world in which they cannot trust that anything is secret, just as they had to learn to cope with CNN (PDF)

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

November 12, 2010

Just between ourselves

It is, I'm sure, pure coincidence that a New York revival of Vaclav Havel's wonderfully funny and sad 1965 play The Memorandum was launched while the judge was considering the Paul Chambers "Twitter joke trial" case. "Bureaucracy gone mad," they're billing the play, and they're right, but what that slogan omits is that the bureaucracy in question has gone mad because most of its members don't care and the one who does has been shut out of understanding what's going on. A new language, Ptydepe, has been secretly invented and introduced as a power grab by an underling claiming it will improve the efficiency of intra-office communications. The hero only discovers the shift when he receives a memorandum written in the new language and can't get it translated due to carefully designed circular rules. When these are abruptly changed the translated memorandum restores him to his original position.

It is one of the salient characteristics of Ptydepe that it has a different word for every nuance of the characters' natural language - Czech in the original, but of course English in the translation I read. Ptydepe didn't work for the organization in the play because it was too complicated for anyone to learn, but perhaps something like it that removes all doubt about nuance and context would assist older judges in making sense of modern social interactions over services such as Twitter. Clearly any understanding of how people talk and make casual jokes was completely lacking yesterday when Judge Jacqueline Davies upheld the conviction of Paul Chambers in a Doncaster court.

Chambers' crime, if you blinked and missed those 140 characters, was to post a frustrated message about snowbound Doncaster airport: "Crap! Robin Hood airport is closed. You've got a week and a bit to get your shit together otherwise I'm blowing the airport sky high!" Everyone along the chain of accountability up to the Crown Prosecution Service - the airport duty manager, the airport's security personnel, the Doncaster police - seems to have understood he was venting harmlessly. And yet prosecution proceeded and led, in May, to a conviction that was widely criticized both for its lack of understanding of new media and for its failure to take Chambers' lack of malicious intent into account.

By now, everyone has been thoroughly schooled in the notion that it is unwise to make jokes about bombs, plane crashes, knives, terrorists, or security theater - when you're in an airport hoping to get on a plane. No one thinks any such wartime restraint need apply in a pub or its modern equivalent, the Twitter/Facebook/online forum circle of friends. I particularly like Heresy Corner's complaint that the judgement makes it illegal to be English.

Anyone familiar with online writing style immediately and correctly reads Chambers' Tweet for what it was: a perhaps ill-conceived expression of frustration among friends that happens to also be readable (and searchable) by the rest of the world. By all accounts, the judge seems to have read it as if it were a deliberately written personal telegram sent to the head of airport security. The kind of expert explanation on offer in this open letter apparently failed to reach her.

The whole thing is a perfect example of the growing danger of our data-mining era: that casual remarks are indelibly stored and can be taken out of context to give an utterly false picture. One of the consequences of the Internet's fundamental characteristic of allowing the like-minded and like-behaved to find each other is that tiny subcultures form all over the place, each with its own set of social norms and community standards. Of course, niche subcultures have always existed - probably every local pub had its own set of tropes that were well-known to and well-understood by the regulars. But here's the thing they weren't: permanently visible to outsiders. A regular who, for example, chose to routinely indicate his departure for the Gents with the statement, "I'm going out to piss on the church next door" could be well-known in context never to do any such thing. But if all outsiders saw was a ten-second clip of that statement and the others' relaxed reaction that had been posted to YouTube they might legitimately assume that pub was a shocking hotbed of anti-religiou slobs. Context is everything.

The good news is that the people on the ground whose job it was to protect the airport read the message, understood it correctly, and did not overreact. The bad news is that when the CPS and courts did not follow their lead it opened up a number of possibilities for the future, all bad. One, as so many have said, is that anyone who now posts anything online while drunk, angry, stupid, or sloppy-fingered is at risk of prosecution - with the consequence of wasting huge amounts of police and judicial time that would be better spent spotting and stopping actual terrorists. The other is that everyone up the chain felt required to cover their ass in case they were wrong.

Chambers still may appeal to the High Court; Stephen Fry is offering to pay his fine (the Yorkshire Post puts his legal bill at £3,000), and there's a fund accepting donations.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

September 10, 2010

Google, I want a divorce

Jamie: You're dating your mailman?
Lisa: Why not? He comes to see me every day. He's always bringing me things.
Jamie: Mail. He brings you mail.
Lisa: Don't judge him!

- from Mad About You, Season 3, Episode 1, "Escape From New York".

Two years ago, when Google turned ten years old I was called into a BBC studio to talk about the company. Why, I was asked, did people hate Microsoft so much? Would people ever hate Google, too? I said, I think, that because we're only aware of Microsoft when its software fails, our primary impression of the company is frustration: why does this software hate me?

Whereas, I went on to say, to most people Google is like the mailman: it's a nice Web site that keeps bringing you things you really want. Yes, Street View (privacy), Google Books (copyright), and other controversies, but search results! Right out of the oven!

This week I can actually say it: I hate Google. There was the annoying animated Buckyball. There was the enraging exploding animation. And now there's Google Instant - which I can turn off, to be sure, now I can't turn off Google's suggestions. Pause to scream.

I know life is different for normal people, and that people who can't touch type maybe actually like Google's behaving like a long-time spouse who finishes all their sentences, especially if they cannot spell correctly. But neither Instant nor suggestions is a help when your typical search is a weird mix of constraints intended to prod Google into tossing out hits on obscure topics. And you know what else isn't a help? Having stuff change before your eyes and disrupt the brain-fingers continuum. Changing displays, animations, word suggestions all distract you from what you're typing and make it hard to concentrate.

A different problem is the one posed by personalized results: journalists need to find the stuff they - and lots of other people - don't know about. Predictive and personalized results typically will show you the stuff you already do know about, which is fine if you're trying to find that guy who fixed your garage door that time but terrible if what you're trying to do is put together new information in new ways (like focus groups, as Don Draper's said in the recent Mad Men episode "The Rejected".)

There are a lot of things Google could do that would save me - and millions of other people - more time than Instant. The company could get expunge more of the link farms and useless aggregator shopping sites from its results. Intelligence could be better deployed for disaggregation - this Wendy Grossman or that one? I'd benefit from having the fade-in go away; it always costs me a few seconds.

There are some other small nuisances that also waste my time. On the News and some other pages, for example, you can't right-click on a URL and copy/paste it into a story because a few years ago doing that started returning an enormously long Google-adulterated URL. Simply highlighting and copying the URL into Word puts it in weird fonts you have to change. So the least slow way is to go to the page - which is very nice for the page but you're on deadline. And why can't Google read the page's date of last alteration (at least on static pages) and include that in the search listing? The biggest time-waster for me is having to plough through acres of old stuff because there's no way to differentiate it from the recent material. I also don't like the way the new Images search pages load. You would be this fussy, too, if you spent an hour or two a day on the site.

Lauren Weinstein has turned up some other, more serious, problems with Google Instant and the way it "thinks". Of course, it's still in beta, we all know this. Even though Yahoo! says hey, we had that back in 2005. (And does anyone else think the mention of "intellectual property" in that blog post sounds ominous?) Search Engine Watch has more detail (and a step-by-step critique; it's SEW's commentators' opinions that Yahoo! did not go ahead with its live offering because it had insufficient appetite for product risk - and insufficient infrastructure to support it.

So, for me personally the upshot is that I'm finally, after 11 years, in the market for a replacement search engine. Yahoo! is too cluttered.'s "question of the day" annoys me because, again, it's distracting. Altavista I abandoned gratefully (clutter!) in 1998 even though it invented the Babelfish. Dogpile has a stupid name, is hideous, and has a horoscope button on the front page. Webcrawler doesn't quick-glance differentiate its sponsored links. Cuil has too few results on a page and no option to increase them. Of course, mostly I want not to have to change.

Perhaps the most likely option is the one I saw recommended on Slashdot: Google near-clone DuckDuckGo, which seems to have a good attitude toward privacy and a lot of nifty shortcuts. I don't really love the shading in and out as you mouse over results, but I love that you can click anywhere in the shading to go to the page. I don't like having to wait for most of the listings to load; I like to skim all 100 listings on a page quickly before choosing anything. But I have to use something. I search to live.
So many options, yet none are really right. It may just be that as the main search engines increasingly compete for the mass-market they will be increasingly less fit for real research. There's an important niche here, folks.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

September 3, 2010

Beyond the zipline

When Aaron Sorkin (The West Wing, Sports Night) was signed to write the screenplay for a movie about Facebook, I think the general reaction was one of more or less bafflement. Sorkin has a great track record, sure, but how do you make a movie about a Web site, even if it's a social network? What are you going to show? People typing to each other?

Now that the movie is closer coming out (October 1 in the US) that we're beginning to see sneak peak trailers, and we can tell a lot more from the draft screenplay that's been floating around the Net. The copy I found is dated March 2009, and you can immediately tell it's the real thing: quality dialogue and construction, and the feel of real screenwriting expertise. Turns out, the way you write a screenplay about Facebook is to read the books, primarily the novelistic, not-so-admired Accidental Billionaires by Ben Mezrich, along with other published material and look for the most dramatic bit of the story: the lawsuits eventually launched by the characters you're portraying. Through which, as a framing device, you can tell the story of the little social network that exploded. Or rather, Sorkin can. The script is a compelling read. (It's actually not clear to me that it can be improved by actually filming it.)

Judging from other commentaries, everyone seems to agree it's genuine, though there's no telling where in the production process that script was, how many later drafts there were, or how much it changed in filming and post-production. There's also no telling who leaked it or why: if it was intentional it was a brilliant marketing move, since you could hardly ask for more word-of-mouth buzz.

If anyone wanted to design a moral lesson for the guy who keeps saying privacy is dead, it might be this: turn out your deepest secrets to portray you as a jerk who steals other people's ideas and codes them into the basis for a billion-dollar company, all because you want to stand out at Harvard and, most important, win the admiration of the girl who dumped you. Think the lonely pathos of the socially ostracized, often overlooked Jenny Humphrey in Gossip Girl crossed with the arrogant, obsessive intelligence of Sheldon Cooper in The Big Bang Theory. (Two characters I actually like, but they shouldn't breed.)

Neither the book nor the script is that: they're about as factual as 1978's The Buddy Holly Story or any other Hollywood biopic. Mezrich, who likes to write books about young guys who get rich fast (you can see why; he's gotten several bestsellers out of this approach), had no help from Facebook founder and CEO Mark Zuckerberg, What dialogue there is has been "re-created", and sources other than disaffected co-founder Eduardo Saverin are anonymous. Lacking sourcing (although of course the court testimony is public information), it's unclear how fictional the dramatization is. I'd have no problem with that if the characters weren't real people identified by their real names.

Places, too. Probably the real-life person/place/thing that comes off worst is Harvard, which in the book especially is practically a caricature of the way popular culture likes to depict it: filled with the rich, the dysfunctional, and the terminally arrogant who vie to join secretive, elite clubs that force them to take part in unsavoury hazing rituals. So much so that it was almost a surprise to read in Wikipedia that Mezrich actually went to Harvard.

Journalists and privacy advocates have written extensively about the consequences for today's teens of having their adolescent stupidities recorded permanently on Facebook or elsewhere, but Zuckerberg is already living with having his frat-boy early days of 2004 documented and endlessly repeated. Of course one way to avoid having stupid teenaged shenanigans reported is not to engage in them, but let's face it: how many of us don't have something in our pasts we'd just as soon keep out of the public eye? And if you're that rich that young, you have more opportunities than most people to be a jerk.

But if the only stories people can come up with about Zuckerberg date from before he turned 21, two thoughts occur. First, that Zuckerberg has as much right as anybody to grow up into a mature human being whose early bad judgement should be forgiven. To cite two examples: the tennis player Andre Agassi was an obnoxious little snert at 18 and a statesman of the game at 30; at 30 Bill Gates was criticized for not doing enough for charity but now at 54 is one of the world's most generous philanthropists. It is, therefore, somewhat hypocritical to demand that Zuckerberg protect today's teens from their own online idiocy while constantly republishing his follies.

Second, that outsized, hyperspeed business success might actually have forced him to grow up rather quickly. Let's face it, it's hard to make an interesting movie out of the hard work of coding and building a company.

And a third: by joining the 500 million and counting who are using Facebook we are collectively giving Zuckerberg enough money not to care either way.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

August 20, 2010

Naming conventions

Eric Schmidt, the CEO of Google, is not a stupid person, although sometimes he plays one for media consumption. At least, that's how it seemed this week, when the Wall Street Journal reported that he had predicted, apparently in all seriousness, that the accumulation of data online may result in the general right for young people to change their names on reaching adulthood in order to escape the embarrassments of their earlier lives.

As Danah Boyd commented in response, it is to laugh.

For one thing, every trend in national and international law is going toward greater, permanent trackability. I know the UK is dumping the ID card and many US states are stalling on Real ID, but try opening a new bank account in the US or Europe, especially if you're a newly arrived foreigner. It's true that it's not so long ago - 20 years, perhaps - that people, especially in California, did change their names at the drop of an acid tablet. I'm fairly sure, for example, that the woman I once knew as Dancingtree Moonwater was not named that by her parents. But those days are gone with the anti-money laundering regulations, the anti-terrorist laws, and airport security.

For one thing, when is he imagining the adulthood moment to take place? When they're 17 and applying to college and need to cite their past records of good works, community involvement, and academic excellence? When they're 21 and graduating from college and applying for jobs and need to cite their past records of academic excellence, good works, and community involvement? I don't know about you, but I suspect that an admissions officer/prospective employer would be deeply suspicious of a kid coming of age today who had, apparently, no online history at all. Even if that child is a Mormon.

For another, changing your name doesn't change your identity (even if the change is because you got married). Investigators who track down people who've dropped out of their lives and fled to distant parts to start new ones often do so by, among other things, following their hobbies. You can leave your spouse, abandon your children, change jobs, and move to a distant location - but it isn't so easy to shake a passion for fly-fishing or 1957 Chevys. The right to reinvent yourself, as Action on Rights for Children's Terri Dowty pointed out during the campaign against the child-tracking database ContactPoint, is an important one. But that means letting minor infractions and youthful indiscretions fade into the mists of time, not to be pulled out and laughed until, say, 30 years hence, rather than being recorded in a database that thinks it "knows" you.

I think Schmidt knows all this perfectly well. And I think if such an infrastructure - turn 16, create a new identity - were ever to be implemented the first and most significant beneficiary would be...Google. I would expect most people's search engine use to provide as individual a fingerprint as, well, fingerprints. (This is probably less true for journalists, who research something different every week and therefore display the database equivalent of multiple personality disorder.)

Clearly if the solution to young people posting silly stuff online where posterity can bite them on the ass is a change of name the only way to do it is to assign kids online-only personas at birth that can be retired when they reach an age of reason. But in such a scenario, some kids would wind up wanting to adopt their online personas as their real ones because their online reputation has become too important in their lives. In the knowledge economy, as plenty of others have pointed out, reputation is everything.

This is, of course, not a new problem. As usual. When, in 1995, DejaNews (bought by Google some years back to form the basis of the Google Groups archive) was created, it turned what had been ephemeral Usenet postings into a permanent archive. If you think people post stupid stuff on Facebook now, when they know their friends and families are watching, you should have seen the dumb stuff they posted on Usenet when they thought they were in the online equivalent of Benidorm, where no one knew them and there were no consequences. Many of those Usenet posters were students. But I also recall the newly appointed CEO of a public company who went around the WELL deleting all his old messages. Didn't mean there weren't copies...or memories.

There is a genuine issue here, though, and one that a very smart friend with a 12-year-old daughter worries about regularly: how do you, as a parent, guide your child safely through the complexities of the online world and ensure that your child has the best possible options for her future while still allowing her to function socially with her peers? Keeping her offline is not an answer. Neither are facile statements from self-interested CEOs who, insulated by great wealth and technological leadership, prefer to pretend to themselves that these issues have already been decided in their favor.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

June 4, 2010

Return to the hacker crackdown

Probably many people had forgotten about the Gary McKinnon case until the new government reversed their decision to intervene in his extradition. Legal analysis is beyond our expertise, but we can outline some of the historical factors at work.

By 2001, when McKinnon did his breaking and entering into US military computers, hacking had been illegal in the UK for just over ten years - the Computer Misuse Act was passed in 1990 after the overturned conviction of Robert Schifreen and Steve Gold for accessing Prince Philip's Prestel mailbox.

Early 1990s hacking (earlier, the word meant technological cleverness) was far more benign than today's flat-out crimes of identity fraud, money laundering, and raiding bank accounts. The hackers of the era - most famously Kevin Mitnick were more the cyberspace equivalent of teenaged joyriders: they wandered around the Net rattling doorknobs and playing tricks to get passwords, and occasionally copied some bit of trophy software for bragging rights. Mitnick, despite spending four and a half years in jail awaiting trial, was not known to profit from his forays.

McKinnon's claim that he was looking for evidence that the US government was covering up information about alternative energy and alien visitations seems to me wholly credible. There was and is a definite streak of conspiracy theorists - particularly about UFOs - among the hacker community.

People seemed more alarmed by those early-stage hackers than they are by today's cybercriminals: the fear of new technology was projected onto those who seemed to be its masters. The series of 1990 "Operation Sundown" raids in the US, documented in Bruce Sterling's book , inspired the creation of the Electronic Frontier Foundation. Among other egregious confusions, law enforcement seized game manuals from Steven Jackson Games in Austin, Texas, calling them hacking instruction books.

The raids came alongside a controversial push to make hacking illegal around the world. It didn't help when police burst in at the crack of dawn to arrest bright teenagers and hold them and their families (including younger children) at gunpoint while their computers and notebooks were seized and their homes ransacked for evidence.

"I think that in the years to come this will be recognized as the time of a witch hunt approximately equivalent to McCarthyism - that some of our best and brightest were made to suffer this kind of persecution for the fact that they dared to be creative in a way that society didn't understand," 21-year-old convicted hacker Mark Abene ("Phiber Optik") told filmmaker Annaliza Savage for her 1994 documentary, Unauthorized Access (YouTube).

Phiber Optik was an early 1990s cause célèbre. A member of the hacker groups Legion of Doom and Masters of Deception, he had an exceptionally high media profile. In January 1990, he and other MoD members were raided on suspicion of having caused the AT&T crash of January 15, 1990, when more than half of the telephone network ceased functioning for nine hours. Abene and others were eventually charged in 1991, with law enforcement demanding $2.5 million in fines and 59 years in jail. Plea agreements reduced that a year in prison and 600 hours of community service. The company eventually admitted the crash was due to its own flawed software upgrade.

There are many parallels between these early days of hacking and today's copyright wars. Entrenched large businesses (then AT&T; now RIAA, MPAA, BPI, et al) perceive mostly young, smart Net users as dangerous enemies and pursue them with the full force of the law claiming exaggeratedly large-figure sums in damages. Isolated, often young, targets were threatened with jail and/or huge sums in damages to make examples of them to deter others. The upshot in the 1990s was an entrenched distrust of and contempt for law enforcement on the part of the hacker community, exacerbated by the fact that back then so few law enforcement officers understood anything about the technology they were dealing with. The equivalent now may be a permanent contempt for copyright law.

In his 1990 essay Crime and Puzzlement examining the issues raised by hacking, EFF co-founder John Perry Barlow wrote of Phiber Optik, whom he met on the WELL: "His cracking impulses seemed purely exploratory, and I've begun to wonder if we wouldn't also regard spelunkers as desperate criminals if AT&T owned all the caves."

When McKinnon was first arrested in March 2002 and then indicted in a Virginia court in October 2002 for cracking into various US military computers - with damage estimated at $800,000 - all this history will still fresh. Meanwhile, the sympathy and good will toward the US engendered by the 9/11 attacks had been dissipated by the Bush administration's reaction: the PATRIOT Act (passed October 2001) expanded US government powers to detain and deport foreign citizens, and the first prisoners arrived at Guantanamo in January 2002. Since then, the US has begun fingerprinting all foreign visitors and has seen many erosions to civil liberties. The 2005 changes to British law that made hacking into an extraditable offense were controversial for precisely these reasons.

As McKinnon's case has dragged on through extradition appeals this emotional background has not changed. McKinnon's diagnosis with Asperger's Syndrome in 2008 made him into a more fragile and sympathetic figure. Meanwhile, the really dangerous cybercriminals continue committing fraud, theft, and real damage, apparently safe from prosecution.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

May 28, 2010

Privacy theater

On Wednesday, in response to widespread criticism and protest Facebook finally changed its privacy settings to be genuinely more user-friendly - and for once, the settings actually are. It is now reasonably possible to tell at a glance which elements of the information you have on the system are visible and to what class of people. To be sure, the classes available - friends, friends of friends, and everyone - are still broad, but it is a definite improvement. It would be helpful if Facebook provided a button so you could see what your profile looks like to someone who is not on your friends list (although of course you can see this by logging out of Facebook and then searching for your profile). If you're curious just how much of your information is showing, you might want to try out Outbook.

Those changes, however, only tackle one element of a four-part problem.

1: User interface. Fine-grained controls are, as the company itself has said, difficult to present in a simple way. This is what the company changed this week and, as already noted, the new design is a big improvement. It can still be improved, and it's up to users and governments to keep pressure on the company to do so.

2: Business model. Underlying all of this, however, is the problem that Facebook still has make money. To some extent this is our own fault: if we don't want to pay money to use the service - and it's pretty clear we don't - then it has to be paid for some other way. The only marketable asset Facebook has is its user data. Hence Andrew Brown's comment that users are Facebook's product; advertisers are its customers. As others have commented, traditional media companies also sell their audience to their advertisers; but there's a qualitative difference in that traditional media companies also create their own content, which gives them other revenue streams.

3. Changing the defaults. As this site's graphic representation makes clear, since 2005 the changes in Facebook's default privacy settings have all gone one way: towards greater openness. We know from decades of experience that defaults matter because so many computer users never change them. It's why Microsoft has had to defend itself against antitrust actions regarding bundling Internet Explorer and Windows Media Player into its operating system. On Facebook, users should have to make an explicit decision to make their information public - opt in, rather than opt out. That would also be more in line with the EU's Data Protection Directive.

4: Getting users to understand what they're disclosing. Back in the early 1990s, AT&T ran a series of TV ads in the US targeting a competitor's having asked its customers the names of their friends and family for marketing purposes, "I don't want to give those out," the people in the ads were heard to say. Yet they freely disclose on Facebook every day exactly that sort of information. As director of the Foundation for Information Policy Research Caspar Bowden argued persuasively that traffic analysis - seeing who is talking to whom and with what frequency - is far more revealing than the actual contents of messages.

What makes today's social networks different from other messaging systems (besides their scale) is that typically those - bulletin boards, conferencing systems, CompuServe, AOL, Usenet, today's Web message boards - were and are organized around topics of interest: libel law reform, tennis, whatever. Even blogs, whose earliest audiences are usually friends, become more broadly successful because of the topics they cover and the quality of that coverage. In the early days, that structure was due to the fact that most people online were strangers meeting for the first time. These days, it allows those with minority interests to find each other. But in social media the organizing principle is the social connections of individual people whose tenure on the service begins, by and large, by knowing each other. This vastly simplifies traffic analysis.

A number of factors contributed to the success of Facebook. One was the privacy promises the company made (and have since revised). But another was certainly elements of dissatisfaction with the wider Net. I've heard Facebook described as an effort to reinvent the Net, and there's some truth to that in that it presents itself as a safer space. That image is why people feel comfortable posting pictures of their kids. But a key element in Facebook's success has, I think, also been the brokenness of email and, to a lesser degree, instant messaging. As these became overridden with spam, rather than grapple with spam and other unwanted junk or the uncertainty of knowing which friend was using which incompatible IM service, many people gravitated to social networks as a way of keeping their inboxes as personal space.

Facebook is undoubtedly telling the truth when it says that the privacy complaints have, so far, made little difference to the size and engagement of its user base. It's extreme to say that Facebook victimizes its users, but it is true that the active core of long-term users' expectations have been progressively betrayed. Facebook's users have no transparency about or control over what data Facebook shares with its advertisers. Making that visible would go a long way toward restoring users' trust.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

May 14, 2010

Bait and switch

If there's one subject Facebook's PR people probably wish its founder and CEO, 27-year-old Mark Zuckerberg, had never discussed in public it's privacy, which he dismissed in January as no longer a social norm.

What made Zuckerberg's statement sound hypocritical - on top of arrogant, blinkered, self-interested, and callous - is the fact that he himself protects information he posts on Facebook. If he doesn't want his own family photographs searchable on Google, why does he assume that other people do?

What's equally revealing, though, is the comment he went on to make (quoted in that same piece) that he views it as really important "to keep a beginner's mind" in deciding what the company should do next. In other words, they ask themselves what decision they would make if they were starting Facebook now - and then they do that.

You can't hardly get there from here.

Zuckerberg is almost certainly right that if he were setting up the company now he'd make everything public as a default setting - as Twitter, founded two years later, does. Of course he'd do things differently: he'd be operating post-Facebook. Most important, he'd be a tiny company instead of a huge one. Size matters: you cannot make the same decisions that you would if you were a start-up when you have 400 million users, are the Web's largest host of photographs, and the biggest publisher of display ads. Facebook is discovering what Microsoft and Google also have: it isn't easy being big.

Being wholly open would, I'm sure, be a simpler situation both legally and in terms of user expectations, and I imagine it would be easier to program and develop. The difficulty is that he isn't starting the company now, and just as the seventh year of a marriage isn't the same as the first year of a marriage, he can't behave as if he is. Because: like in a marriage, Facebook has made promises to its users throughout the last six years, and you cannot single-handedly rewrite the contract without betraying them.

On Sky TV last night, I called Facebook's attitude to privacy a case of classic bait-and-switch. While I have no way of knowing if that was Zuckerberg's conscious intention when he first created Facebook in his Harvard dorm room at 19, that is nonetheless an accurate description of the situation. Facebook users - and the further you go back in the company's history the more true this is - shared their information because the company promised them privacy. Had the network been open from the start, people would likely have made different choices. Both a group of US senators nor the EU's Data Protection working party understand this perfectly. It would be a mistake for Facebook's management to dismiss these complaints as the outdated concerns of a bunch of guys who aren't down with the modern world.

Part of Facebook's difficulty with privacy issues is I'm sure the kind of interface design problem computer companies have struggled with for decades. In published comments, the company has referred to the conflict between granularity and simplicity: people want detailed choices but providing those makes the interface complex; simplifying the interface removes choice. I don't think this is an unsolvable problem; though it does require a new approach.

One thing I'd like Facebook to provide is a way of expiring data (which would solve a number of privacy issues) so that you could specify that anything posted on the site will be deleted after a certain amount of time has passed. Such a setup would also allow users to delete data posted before the beginning date of a new privacy regime. I'd also like to be able to export all my data in a format suitable for searching and archiving on my own system.

Zuckerberg was a little bit right, in that people are disclosing information to anybody who's interested in a way they didn't - couldn't - before. That doesn't, however, mean they're not interested in privacy; it means many think they are in private, talking to their friends, without understanding who else may be watching. It was doubtless that sort of feeling that ledPaul Chambers into trouble: a few days ago he was (in my opinion outrageously) fined £1,000 for sending a menacing message over a public telecommunications network.

I suppose Facebook can argue that the fact that 400 million people use their site means their approach can't be wholly unpopular. The number of people that have deleted their accounts since the latest opening-up announcements seems to be fairly small. But many more are there because they have to be: they have friends who won't communicate in any other way, or there are work commitments that require it. Facebook should remember that this situation came about because the company made promises about privacy. Reneging on those promises and thumbing your nose at people for being so stupid as to believe you invites a backlash.

Where Zuckerberg is wrong is to think that the errors people make in a new and unfamiliar medium where the social norms and community standards are still being defined means there's been a profound change in the world's social values. If it looks like that to rich geeks in California, it may be time for them to get out of Dodge.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series.

April 30, 2010

Child's play

In the TV show The West Wing (Season 6, Episode 17, "A Good Day") young teens tackle the president: why shouldn't they have the right to vote? There's probably no chance, but they made their point: as a society we trust kids very little and often fail to take them or their interests seriously.

That's why it was so refreshing to read in 2008's < a href="">Byron Review the recommendation that we should consult and listen to children in devising programs to ensure their safety online. Byron made several thoughtful, intelligent analogies: we supervise as kids learn to cross streets, we post warning signs at swimming pools but also teach them to swim.

She also, more controversially, recommended that all computers sold for home use in the UK should have Kitemarked parental control software "which takes parents through clear prompts and explanations to help set it up and that ISPs offer and advertise this prominently when users set up their connection."

The general market has not adopted this recommendation; but it has been implemented with respect to the free laptops issued to low-income families under Becta's £300 million Home Access Laptop scheme, announced last year as part of efforts to bridge the digital divide. The recipients - 70,000 to 80,000 so far - have a choice of supplier, of ISP, and of hardware make and model. However, the laptops must meet a set of functional technical specifications, one of which is compliance with PAS 74:2008, the British Internet safety standard. That means anti-virus, access control, and filtering software: NetIntelligence.

Naturally, there are complaints; these fall precisely in line with the general problems with filtering software, which have changed little since 1996, when the passage of the Communications Decency Act inspired 17-year-old Bennett Haselton to start Peacefire to educate kids about the inner working of blocking software - and how to bypass it. Briefly:

1. Kids are often better at figuring out ways around the filters than their parents are, giving parents a false sense of security.

2. Filtering software can't block everything parents expect it to, adding to that false sense of security.

3. Filtering software is typically overbroad, becoming a vehicle for censorship.

4. There is little or no accountability about what is blocked or the criteria for inclusion.

This case looks similar - at first. Various reports claim that as delivered NetIntelligence blocks social networking sites and even Google and Wikipedia, as well as Google's Chrome browser because the way Chrome installs allows the user to bypass the filters.

NetIntelligence says the Chrome issue is only temporary; the company expects a fix within three weeks. Marc Kelly, the company's channel manager, also notes that the laptops that were blocking sites like Google and Wikipedia were misconfigured by the supplier. "It was a manufacturer and delivery problem," he says; once the software has been reinstalled correctly, "The product does not block anything you do not want it to." Other technical support issues - trouble finding the password, for example - are arguably typical of new users struggling with unfamiliar software and inadequate technical support from their retailer.

Both Becta and NetIntelligence stress that parents can reconfigure or uninstall the software even if some are confused about how to do it. First, they must first activate the software by typing in the code the vendor provides; that gets them password access to change the blocking list or uninstall the software.

The list of blocked sites, Kelly says, comes from several sources: the Internet Watch Foundation's list and similar lists from other countries; a manual assessment team also reviews sites. Sites that feel they are wrongly blocked should email NetIntelligence support. The company has, he adds, tried to make it easier for parents to implement the policies they want; originally social networks were not broken out into their own category. Now, they are easily unblocked by clicking one button.

The simple reaction is to denounce filtering software and all who sail in her - censorship! - but the Internet is arguably now more complicated than that. Research Becta conducted on the pilot group found that 70 percent of the parents surveyed felt that the built-in safety features were very important. Even the most technically advanced of parents struggle to balance their legitimate concerns in protecting their children with the complex reality of their children's lives.

For example: will what today's children post to social networks damage their chances of entry into a good university or a job? What will they find? Not just pornography and hate speech; some parents object to creationist sites, some to scary science fiction, others to Fox News. Yesterday's harmless flame wars are today's more serious cyber-bullying and online harassment. We must teach kids to be more resilient, Byron said; but even then kids vary widely in their grasp of social cues, common sense, emotional make-up, and technical aptitude. Even experts struggle with these issues.

"We are progressively adding more information for parents to help them," says Kelly. "We want the people to keep the product at the end. We don't want them to just uninstall it - we want them to understand it and set the policies up the way they want them." Like all of us, Kelly thinks the ideal is for parents to engage with their children on these issues, "But those are the rules that have come along, and we're doing the best we can."

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 26, 2010

Sung heroines

There are more of them than you think; there are fewer of them than there should be. We are talking, of course, about geek girls. Er: women in science and technology.

To be sure, there are some benefits to being one of only a few women. Being a woman at a geek conference means never having to stand on line to use the bathroom.

Not long after I started working as a technology journalist, a friend at MIT commented to me in passing that the early computer programmers were women. By then it was the 1990s and the predominant image of anyone doing anything with computers was male. So women in technology have a long, if hidden history. There may not be an overlooked Rosalind Franklin for every Crick and Watson, but there are definitely enough to write home about.

Wednesday was, by the style and grace of Suw Charman-Anderson (founding director of the Open Rights Group and social media consultant), Ada Lovelace Day, an effort to get everyone to blog about the women they admired in science and technology to highlight the contributions of women to science and technology. (I like Buffy, the Vampire Slayer as much as the next person, but I still don't think the very fictional Buffy Summers and Willow Rosenberg qualify as "women in science and technology". Perspective, folks!)

My favorite among the blog postings I've read is the story of the poster's grandmother, Jean Valentine, one of a group of women assigned to help work on the Bombe, Alan Turing's world war-winning crypto-cracking project at Bletchley Park, where she is now a tour guide (and probably being told more technical detail about the work she did than she was allowed to know at the time!).

There are, of course, many science and technology women I know but didn't see listed. Here are a few.

Rebecca Mercuri published her doctoral dissertation on electronic voting in 2000, about six months before the whole chad debacle the following November.

Susan Landau was for many years a Distinguished Engineer at Sun; she is author of several books on the inner workings and history of wiretapping and other privacy issues, and has a long list of awards and honors. And, years before Ada Lovelace's birthday became a thing, she founded ResearcHers, a mailing list for women computer science researchers and co-created the ACM-W Athena lectures to celebrate women researchers.

One woman worth mentioning who did make it onto several people's blogs is Hedy Lamarr, who besides her career as a movie star (of which she memorably commented that anyone can look glamorous if she stands still and looks stupid) was co-inventor of frequency hopping, a technique used to encrypt radio signals. It was her contribution to the war effort and is used now by the mobile phone industry. You have to be really smart to know how to look that glamorous. The EFF granted her a Pioneer Award in 1997.

Amy Bruckman works on education through designing online communities. In her Ada Lovelace Day blog post she talks about the expanding range of women in her classes.

For a lawyer Lilian Edwards is pretty geeky.
Ellen Ullman is a former software engineer, essayist, and author whose books ought to be required reading for anyone, male or female, working in technology. In Close to the Machine: Technophilia and Its Discontents she talks about the way the cold, discrete logic of computer systems changes their owners and specifiers, removing human compromise and understanding. In The Bug she charts the inner life of a programmer who spends a year trying to resolve a single bug in a program. Both are excellent.

Also not on anyone's list, I think, is the math teacher I had in junior high school, Nancy Rosenberg. In the interstices of teaching geometry and trigonometry, she introduced us to the work of Martin Gardner, whose mathematical games she loved (for years, my father and I played Nim on placemats in restaurants while waiting for food). She had ideas for cartoons that today would be huge hit on YouTube to illustrate geometrical concepts. She was funny, smart, direct, and forthright, and talked about whatever was exercising her most at the time. She once stopped whatever she was supposed to be teaching us, swore us all to secrecy, and proceeded to read us the first chapter of the book she was reading because she thought it was so screamingly funny. The book was Portnoy's Complaint. In my entire school career, I had only three teachers who really made a difference in my life; Rosenberg's was probably the most significant, since she got me interested in math and science and directed me to Gardner, who was of key importance in leading me to the skeptics. Not exactly a heroine, because for one thing I think she would have found that ridiculous. But an excellent teacher and the kind of geek girl who makes a lot more geek girls.

Happy belated Ada Lovelace Day.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 19, 2010

Digital exclusion: the bill

The workings of British politics are nearly as clear to foreigners as cricket; and unlike the US there's no user manual. (Although we can recommend Anthony Trollope's Palliser novels and the TV series Yes, Minister as good sources of enlightenment on the subject.) But what it all boils down to in the case of the Digital Economy Bill is that the rights of an entire nation of Internet users are about to get squeezed between a rock and an election unless something dramatic happens.

The deal is this: the bill has completed all the stages in the House of Lords, and is awaiting its second reading in the House of Commons. Best guesses are that this will happen on or about March 29 or 30. Everyone expects the election to be called around April 8, at which point Parliament disbands and everyone goes home to spend three weeks intensively disrupting the lives of their constituency's voters when they're just sitting down to dinner. Just before Parliament dissolves there's a mad dash to wind up whatever unfinished business there is, universally known as the "wash-up". The Digital Economy Bill is one of those pieces of unfinished business. The fun part: anyone who's actually standing for election is of course in a hurry to get home and start canvassing. So the people actually in the chamber during the wash-up while the front benches are hastily agreeing to pass stuff thought on the nod are likely to be retiring MPs and others who don't have urgent election business.

"What we need," I was told last night, "is a huge, angry crowd." The Open Rights Group is trying to organize exactly that for this Wednesday, March 24.

The bill would enshrine three strikes and disconnection into law. Since the Lords' involvement, it provides Web censorship. It arguably up-ends at least 15 years of government policy promoting the Internet as an engine of economic growth to benefit one single economic sector. How would the disconnected vote, pay taxes, or engage in community politics? What happened to digital inclusion? More haste, less sense.

Last night's occasion was the 20th anniversary of Privacy International (Twitter: @privacyint), where most people were polite to speakers David Blunkett and Nick Clegg. Blunkett, who was such a front-runner for a second Lifetime Menace Big Brother Award that PI renamed the award after him, was an awfully good sport when razzed; you could tell that having his personal life hauled through the tabloid press in some detail has changed many of his views about privacy. Though the conversion is not quite complete: he's willing to dump the ID card, but only because it makes so much more sense just to make passports mandatory for everyone over 16.

But Blunkett's nearly deranged passion for the ID card was at least his own. The Digital Economy Bill, on the other hand, seems to be the result of expert lobbying by the entertainment industry, most especially the British Phonographic Industry. There's a new bit of it out this week in the form of the Building a Digital Economy report, which threatens the loss of 250,000 jobs in the UK alone (1.2 million in the EU, enough to scare any politician right before an election). Techdirt has a nice debunking summary.

A perennial problem, of course, is that bills are notoriously difficult to read. Anyone who's tried knows these days they're largely made up of amendments to previous bills, and therefore cannot be read on their own; and while they can be marked up in hypertext for intelligent Internet perusal this is not a service Parliament provides. You would almost think they don't really want us to read these things.

Speaking at the PI event, Clegg deplored the database state that has been built up over the last ten to 15 years, the resulting change in the relationship between citizen and state, and especially the omission that, "No one ever asked people to vote on giant databases." Such a profound infrastructure change, he argued, should have been a matter for public debate and consideration - and wasn't. Even Blunkett, who attributed some of his change in views to his involvement in the movie Erasing David (opening on UK cinema screens April 29), while still mostly defending the DNA database, said that "We have to operate in a democratic framework and not believe we can do whatever we want."

And here we are again with the Digital Economy Bill. There is plenty of back and forth among industry representatives. ISPs estimate the cost of the DEB's Web censorship provisions at up to £500 million. The BPI disagrees. But where is the public discussion?

But the kind of thoughtful debate that's needed cannot take place in the present circumstances with everyone gunning their car engines hoping for a quick getaway. So if you think the DEB is just about Internet freedoms, think again; the way it's been handled is an abrogation of much older, much broader freedoms. Are you angry yet?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 26, 2010

The community delusion

The court clerk - if that's the right term - seemed slightly baffled by the number of people who showed up for Tuesday's hearing in Simon Singh v. British Chiropractic Association. There was much rearrangement, as the principals asked permission to move forward a row to make an extra row of public seating and then someone magically produced eight or ten folding chairs to line up along the side. Standing was not allowed. (I'm not sure why, but I guess something to do with keeping order and control.)

It was impossible to listen to the arguments without feeling a part of history. Someday - ten, 50, 150 years from now - a different group of litigants will be sitting in that same court room or one very like it in the same building and will cite "our" case, just as counsel cited precedents such as Reynolds and Branson v Bower. If Singh's books don't survive, his legal case will, as may the effects of the campaign to reform libel law (sign the petition!) it has inspired and the Culture, Media, and Sport report (Scribd) that was published on Wednesday. And the sheer stature of the three judges listening to the appeal - Lord Chief Justice Lord Judge (to Americans: I am not making this up!), Master of the Rolls Lord Neuberger, and Lord Justice Sedley - ensures it will be taken seriously.

There are plenty of write-ups of what happened in court and better-informed analyses than I can muster to explain what it means. The gist, however: it's too soon to tell which pieces of law will be the crucial bits on which the judges make their decision. They certainly seemed to me to be sympathetic to the arguments Singh's counsel, Adrienne Page QC, made and much less so to the arguments the BCA's counsel, Heather Rogers QC. But the case will not be decided on the basis of sympathy; it will be decided on the basis of legal analysis. "You can't read judges," David Allen Green (aka jackofkent) said to me over lunch. So we wait.
But the interesting thing about the case is that this may be the first important British legal case to be socially networked: here is a libel case featuring no pop stars or movie idols, and yet they had to turn some 20 or 30 people away from the courtroom. Do judges read Twitter?

Beginning with Howard Rheingold's 1993 book The Virtual Community, it was clear that the Net's defining characteristic as a medium is its enablement of many-to-many communication. Television, publishing, and radio are all one-to-many (if you can consider a broadcaster/publisher a single gatekeeper voice). Telephones and letters are one-to-one, by and large. By 1997, business minds, most notably John Hagel III and Arthur Armstrong in net.gain, had begun saying that the networked future of businesses would require them to build communities around themselves. I doubt that Singh thinks of his libel case in that light, but today's social networks (which are a reworking of earlier systems such as Usenet and online conferencing systems) are enabling him to do just that. The leverage he's gained from that support is what is really behind both the challenge to English libel law and the increasing demand for chiropractors generally to provide better evidence or shut up.

Given the value everyone else, from businesses to cause organizations to individual writers and artists, places on building an energetic, dedicated, and active fan base, it's surprising to see Richard Dawkins, whose supporters have apparently spent thousands of unpaid hours curating his forums for him, toss away what by all accounts was an extraordinarily successful community supporting his ideas and his work. The more so because apparently Dawkins has managed to attract that community without ever noticing what it meant to the participants. He also apparently has failed to notice that some people on the Net, some of the time, are just the teeniest bit rude and abusive to each other. He must lead a very sheltered life, and, of course, never have moderated his own forums.

What anyone who builds, attracts, or aspires to such a community has to understand from the outset is that if you are successful your users will believe they own it. In some cases, they will be right. It sounds - without having spend a lot of time poring over Dawkins' forums myself - as though in this case in fact the users, or at least the moderators, had every right to feel they owned the place because they did all the (unpaid) work. This situation is as old as the Net - in the days of per-minute connection charges CompuServe's most successful (and economically rewarding to their owners) forums were built on the backs of volunteers who traded their time for free access. And it's always tough when users rediscover the fact that in each individual virtual community, unlike real-world ones, there is always a god who can pull the plug without notice.

Fortunately for the causes of libel law reform and requiring better evidence, Singh's support base is not a single community; instead, it's a group of communities who share the same goals. And, thankfully, those goals are bigger than all of us.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. I would love to hear ( from someone who could help me figure out why this blog vapes all non-spam comments without posting them.

January 29, 2010

Game night

Why can't computer games get any serious love? The maverick Labour MP Tom Watson convened a meeting this week to ask just that. (Watson is also pushing for the creation of an advocacy group, Gamers' Voice (Facebook).) From the dates, the meeting is not in response to claims that playing computer games causes rickets.

Pause to go, "Huh?"

We all know what causes rickets in the UK. Winter at these crazy high latitudes causes rickets in the UK. Given the amount of atmosphere and cloud it has to get through in the darker months, sunlight can't muster enough oomph to make Vitamin D on the skins of the pasty, blue-white people they mostly have here. The real point of the clinical review paper that kicked off this round of media nonsense, Watson rants, is that half of all UK adults are deficient in Vitamin D in the winter and spring. Well, duh. Wearing sunscreen has made it worse. So do clothes. And this: to my vast astonishment on arrival here they don't put Vitamin D in the milk. But, hey, let's blame computer games!

And yet: games are taking over. In December Chart-Track market researchfound that the UK games industry is now larger than its film industry. Yesterday's game-playing kids are today's game-playing parents. One day we'll all be gamers on this bus. Criminals pay more for stolen World of Warcraft accounts than for credit card accounts (according to Richard Bartle), and the real-money market for virtual game world props is worth billions (PDF). But the industry gets no government support. Hence Watson's meeting.

At this point, I must admit that net.wars, too, has been deficient: I hardly ever cover games. As a freelance, I can't afford to be hooked on them, so I don't play them, so I don't know enough to write about them. In the early-to-mid 1990s I did sink hours into Hitchhiker's Guide to the Galaxy, Minesweeper, Commander Keen, Lemmings, Wolfenstein 3D, Doom, Doom 2, and some of Duke Nukem. At some point, I decided it was a bad road. When I waste time unproductively I need to feel that I'm about to do something useful. I switched the mouse to the left hand, mostly for ergonomic reasons, and my slightly lower competence with it was sufficient to deter further exploration. The other factor: Quake made it obvious that I'd reached my theoretical limit.

I know games are different now. I've watched a 20-something friend play World of Warcraft and Grand Theft Auto; I've even traded deaths with him in one of those multiplayer games where your real-life best friends are your mortal enemies. Watching him play The Sims as a recalcitrant teenager (is there any other kind?) was the most fun. It seemed like Cosmic Justice to see him shriek in frustration at the computer because the adults in his co-op household were *refusing to wash the dishes*. Ha!

For people who have jobs, games are a (sometimes shameful) hobby; for people who are self-employed they are a dangerous menace. Games are amateur sports without the fresh air. And they are today's demon medium, replacing TV, comic books (my parents believed these rotted the brain), and printed multi-volume novels. All of that contributes to why games get relatively little coverage outside of specialist titles and writers such as Aleks Krotoski and are studied by rare academics like Douglas Thomas and Richard Bartle.

Except: it's arguable that the structure of games and the kind of thinking they require - logical, problem-solving, exploratory, experimental - does in fact inspire a kind of mental fitness that is a useful background skill for our computer-dominated world. There are, as Tom Chatfield, one of the evening's three panelists and an editor at Prospect, says in his new book Fun, Inc, many valuable things people can and do learn from games. (I once watched an inveterate game-playing teen extract himself from the maze at Hampton Court in 15 seconds flat.)

And in fact, that's the thought with which the seminal game cum virtual world was started: in writing MUD, Bartle wanted to give people the means to explore their identities by creating different ones.

It's also fun. And an escape from drab reality. And a challenge. And active, rather than passive, entertainment. The critic Sam Leith (who has compared World of Warcraft to Chartres Cathedral) pointed out that the violent shoot-'em-up games that get the media attention are a small, stereotyped sector of the market that deliberately insert shocking violence recursively to get media attention and increase sales. Limiting the conversation to one stereotypical theme is the problem, not games themselves.

Philip Oliver, founder and CEO of the UK's large independent games developer, Blitz Games, listed some cases in point: in their first 12 weeks of release his company sold 500,000 copies of its The Biggest Loser TV and 3.8 million copies of its Burger King advertising game. And what about that wildly successful Wii Fit?

If you say, "That's different", there is the problem.

Still, if game players are all going to be stereotyped as violent players shooting things...I'm not sure who pointed out that the Houses of Parliament are a fabulous gothic castle in which to set a shoot-'em-up, but it's a great idea. Now, that would really be government support!

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on , or send email to (but please turn off HTML).

January 9, 2010

Car talk

The most interesting thing I've heard all week was a snippet on CNBC in which a commentator talked about cars going out of style. The story was that in 2009 the US fleet of cars shrank by four million. That is, four million cars were scrapped without being replaced.

The commentator and the original story have a number of reasons: increasing urbanization, uncertainty about oil prices, frustration about climate change, and so on. But the really interesting trend is a declining interest in cars on the part of young people. (Presumably these are the same young people who don't watch enough TV.)

A pause to reminisce. In 1967, when I was 13, my father bought a grey Mercedes 230SL with a red interior. It should tell you something when I say that I don't like sports cars, have always owned Datsuns/Nissans (including a pickup truck and two Prairies), and am not really interested in cars that aren't mine but I still remember the make and model number of this car from 42 years ago. I remember hoping he wouldn't trade it in before I turned 16 and was old enough to drive. (He did. Nerts.)

When, at 21, I eventually did get my own first car (a medium blue Nissan 710 station wagon with a white leather-like interior), it felt like I had finally achieved independence. Having a car meant that I could leave my parents' house any time I wanted. The power of that was shocking; it utterly changed how I felt about being in their home.

In London, I hardly drive. The public transportation is too good and the traffic too dense. There are exceptions, of course, but the fact is that it would be cheaper for me to book a taxi every time I needed a car than it is to own one. And yet, the image of being behind the wheel on the open road, going nowhere and everywhere retains its power.

People think of the US as inextricably linked to car culture, but the fact is that our national love affair with the car is quite recent and was imposed on us. The 1988 movie Who Framed Roger Rabbit? had it right: at one time even Los Angeles had a terrific public transportation system. But starting in 1922, General Motors, acting in concert with a number of oil companies, most notably Chevron, deliberately set out to buy up and close down thousands of municipal streetcar systems. The scheme was not popular: people did not want to have to buy cars.

CNBC's suggestion was that today's young people find their independence differently: through their cell phones and the Internet. He has a point. As children, many baby boomers shared bedrooms with siblings. Use of the family phone was often restricted. The home was most emphatically not a place where a young adult could expect any privacy.

Today, kids go out less, first because their parents worry about their safety, later because their friends and social lives are on tap from the individual bedrooms they now tend to have. And even if they have to share the family computer and use it in a well-trafficked location, they can carve themselves out a private space inside their phones, by text if not by voice.

The Internet's potential to destroy or remake whole industries is much discussed: see also newspapers, magazines, long-distance telecommunications, music, film, and television. The "Google decade" so many commentators say is ending is, according to Slate, just the beginning of how Google, all by itself, will threaten industries: search portals, ad agencies, media companies, book publishers, telephone companies, Mapquest, soon smart phone manufacturers, and then the big man on campus, Microsoft.

But if there's one thing we know, it's that technology companies are bad bets because they can be and are challenged when the next wave comes along. Who thought ten years ago that Microsoft wouldn't kill everyone else in its field? Twenty years ago, IBM was the unbeatable gorilla.

The happening wave is mobile phones, and it isn't at all clear that Google will dominate, any more than Microsoft has succeeded in dominating the Internet. But the interesting thing is what mobile phones will kill. So far, it's made a dent in the watchmaking industry (because a lot of people carrying phones don't see why they need a watch, too). Similarly, smart phones have subsumed MP3 players, pocket televisions. Now, cars. And, if I had to guess, smart phones will be the most popular vehicles for ebooks, too, and for news. Tim O'Reilly, for example, says that ebooks really began to take off with the iPhone. Literary agents and editors may love the Kindle, but consumers reading while waiting for trains are more likely to choose their phones. Ray Kurzweil is very likely right on track with his cross-platform ereader software, Blio.

All this seems to me to validate the questions we pose whenever we're asked to subsidize the entertainment industry in its struggle to find its feet in this new world. Is it the right business model? Is it the right industry? Is it the right time?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to

December 25, 2009

Second acts

Reviewing the big names of 2009 versus the big names of 1999 for ZDNet UK last week turned up some interesting trends there wasn't space to go into. Also worth noting: still unpublished is the reverse portion, looking at what the names who are Internet-famous in 2009 were doing in 1999. These were: Mark Zuckerberg (Facebook), Sergey Brin and Larry Page (Google), Rupert Murdoch, Barack Obama, and Jimmy Wales (Wikipedia).

One of the trends, of course, is the fact that there were so many women making technology headlines in 1999: Kim Polese (Marimba), Martha Lane Fox (, Carly Fiorina (running - and arguably nearly destroying - HP), Donna Dubinsky (co-founder of Palm), and Eva Pascoe (a media darling for having started the first Internet café, London's Cyberia, and writing a newspaper column). It isn't easy now to come up with names of similar impact in 2009.

You can come up with various theories about this. For example: the shrinking pipeline reported ten years ago by both the ACM and the BCS has borne fruit, so that there are actually fewer women available to play the prominent parts these women did. As against that (as a female computer scientist friend points out) one of the two heads of Oracle is female.

The other obvious possibility is the opposite: that women in prominent roles in technology companies have become so commonplace that they don't command the splashy media attention they did ten years ago. I doubt this; if they're commonplace, you'd expect to see some of their names in common use. I will say, though, that I know quite a few start-ups founded or co-founded by women. It was interesting to learn, in looking up Eva Pascoe's current whereabouts, that part of her goal in starting Cyberia was to educate women about the Internet. She was, of course, right: at the time, particularly in Britain, the attitude was very much that computers were boys' toys and few women then had found the confidence to navigate the online world.

The other interesting thing is the varying fortunes of the technologies the names represent. Some, such as Napster (Shawn Fanning), Netscape (Marc Andreesen) and Cyberia, live on through their successors. Others have changed much less: HP (Fiorina) is still with us, and Palm (Dubinsky and Jeff Hawkins) may yet manage a comeback. Symbian has achieved pretty much everything Colly Myers hoped.

Several of the technologies present the earliest versions of the hot topics of 2009, most notably Napster, which kicked off the file-sharing wars. If I were a music industry executive, I'd be thinking now that I was a numb-nut not to make a deal with the original Napster: it was a company with a central server. Suing it out of existence begat the distributed Gnutella, the even more distributed eDonkey, and then the peer-to-peer BitTorrent and all the little Torrents. Every year, more material is available online with or without the entertainment industry's sanction. This year's destructive industry proposal, three strikes, will hurt all sorts of people if it becomes law - but it will not stop file-sharing.

Of course, Napster's - and contemporary's - mistake was not being big enough. The Google Books case, one of the other big stories of the year, shows that size matters: had Brin and Page, still graduate students with an idea and some venture capital funding, tried scanning in library books in 1999 Google would be where Napster is now. Instead, of course, it's too big to fail.

The AOL/Time-Warner merger, for all that it has failed utterly, was the first warning of what has become a long-running debate about network neutrality. At the time, AOL was the biggest conduit for US consumer Internet access; merging with Time-Warner seemed to put dangerous control over that access in the hands of one of the world's largest owners of content. In the event, the marriage was a disastrous failure for both companies. But AOL, now divorced, may not be done yet: the "walled garden" approach to Internet content is finding new life with sites like Facebook. If, of course, it doesn't get run over by the juggernaut of 2009, Twitter.

If AOL does come back into style, it won't be the only older technology finding new life: the entire history of technology seems to be one of constant rediscovery. What, after all, is 2009's cloud computing but a reworking of what the 1960s called time-sharing?

Certainly, a revival of the walled garden would make life much easier for the >deep packet inspectors who would like to snoop intensively on all of us. Phorm, Home Office, it doesn't much matter: computers weren't really fast enough to peek inside data packets in real time much before this year.

One recently resurfaced name from the Net's early history that I didn't flag in the ZDNet piece is Sanford ("Spamford") Wallace, who in the late 1990s was widely blacklisted for sending spam email. By 1999, he had supposedly quit the business. And yet, this year he was convicted of 14,214,753 violations of the CAN-SPAM anti-spam act and told to pay Facebook more than $711 million. How times do not change.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to

December 19, 2009

Little black Facebook

Back in 2004, the Australian privacy advocate and consultant Roger Clarke warned about the growth of social networks. In his paper Very Black 'Little Black Books' he warned of the privacy implications inherent in posting large amounts of personal data to these sites. The primary service Clarke talks about in that paper is Plaxo, though he also mentions the Google's then newly-created Orkut, as well as, various dating sites, and, on the business side, LinkedIn.

The gist: posting all that personal data (especially in the case of Plaxo, to which users upload their entire address books) is a huge privacy risk because the business models for such sites are still unknown.

"The only logical business model is the value of consumers' data," he told me for a piece I wrote on social networks in 2004. "Networking is about viral marketing, and that's one of the applications of social networking. It's social networks in order to achieve economic networks."

In the same interview, Clarke predicted the future for such networks and their business models: "My expectation would be that if they were rational accumulators of data about individuals they wouldn't be caught out abusing until they had a very nice large collection of that data. It doesn't worry me if they haven't abused yet; they will abuse."

Cut to this week, when Facebook - which wouldn't even exist until two years after that interview - suddenly changed its privacy defaults to turn the service inside out. Gawker calls the change a great betrayal, and says, "The company has, in short, turned evil."

The change in a nutshell: Facebook changed the default settings on its privacy controls, so that information that was formerly hidden by default is now visible to default - and not just to people on Facebook but to the Internet at large. The first time I logged on after the change, I got a confusing screen asking me to choose among the privacy options for each of a number of different types of data - open, or "old settings". I stared at it: what were the old settings?

Less than a week after the changes were announced, ten privacy organizations, led by the Electronic Privacy Information Center and including the American Library Association, the Privacy Rights Now Coalition, and the Bill of Rights Foundation, filed a complaint with the Federal Trade Commission (PDF) asking the FTC to enjoin Facebook's "unfair and deceptive business practices" and compel the company to restore its earlier privacy settings and allow complete opt-out, as well as give users more effective control over their data.

The "walled garden" approach to the Net is typically loathed when it's applied to, say, general access to the Internet. But the situation is different when it's applied to personal information; Facebook's entire appeal to its users is based on the notion that it's a convenient way to share stuff with their friends that they don't want to open up to the entire Internet. If they didn't care, they'd put it all on blogs, or family Web sites.

"I like it," one friend told me not long ago, "because I can share pictures of my kids with my family and know no one else can see them."

My guess is that Facebook's owners have been confused by the success of Twitter. On Twitter, almost everything is public: what you post, who you follow, who follows you, and the replies you send to others' messages. All of that is easily searchable by Google, and Tweets show up with regularity in public search results.

But Twitter users know that everything is public, and (one hopes) moderate their behavior accordingly. Facebook users have populated the service with personal chatter and photos of each other at private moments precisely because they expected that material to remain private. (Although: Joseph Bonneau at the University of Cambridge noticed last May that even deleted photos didn't always remain private.) You can understand Facebook's being insecure about Twitter. Twitter is the fastest-growing social network and the one scooping all the media attention (because if ever there were a service designed for the butterfly mentality of journalists, this is it). The fact that Tweets are the same length as Facebook status updates may have led Facebook founding CEO Mark Zuckerberg et al to think that competing with Twitter means implementing the same features that make Twitter so appealing.

Of course, Facebook has done this in a typically Facebookish sort of way, in that the interface is typically clunky and unpleasant (the British journalist Andrew Brown once commented that the Facebook user interface could drive one to suicide.) Hence the need for a guide to reprivatizing your account.

But adding mobile phone connections is one thing; upending users' expectations of your service is another. There is a name for selling a product based on one description and supplying something different and less desirable: bait and switch.

It is as Roger Clarke said five years ago: sooner or later, these companies have to make money. Social networks have only two real assets: their users' desire to keep using their service, and the mass of data users keep giving them. They're not charging users. What does that leave as a business strategy?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to

October 23, 2009

The power of Twitter

It was the best of mobs, it was the worst of mobs.

The last couple of weeks have really seen the British side of Twitter flex its 140-character muscles. First, there was the next chapter of the British Chiropractic Association's ongoing legal action against science writer Simon Singh. Then there was the case of Jan Moir, who wrote a more than ordinarily Daily Mailish piece for the Daily Mail about the death of Boyzone's Stephen Gately. And finally, the shocking court injunction that briefly prevented the Guardian from reporting on a Parliamentary question for the first time in British history.

I am on record as supporting Singh, and I, too, cheered when, ten days ago, Singh was granted leave to appeal Justice Eady's ruling on the meaning of Singh's use of the word "bogus". Like everyone, I was agog when the BCA's press release called Singh "malicious". I can see the point in filing complaints with the Advertising Standards Authority over chiropractors' persistent claims, unsupported by the evidence, to be able to treat childhood illnesses like colic and ear infections.

What seemed to edge closer to a witch hunt was the gleeful take-up of George Monbiot's piece attacking the "hanging judge", Justice Eady. Disagree with Eady's ruling all you want, but it isn't hard to find libel lawyers who think his ruling was correct under the law. If you don't like his ruling, your correct target is the law. Attacking the judge won't help Singh.

The same is not true of Twitter's take-up of the available clues in the Guardian's original story about the gag to identify the Parliamentary Question concerned and unmask Carter-Ruck, the lawyers who served it and their client, Trafigura. Fueled by righteous and legitimate anger at the abrogation of a thousand years of democracy, Twitterers had the PQ found and published thousands of times in practically seconds. Yeah!

Of course, this phenomenon (as I'm so fond of saying) is not new. Every online social medium, going all the way back to early text-based conferencing systems like CIX, the WELL, and, of course, Usenet, when it was the Internet's town square (the function in fact that Twitter now occupies) has been able to mount this kind of challenge. Scientology versus the Net was probably the best and earliest example; for me it was the original net.war. The story was at heart pretty simple (and the skirmishes continue, in various translations into newer media, to this day). Scientology has a bunch of super-secrets that only the initiate, who have spent many hours in expensive Scientology training, are allowed to see. Scientology's attempts to keep those secrets off the Net resulted in their being published everywhere. The dust has never completely settled.

Three people can keep a secret if two of them are dead, said Mark Twain. That was before the Internet. Scientology was the first to learn - nearly 15 years ago - that the best way to ensure the maximum publicity for something is to try to suppress it. It should not have been any surprise to the BCA, Trafigura, or Trafigura's lawyers. Had the BCA ignored Singh's article, far fewer people would know now about science's dim view of chiropractic. Trafigura might have hoped that a written PQ would get lost in the vastness that is Hansard; but they probably wouldn't have succeeded in any case.

The Jan Moir case, and the demonstration outside Carter-Ruck's offices are, however rather different. These are simply not the right targets. As David Allen Green (Jack of Kent) explains, there's no point in blaming the lawyers; show your anger to the client (Trafigura) or to Parliament.

The enraged tweets and Facebook postings about Moir's article helped send a record number of over 25,000 complaints to the Press Complaints Commission, whose Web site melted down under the strain. Yes, the piece was badly reasoned and loathsome, but isn't that what the Daily Mail lives for? Tweets and links create hits and discussion. The paper can only benefit. In fact, it's reasonable to suppose that in the Trafigura and Moir cases both the Guardian and the Daily Mail manipulated the Net perfectly to get what they wanted.

But the stupid part about let's-get-Moir is that she does not *matter*. Leave aside emotional reactions, and what you're left with is someone's opinion, however distasteful.

This concerted force would be more usefully turned to opposing the truly dangerous. See for example, the AIDS denialism on parade by Fraser Nelson at The Spectator. The "come-get-us" tone e suggests that they saw attention New Humanist got for Caspar Melville's mistaken - and quickly corrected - endorsement of the film House of Numbers and said, "Let's get us some of that." There is no more scientific dispute about whether HIV causes AIDS than there is about climate change or evolutionary theory.

If we're going to behave like a mob, let's stick to targets that matter. Jan Moir's column isn't going to kill anybody. AIDS denialism will. So: we'll call Trafigura a win, chiropractic a half-win, and Moir a loser.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to

October 16, 2009

Unsocial media

"No one under 30 will use email," the convenor objected.

There was a bunch of us, a pre-planning committee for an event, and we were talking about which technology we should have the soon-to-be appointed program committee use for discussions. Email! Convenient. Accessible by computer or phone. Easily archived, forwarded, quoted, or copied into any other online medium. Why are we even talking about this?

And that's when he said it.

Not so long ago, if you had email you were one of the cool kids, the avant-garde who saw the future and said it was electronic. Most of us spent years convincing our far-flung friends and relatives to get email so we didn't have to phone or - gasp - write a letter that required an envelope and a stamp. Being told that "email is for old people" is a lot like a 1960s "Never trust anyone over 30" hippie finding out that the psychedelic school bus he bought to live in to support the original 1970 Earth Day is a gas-guzzling danger to the climate and ought to be scrapped.

Well, what, then? (Aside: we used to have tons of magazines called things like Which PC? and What Micro? to help people navigate the complex maze of computer choices. Why is there no magazine called Which Social Medium??)

Facebook? Clunky interface. Not everyone wants to join. Poor threading. No easy way to export, search, or archive discussions. IRC or other live chat? No way to read discussion that took place before you joined the chat. Private blog with comments and RSS? Someone has to set the agenda. Twitter? Everything is public, and if you're not following all the right people the conversation is disjointed and missing links you can't retrieve. IM? Skype? Or a wiki? You get the picture.

This week, the Wall Street Journal claimed that "the reign of email is over" while saying only a couple of sentences later, "We all still use email, of course." Now that the Journal belongs to Rupert Murdoch, does no one check articles for sense?

Yes, we all still use email. It can be archived, searched, stored locally, read on any device, accessed from any location, replied to offline if necessary, and read and written thoughtfully. Reading that email is dead is like reading, in 2000, that because a bunch of companies went bust the Internet "fad" was over. No one then who had anything to do with the Internet believed that in ten years the Internet would be anything but vastly bigger than it was then. So: no one with any sense is going to believe that ten years from now we'll be sending and receiving less email than we are now. What very likely will be smaller, especially if industrial action continues, is the incumbent postal services.

What "No one under 30 uses email" really means is that it's not their medium of first choice. If you're including college students, the reason is obvious: email is the official stuff they get from their parents and universities. Facebook, MySpace, Twitter, and texting is how they talk to their friends. Come the day they join the workforce, they'll be using email every day just like the rest of us - and checking the post and their voicemail every morning, too.

But that still leave the question: how do you organize anything if no one can agree on what communications technology to use? It's that question that the new Google Wave is trying to answer. It's too soon, really, to tell whether it can succeed. But at a guess, it lacks one of the fundamental things that makes email such a lowest common denominator: offline storage. Yes, I know everything is supposed to be in "the cloud" and even airplanes have wifi. But for anything that's business-critical you want your own archive where you can access it when the network fails; it's the same principle as backing up your data.

Reviews vary in their take on Wave. LifeHacker sees it as a collaborative tool. ZDNet UK editor Rupert Goodwins briefly called it Usenet 2.0 and then retracted and explained using the phrase "unified comms".

That, really, is the key. Ideally, I shouldn't have to care whether you - or my fellow committee members - prefer to read email, participate in phone calls (via speech-to-text, text-to-speech synthesizers), discuss via Usenet, Skype, IRC, IM, Twitter, Web forums, blogs, or Facebook pages. Ideally, the medium you choose should be automatically translated in to the medium I choose. A Babel medium. The odds that this will happen in an age when what companies most want is to glue you to their sites permanently so they can serve you advertising are very small.

Which brings us back to email. Invented in an era when the Internet was commercial-free. Designed to open standards, so that anyone can send and receive it using any reader they like. Used, in fact, to alert users to updates they want to know about to their accounts on Facebook/IRC/Skype/Twitter/Web forums. Yes, it's overrun with corporate CYA memos and spam. But it's still the medium of record - and it isn't going anywhere. Whereas: those 20-somethings will turn 30 one day soon.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series. Readers are welcome to post here, follow on follow on Twitter, or send email to (but please turn off HTML).

August 7, 2009

The five percent solution

So much has been said about Australia's Internet filtering this year that nearby New Zealand's project has mostly escaped notice. The plan is to implement filtering sometime in the next couple of months. Unlike the UK, where the blocklist is maintained by the Internet Watch Foundation under a voluntary arrangement, in New Zealand the list is being administered by the Department of Internal Affairs.

It turns out that the technology New Zealand is putting in place is coming into use in the UK, courtesy of Watchdog International, which recently signed a deal to supply it to Talk Internet.

Watchdog's managing director, Peter Mancer, says the idea for the technical implementation comes from Sweden.

"I was impressed at the cooperation of police and NGOs," he said of the work he observed there, "but I don't like DNS poisoning. It's not effective enough and it's too broad a brush, and my ten-year-old can bypass it by putting someone else's DNS servers in the browser settings. But it's easy to employ from the ISP's point of view." DNS poisoning - or rather, blocking selected domains - is, of course, what is implemented in the UK through BT's Cleanfeed.

The system Mancer was shown by the Swedish royal technical college and now supplies via his company relies instead on Border Gateway Protocol, or BGP, the core routing protocol of the Internet. Users don't interact with it directly; it's used among ISPs to route traffic correctly. In New Zealand's case, the necessary servers are all managed and hosted by the government. Mancer's explanation: "All ISPs connect to those servers via Internet tunnels using BGP, so the URL list is managed independently of the ISPs, and there is very little cost to the ISP - a few configurations and they're connected to it."

The point for the UK: Cleanfeed requires implementation effort from the ISP. If you're Virgin or another huge ISP, you have sufficient resources and in-house expertise to do it. But the difficulty and expense is, says Mancer, one of the reasons why smaller ISPs haven't adopted it - and why the percentage of British consumer broadband users covered by the IWF blocklist has remained stuck at 90 to 95 percent for years.

Smaller ISPs, says Mancer, "find it quite a challenge. Cleanfeed is not suitable for a lot of ISPs, and there's no commercially available system." So, he says, to the "remaining 5 percent tail which the Home Office and the government keep jumping up and down about a commercially available solution is more attractive." Watchdog's system starts at €2,000 per year, or about £200 per month, and the cost per user goes down as the number of users goes up. Despite the horrid economics of running a small ISP, 5p per customer per month ought in theory to be affordable.

All of this leads back to the question we posed in a panel at this year's Computers, Freedom, and Privacy conference: can the Internet still route around censorship? Images of child abuse (the IWF's preferred term) are illegal in most countries.

Even the US is beginning to show signs of moving in the hotline-voluntary blocklist direction. Last year, for example, Qwest began blocking access to a list of sites that the National Center for Missing and Exploited Children has identified as containing child pornography. (This is not, by the way, a violation of the First Amendment right to free speech as far as I can make out. The First Amendment says, "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." It does not prohibit private companies like Qwest from making their own rules, a reality that seems to be widely misunderstood.)

Mancer himself is passionate on the topic: "I sat on a Swedish hotline and took some of the reports and looked at sites. It really does impact you, and it's worth fighting against." He adds, "We're a bit frustrated. We believe we have a good solution that's affordable, but a lot of ISPs are sitting on the fence." There isn't, he concludes, enough pressure.

Given some odds and ends of possible failures - the link to Watchdog's servers has to stay up, the ISP has to configure its systems correctly - Watchdog's system seems likely to be hard for Web users to bypass, although Richard Clayton, the expert in these matters, queries whether the technology will be able to track changes fast enough to deal with the fast-flux technology in use on botnets.

But Clayton also sugests that blocking Web sites is becoming quaintly old-fashioned.

"The IWF list is down to c. 400 sites (from 1500+, of which about 1/3 are 'free' sites - ie: a single phone call would remove the material)," he said by email. In other words, the Web may not be able to bypass the technology - but things like TOR, Freenet, closed peer-to-peer networks, and that wacky darknet-in-a-browser project showed off at Black Hat last week probably can because they were deliberately created to bypass the domain name system entirely. The Web is not the Internet. The Web may no longer be able to route around censorship, but the Internet still can in the time-honored way: by changing technologies. Originally, John Gilmore's aphorism referred to...Usenet.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter, or send email to

May 8, 2009

Automated systems all the way down

Are users getting better or worse?

At what? you might ask. Naturally: at being thorns in the side of IT security people. Users see security as damage, and route around it.

You didn't need to look any further than this week's security workshop, where this question was asked, to see this principle in action. The hotel-supplied wireless was heavily filtered: Web and email access only, no VPNs, "undesirable" sites blocked. Over lunch, the conversation: how to set up VPNs using port 443 to get around this kind of thing. The perfect balanced sample: everyone's a BOFH *and* a hostile user. Kind of like Jacqui Smith, who has announced plans to largely circumvent the European Court of Human Rights' ruling that Britain has to remove the DNA of innocent people from the database. Apparently, this government perceives European law as damage.

But the question about users was asked seriously. The workshop gathered security folks from all over to brain storm and compare notes: what are the emerging security threats? What should we be worrying about? And, most important, what should people be researching?

Three working groups - smart environments, malware and fraud, and critical systems - came up with three different lists, mostly populated with familiar stuff - but the familiar stuff keeps going and getting worse. According to Symantec's latest annual report spam, for example, was up 162 percent in 2008 over 2007, with a total of 349.6 billion messages sent - simply a staggering waste of resources. What has changed is targeting; new attacks are short-lived, small distribution affairs - much harder to shut down.

Less familiar to me was the "patch window" problem, which basically goes like this: it takes 24 hours for 80 percent of Windows users to get a new patch from Windows Update. An attacker who downloads the patch as soon as it's available can quickly - within minutes - reverse-engineer it to find out what bug(s) it's fixing. Then the attacker has most of a day in which to exploit the bug. Last year, Carnegie-Mellon's David Brumley and others found a way to automate this process (PDF). An ironic corollary: the more bug-free the program, the easier a patch window attack becomes. Various solutions were discussed for this, none of them entirely satisfactory; the most likely was to roll out the patch locked, and distribute a key only after the download cycle is complete.

But back to the trouble with users: systems are getting more and more complex. A core router now has 5,000 lines of code; an edge router 11,000. Someone has to read and understand all those lines. And that's just one piece. "Today's networks are now so complex we don't understand them any more," said Cisco's Michael Behrenger. Critical infrastructures need to be more like the iPhone, a complex system that nonetheless just about anyone can operate.

As opposed, I guess, to being like what most people have now: systems that are a mish-mash of strategies for getting around things that don't work. But I do see his point. Once you could debug even a large network by reading the entire configuration. Pause to remember the early days of Demon Internet, when the technical support staff would debug your connection by directly editing the code of the dial-up software we were all using, KA9Q. If you'd taken *those* humans out of the system, no one could have gotten online.

It's my considered view that while you can blame users for some things - the one in 12.5 million spam recipients Christian Kreibich said actually buys the pharma products so advertised springs to mine - blaming them in general is a lot like the old saw about how "only a poor workman blames his tools". It's more than 20 years since Donald Norman pointed out in The Design of Everyday Things that user error is often a result of poor system design. Yet a depressing percentage of security folks complaining about system complexity don't even know his name and a failure to understand human factors is security's single biggest failure.

Joseph Bonneau made this point in a roundabout way by considering Facebook which, he said, really is inventing the Web - not just in the rounded corners sense, but in the sense of inventing its own protocols for things for which standards already exist. Plus - and more important for the user question - it's training users to do things that security people would rather they didn't, like click on emailed links without checking the URLs. "Social networks," he said, "are repeating all the Web's security problems - phishing, spam, 419 scams, identity theft, malware, cross-site scripting, click fraud, stalking...privacy is the elephant in the room." Worse, "They really don't yet have a business model, which makes dealing with security difficult."

It's a typical scenario in computing, where each new generation reinvents every wheel. And that's the trouble with automation with everything, too. Have these people never used voice menus?

Get rid of the humans and replace them with automated systems that operate perfectly, great. But won't humans have to write the automated systems? No, automated systems will do that. And who will program those? Computers. And who...

Never mind.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to follow (and reply) on , post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

May 1, 2009

Twit crit

In his book Learning How to Learn the Sufi author and teacher Idries Shah listed the stages of Western criticism before it can stop:
1. It is impossible.
2. It is possible, but it is useless.
3. It is useful, but I knew about it all the time.

Twitter seems to be somewhere between stage one and stage two. Stage one, in Twitter's case, I guess would be the assumption that while the technology was possible no one would ever, every want to use it. There's some logic to that. I think everyone I've talked to agrees that the first thing they thought the first time they saw Twitter was: "That is the silliest use of technology I ever saw."

Stage two is: anyone who would actually use Twitter is sad and pathetic, and why would you want to read all the time that some friend has just had a cup of coffee or brushed his teeth?

Stage two is: Twitter is a fad. Don't click on that and give Business Week the satisfaction of its own stupidity. The summary: Twitter's retention rate is lower than that of Facebook and MySpace at the same stage in their development. And it cites the survey everyone was talking about on Tuesday before swine flu turned everyone into hypochondriacs, Nielsen Online's study that showed that 60 percent of the people who join Twitter don't come back the following month. (The arrival of Oprah should speed up departures.) As compared to Facebook, with a 70 percent retention rate. I'd say that's deceptive; Facebook probably thinks it's retained me, but in fact I just let Twitter feed it, and ignore it hugely otherwise.

Stage two is: well, yeah, we use it, and our friends use it, and our number of followers keeps growing and we keep following more people, and it's really useful to us, but it's still nonsense, do you hear?

Cut to March 2000, when the stock market crashed. (How much would you give to be having that crash right now instead of the one we're actually having?) "See? We told you the Internet was a fad," people said. That is, people who weren't in the technology business. While watching technology shares plummet, every single technologically literate person, if asked, agreed that the Internet would be bigger in 2005 than it was in 2000 and by a lot. They were all absolutely correct, too.

Twitter is not a fad. Twitter the company may or may not survive, but five years from now platforms to support microblogging - short messages integrated across Web, mobile phones, PDAs, and other clients - will be all over the place. Eventually, every company will have one running on its intranet alongside its Web server, instant messaging, email, and voice calling software and people will be in stage three.

My simplest explanation of Twitter is this: Twitter is where the online party is this week. It was on Internet Relay Chat, Usenet, bulletin boards, CompuServe, mailing lists, CIX, and the WELL in the 1980s and early 1990s; then it was on the Web; then blogs. Now it's on Twitter, which is sucking the life out of a lot of people's blogs the same way online technologies have plundered each other before. The 140-character limit forces people to be succinct; no one message can eat up your time the way someone who buys his electrons by the barrel can on older systems. There are no flame wars (yet) because a) although you *can* be abusive in 140 characters (you pointless waste of space) back-and-forth conversations don't tend to last that long and b) the idiots haven't arrived yet (or if they have, no one follows them). There is just the zeitgeist; if you pick correctly you can follow the stream-of-thought of interesting people you could not access in such compact form in any other way. RSS, be damned.

Others have suggested that the Nielsen study is flawed: are people leaving or have they abandoned the Web interface (featureless and clunky) for desktop clients (featureful and functional) or mobile phones (mobile!)? If they're not posting, does that mean they've gone, that they are lurkers (as are 90 percent of the users of any given online discussion forum), or that they only use Twitter for direct messages (which don't show up to outsiders)? Used over the Web, Twitter does seem a pointless and dispensable entertainment; the key to its usefulness as a tool is the third-party clients and the mobile connections.

Nielsen responded to these criticisms by expanding the study to 30 more Web sites and applications - and got the same result. But in restating that a retention rate of 40 percent is a problem for Twitter the company also proved Twitter's usefulness: the immediacy and breadth of the response forced it to do additional research to stand up its claims. Sometimes value isn't just quantitative.

The other complaint that's showing up this week is that - gasp! - people are posting information to it that is less than wholly accurate. My God, when did that last happen on the Internet?
Surely, we are only a week or two away from tabloid stories that terrorists, organized crime, child abusers, and drug dealers are using it and cries that we must shut down this latest scourge to civilization.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. On Twitter: wendyg.

March 20, 2009

The untweetable Xeroxness of being

So the other week I was chatting on Twitter across time and space with a Xerox machine from 1961... (As you do.)

At least, it said it was a Xerox machine. On the Internet, no one knows you're a coffee pot.

In fact, the conversation is less rational than that: it's a fictional Xerox machine.

The story begins with the brilliantly conceived and executed TV show Mad Men. Set in the 1960s in a Madison Avenue advertising agency of the kind my father worked with at that time (my father was a Manhattan printer from the 1920s to 1980s), the show's first season featured secretaries and a typing pool. At the beginning of the second season, which starts in February 1962, the office has a new arrival: a Xerox 914. The secretaries gape at it and admire its workings without quite realizing that the machine heralds the decline of secretarial careers, a process that will become complete when PCs arrive on every desktop. Like, now.

"There will be a little 914 in everything," the machine tweeted at one point, a nod to the fact that today's graphical interfaces were first dreamed up at Xerox's PARC research lab, doubtless funded by some of the 914's revenues.

Pause to look up the Xerox 914. It was, I read on Wikipedia, the first commercially successful plain-paper copier. Plain paper! In 1961 the only copy machines I ever got near used nasty thermal paper that got easily scuffed. In fact, I was still being rude about the local library's thermal paper fax in 1971. Sterling Cooper was an early adopter and a big spender on this one. Its number derived from the size of things it could copy: anything up to 9in by 14in.

Aaannyway, someone on WELL noted that the show's 914 had a Twitter account. I thought it was just amusing enough to follow. For months, it burped out a tweet at irregular intervals, a few weeks or a month apart. It's hinted at irregularities in the expense accounts filed by Pete Campbell (a character on the show who also has a Twitter feed), and admired Joan Holloway's figure (ditto). I don't follow the human characters. Human characters are a dime a dozen. It takes real talent to be a machine.

The other night, the machine went berserk and started pumping out URLs. No explanation of what they were, just shortened URLs. Ten or 20 at least, in the space of an hour or two. Finally, maddened, I sent the machine a message.

"Did squirrels get into the nuts in the writers' room, or what?" I demanded intemperately. I didn't expect an answer any more than I did on the day in 1979 at the Winnipeg Folk Festival, when I passed a guy pouring beer on his head and - well, I guess he thought it was - dancing, and muttered, just to vent, "First time on the planet, sir?" (Stan Rogers, who happened to be watching, reminded me of this incident several years later; apparently he liked the line so much he grabbed it and used it on hecklers throughout the rest of his career.)

The next morning, however, I found a message waiting: "My nuts are perfectly tight, thank you."

I posted this little exchange back onto the WELL, where someone less suspicious than I pointed out that the URLs the machine had been posting were links to pictures of other old Xerox machines and very early computers, plus one to a secret Fortran manual. The machine, in other words, was behaving exactly in character, excited because it had come across a treasure trove of pictures of friends, family, and...would that machine look sexy if you were a machine? Oh. It was surfing for *porn*.

It wasn't unreasonable to be suspicious. Spam has come to Twitter, as will become increasingly obvious over the next few months. I used "credit card" in a message this week, and almost instantly got a reply directing me to a site selling money management tools to help me pay off my credit cards. (My credit cards are perfectly tight, thank you.) And of course, someone could have hacked the machine's account, or the studio advertising department could have decided restraint was stupid. You just never know. But...I was wrong.

And so I told it, with an apology for not trusting it. It replied with nothing but a shortened URL that, when I clicked, displayed an empty page with a message in the title bar: " No apology needed @wendyg, I am only offended by shameless low voltage and the occasional body fluids on my glass." Hm.

But I'm still making this conversation sound more sensible than it was, because it's actually not clear which, if any, of the characters' Twitter feeds actually emanate from the show's broadcast channel, AMC, or from the show's production team. There was, some months back, a mini-war between the Twitterers and AMC, which issued DMCA notices to shut them down and then recanted. Xerox914's profile links to the real 914's Wikipedia entry; others link to fan blogs; a few go to AMC's site.

So start over.

The other week I was chatting on Twitter with a fake fictional Xerox machine from 1961. On the Internet, no one knows you're a piece of carbon paper...

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

February 14, 2009

The Gattaca in Gossip Girl

Spotted: net.wars obsessing over Gossip Girl instead of diligently reading up on the state of the data retention directive's UK implementation.

It's the cell phones. The central conceit of the show and the books that inspired it is this: an unseen single-person Greek (voiced by Kristen Bell in a sort of cross between her character on Veronica Mars and Christina Ricci's cynical, manipulative trouble-maker in The Opposite of Sex) chorus of unknown identity publishes - to the Web and by blast to subscribers' cell phones - tips and rumors about "the scandalous lives of Manhattan's elite".

The Upper East Siders she? reports on are, of course, the private high school teens whose centrally planned destiny is to inherit their parents' wealth, power, social circles, and Ivy League educations. These are teens under acute pressure to perform as expected, and in between obsessing about whether they can get into Yale (played on-screen by Columbia), they blow off steam by throwing insanely expensive parties, drinking, sexing, and scheming. All, of course, in expensive designer clothes and bearing the most character and product-placement driven selection of phones ever seen on screen.

Most of the plots are, of course, nonsense. The New Yorker more or less hated it on sight. Also my first reaction: I went, not to the school the books' author, Cecily von Ziegesar, did, but to one in the same class 25 years earlier and then to an Ivy League school. One of my closest high school friends grew up in - and his parents still live at - the building the inhabited in the series by teen queen Blair Waldorf. So I can assess the show's unreality firsthand. So can lots of other New Yorkers who are equally obsessed with the show: the New York Magazine runs a hysterically funny reality index recap of each episode of "the Greatest Show of Our Time", followed by a recap of the many comments.

But we never had the phones! Pink and flip, slider and black, Blackberries, red, gold, and silver phones! Behind the trashy drama portraying the ultra rich as self-important, stressed-out, miserable, self-absorbed, and mean is a fictional exploration of what life is like under constant surveillance by your peers.

Over the year and a half of the show's run - SPOILER ALERT - all sorts of private secrets have been outed on Gossip Girl via importunate camera phone and text message. Serena is spotted buying a pregnancy test (causing panic in at least two households); four characters are revealed at a party full of agog subscribers to be linked by a half-sibling they didn't know they had until the blast went out; and of course everyone is photographed kissing (or worse) the wrong person at some point. Exposure via Gossip Girl is also handy for blackmail (Blair), pre-emption (Chuck), lovesick yearning (Dan), and outing his sister's gay boyfriend (Dan).

"If you're sending tips to Gossip Girl, you're in the game with the rest of us," Jenny tells Dan, who had assumed his own moral superiority.

A lot of privacy advocates express concern that today's "digital natives" don't care about privacy, or at least, don't understand the potential consequences to their future job and education prospects of the decisions they make when they post the intimate details of their lives online. In fact, when this generation grows up they'll all be in the same boat, exposure wise.. Both in reality and in this fiction, the case is as it's usually been, that teens don't fear each other; they collude as allies to exclude their parents. That trope, too, is perfectly played on the show when Blair (again!) gets rid of a sociopathic interloper by going over the garden wall and calling her parents. This is not the world of David Brin's The Transparent Society, after all; the teens surveille each other but catch adults only by accident, though they take full advantage when they do.

"Gossip how we communicate," Blair says, trying to make one of her many vendettas seem normal.

Privacy advocates also often stress that surveillance chills spontaneous behaviour. Not here, or at least not yet. Instead, the characters manipulate and expose, then anguish when it happens to them. A few become inured.

Says Serena, trying to comfort Rachel Carr, the first teacher to be so exposed: "I've been on Gossip Girl plenty of times and for the worst things...eventually everyone forgets. The best thing to do with these things is nothing at all,"

Phones and Gossip Girl are not the only mechanisms by which the show's characters spy on and out each other. They use all the more traditional media, too - in-person interaction, mistaken identity (a masked ball!), rifling through each other's belongings, stolen phones, eavesdropping, accident, and, of course, the gossip pages of the New York press.

"It's anonymous, so no one really knows," Serena says, when asked who is behind the site. But she and all the others do know: the tips come from each other and from the nameless other students they ignore in the background. Gossip Girl merely forwards them, with commentary in her own style:

You know you love me.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

January 23, 2009

Will tweet for food

So we were at a thing in London this week where practically everyone was a Twitter user. Not surprising, since Twitter use has gone up nearly 1000 percent in the UK in the last year. As you do, we rehearsed various dissatisfactions with the service and wishes for feature improvements. Among them: people wished they could actually pay for the service so they could get it to do more of the stuff they want. There's something very odd about a company that people are so devoted to that they actually spend recreational time in a pub debating its business model. People were in love with Google in its early days, too, yet I don't remember pub chats about it.

That 1000 percent still makes Twitter tiny in context: it lags way behind Facebook, YouTube, Bebo, MySpace, and even Yahoo! Answers, as weirdly chaotic as that list is. YouTube compared with Twitter? As that article points out, the ecology of third-party software built around Twitter and automated feeds from Twitter into other sites like Facebook mean that many people use the service without ever accessing its Web site or even necessarily knowing they're reading a Twitter feed.

The existence of the third-party ecology is both a good and a bad sign. Good that people find the blogging-for-the-mobile-phone-generation platform so useful that they are willing to put in the effort. Bad, in the sense that it makes clear how utterly unusable Twitter is on its own. I've had an account for nearly two years, but left it mostly dormant until someone recommended Tweetdeck.

The whole conversation started because I was trying to find a tactful way of asking one of those present whether she could divide her Twitter feed into two: one for the really interesting work type stuff she does, and the other for the..."crap?" she said helpfully.

"It would be great if you could filter the feed by putting on "stop" words," someone said. Yes, and "go" words, too, so you could select what kind of thing you wanted to get when. You don't need many Twits on your list for the tweet stream to become unmanageable. Others have had this same thought and there is in fact something that does it.

Filtering would be a great thing because it's the lack of it that is the reason I've never dared turn on the switch that has Twitter send updates to my mobile phone. In the UK now, however, that element of the service is turned off. All to do with money, which mobile network operators tend to insist on and Internet users don't like to spend, leaving service providers squeezed in the middle.

"I'd pay for that," said one of the group. "The service is that useful to me."

"So would I," said someone else.

"Can't we make ask them?"

"Lots of people have tried."

Twitter's business model has in fact been the subject of some speculation even outside of pubs, and even ideas how to turn it into a billion-dollar company. It has, apparently, enough money to go on with from its funding rounds.

No one's actually sure exactly what Twitter's business model is, but it seems clear that charging for SMS updates isn't it. The site has no advertising (not even on its blog or home pages), and even if it did that ecology of desktop clients would render it moot anyway. It also seems that making life easy for third-party developers isn't necessarily it either. Twitter so far seems to be following in the footsteps of the early Web: if they come in sufficient numbers and you keep control a business model will present itself.

It worked for Google, the last successful company that fed a lot of similar speculation in its early days. Another parallel: those stories were written about Google in 2001-2002, just after the dot-com bust, when it was fashionable among Old Media to opine that New Media would never be able to grow up, move out, and make a living. Now, in this much worse economic crash, how will Twitter ever be able to leave home?

Some things clearly won't work. No matter how small, there is probably no number of ads that wouldn't send users fleeing to a Twitter competitor without them. Google locked in its users by being better than its competitors, by offering added services, and by acculturation: the more you learn about constructing good searches on Google the less you want to repeat the learning curve elsewhere. Social networks have proved in the long term to be more fungible: look at what happened to the well established discussion groups on early online services once everyone had access to the Internet.

More likely is the idea of marketing accounts, which is already happening anyway, built on the interests users indicate via their choices of whom to follow.

Our idea, which seemed logical in the pub: Twitter users start sending money to one of the company's email addresses using Paypal and force them to accept payment. Take control. Force a business model on them. Yeah!

It would be a great hack.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

January 2, 2009

No rest for 2009

It's been a quiet week, as you'd expect. But 2009 is likely to be a big year in terms of digital rights.

Both the US and the UK are looking to track non-citizens more closely. The UK has begun issuing foreigners with biometric ID cards. The US, which began collecting fingerprints from visiting tourists two years ago says it wants to do the same with green card holders. In other words, you can live in the US for decades, you can pay taxes, you can contribute to the US economy - but you're still not really one of us when you come home.

The ACLU's Barry Steinhardt has pointed out, however, that the original US-VISIT system actually isn't finished: there's supposed to be an exit portion that has yet to be built. The biometric system is therefore like a Roach Motel: people check in but they never leave.

That segues perfectly into the expansion of No2ID's "database state". The UK is proceeding with its plan for a giant shed to store all UK telecommunications traffic data. Building the data shed is a lot like saying we're having trouble finding a few needles in a bunch of haystacks so the answer is to build a lot bigger haystack.

Children in the UK can also look forward to ContactPoint (budget £22.4 million) going live at the end of January, only the first of several. The conservativers apparently have pledged to scrap ContactPoint in favor of a less expensive system that would track only children deemed to be at risk. If the conservatives don't get their chance to scrap it - probably even if they do - the current generation may be the last that doesn't get to grow up taking for granted that their every move is being tracked. Get 'em young, as the Catholic church used to say, and they're yours for life.

The other half of that is, of course, the National Identity Register. Little has been heard of the ID card in recent months; although the Home Office says 1,000 people have actually requested one. Since these have begun rolling out to foreigners, it's probably best to keep an eye on them.

On January 19, look for the EU to vote on copyright term extension in sound recordings. They have now: 50 years. They want: 95 years. The problem: all the independent reviewers agree it's a bad idea economically. Why does this proposal keep dogging us? Especially given that even the UK government accepts that recording contracts mean that little of the royalties will go to the musicians the law is supposedly trying to help, why is the European Parliament even considering it? Write your MEP. Meanwhile, the economic downturn reaches Cliff Richards; his earliest recordings begin entering the public domain...oh, look - yesterday, January 1, 2009.

Those interested in defending file-sharing technology, the public domain, or any other public interest in intellectual property will find themselves on the receiving end of a pack of new laws and initiatives out to get them.

The RIAA recently announced it would cease suing its customers in the US. It plans to "work with ISPs". Anyone who's been around the UK and France in recent months should smell the three-strikes policy that the Open Rights Group has been fighting against. ORG's going to find it a tougher battle, now that the govermment is considering a stick and carrot approach: make ISPs liable for their users' copyright infringement, but give them a slice of the action for legal downloads. One has to hope that even the most cash-strapped ISPs have more sense.

Last year's scare over the US's bald statement that customs authorities have the right to search and impound computers and other electronic equipment carried by travellers across the national borders will probably be followed up with lengthy protest over new rules known as the Anti-Counterfeiting Trade Agreement and being negotiated by the US, EU, Japan, and other countries. We don't know as much as we'd like about what the proposals actually are, though some information escaped last June. Negotiations are expected to continue in 2009.

The EU has said that it has no plans to search individual travellers, which is a relief; in fact, in most cases it would be impossible for a border guard to tell whether files on a computer were copyright violations. Nonetheless, it seems likely that this and other laws will make criminals of most of us; almost everyone who owns an MP3 player has music on it that technically infringes the copyright laws (particularly in the UK, where there is as yet no exemption for personal copying).

Meanwhile, Australia's new $44 million "great firewall" is going ahead despiteknown flaws in the technology. Nearer home, British Culture Secretary Andy Burnham would like to rate the Web, lest it frighten the children.

It's going to be a long year. But on the bright side, if you want to make some suggestions for the incoming Obama administration, head over to and add your voice to those assembling under "technology policy".

Happy new year!

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

November 28, 2008

Mother love

It will be very easy for people to take away the wrong lessons from the story of Lori Drew, who this week was found guilty of several counts of computer fraud in a case of cyberbullying that drove 13-year-old Missouri native Megan Meier to suicide.

The gist: in 2006, 49-year-old Lori Drew, a neighbor of Meier's who believed that Meier had spread gossip about her own 13-year-old daughter, a former friend. With help from her daughter and her 18-year-old assistant, Drew created a MySpace page belonging to a fictitious 16-year-old boy named Josh Evans. For some weeks Evans sent Meier flirtatious messages, then abruptly dumped her with a stream of messages and bulletings, ending with the message, "The world would be a better place without you." Meier, who had for five years been taking prescription medication for attention deficit disorder and depression, who was overweight and lacked self-esteem, hanged herself.

The story is a horror movie for parents. This is a teen who was, her mother said in court, almost always supervised in her Internet use. In fact, Meier and Drew's daughter had, some months earlier, created a fake MySpace page to talk to boys online, an escapade that caused Meier's mother to close down her MySpace access for some months. On the day of Meier's suicide, her mother was on her way to the orthodontist with her younger daughter when Meier, distraught, reported the stream of unpleasant messages. Her mother told her to sign off. She didn't; when her mother came home there was a brief altercation; they found her 20 minutes later.

The basic elements of the story are not, of course, new. Identity deception is as old as online services; the best-known early case was that of Joan, a CompuServe forum regular who for more than two years in the early 1990s claimed to be a badly disabled former neuropsychologist whose condition made her reluctant to meet people, especially her many online friends. Joan was in fact a fictional character, the increasingly elaborate creation of a male New York psychiatrist named Alex.

Cyberbullying is, of course, also not new. You can go back to the war between alt.tasteless and rec.pets.cats in 1992, if you like, but organized playground behavior seems to flourish in every online medium. Gail Williams, the conference manager at the WELL, said about ten years ago that a lot of online behavior seems to be people working our their high school angst, and nothing has changed in the interim except that a lot of people online now actually still in high school. And unfortunately for them, the people they're working out their high school angst with are bigger, older, more experienced, and a lot savvier about where to stick in the virtual knife. People can be damned unpleasant sometimes.

But let's look at the morals people are finding. EfluxMedia:
The case of Megan Meier calls for boundaries when it comes to cyberbullying and the use of social networking sites in general, but also calls for reason. Social networking sites and the Internet in general have become more than just virtual realities, they are now part of our everyday lives, and they influence us in ways that we cannot ignore. What we must learn from this is that our actions may have unimaginable consequences on other people, even when it comes to the Internet, so think twice before you act.

Boundaries? Meier was far more rigorously supervised online than the average teen. Who's going to supervise the behavior of a 49-year-old woman to make sure she doesn't cross the line?

More to the point, the court's verdict found that Drew had broken federal laws concerning computer fraud. Is it hacking to set up a pseudonymous MySpace page and send fraudulent postings? The MySpace's 2006 terms and conditions required registration information to be truthful and banned harassment and sexual exploitation. Have MySpace's terms become federal law?

The answer is probably that there was no properly applicable law. We've seen that situation before, too - Robert Schifreen and Steve Gold were prosecuted under the laws against wire fraud. The eventual failure of the case on appeal proved the need for the Computer Misuse Act and comparable laws against hacking elsewhere in the world. Ironically, these laws are now showing their limits, too, as the Drew case proves. We can now, I suppose, expect to see a lot of proposals for laws banning cyberbullying under which people like Drew could be more correctly prosecuted.

But the horror movie is only partly about online; online, in this case MySpace, allowed the hoaxers to post "Josh Evans'" bare-chested photo. The same kind of hoax, with hardly less impact, could have been carried out by letter and poster. Wanda Holloway didn't need online to contract to muder her daughter's more successful cheerleading rival.

Ultimately, the lesson we should be learning is the same one we heard at this year's Computers, Freedom, and Privacy conference: just like rape and incest, you are more at risk for harassment and cyberbullying from people you know. Unfortunately, most such law seems to be written with the idea that it's strangers who are dangerous.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

October 24, 2008

Living by numbers

"I call it tracking," said a young woman. She had healthy classic-length hair, a startling sheaf of varyingly painful medical problems, and an eager, frequent smile. She spends some minutes every day noting down as many as 40 different bits of information about herself: temperature, hormone levels, moods, the state of the various medical problems, the foods she eats, the amount and quality of sleep she gets. Every so often, she studies the data looking for unsuspected patterns that might help her defeat a problem. By this means, she says she's greatly reduced the frequency of two of them and was working on a third. Her doctors aren't terribly interested, but the data helps her decide which of their recommendations are worth following.

And she runs little experiments on herself. Change a bunch of variables, track for a month, review the results. If something's changed, go back and look at each variable individually to find the one that's making the difference. And so on.

Of course, everyone with the kind of medical problem - diabetes, infertility, allergies, cramps, migraines, fatigue - that medicine can't really solve - has done something like this for generations. Diabetics in particularly have long had to track and control their blood sugar levels. What's different is the intensity - and the computers. She currently tracks everything in an Excel spreadsheet, but what she's longing for is good tools to help her with data analysis.

From what Gary Wolf, the organizer of this group, Quantified Self, says - about 30 people are here for its second meeting, after hours at Palo Alto's Institute for the Future to swap notes and techniques on personal tracking - getting out of the Excel spreadsheet is a key stage in every tracker's life. Each stage of improvement thereafter gets much harder.

Is this a trend? Co-founder Kevin Kelley thinks so, and so does the Washington Post, which covered this group's first meeting. You may not think you will ever reach the stage of obsession that would lead you to go to a meeting about it, but in fact, if the interviews I did with new-style health companies in the past year is any guide, we're going to be seeing a lot of this in the health side of things. Home blood pressure monitors, glucose tests, cholesterol tests, hormone tests - these days you can buy these things in Wal-Mart.

The key question is clearly going to be: who owns your health data? Most of the medical devices in development assume that your doctor or medical supplier will be the one doing the monitoring; the dozens of Web sites highlighted in that Washington Post article hope there's a business in helping people self-track everything from menstrual cycles to time management. But the group in Palo Alto are more interested in self-help: in finding and creating tools everyone can use, and in interoperability. One meeting member shows off a set of consumer-oriented prototypes - bathroom scale, pedometer, blood pressure monitor, that send their data to software on your computer to display and, prospectively, to a subscription Web site. But if you're going to look at those things together - charting the impact of how much you walk on your weight and blood pressure - wouldn't you also want to be able to put in the foods you eat? There could hardly be an area where open data formats will be more important.

All of that makes sense. I was less clear on the usefulness of an idea another meeting member has - he's doing a start-up to create it - a tiny, lightweight recording camera that can clip to the outside of a pocket. Of course, this kind of thing already has a grand, old man in the form of Steve Mann, who has been recording his life with an increasingly small sheaf of devices for a couple of decades now. He was tired, this guy said, of cameras that are too difficult to use and too big and heavy; they get left at home and rarely used. This camera they're working on will have a wide-angle lens ("I don't know why no one's done this") and take two to five pictures a second. "That would be so great," breathes the guy sitting next to me.

Instantly, I flash on the memory of Steve Mann dogging me with flash photography at Computers, Freedom, and Privacy 2005. What happens when the police subpoenas your camera? How long before insurance companies and marketing companies offer discounts as inducements to people to wear cameras and send them the footage unedited so they can study behavior they currently can't reach?

And then he said, "The 10,000 greatest minutes of your life that your grandchildren have to see," and all you can think is, those poor kids.

There is a certain inevitable logic to all this. If retailers, manufacturers, marketers, governments, and security services are all convinced they can learn from data mining us why shouldn't we be able to gain insights by doing it ourselves?

At the moment, this all seems to be for personal use. But consider the benefits of merging it with Web 2.0 and social networks. At last you'll be able to answer the age-old question: why do we have sex less often than the Joneses?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

September 26, 2008

Wimsey's whimsy

One of the things about living in a foreign country is this: every so often the actual England I live in collides unexpectedly with the fictional England I grew up with. Fictional England had small, friendly villages with murders in them. It had lowering, thick fogs and grim, fantastical crimes solvable by observation and thought. It had mathematical puzzles before breakfast in a chess game. The England I live in has Sir Arthur Conan Doyle's vehement support for spiritualism, traffic jams, overcrowding, and four million people who read The Sun.

This week, at the GikIII Workshop, in a break between Internet futures, I wandered out onto a quadrangle of grass so brilliantly and perfectly green that it could have been an animated background in a virtual world. Overlooking it were beautiful, stolid, very old buildings. It had a sign: Balliol College. I was standing on the quad where, "One never failed to find Wimsey of Balliol planted in the center of the quad and laying down the law with exquisite insolence to somebody." I know now that many real people came out of Balliol (three kings, three British prime ministers, Aldous Huxley, Robertson Davies, Richard Dawkins, and Graham Greene) and that those old buildings date to 1263. Impressive. But much more startling to be standing in a place I first read about at 12 in a Dorothy Sayers novel. It's as if I spent my teenaged years fighting alongside Angel avatars and then met David Boreanaz.

Organised jointly by Ian Brown at the Oxford Internet Institute and the University of Edinburgh's Script-ed folks, GikIII (prounounced "geeky") is a small, quirky gathering that studies serious issues by approaching them with a screw loose. For example: could we control intelligent agents with the legal structure the Ancient Romans used for slaves (Andrew Katz)? How sentient is a robot sex toy? Should it be legal to marry one? And if my sexbot rapes someone, are we talking lawsuit, deactivation, or prison sentence (Fernando Barrio)? Are RoadRunner cartoons all patent applications for devices thought up by Wile E. Coyote (Caroline Wilson)? Why is The Hound of the Baskervilles a metaphor for cloud computing (Miranda Mowbray)?

It's one of the characteristics of modern life that although questions like these sound as practically irrelevant as "how many angels, infinitely large, can fit on the head of a pin, infinitely small?", which may (or may not) have been debated here seven and a half centuries ago, they matter. Understanding the issues they raise matters in trying to prepare for the net.wars of the future.

In fact, Sherlock Holmes's pursuit of the beast is metaphorical; Mowbray was pointing out the miasma of legal issues for cloud computing. So far, two very different legal directions seem likely as models: the increasingly restrictive EULAs common to the software industry, and the service-level agreements common to network outsourcing. What happens if the cloud computing company you buy from doesn't pay its subcontractors and your data gets locked up in a legal battle between them? The terms and conditions in effect for warn that the service has 30 days to hand back your data if you terminate, a long time in business. Mowbray suggests that the most likely outcome is EULAs for the masses and SLAs at greater expense for those willing to pay for them.

On social networks, of course, there are only EULAs, and the question is whether interoperability is a good thing or not. If the data people put on social networks ("shouldn't there be a separate disability category for stupid people?" someone asked) can be easily transferred from service to service, won't that make malicious gossip even more global and permanent? A lot of the issues Judith Rauhofer raised in discussing the impact of global gossip are not new to Facebook: we have a generation of 35-year-olds coping with the globally searchable history of their youthful indiscretions on Usenet. (And WELL users saw the newly appointed CEO of a large tech company delete every posting he made in his younger, more drug-addled 1980s.) The most likely solution to that particular problem is time. People arrested as protesters and marijuana smokers in the 1960s can be bank presidents now; in a few years the work force will be full of people with Facebook/MySpace/Bebo misdeeds and no one will care except as something laugh at drunkenly late out in the pub.

But what Lilian Edwards wants to know is this: if we have or can gradually create the technology to make "every ad a wanted ad" - well, why not? Should we stop it? Online marketing is at £2.5 billion a year according to Ofcom, and a quarter of the UK's children spend 22 hours a week playing computer games, where there is no regulation of industry ads and where Web 2.0 is funded entirely by advertising. When TV and the Internet roll together, when in-game is in-TV and your social network merges with megamedia, and MTV is fully immersive, every detail can be personalized product placement. If I grew up five years from now, my fictional Balliol might feature Angel driving across the quad in a Nissan Prairie past a billboard advertising airline tickets.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

April 4, 2008

Million-dollar baby

The first time I saw James Randi he was hauling a load of fresh chicken guts out of a guy's stomach.

Of course, in my eagerness to make it sound like a good story I've jazzed that up a bit. The chicken guts were real and the guy's stomach was real (he was an innocent audience member who'd been recruited for the purpose of demonstration), but the pull-outage was clever sleight-of-hand. The year was 1982 and the occasion was a lecture demonstration at Cornell University. The point was demonstrating how "psychic surgeons" achieve their effects.

The next time I'll see James Randi is on April 19, when he's giving a talk at Conway Hall, in London. I don't think chicken guts will be involved, though a number of other prominent skeptics will also be speaking and you just never know.

It was Randi's ability to demonstrate plausible explanations for the apparently inexplicable that blew me away on that particular day. A lot of people like to claim that skeptics are closed-minded, but in fact it seems to me that the key to skepticism is tolerance of uncertainty and patience. A skeptic sitting in an empty house and hearing inexplicable creaking thinks, "I wonder what that is." A believer thinks, "Must be a ghost." Randi never claimed to be able to explain everything, but he went a long way toward showing me that things that friends thought must be inexplicable might still have natural explanations if you had the patience to wait to find out what they were and the right kind of mind to. A lie goes round the world while the truth is still putting its boots on; it takes seconds to claim something's paranormal but years of research to find out the truth.

One of the sad things about science these days is that so many disciplines require so much expensive equipment and funding that it's hard for an amateur to make much of a contribution. There are, to be sure, exceptions: some friends on Crete were successful in finding the nests of griffin vultures and did a lot of work keeping count, and anyone can look for fossils and hope to fill in a gap in the record. But few can afford their own radio telescope, particle collider, or climate modelling supercomputer. Randi showed that amateurs with a particular bent - a knowledge of stage magic and deception - were more effective at assessing paranormal claims than many scientists.

None of this would qualify Randi as a subject for net.wars except that recently he's been the subject of Usenet spam. Most people who do not participate in Usenet are under the impression that all newsgroups drowned under email levels of spam long ago. But in fact until the last month, when the Chinese apparently discovered Usenet, spam levels have been negligible for quite a few years now. Once Web boards, blogs, and social networks got going Usenet became even more of a minority pastime than it was in its heyday. Spamming Usenet doesn't cost much, but why bother when the audience is relatively tiny?

But people who want to boast that they've bested James Randi apparently want to lump themselves in with ads for cheap knockoffs of Nike shoes, Breitling watches, and Prada handbags. And so a version of this message began popping up randomly. It is, of course, all over the Net by now, and there's not a lot anyone can do other than debunk it and hope someone notices.
To deal with the most trivial bit, the bit that asks if James Randi is "even a real name". Well, it's not the name Randi was born with, although it's a modification of his first and middle names. But he's been using it consistently for something over 50 years, and it is his legal name. So it's real enough for all intents and purposes.

The million-dollar challenge was a relative newcomer that had its origins in a similar $10,000 challenge that Randi had going for more than 30 years. The increased money made the challenge a much juicier story, of course. But as this rational game theoryish analysis of the challenge makes clear, the challenge was only ever likely to attract the deluded. As I understand it, the mailbag got ridiculous in both size and content. There's plenty of evidence for that; the apparent basis of the claim that Randi was beaten is impenetrable. It is true, though, that until the beginning of this year the challenge rules stated that the prize would continue to be offered until it was awarded, including after Randi's death. Now, it ends March 6, 2010. (Get your claim in now!)

The end of the challenge is the end of an era for skeptics. For years, if any paranormal claimant was particularly insistent that he could dowse for oil or read minds we could say, "If you're so psychic, why ain't you taking Randi's challenge?" Now, my god - we're going to have to think of new stuff to say.

Meantime, come watch Randi in person and find out about the kinds of tests he's been doing all these years.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

March 14, 2008

Uninformed consent

Apparently the US Congress is now being scripted by Jon Stewart of the Daily Show. In a twist of perfect irony, the House of Representatives has decided to hold its first closed session in 25 years to debate - surveillance.

But it's obvious why they want closed doors: they want to talk about the AT&T case. To recap: AT&T is being sued for its complicity in the Bush administration's warrantless surveillance of US citizens after its technician Mark Klein blew the whistle by taking documents to the Electronic Frontier Foundation (which a couple of weeks ago gave him a Pioneer Award for his trouble).

Bush has, of course, resisted any effort to peer into the innards of his surveillance program by claiming it's all a state secret, and that's part of the point of this Congressional move: the Democrats have fielded a bill that would give the whole program some more oversight and, significantly, reject the idea of giving telecommunications companies - that is, AT&T - immunity from prosecution for breaking the law by participating in warrantless wiretapping. 'Snot fair that they should deprive us of the fun of watching the horse-trading. It can't, surely, be that they think we'll be upset by watching them slag each other off. In an election year?

But it's been a week for irony, as Wikipedia founder Jimmy Wales has had his sex life exposed when he dumped his girlfriendand been accused of - let's call it sloppiness - in his expense accounts. Worse, he stands accused of trading favorable page edits for cash. There's always been a strong element of Schadenpedia around, but the edit-for-cash thing really goes to the heart of what Wikipedia is supposed to be about.

I suspect that nonetheless Wikipedia will survive it: if the foundation has the sense it seems to have, it will display zero tolerance. But the incident has raised valid questions about how Wikipedia can possibly sustain itself financially going forward. The site is big and has enviable masses of traffic; but it sells no advertising, choosing instead to live on hand-outs and the work of volunteers. The idea, I suppose, is that accepting advertising might taint the site's neutral viewpoint, but donations can do the same thing if they're not properly walled off: just ask the US Congress. It seems to me that an automated advertising system they did not control would be, if anything, safer. And then maybe they could pay some of those volunteers, even though it would be a pity to lose some of the site's best entertainment.

With respect to advertising, it's worth noting that Phorm, which we is under increasing pressure. Earlier this week, we had an opportunity to talk to Kent Ertegrul, CEO of Phorm, who continues to maintain that Phorm's system, because it does not store data, is more protective of privacy than today's cookie-driven Web. This may in fact be true.

Less certain is Ertegrul's belief that the system does not contravene the Regulation of Investigatory Powers Act, which lays down rules about interception. Ertegrul has some support from a informal letter from the Home Office whose reasoning seems to be that if users have consented and have been told how they can opt out, it's legal. Well, we'll see; there's a lot of debate going on about this claim and it will be interesting to hear the Information Commissioner's view. If the Home Office's interpretation is correct, it could open a lot of scope for abusive behavior that could be imposed upon users simply by adding it to the terms of service to which they theoretically consent when they sign up, and a UK equivalent of AT&T wanting to assist the government with wholesale warrantless wiretapping would have only to add it to the terms of service.

The real problem is that no one really knows how Phorm's system works. Phorm doesn't retain your IP address, but the ad servers surely have to know it when they're sending you ads. If you opt out but can still opt back in (as Ertegrul said you can), doesn't that mean you still have a cookie on your system and that your data is still passed to Phorm's system, which discards it instead of sending you ads? If that's the case, doesn't that mean you can not opt out of having your data shared? If that isn't how it works, then how does it work? I thought I understood it after talking to Ertegrul, I really did - and then someone asked me to explain how Phorm's cookie's usefulness persisted between sessions, and I wasn't sure any more. I think the Open Rights Group: Phorm should publish details of how its system works for experts to scrutinize. Until Phorm does that the misinformation Ertegrul is so upset about will continue. (More disclosure: I am on ORG's Advisory Council.

But maybe the Home Office is on to something. Bush could solve his whole problem by getting everyone to give consent to being surveilled at the moment they take US citizenship. Surely a newborn baby's footprint is sufficient agreement?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to (but please turn off HTML).

February 22, 2008


There is a certain kind of mentality that is actually proud of not understanding computers, as if there were something honorable about saying grandly, "Oh, I leave all that to my children."

Outside of computing, only television gets so many people boasting of their ignorance. Do we boast how few books we read? Do we trumpet our ignorance of other practical skills, like balancing a cheque book, cooking, or choosing wine? When someone suggests we get dressed in the morning do we say proudly, "I don't know how"?

There is so much insanity coming out of the British government on the Internet/computing front at the moment that the only possible conclusion is that the government is made up entirely of people who are engaged in a sort of reverse pissing contest with each other: I can compute less than you can, and see? here's a really dumb proposal to prove it.

How else can we explain yesterday's news that the government is determined to proceed with Contactpoint even though the report it commissioned and paid for from Deloitte warns that the risk of storing the personal details of every British child under 16 can only be managed, not eliminated? Lately, it seems that there's news of a major data breach every week. But the present government is like a batch of 20-year-olds who think that mortality can't happen to them.

Or today's news that the Department of Culture, Media, and Sport has launched its proposals for "Creative Britain", and among them is a very clear diktat to ISPs: deal with file-sharing voluntarily or we'll make you do it. By April 2009. This bit of extortion nestles in the middle of a bunch of other stuff about educating schoolchildren about the value of intellectual property. Dare we say: if there were one thing you could possibly do to ensure that kids sneer at IP, it would be to teach them about it in school.

The proposals are vague in the extreme about what kind of regulation the DCMS would accept as sufficient. Despite the leaks of last week, culture secretary Andy Burnham has told the Financial Times that the "three strikes" idea was never in the paper. As outlined by Open Rights Group executive director Becky Hogge in