Blown To Bits

Archive for December, 2009

Who Put the Viagra In My Google?

Thursday, December 31st, 2009 by Harry Lewis

Google Alerts are emailed notices of new items on the Web relevant to your favorite search terms. I have alerts set on my own name and the names of my books, etc. It;s a way to keep up to date on, well, mostly on the careers of the other Harry Lewises — one is a police chief somewhere, one is a football player in some minor pro league, and one is a race horse.

You should set some up too, especially if you don’t get enough email. By setting up multiple alerts, you can keep your inbox quite full of stuff, some of which may even be relevant to your life.

I have the preferences set so I get alerts of blog entries mentioning me, and my own posts on this blog come back to me as alerts. Here is one I got this morning:

We Always Have The Cheapest Offers In Our Online-Drugstore » Blog 
By Harry Lewis
Wednesday, December 30th, 2009 by Harry Lewis. In the New York Times, buy viagra, travelers and privacy experts present their views on whether the millimeter-wave scanners I discussed yesterday are an unacceptable invasion of privacy. 
Blown to Bits –

You will notice that the subject line, about a drug store, is not in the original post; nor is the phrase “buy viagra” which has been inserted into the text. I’ve checked the HTML code of the web page to make sure there isn’t any hidden text that Google picked up; there isn’t. There is no link to a drug store, either on the web page or in the alert. Click on the link in the emailed alert and you go to the blog, not to any drug store site.

Somehow, someone seems to have edited the alert, somewhere between where it was generated and where I received it. Can’t figure out why or how. If anyone has a bright idea, I’d love to hear it!

The Full Body Scanning Debate

Wednesday, December 30th, 2009 by Harry Lewis

In the New York Times, travelers and privacy experts present their views on whether the millimeter-wave scanners I discussed yesterday are an unacceptable invasion of privacy. Quoting a Utah Republican who sponsored a bill (which passed the House but not yet the Senate) banning the use of the devices except as secondary screening technology, the story says

“I’m on an airplane every three or four days; I want that plane to be as safe and secure as possible,” Mr. Chaffetz said. However, he added, “I don’t think anybody needs to see my 8-year-old naked in order to secure that airplane.”

Which is to say what, that no terrorist would put a bomb on an eight-year-old? I wonder if there is a name for this rhetorical device, where one transforms a general proposition into a personal insult.

EPIC, which had previously filed suit for more information about these devices, seems to me to have it right.

Marc Rotenberg, head of the Electronic Privacy Information Center, said his group had not objected to the use of the devices, as long as they were designed not to store and record images.

Keep the screens in a separate room (as is done). Disable the recording capability (as is done). Make sure the operator doesn’t have a cell phone camera if you wish (though it is hard to imagine much titillation coming from these images, compared to what is readily available). But yes, check the passengers the way you check their luggage, and the wheel bearings for that matter. And yes, that is a role for government, or government-controlled entities. I don’t think we want a free market here, allowing airlines to trade off security for ticket price and allowing consumers to decide for themselves how much risk they are willing to accept.

Bruce Schneier is a very astute security expert, but I am not sure I follow his logic here:

Bruce Schneier, a security expert who has been critical of the technology, said the latest incident had not changed his mind.

“If there are a hundred tactics and I protect against two of them, I’m not making you safer,” he said. “If we use full-body scanning, they’re going to do something else.”

The millions of dollars being spent on new equipment, he said, would be better invested in investigation and intelligence work to detect bombers before they get to any airport.

The last part is surely true. Figuring out the line determining when someone goes on a no-fly list is tricky business. You don’t want any father with a grudge against his son to be able to ground the son by making a call to the Embassy. But it sounds like there were enough other dots to connect in this case to have set off appropriate alerts. I take Schneier’s point to be that the security perimeter at the airport is not the only place, nor even the best place, to keep terrorists off the plane, and the threat model that puts all the energy at stopping them there will be ineffective in practice. That sounds right, but isn’t really an argument against the use of the millimeter-wave technology.

Millimeter wave scans = privacy infringement?

Tuesday, December 29th, 2009 by Harry Lewis

The recent attempt by a Nigerian man to blow up a plane flying into Detroit has brought the subject of millimeter wave scans back into public discussion. These scans use very short-wave radio signals to peek through people’s clothing and see what they may have underneath. Some privacy advocates resist the use of these devices, because they show genitalia, as well as revealing breast implants and so on.

Maybe I am missing something, but I can’t get excited about the fact that a security screener might get a glimpse of an X-ray like image of my private parts in the course of verifying that I wasn’t hiding some explosives there (as the alleged terrorist apparently was). It may not be useful or effective to screen everyone–maybe you’d do some obvious profiling (bought the ticket with cash, etc.) to reduce the workload on the screeners and keep them sharper. But if the image isn’t stored, I don’t see any privacy problem in principle here. In enlightened societies at least, we have mostly gotten past prudery in medical care–not many hospital patients would today insist on having their bedpans emptied only by same-sex attendants. If you want to use the technology of air travel, you need to accept the technology of security (provided, once again, that it really is security-enhancing and not just in place to create a phony sense of security).

By the way, the TSA hasn’t yet fixed the huge security hole, pointed out by Chris Soghoian several years ago, that they check the boarding pass against your ID at the security perimeter and the boarding pass against the electronic ticket record at the gate, but never verify that the ticket matches your ID, unless you check a bag. If you are not checking luggage, the two boarding passes could be different.

Privacy bonus: Canada’s Daily Post has an article about privacy loss, which quotes Blown to Bits and ends with a Christmas-spirit thought that sprung into my head when I was interviewed last week:

Harry Lewis, a professor of computer science at Harvard and co-author of Blown to Bits, said the book was written to get people thinking about how much of their personal information they surrender every day. He worries that the less privacy we enjoy, the more it will discourage social advances.

“The loss of privacy is a socially conforming force,” he said in an interview. “So many social experiments over the course of human history — religious innovations, political dissent — started among small groups of mutually trusted friends who gradually gained acceptance for their beliefs and their behaviours.”

If Jesus’s early followers had a Facebook group, he joked, “they would have been stamped out very quickly.”

Search Engine Neutrality?

Monday, December 28th, 2009 by Harry Lewis

Adam Raff, a founder of Foundem, an Internet technology firm, makes the case in today’s New York Times for “Search Engine Neutrality,” which is kind of like network neutrality except that the nondiscrimination policy would apply to the way search engines return their results. As Raff states it, search neutrality means that “search engines should have no editorial policies other than that their results be comprehensive, impartial and based solely on relevance.” He objects, for example, to Google favoring its own map service over competing map services. And he objects to the way Google down-ranked his company’s product comparison service, which, he says, severely impacted its business.

Many of the points Raff makes are versions of thoughts in Chapter 4 of Blown to Bits, where we discuss the distorting lens phenomenon and an extreme case of search oblivion at the hands of Google’s ranking. (We also make the point, as Raff notes, that some of Google’s keyword auction technology was the invention not of Google but of Overture.)

But can search “impartiality” and “relevance” really be defined statutorily? I doubt it, or rather, I doubt we would want the hash that Congress or a regulatory bureaucracy would make of an attempt to regulate the semantics of the entire English language (and not just English). And lots of things affect Google’s rankings –see the Webmaster Help page, which includes advice such as not creating pages with little or no original content. I don’t think we want a legal entity judging whether pages were downranked for these or other reasons, or whether Google’s Safe Search filter has improperly omitted someone’s web page entirely.

In the presence of competition, none of this would be a worry. People would choose a search engine based on whether they liked the results it delivered, or perhaps on the basis of quality ratings by an organization such as Consumers Report. They could move if the search company changed their policy. The same is true with net neutrality, actually — the demand would not be so compelling if the number of choices of Internet services were not limited to one or two in so many places.

Monopolies are always dangerous, and this op-ed drives home that point. Not sure I am persuaded about the remedy, though.

Note: Any account written by an agent of a company unhappy about where its name turns up in Google searches should be regarded skeptically. There are lots of possible reasons for Google to downrank a site that have nothing to do with Google trying to gain an advantage in a new business sector, and Foundem’s web page design certainly doesn’t dazzle. Would love to know the full facts here, but I don’t.

How Much Did We Pay for These Drones?

Thursday, December 17th, 2009 by Harry Lewis

Incredibly, the signals between the unmanned drones being used in Iraq and Afghanistan and their base stations are transmitted in the clear — unencrypted. The insurgents have figured that out and are watching the same scenes that our military is watching. The Wall Street Journal says the system has been “hacked,.” Not really — no more, as a colleague put it to me, than someone who buys a police scanner is “hacking” the police radio system.

Encrypting signals is easy, obvious, and taken for granted. How could the system have been designed and deployed without it?

The Boston Globe Calls for Copyright Sanity

Tuesday, December 15th, 2009 by Harry Lewis

In an editorial published on December 13, the Globe takes the risky position of decrying the penalties of the Digital Millennium Copyright Act as “draconian” and the law itself as lacking “common sense” in the area of music downloading. Risky because, of course, the Globe and the New York Times depend on the law to protect their own content. Of course they do not, as the music industry does, take teenagers to court for making copies of their copyrighted content. But that hasn’t stopped the stream of vicious comments about the Globe’s hypocrisy.

The editorial is in response to the trial of Joel Tenenbaum and Judge Nancy Gertner’s plaint to Congress to do something about the “travesty” of justice (the Globe’s word). The paper wonders aloud whether Professor Charles Nesson, who represented Tanenbaum, helped his cause by the defense he took — claiming that music file sharing was allowed under “fair use.” That’s a stretch that even the most libertarian thinkers haven’t endorsed.

What’s interesting to me about the editorial is the reactions. Of course one never knows who the commenters are; they could all be music industry lackeys, for all we know. Still, we have here a defense of big business against a powerless individual — some people even compared him to Madoff, since in each case their crimes were committed with a few keystrokes. There is some amplification of power that people see in the control of digital information that makes them lose all sense of perspective and proportion. I don’t think the same people would think $675,000 was a reasonable fine if Tenenbaum had stolen a CD from a store.

Google Ads Preferences

Monday, December 14th, 2009 by Harry Lewis

Google makes available to you the profile it uses for deciding what ads to send your way, when a blog or other web site partners with Google to get advertising. Take a look to see what Google thinks might interest you. You can disable subjects individually or opt out of the whole program (in which case you will still see advertisements, just ones that may be less “appropriate” to your interests).

It’s a little creepy, but also funny. I wonder how Google decided I might be interested in retirement financial planning, or libraries and museums?

An Off-topic Post by a Bad Blogger

Saturday, December 12th, 2009 by Harry Lewis

There is much I should have been blogging about, especially the posting of the TSA manual on the Web. Incredibly, the geniuses who “redacted” it did just what we say not to do in Chapter 3 — they used a black highlighter tool to cover part of the PDF. The redactions were easily reversed.

I apologize for my failure to keep this blog interesting. I am going to get back to it in a week or so once my class ends.

In the meantime, here is a piece I and a Harvard colleague wrote about Harvard’s financial mess and the governance problems that caused it. It appears in this morning’s Boston Globe. No Bits angle at all, but likely of interest to any Harvard buffs out there.