Blown To Bits

Archive for July, 2008

An Olympic Showdown Over Internet Censorship?

Thursday, July 31st, 2008 by Harry Lewis

Not to put too fine a point on it, the Chinese government has double-crossed the International Olympic Committee. Having agreed that journalists would be given the same electronic freedoms they enjoyed at previous Olympic games, the Chinese now say they just meant they’d be given free access to that part of the Web relevant to the games themselves. And the IOC, which presumably had a chance to stand for something about press freedoms, caved. An IOC spokesman says that the IOC and the Chinese agreed that “some sensitive sites would be blocked on the basis they were not considered Games related.”

If there is a showdown on this, it will have to come from the press. I am guessing that doesn’t happen. The media have enough problems; no one wants their reporters thrown in Chinese jails.

In the meantime, the Chinese have also announced that they would increase the level of monitoring of communications out of hotel rooms. A memo to the hotels says, “In order to ensure the smooth opening of Olympic in Beijing and the Expo in Shanghai in 2010, safeguard the security of Internet network and the information thereon in the hotels . . . it is required that your company install and run the Security Management System.” Ah yes, security. In addition to those two stories (from Reuters and the LA Times, which was the first to break it), there is a story today in the NYT.

So much for the cute panda bear logos and the long-heralded opening of the new China to the West.

A couple of hints for those actually going to China. Blackberries work, and because the communication is encrypted from your handheld to the Blackberry server, you should be able to get anything you want that way. Run Google from your Blackberry and you are really using Google US, but the bits that arrive at your device are undecipherable along the path to you and are only descrambled by your handheld.

If you have a corporate server to which you can establish a VPN connection, you should be able to get unfiltered information (and send and receive unfiltered email) that way.

And finally, there is a neat tool for transporting encrypted information on your laptop. By way of background, encrypted information is indecipherable (if the encryption algorithm is industry-strength). But the very fact that you are moving or carrying what seems to be piles of random bits may tip off an eavesdropper to the fact that you are conveying or receiving secrets. That’s the advantage of steganography (discussed in Chapter 3 of Blown to Bits) — steganographically encoded data doesn’t seem to be a message at all.

Truecrypt is free software for storing information on the hard disk of your laptop that is encrypted and also steganographically hidden. It doesn’t seem to be there at all; a look at the laptop’s file system, were you compelled to show your laptop at the border, would not reveal that your hidden files even existed.

UPDATE, August 2; According to the Guardian (UK), the ban has been lifted, and the entire Internet is viewable from Beijing. Doesn’t mean they aren’t keeping track of who goes where, of course ‚Ķ

Should You Need an ID to Get a Cell Phone?

Wednesday, July 30th, 2008 by Harry Lewis

The Massachusetts legislature is considering a bill that would require registration of prepaid cell phones. Here is the beginning of the text of H 4799:

(a) Any person making a retail sale of a prepaid cell phone shall, as a precondition to the sale, obtain and photograph or photocopy one or more documents identifying the purchaser by name and providing his address. The seller shall, for each retail sale, make and keep for a period of 2 years a record which shall include, but not be limited to, the following: (1) the serial number and manufacturer of the phone; (2) the phone number assigned to the cell phone; (3) the service supplier who will supply wireless service to the phone; and (4) a copy of all documents related to the identification of the purchaser.

And of course the retailer would have to turn that information over to the state.

People with bad credit pay cash for these throwaway phones. Immigrants who don’t have papers use throwaway phones. I’ll bet teenagers who don’t want their parents to know who they are talking to buy these phones.

And no doubt drug dealers use these phones. And that is the reason this bill is coming forward–as an aid to the police.

So this is a fairly standard liberty-security issue, of the non-terror variety. It would help the police get the bad guys if they knew they could get data on anyone, good or bad.

But if cell phones, why not email accounts, which you can get without showing ID (with Gmail for example, they are free and set up from the comfort of home)? Or postage stamps–wouldn’t it help the gumshoes if they could trace a cancelled stamp back to the identity of the person who mailed it?

It reminds me of Judge Richard Posner’s view of the FISA surveillance legislation, that it “retains value as a framework for monitoring the communications of known terrorists, but it is hopeless as a framework for detecting terrorists.” What you really want is not to be able to surveil the people you already suspect are terrorists. You want to be able to surveil everyone, and just pick out, from what you learn, the bad guys from the good.

The founding fathers had been through all that, and that’s why they wrote the Fourth Amendment, which guarantees no searches without “probable cause.” As usual with these bills, the people who would be obviously disadvantaged by the loss of privacy are not everyone’s favorites, and that’s the way these bills gain plausibility. Who cares if illegal immigrants can’t get cell phones, or 15-year-olds need their parents’ approval?

But this cell phone bill feels to me like one that trades too much privacy for too little security. I say keep the information out of the hands of the government; it’s none of their business if I want to buy one of these phones.

PS. Excellent opinion piece by Tim Wu in the NYT today about broadband deployment, summarizing, as it happens, the main argument of Chapter 8.

When Technological Luxuries Become Everyday Necessities

Tuesday, July 29th, 2008 by Harry Lewis

The Los Angeles Times has a lovely example today of the law changing at a slower pace than technology, a phenomenon familiar to readers of Blown to Bits. It turns out (who knew?) that if your business provides you a cell phone, you’re supposed to keep track of personal calls so the tax man can hit you for the value of the personal expense you are avoiding by using the business’s equipment. If you don’t do that, the business is liable. The University of California at Los Angeles had to pay the IRS $239,196 in penalties this year for exactly that reason.

This law was passed in 1989, when cell phones were an expensive rarity and Congress decided they should be treated like company cars. (I became dean of the College in 1995, and even then I was about the only kid on the Harvard block who had one.) The world has changed a bit in the intervening 19 years. The government doesn’t actually make much money this way, but it could if its enforcers got geared up. (And with the declining take on gas taxes as people drive less, who knows what other revenue sources they’ll be looking to?)

Happily, there are bills in Congress to repeal this provision of the tax code. In the meantime, though, what’s an employer supposed to do? Tell all the employees to log cell phone calls to their spouses, or hope the IRS doesn’t come knocking?

The progress of Moore’s law vs. the legislative speed of the U.S. Congress. There’s no match!

Life, Liberty, and Happiness: The Course for Everyone

Tuesday, July 29th, 2008 by Harry Lewis

This fall, Ken and I will be teaching a course in the Harvard Extension School based on our book with Hal Abelson. The course is called Life, Liberty, and Happiness After the Digital Explosion (click on the title to go to the course web site). We’re teaching it in one two-hour class every Monday 5:30-7:30. It is also going to be available as a “distance course,” so anyone anywhere could take it.

We’ve already posted the syllabus on the course web site. The course will be a ton of fun to teach. We will cover the waterfront of social and legal issues that everyone should know about. No math, either — it’s not the same as the “Quantitative Reasoning” course called Bits we teach in the spring both in the College and by distance through the Extension School.

Comments and queries welcome, either on this site or directly by email to us.

The Google cache strikes again

Monday, July 28th, 2008 by Harry Lewis

The New York Times had several good bits stories over the weekend. The Education Week article about de-tagging Facebook photos, for example. Cheap, ubiquitous sensors–digital cameras in the hands of teenagers and college students–combined with the vast Facebook social network have resulted in lots of embarrassing party photos appearing online every Sunday morning. When their peers tag the photos with the names of the people appearing in them, the photos turn up in searches for the names of the revelers. So every Sunday afternoon the hung-over youth “de-tag” the photos, which remain visible but unsearchable. (And if you’re the only one not tagged in the photo, well, that creates an interesting social tension–you’re saying you’re the only one who believes that your reputation is going to be damaged by being seen with the others at that party!)

But my favorite is the story about the perhaps under-age Chinese gymnasts. They have passports showing their age as 16, the minimum allowed in Olympic competition. But the enterprising reporters think some may be as early as 14. Why?

The Times found two online records of official registration lists of Chinese gymnasts that list He’s birthday as Jan. 1, 1994, which would make her 14. A 2007 national registry of Chinese gymnasts — now blocked in China but viewable through Google cache — shows He’s age as “1994.1.1.”

Another registration list that is unblocked, dated Jan. 27, 2006, and regarding an “intercity” competition in Chengdu, China, also lists He’s birthday as Jan. 1, 1994. That date differs by two years from the birth date of Jan. 1, 1992, listed on He’s passport, which was issued Feb. 14, 2008.

Nice detective work. Some earlier public list of athletes had the correct date, goes the theory; Google indexed it and kept a copy, as Google generally does; the Chinese later decided to make the athlete a couple of years older, and took the web page down; but Google’s cached copy is still visible from the U.S. site where it is stored. Just like the example on page 125 of Blown to Bits. Except in this case, the cached copy itself is blocked inside China, even though it’s a copy of a Chinese web page. Bits are awfully hard to eradicate–it will be interesting to see if this incident becomes a problem for the Chinese team.

Yahoo joins the “strand our DRM customers” game

Saturday, July 26th, 2008 by Hal Abelson

Last April (see MSN Music RIP) I blogged about Microsoft’s decision to shut down the license servers for MSN Music at the end of August, thereby stranding customers who had purchased music tracks governed by MSN Music’s Digital Rights Management. As it turned out, Microsoft reconsidered, and now says that the license servers will operate until at least 2011.

Now Yahoo has joined the DRM customer stranding game with its July 23rd announcement that it will shut down the Yahoo Music Store servers at the end of September. The result will be that anyone who purchased Music Store tracks will be unable to move them to new machines after the deadline. As with Microsoft’s (since retracted) announcement, this is another demonstration that customers don’t really own the music they “purchase” under DRM systems. Instead, they remain dependent on the distributor’s willingness to keep the DRM license servers running: something for which the distributor has given no long-term guarantee.

As Blown to Bits argues, DRM is a bad deal for customers and a bad deal for innovation. It’s also a bad deal for the music distributors themselves, since it obligates them to maintain an ongoing technical infrastructure of license servers. It’s encouraging to see the continuted growth of non-DRM alternatives for music distribution. Now if only Congress would figure out what a bill of goods they’ve been sold by DRM pushers.

Protesting a Proposal for a Censored Internet

Thursday, July 24th, 2008 by Harry Lewis

Readers of Chapter 7 of Blown to Bits will know some of the story of the U.S. government’s efforts to make the Internet “safe” for children to see by banning from it many things that are legal and appropriate for adults. (We talked about part of this story yesterday, in our post about the COPA legislation.)

Now the FCC has come up with the bright idea of a child-friendly Internet, that is, an Internet where no one could ever say anything that would be “harmful” to children, down to the age of 5. (I mentioned this briefly in a posting a few weeks ago.) No medical images, presumably, of the kind that teenagers from time immemorial have sought out to satisfy their curiosity. No discussions, it would seem, of sexual matters that you would not discuss with your 5-year-old. The standard is so absurd as a weapon to put into the hands of government censors that one has to assume large parts of classical English literature and daily adult discourse would be barred.

The parallel universe the FCC imagines would be created by companies using a block of wireless spectrum. They would be allowed to bid on this block only if they agreed to use part of it to provide free public access to this parallel, child-friendly Internet universe.

The proposal is absurd, and the cyberspace it imagines could not be the Internet. There could presumably be no encryption, for example, else how could the censors be sure whether the data being sent represented a birthday card or a dirty joke in Yoruba? (In fact, how would the censors recognize unencrypted dirty jokes in Yoruba, that a Yoruba-reading child might see?) It seems likely that the FCC’s proposal, if it went into effect, would eventually be ruled unconstitutional on First Amendment grounds, just as the government couldn’t ban swearing in Yellowstone National Park on the theory that it was public property and children went there. The FCC proposal is here. The critical passage is on page 26, the stipulation that the network must have technology

That filters or blocks images and text that constitute obscenity or pornography and, in context, as measured by contemporary community standards and existing law,  any images or text that otherwise would be harmful to teens and adolescents.  For purposes of this rule, teens and adolescents are children 5 through 17 years of age

I have joined a number of other Fellows of the Berkman Center for Internet and Society to comment on the FCC proposal (pdf here). This “comment” has a calmer, more measured and nuanced explanation of the stakes than does this intemperate post. Thanks to Wendy Seltzer, Geoff Goodall, and Steve Schultze for carrying the burden of drafting it and of incorporating the hundreds of suggestions they got back.

Persephone Miel has a nice quick summary of our position here.

Digital Deception of the Day

Thursday, July 24th, 2008 by Harry Lewis

Definitely Slydial. It’s a free service that enables you to leave a message on the other party’s voicemail directly, with no possibility you’ll get an actual human being instead. The site shows a bunch of uses for this, for example

You go to a week long convention for work in Las Vegas and blow $5,000 the first night at the roulette table. You need to call your wife and tell her why she should hold off on making the monthly mortgage payment. Her voicemail will be much more understanding then she will.

You are working on a dozen different projects and have as many calls to return. Instead of being stuck on the phone with just one, leave each a voicemail with an update and you may just have enough time to enjoy Happy Hour.

Is this a great country, or what?

Child Online Protection Act Axed Again

Wednesday, July 23rd, 2008 by Harry Lewis

On pages 247-249 of Blown to Bits, we tell the saga of the Child Online Protection Act, an act criminalizing the posting to a web site “material that is harmful to minors.” The law was protested for a host of reasons, among them that it’s hard to tell how old the viewers of your web site actually are. It never took effect, and we say in the book, “in March 2007, the ax finally fell on COPA.”

We spoke too soon. The ax referred to there was the decision of a federal district court in eastern Pennsylvania that the law was unconstitutional, but the government appealed that decision. Yesterday the Third Circuit Court of Appeals affirmed the judgment of the district court (opinion here): the law goes too far in restricting speech. In particular, harmful material is better kept from minors at the destination, by use of filters in the home, rather than at the source, by criminalizing the publication.

But even now, ten years after the law was passed, it may not be dead. The government may appeal to the U.S. Supreme Court, hoping that the third time’s a charm.

The FCC’s indecency standards

Tuesday, July 22nd, 2008 by Harry Lewis

Chapter 8 of Blown to Bits tells the tale of how the federal government got into the business of determining which parts of the female anatomy may be shown on broadcast television and for how long, and whether the occasional s-word or f-word may be spoken. It’s an important story, because it’s one of the few clear-cut instances of a sweeping override of the First Amendment by a government body. And that body, the Federal Communications Commission, keeps reaching farther. For example, it has proposed to grease the rails for companies willing to provide a free-to-the-public, fully censored parallel Internet universe over the airwaves, an Internet with a mechanism

That filters or blocks images and text that constitute obscenity or pornography and, in context, as measured by contemporary community standards and existing law,  any images or text that otherwise would be harmful to teens and adolescents.  For purposes of this rule, teens and adolescents are children 5 through 17 years of age.

You read that right: nothing unsuitable for a 5-year old could be said or shown over this network.

While I have no interest in the famous Janet Jackson halftime stunt (I love the Superbowl, but never watch the halftime shows), I am delighted that the FCC fine was thrown out by a federal court as being capricious and arbitrary. The court essentially ruled that the FCC had improperly raised its standards. The Technology Liberation Front has a good explanation of the decision and a link to the decision itself.

An even more important judicial deliberation will be happening in the coming Supreme Court term, when the entire issue of the FCC’s indecency standards will be under review.

In the meantime, isn’t it odd that the FCC is working so hard to make broadcast TV safer for children than it has ever been, just at the moment when from what I can tell, the advertisers think the only people watching network TV are those who need AARP, Viagra, and motorized wheelchairs?