Blown To Bits

Archive for July, 2008

Watching you at home

Monday, July 21st, 2008 by Harry Lewis

Google already knows what you’ve been looking for with its search engine, and whether you have a swimming pool in your backyard (and it will happily disclose the latter to anyone who wants to know — just use Google Earth). Now Google is toying with the idea of “activity recognition,” such as watching you eat. “Activity recognition systems unobtrusively observe the behavior of people and characteristics of their environments, and, when necessary, take actions in response — ideally with little explicit user direction.” So states a recent paper¬†by Google researcher Bill N. Schilit and two coauthors. Why would they want to do that? Well, to improve your health, for example.¬†”Information about household activities can even be used to recommend changes in behavior — for example, to reduce TV viewing and spend more time playing aerobic games on the Wii,” the paper suggests.

Lovely. An automated nag.

To be fair, home health care is a huge market, and it’s very costly to have people see physicians just to be told the same things about behavior modification every six months. If people want it, why not?

Well, what if it’s their insurance company that wants it, on pain of canceling their policy? Or the government that wants it, in exchange for a tax credit?

Health improvement is a good thing, but where does it stop?

And, of course, there are all the usual questions about the bits: who gets them, how could they be repurposed, and what if they leak.

Thanks to Information Week for its nice summary story on this.

McCain, Obama, and koan #6

Sunday, July 20th, 2008 by Hal Abelson

Readers of Blown to Bits know that when it comes to bits, nothing goes away (koan #6). Information, even information you’ve deleted, can come back to your surprise – and your embarrassment. In the book, we illustrated this at Harvard University’s expense by showing that an outspoken presidential statement on Harvard’s Web site about the scientific abilities of women had quickly been replaced by a more conciliatory version, and yet the original remained accessible to anyone who thought to look in Google’s cache.

The McCain campaigners had similar fun last week at Obama’s expense when they revealed how the Obama Web site’s statement on the plan for ending the war in Iraq was substantially rewritten between June 11 and July 14. For instance, where the earlier version led with “Bring our troops home,” the later version spoke of “A responsible, phased withdrawal.” The McCain camp scolded that this was politics-as-usual flip-flopping; Obama supporters replied that that it was simply elaborating a position and to more details. The tussle is unlikely to sway any votes.

What’s more interesting from a Bits perspective is that the McCain folks discovered the change through a new on-line service called Versionista <>, which is set up to track just these kinds of changes to web sites. Tell Versionista to monitor a web site, and it will watch it constantly, keeping track of every addition or deletion, and show you side-by-side comparisons of the different versions with the changes highlighted. You can compare Obama’s before and after Iraq plans yourself by following this Versionista link.

We can be sure that Obama and McCain through November – and perhaps all political campaigns from now on – will think twice when they modify their Web sites. That goes for the rest of us as well: anything you place on the Web can now be monitored by an automated agent in the service of a competitor, enemy, or rival, and any change or inconsistency can be thrown back in your face.

There are many more shoes yet to drop in this tale of automated change monitoring. Here‚Äôs something to ponder, relating to subpoenas for email and other documents: Word processors make automated backups as you write. You might type a phrase as you are composing and delete it almost immediately, and yet the original fleeting text might have been caught by a backup. If your documents are subpoenaed, do you have to turn over only the final versions, or the backup drafts as well? You might end up having to answer not only for email messages you sent, but for the unedited drafts of those messages, including the stupid   ill-considered words that you later edited out. The issue hasn‚Äôt yet come up in court, but those drafts fit the legal definition of ‚Äústored documents‚Äù and so in principle should be turned over. We can be sure that the issue will arise before long.

As the book says, bits never go away; they can’t even be replaced.

Deep Packet Inspection

Saturday, July 19th, 2008 by Harry Lewis

That’s what happens when the contents of Internet packets are inspected en route from the source to the destination for analysis of what’s in them. For example, if your Internet Service Provider were to peek inside the packets for this web page, en route from our web server to your home, to make sure they aren’t carrying a copyrighted movie instead. It’s exactly as though Fed Ex were opening the packages and deciding whether they were OK by Fed Ex standards before delivering them.

Dave Reed’s testimony before Congress yesterday on this subject is well worth reading. What’s nice about it is that his argument that this practice should be prohibited is fundamentally not based on civil liberties grounds, but on economic grounds — that allowing these practices will staunch the growth of the Internet by making innovation at the endpoints impossible, and it is the innovation at the endpoints (along with the great improvements in packet delivery, without peeking at the contents) that have resulted in VoIP, streaming video, and hundreds of other technologies built on top of Internet protocols but for which the protocols were never designed in the first place.

The testimony is clear, well-organized, and plainspoken. Highly recommended.

The full story on Dr. Brinkley

Friday, July 18th, 2008 by Harry Lewis

“Dr.” John Romulus Brinkley, the notorious medical quack, makes a cameo appearance in Blown to Bits as the plaintiff in a suit against the Federal Radio Commission. When the Supreme Court upheld the FRC’s authority to strip Brinkley of his radio license, it set the stage for all subsequent federal censorship of the airwaves. The technological part of the court’s reasoning now rests on shaky ground, as our book explains.

Pope Brock’s recently released book¬†Charlatan is the amazing tale of Brinkley and his lifelong battle with Morris Fishbein of the American Medical Association. It’s a terrific read, highly recommended. The Supreme Court case is barely mentioned, but there is a lot about Brinkley’s pioneering role in radio — he was the first to do major country music programming, and to use recorded music to time-shift the performances. When he had to move his station to Mexico and federal authorities said he couldn’t telephone his broadcast from the States, he recorded them and sent the records to Mexico to be played. A communications pioneer to be sure.

Brock has dug out lots of nice details — for example that the first time Johnny Cash heard June Carter sing was on Brinkley’s radio broadcast! Good summer reading.

Advertising, opt-in, and opt-out

Thursday, July 17th, 2008 by Harry Lewis

The more an advertiser knows about you, the better it can target ads at you. So there is enormous value in information about your Internet behavior. For a long time it wasn’t feasible to analyze every packet your Internet Service Provider delivered to you; there were too many and the analysis would slow them down. Moore’s law has solved that problem, and there are now boxes to do such “deep packet” inspection. A company called NebuAd is in the forefront, and when some ISPs announced that they were going to experiment with the product, privacy advocates got into the act. There were hearings today before the House Telecommunications and Internet Subcommittee, as reported by PC World.

Much of this report is centered on Massachusetts Congressman Ed Markey’s pressing the question of whether such deep packet inspection should be the default, with consumers being given the option of not having their packets inspected and data collected about them. That would be an “opt-out” protocol. Markey, and privacy advocates, prefer an “opt-in” protocol, where consumers have to affirmatively state that they wish the data to be collected (which might be to their advantage; who wants to see irrelevant ads?).

NebuAd apparently claims that opt-in or opt-out isn’t as important as informing the public of what they are doing. In theory that might be right, but in practice it isn’t. Few people ever change the defaults on anything. There has been widespread discussion, in the US and the UK, of changing the default on cadaver organ donations from opt-in (stating at the time you get a driver’s license, for example, that you wish to be an organ donor) to opt-out (you’re a donor by default, unless, when given the information, you affirmatively declare you don’t want to be). An opt-out protocol would greatly increase participation in organ donor programs. And an opt-out protocol on NebuAd would result in vastly more useful data about consumer behavior.

As in the case of the draft Massachusetts legislation about web surfing privacy discussed here last week, we are facing a situation where technology is advancing faster than social practices. A lot more than advertising revenue is at stake here, since deep packet inspection is the very antithesis of the end-to-end philosophy on which the Internet was founded, and threatens net neutrality. (See page 313-315 of Blown to Bits. In today’s hearing, MIT professor Dave Reed “compared ISPs using NebuAd to a package delivery company looking inside every box it handles,” the same metaphor we use near the bottom of page 315.)

Email and the Fourth Amendment: “Degradation of civil rights”?

Wednesday, July 16th, 2008 by Harry Lewis

Can the government search your email without telling you it is doing so?

The USA PATRIOT Act gives the federal government broad authority to search electronic communications crossing the US border, under the general guise of anti-terrorism and the rough analogy that the government could search your possessions as you brought them into the country. But what about purely domestic eavesdropping, not part of any terrorism investigation?

In an important 8-5 decision, the Sixth Circuit Appeals Court has ruled that such clandestine searches of email are at least sometimes not “unreasonable searches” in the sense of the Fourth Amendment. The Register (UK) has an excellent summary of the ruling is in an article aptly called “Court cheers warrantless snooping of e-mail.” The Court’s decision is here. It doesn’t actually endorse the constitutionality of the law under which the clandestine email snooping took place, saying instead that the issue was not “ripe” for a decision on constitutional grounds. The defendant, Steven Warshak, could have used other means to keep the evidence out of court.

The dissenting opinion of Judge Boyce Martin and four other judges takes a far dimmer view. I quote its last paragraph in full:

While I am saddened, I am not surprised by today’s ruling. It is but another step in the ongoing degradation of civil rights in the courts of this country. The majority makes much of the fact that facial challenges are no way to litigate the constitutional validity of certain laws. Yet our Supreme Court has no problem striking down a handgun ban enacted by a democratically elected city government on a facial basis. See Dist. of Columbia v. Heller, — U.S. —, 2008 WL 2520816 (June 26, 2008). History tells us that it is not the fact that a constitutional right is at issue that portends the outcome of a case, but rather what specific right we are talking about. If it is free speech, freedom of religion, or the right to bear arms, we are quick to strike down laws that curtail those freedoms. But if we are discussing the Fourth Amendment’s right to be free from unreasonable searches and seizures, heaven forbid that we should intrude on the government’s investigatory province and actually require it to abide by the mandates of the Bill of Rights. I can only imagine what our founding fathers would think of this decision. If I were to tell James Otis and John Adams that a citizen’s private correspondence is now potentially subject to ex parte and unannounced searches by the government without a warrant supported by probable cause, what would they say? Probably nothing, they would be left speechless.

Upcoming events

Tuesday, July 15th, 2008 by Harry Lewis

We’ve added an Events link above, listing all author appearances related to the book. For our friends in England, note that Hal will be at Blackwell’s in Oxford next week.

Congress struggles with Web privacy

Tuesday, July 15th, 2008 by Harry Lewis

Apparently Congress knows it’s important, but — reasonably enough — can’t pass a law protecting it because it doesn’t know what it is. According to the Washington Post, Sen. Bill Nelson of Florida can recognize it when he sees it — and he doesn’t want his online newspaper keeping track of what he’s reading.

Too late — that’s probably happening right now.

Industry representatives, and some other members of Congress, claim no legislation is needed. Everyone knows privacy is important, so of course the industry has an incentive to safeguard it.

Well, yes; they have an incentive to be seen as guarding it, and also have an incentive to make the most profitable use of the available information. And if you’re a newspaper, for example, you probably can’t afford to throw information away that would be useful to your advertisers.

An interesting question noted in the article is that it’s not even clear what “personally identifying information” is. Is an IP address “personally identifying”? The Recording Industry surely thinks so — they use them to make charges against copyright infringers. But there is hardly a one to one correspondence of IP addresses to individuals.

And by the way, IP addresses are going to be less and less identifying, because we are running out of addresses. These are 32 bit numbers, so there are only about 4 billion of them. They are 85% gone already, and the supply will reportedly be exhausted by 2011. IPv6 with its 128-bit addresses is the solution, and a transition is occurring, but it’s unlikely to have been completed in time. There are workarounds, which will be annoying and clumsy. It would be cleaner if we could all move to IPv6 tomorrow — just as it would have been cleaner if the US had gone to the metric system. In the Internet too, the world won’t come to an end because we haven’t moved to a sensible standard all at once.

Fingerprints on your laser printouts

Monday, July 14th, 2008 by Harry Lewis

On page 29 of¬†Blown to Bits, we talk about the tiny dots that certain laser printers print, identifying the printer and the precise time at which the document was printed. The official rationale is to catch counterfeiters, since color laser printers can produce excellent facsimiles of US currency. But that’s not the only possible use. Today this became a national story, in USA Today. Worth a read — the possibility we talked about has become standard as Moore’s law and its relatives have driven down the price of color laser printers.

Worst error message ever

Monday, July 14th, 2008 by Harry Lewis

Well, probably not the worst ever, but for 2008, terrible.

Access Denied
You have attempted to modify your access to the secure TIAA-CREF Web site. As a result, your session has been terminated.This attempt to falsify your credentials has been logged to our files.

My crime? I forgot that my username was case sensitive. I typed it in lowercase rather than mixed upper and lower, along with the correct password.

No wonder people hate computers. This is a major financial services business. When the Web was young, and people were having their web sites coded by their 16 year old children, customers might have put up with that sort of indifference and hostility. No more. I am closing my account — or will, once I get the paper form I need to fill out.