Blown To Bits

Archive for September, 2008

Protecting Children Online

Tuesday, September 23rd, 2008 by Harry Lewis

I am sitting in the meeting of the Internet Safety Technical Task Force at the Harvard Law School, in Pound Hall. Meetings go on the rest of today and through noon tomorrow, and are free and open to the public. There are two separate issues: How can you tell if someone claiming to be a child (when registering for a Myspace account, for example) really is a child (rather than a child predator, for example). And how can you tell if someone claiming to be an adult really is an adult (rather than a 13-year-old boy, for example, trying to look at dirty pictures).

I find the level of interest and investment in these questions quite remarkable, in the absence of data showing that child predation is on the increase or that the number of young adolescents trying to satisfy their curiosity can be decreased. The session was kicked off with remarks from the Attorneys General of both Massachusetts and Connecticut.

And there is almost no acknowledgment of the social costs of heavy identity verification technologies — for example that children who want to learn whether it’s really true that you can’t get pregnant the first time, as they’ve been told by their social peers, will be discouraged from finding the truth on the Internet if their parents don’t want them to get it. It’s neither practical nor (I think) lawful to keep older children away from information they want to get, but that seems to be the way the world is moving. The AG of Connecticut put a grand challenge to the group: “If we can put a man on the moon, we can find a way to make the Internet safe.” Sure — if you don’t mind restricting the free flow of lawful information between willing speakers and willing listeners.

A lot to think about here.

Be Careful About Your Internet Boasting

Tuesday, September 23rd, 2008 by Harry Lewis

Two Oklahoma college students partnered with local restaurants to run parties and invite the public. Men paid a $5 cover charge, and women were let in free. Their little venture, which they dubbed Kegheadz, ran 22 parties in all. Some lost money, some cleared a few hundred dollars. It sounds typically collegiate. They didn’t bother with niceties if becoming a real business, filing forms with the government and paying taxes.

Then one day a tax bill arrived: $320,000. Where did that number come from? According to a report in the Oklahoman,

Tax officials got the wrong idea because of embellishments on the Kegheadz MySpace Web site that boasted things like “Over a billion served,” “Biggest party in the state,” and “Biggest party in the country,” Glover said.

The tax office is inferring head counts and percapita consumption from such statements, and calculating profits and taxes owed accordingly. The students are trying to explain that that was all baloney, and that they don’t even have enough money to hire a lawyer to defend themselves, much less pay that kind of money. The tax officials seem pretty humorless, but I suppose that is the way such officials have always been.

When you put it out on the Internet, anyone can see it. Even if you’re putting it out there to be intentionally outrageous, you may want to be careful what you say!

It would be interesting to know just how this came about. Are the tax authorities spending less time visiting businesses and going over their books, and more time just cruising the Web from the comfort and safety of their offices, looking for businesses, whether Internet businesses or not, that seem bigger than their corporate tax returns say they are?

A Strange Loop at Wikipedia

Monday, September 22nd, 2008 by Harry Lewis

Wikipedia is a marvel. In spite of the fact that anyone can edit it and all editing is pseudonymous, it works. For a lot of math theorems, for example, the resource is fantastic for quick lookup. If you’ve never used it, try it for whatever interests you and judge for yourself. If the entry is imperfect, just fix it. You can see the result instantly.

Wikipedia is very inclusive since anyone can start an entry. But there are standards for inclusion; if you try to make an entry for your dog, it will get deleted, unless your dog is famous for some reason.

So, storage being cheap, someone started Deletionpedia, an inventory of all the entries that have been deleted from Wikipedia. It’s kind of interesting, I guess.

And then someone created a Wikipedia page about it.

Which was deleted. Go figure. It was restored, and a debate is raging among Wikipedians about the right and justice of all this. The page is still up for now, but that link may die at any moment.

How Palin’s Yahoo! Email Was Compromised

Sunday, September 21st, 2008 by Harry Lewis

Apparently, a college student in Tennessee reset her password. (This was one of the possibilities I raised, but doubted, in my previous post. I am surprised to learn that Yahoo!’s security questions aren’t stronger, and that it uses this method for resetting passwords at all.) Here is Wired’s account of how easy it was:

‚Ķ the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.

How much trouble is he in? Probably not too much, according to authoritative sources quoted in another Wired story.

Clean Up Your Facebook Page

Sunday, September 21st, 2008 by Harry Lewis

It should not surprise anyone, but a survey of 3100 employers confirms that 22% of them check social network sites for information about candidates. That’s twice as many as checked Facebook and MySpace two years ago.

Sometimes what the employer discovers hurts your candidacy, especially if you or any of your buddies posts information about your drinking or using drugs. Of course, it’s also unwise to post information about your qualifications that is inconsistent with what you submitted when you applied for the job.

Sometimes the information can actually help, for example if it demonstrates your good communication skills.

Ready for another non-surprise? College admissions offices do it too.

Digital Photographic Extremism

Saturday, September 20th, 2008 by Harry Lewis

Digital photography, not the palmtop computer, is my favorite example of the triumph of Moore’s Law. Ten years ago we were still using film and Kodak was still making a lot of money doing it. Black and white ISO 400 film could be pushed up to 3200 if you had to underexpose it, but the results looked terrible. With color film pushed negatives would look even worse, and you needed a custom color lab to do it for you.

Today you can buy a Canon EOS SD Mark II, which has 21.1 million pixels per frame, and ISO up to 25600. Those are numbers beyond the imagination of anyone shooting pictures a decade ago.

Of course, in ten years, after the technology moves on, no one will be impressed.

Inaccuracies In an Instant

Saturday, September 20th, 2008 by Harry Lewis

That’s the title of a short piece I wrote that appears in the Boston Herald this morning.

Dragnet Surveillance

Friday, September 19th, 2008 by Harry Lewis

That’s the term the Electronic Frontier Foundation is using to describe the data collection methods it yesterday sued the federal government to stop. Dragnet fishing involves scooping up everything, and throwing back everything except the particular fish you were looking to catch; dragnet surveillance is collecting data on everyone, and then sifting through it to identify the bad guys. Here, from the lawsuit against the National Security Agency, the President, and various other parties, is a summary description of what it alleges the government is doing.

8. The core component of the Program is Defendants’ nationwide network of sophisticated communications surveillance devices, attached to the key facilities of telecommunications companies such as AT&T that carry Americans’ Internet and telephone communications.

9. Using this shadow network of surveillance devices, Defendants have acquired and continue to acquire the content of a significant portion of the phone calls, emails, instant messages, text messages, web communications and other communications, both international and domestic, of practically every American who uses the phone system or the Internet, including Plaintiffs and class members, in an unprecedented suspicionless general search through the nation’s communications networks.

10. In addition to using surveillance devices to acquire the domestic and international communications content of millions of ordinary Americans, Defendants have unlawfully solicited and obtained from telecommunications companies such as AT&T the complete and ongoing disclosure of the private telephone and Internet transactional records of those companies’ millions of customers (including communications records pertaining to Plaintiffs and class members), communications records indicating who the customers communicated with, when and for how long, among other sensitive information.

The “Program” is what President Bush called the “Terrorist Surveillance Program,” instituted shortly after the 9/11 attacks and only revealed in 2005. The plaintiffs are various ordinary citizens who object to the NSA reading their ¬†mail and listening to their phone calls without a warrant or probable cause, as provided in the Fourth Amendment. There is, I expect, no reason any of them should be under suspicion of plans to terrorize anyone.

I had an argument over dinner last night with a staunch Republican who was convinced that one of the reasons to vote for McCain was that McCain would appoint strict constructionists to the Supreme Court. I asked him if he thought a strict interpretation of the Fourth Amendment would allow this sort of surveillance of citizens, or the warrantless search and seizure of laptops at the border about which I wrote earlier. His non-response was that this sort of thing had been going on for years, even under Clinton. I am amazed that conservative originalists so readily forget that the Constitution was premised on the realization, based on hard experience, that governments can’t be trusted. The restraints on government power are as much a part of the Constitution as their favored interpretation of the Tenth Amendment.

Sarah Palin’s Email

Thursday, September 18th, 2008 by Harry Lewis

As has been widely reported online, someone managed to access personal email accounts of Alaska Governor Sarah Palin. ¬†Wired Magazine’s blog has a clear summary of the contents. That account and a number of other reports suggest that the governor was using her private account to conduct government business in order to avoid public-records laws.

What was retrieved (by no means all the email that was in the account) you can¬†download yourself from the Wikileaks site. Go ahead — you’ll feel a little naughty, and it will make you think. How many copies of those emails do you now suppose are out there? Those bits are not going away, ever.

Wikileaks anonymously posts documents that have been “classified, confidential, censored or otherwise withheld from the public,” and are “of political, diplomatic, ethical or historical significance” (in the view of whatever anonymous soul runs the site). Of course, the documents may have been illegally obtained; that is the first thing the McCain campaign shouted. (How about a comment on government business happening on Yahoo! mail, and whether that’s the way the open, transparent new Washington government we’ve been promised will be run?)

We have a long history in this country of illegally obtaining documents that reveal illegal or unethical behavior. Thinking back on the publication of the Pentagon Papers in 1971, I am moved to ponder how much simpler it would be today. The question of prior restraint would have been moot before it could even have been raised, had someone scanned them in and posted them to Wikileaks.

How did the account get compromised? No one is saying, but I noted some of the problems with password security a few days ago. There are some speculations; perhaps someone tricked the service into revealing her password (most unlikely, as passwords are ordinarily encrypted at the server). Or resetting it (more possible — remember that Paris Hilton’s T-Mobile account was compromised because the name of her dog was the answer to the I-forgot-my-password-give-me-a-new-one security question). But still improbable for a Yahoo! mail account. She might have been the victim of a phishing attack (but if she is so credulous that she fell for one of those “this is your account manager speaking, please type your password here so we can verify it” scams, heaven help us if she winds up negotiating with Putin).

I would tend to look for a simpler strategy if I were trying to break in. Try a password like “Todd.” A lot of people still use them, even though most services demand that passwords be more complicated than that.

P.S. This example makes it clear what it means to say that the president needs to understand information technology. He doesn’t need keyboarding dexterity or familiarity with Excel macros. He needs to be able to understand this blog!

YouTube Takedowns

Wednesday, September 17th, 2008 by Harry Lewis

Google’s YouTube is huge, much huger than any other video sharing service. Like Google’s search service, it has become the place to go for a certain kind of information — a kind of information that is rapidly becoming a part of daily life for millions of people, especially the young. Like Google search, there is absolutely no barrier to someone starting a competing service, except for the quality of the product and the snowball effect — people tend to use the service they know other people are using, especially for sharing information.

So when information becomes unavailable on YouTube, it’s interesting to notice, and to wonder what principles govern the decision to remove material at the request of a complaining party. Two recent examples of YouTube takedowns:

The first is an Air Force recruiting video someone posted to YouTube. A blogger for the online edition of Wired Magazine, Kevin Poulsen, linked to it from a short piece about the fight against cyberterrorism. The Air Force issued a DCMA takedown notice to Poulsen, and if you go to the original post and try to play the video, you discover it’s no longer available. The curious thing about this one is that the people of the U.S. own that video. In fact, the Air Force web site on which the video appears (it’s still available there) states,¬†”Information presented on the Air Force Recruiting website is considered public information and may be distributed or copied.” This is a simple abuse of copyright law, a club that the powerful use to whack those who use their creations for no other reason than to comment on them. Even when they don’t have the legal right they claim, the DCMA is an effective tool against small players who would have to hire lawyers to defend themselves.

The second example is a video documentary about Sarah Palin’s church, which YouTube removed not, apparently, because of a copyright complaint, but just because a bunch of people complained about it. It contains some odd segments (“cell phone anointing”?) but there is no apparent fraud; as far as I can see no one claims that the shots are not of what they seem to be. In this case the video is still visible, though not at YouTube (click the link to the article).

Private censorship. It’s perfectly legal; none of us owes YouTube anything, and they can post or take down whatever they want. And they have absolutely no obligation to tell us why they take things down or when they would resist a request to take something down. I would guess that the rule is pretty simple, and it’s like what we say about search engines in Blown to Bits: The objective is to make as many people happy as much of the time as possible, with the ultimate goal of making as much money as possible for as long as possible. Nothing wrong with any of that, but we shouldn’t get carried away with grand thoughts about “digital democracy” and the “triumph of popular culture.” Nonsense — business is business.