Blown To Bits

Blog rescued!

June 24th, 2010 by Harry Lewis

We owe a big debt to researchers at Carnegie Mellon University, who took it upon themselves to disinfect this blog. As reported earlier, it had been riddled with links to an online drug store, which was riding the coat tails of our Google page rank to attract hits. Huge thanks to Timothy Vidas and Nicolas Christin for figuring out how the infection worked and resolving it. And thanks to Tyler Moore for connecting us to them!

Another Attack on Anonymity

May 30th, 2010 by Harry Lewis

Is it really a threat to our national security that people can pay cash for prepaid cell phones? That is the thought behind federal legislation that has been introduced in the Senate by Democrat Chuck Schumer and Republican John Cornyn. To buy a phone you would have to provide identification and the retailer would have to retain the information for 18 months. In Schumer’s words,

This proposal is overdue because for years, terrorists, drug kingpins and gang members have stayed one step ahead of the law by using prepaid phones that are hard to trace. We caught a break in catching the Times Square terrorist, but usually a prepaid cell phone is a dead end for law enforcement. There’s no reason why it should still be this easy for terror plotters to cover their tracks.

Of course, as they say, if you have done nothing wrong you have nothing to worry about.

As Jim Dwyer points out in the New York Times, a lot of people other than gangsters and terrorists like the anonymity of prepaid phones. Tipsters contacting journalists, and journalists calling tipsters who don’t want to be receiving identifiable calls. Battered women. Cheating spouses.

It’s an old story. We can make it harder for the bad guys to hide by enabling the government to track everything we do. Where do we draw the line and say we’d rather take the risk–when the tradeoffs are so hard to quantify, and the worst case scenarios so terrifying?

It’s coming, I’d guess; as is registration for Internet services, already the law in South Korea. When the left (which is happy with more social intervention and control) and the right (which foresees the end of civilization in the bungling Times Square bomber) line up, the libertarian arguments don’t have much traction.

But wait: In Mexico you have to register your cell phone, and there is widespread resistance! I wonder why.

As the government pushed citizens to register their phones, the newspaper El Universal sent a reporter out to the notorious black market bazaar in Mexico City known as Tepito and found that for $12,000 a person could buy the complete data set for every registered voter in Mexico — their names, addresses, dates of birth, driver’s license and social security numbers. The vendors said their best customers included organized crime and police agents.

The technical term for that is “repurposing” data.

Another “How We Could Know Less”: South Africa Wants to Ban Internet Porn

May 29th, 2010 by Harry Lewis

Democracies are remarkably ready to adopt the censorship technologies of nations they claim to loathe. Our example du jour is the government of South Africa, which proposes to ban Internet pornography. All of it — not just bad stuff like child pornography.

And why not, say the social arbiters within the government? A deputy Home Minister says, “Cars are already provided with brakes and seatbelts… There is no reason why the internet should be provided without the necessary restrictive mechanisms built into it.”

There are a few problems with this idea, to say the least. First is that it won’t work. Any filter will fail to detect encrypted images — though of course you could outlaw encryption. Problem is, you probably want your banking transactions encrypted.

So any porn detector is going to have lots of false negatives.

But there are the false positives too. This is the old problem of figuring out what the government censors will consider pornographic. Perhaps South Africa has figured out how to define it, but I doubt it. Will anatomical atlases be banned? Breastfeeding guides? Sex manuals, for that matter? What about The Ecstasy of St Teresa? Somebody has to decide, and where there is legal liability for guessing wrong, a great deal of worthwhile material will be redacted. Self-censorship works rather well, actually.

The Power of Social Networking

May 27th, 2010 by Harry Lewis

I must come across as a grump about social networks since I have complained about the Facebook privacy issues so much lately. Today I am happy to share a, well, happy story.

Faithful readers may remember my blog post about Dan Reetz, the genius of the Do It Yourself book scanner. Two friends passed on this Newsweek piece about how he used Metafilter, a community blog, to marshall help for two young and naive Russian women of his acquaintance who were, almost certainly, being lured into a sex trafficking ring in New York City. This was a hard one for the social web to respond to, because the women refused to accept help. Someone on Metafilter volunteered to take the women in and persuaded them to hang out at her place rather than meeting a mysterious person at a shady night club to work as “hostesses.” Money appeared too. It’s the sort of story that restores your faith in human nature, and the potential of the Web to concentrate and focus it as a force for good.

Dan is, by the way, on his way to a job working for Disney Research, which is just perfect. He is creative and fun and just cool, a good old-fashioned artisan-engineer-artist. Here is another summary of the story.

Ireland Leads the Way in Internet Filtering

May 26th, 2010 by Harry Lewis

Ireland is implementing a very aggressive Internet filtering scheme. The nation’s largest ISP, Eircom, will be getting the IP addresses of alleged offenders from Irma, the Irish Recorded Music Association. Once Eircom has identified the owner of the account associated with the IP address, it will initiate an increasingly threatening contacts. As the BBC News explains,

Initially they will be sent a letter and a follow-up phone call from a new unit set up by Eircom to deal with the issue. They may also get a pop-up warning on their screen.

If they are identified a third time they will have their service withdrawn for a week and, if a fourth infringement occurs, will be cut off for a year.

What about the EU’s rejection of three-strikes laws as human rights violations? Nonsense, says the head of Irma, Dick Doyle. They have it backwards.

“The European Parliament has been talking about internet access as a basic human right. It absolutely is not. Intellectual property protection is a right.”

Look forward to other countries following suit, including our own, if the AntiCounterfeiting Trade Agreement is as rumored.

Sherry Turkle gave a talk at Harvard recently, not about any of these issues, in which she spoke movingly of her immigrant mother telling her that the great thing about America is that the government can’t open your mail. In the US, if a music CD arrived in our home via the postal service, the government couldn’t open the envelope to check it, without a warrant based on probable cause. Stay tuned for the rules for the Internet to be exactly the opposite.

Facebook sort of apologizes, and fixes one problem

May 26th, 2010 by Harry Lewis

A couple of days ago Mark Zuckerberg had an opinion piece in the Washington Post explaining that Facebook would be doing another rev on its privacy policies. Here are some key sentences:

The biggest message we have heard recently is that people want easier control over their information. Simply put, many of you thought our controls were too complex. Our intention was to give you lots of granular controls; but that may not have been what many of you wanted. We just missed the mark.

We have heard the feedback. There needs to be a simpler way to control your information. In the coming weeks, we will add privacy controls that are much simpler to use. We will also give you an easy way to turn off all third-party services. We are working hard to make these changes available as soon as possible. We hope you’ll be pleased with the result of our work and, as always, we’ll be eager to get your feedback.

We have also heard that some people don’t understand how their personal information is used and worry that it is shared in ways they don’t want. I’d like to clear that up now. Many people choose to make some of their information visible to everyone so people they know can find them on Facebook. We already offer controls to limit the visibility of that information and we intend to make them even stronger.

There are two threads here. The first is that the privacy controls were too granular and too complex. Certainly true, as the NYT graphic beautifully illustrated. Second is that not everyone wants lots of stuff public. Certainly true also. Glad they are addressing both problems. Or are they?

The tonal problem remains, I am afraid. The implication is that we geniuses at Facebook thought everything was cool, the problem was with the users. “Many of  you thought our controls were too complex.” Well, no; they were too complex. The point of privacy settings is so people, ordinary people, can keep stuff private. It shouldn’t take hundreds of clicks to do that. You are a consumer oriented company now, and the customer is always right. Imagine if a washing machine had a hundred knobs on it and had to be retrofitted. Would Whirlpool say “Many of you thought our controls were too complex”? Why didn’t Facebook run some user tests first?

And then there is the problem of defaults. Zucerberg’s post contains no hint that the defaults are wrong. In fact, there is deceptive language that suggests that the defaults are other than they are. “Many people choose to make some of their information visible to everyone.” No; “choose” suggests opt-in; the fact is opt-out. You, MZ, chose, on behalf of all of us, that some of our information will be visible to everyone, unless we do something to hide it. Big difference.

At least the programmers got cracking and fixed the data leakage Ben Edelman pointed out. But this was a kind of design bug that never should have happened in the first place. It wasn’t a coding error; they just failed to have some smart person looking over the engineers’ shoulders for privacy issues with their implementation. Again, some process failure is evident here.

Finally, the character-of-the-leader issue isn’t helped by the report that came out a couple of months ago that Zuckerberg, while still at Harvard, had used failed Facebook login attempts to guess email passwords of student journalists. Now there is a place where you really can only trust your web site. How would you ever know that when you type the password for one site into another, that the second isn’t grabbing the key you typed to see what it might unlock?

So the question will remain in the minds of lots of people: Can Facebook be trusted with personal information? I am betting there will be increasing Congressional interest in that question.

Mark Z: Grow Up

May 23rd, 2010 by Harry Lewis

The more I learn about Facebook’s privacy problems, the more I am confirmed in my original guess about the root cause. It just looks like the company is being run by adolescents, or twenty-somethings whose idea of profitable fun and games is more appropriate for badly behaved teens.

So Mark, here is some unsolicited advice from your old college professor. It’s amazing what you’ve accomplished. A social network with 400 million people, how cool is that? But now you’ve got to grow up. There is a flesh and blood human being behind every profile. Those are real guns you are playing with now, loaded with ammo.

I had to read Ben Edelman’s post twice to be sure what it described was as simple as it seemed to be. Facebook claims — and has claimed repeatedly, including on occasions when its claim has been challenged — that when you click on an ad that appears on a Facebook page, the advertiser does not learn your Facebook identity, and all the profile information that lies behind it. Of course, the advertiser will know something about you, because it will have given Facebook some demographic parameters to limit who is shown the ads. So if the advertiser bought advertising space on Facebook and said it wants its ads shown only to people under 30 in the Boston area, when somebody clicks on an ad, Facebook will know that the person is under 30 and in the Boston area. But it shouldn’t know that the person is samjones478 or whatever; that would reveal a great deal more about the person who clicked, especially if samjones478 had accepted Facebook’s new default publicity settings (what Facebook misleadingly calls its “privacy settings”).

As recently as six weeks ago, Facebook was declaring flatly that it doesn’t share your identity with advertisers. “We don’t share your information with advertisers unless you tell us to (e.g. to get a sample, hear more, or enter a contest).” said Facebook’s Barry Schnitt. “Any assertion to the contrary is false. Period.” And that is a consistent line, not a Blumenthalian momentary lapse of precise language.

Turns out, it just isn’t true. When you click on an ad while you are viewing your own profile, or a page linked to from your profile, your username is part of the URL. The advertiser, before taking action on your click, can check your profile and customize its offer based on the personal information it finds there.

How useful is that information to an advertiser?

Well, consider the study Jeremy Bailenson did at Stanford at the time of the 2004 presidential election. Voters were shown pictures of the candidates, but only one of the candidates was actually shown accurately. The other candidate’s picture was morphed with a small amount of the subject’s own face (the subjects were on camera during the experiment). Voters’ preferences shifted significantly toward the candidate with whom the voters’ face had been morphed — and not one subject noticed the deception.

Since Bailenson talked about this at the Berkman Center last year, I have been thinking that images of our faces are a gold mine for advertisers. Now we have a too-good-to-be-true source of high quality facial images. Before serving an ad, the advertiser could just grab our profile photo and morph a little bit into a face appearing in the ad, to make it more effective.

Back to the main point. Facebook’s data on us is very valuable commercially. The changes to the privacy policies are not about creating a better social experience for us. They are about monetizing what Facebook knows about us. Fair enough; they are a business. But Facebook needs to be open about what it is doing. It needs to stop baiting and switching. And it absolutely needs to stop lying, which seems to be the appropriate term given that Facebook has continued to claim that it is not sharing user information even though it was put on notice months ago that it was doing exactly that.

Postscript: A friend pointed me to this account of IM’s from Zuckerberg back in his college days:

Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend’s Name]: What? How’d you manage that one?

Zuck: People just submitted it.

Zuck: I don’t know why.

Zuck: They “trust me”

Zuck: Dumb fucks.

A fabrication? Possibly. But it sounds right. The company issued a reassuring statement but would neither confirm nor deny the authenticity of the instant messages. But there is sweet irony in the idea that Mark’s own age-19 misjudgment about openness would come back to bite him as his company struggles to persuade its 400 million users that it truly does deserve to be trusted with their private information.

All the news on the privacy front

May 20th, 2010 by Harry Lewis

Lots of news items today on the privacy front.

The new Conservative-Liberal Democrat coalition government in England has launched a remarkably aggressive campaign to unwind the ubiquitous surveillance that was put in place through the years of the Labour government. The deputy prime minister refers to a “culture of spying on its citizens” and says “It is outrageous that decent, law-abiding citizens get treated as if they have got something to hide.” In the U.S. the politics of surveillance seem to be the reverse of the attitudes in England. Here it is the left that complains about the violations of individual liberty occasioned by surveillance, either governmental or commercial, and it is the right that defends surveillance, either as an aid to law enforcement and national defense, or as a free exercise of unrestrained capitalism.

Here, thanks to Larry Denenberg, is a terrific CBS News segment on the privacy risks due to copy machines, which in the modern era are nothing more than scanners attached to computers — with hard drives. Those hard drives hold huge amounts of data, which doesn’t get deleted between jobs. Just as in the case we report in Blown to Bits about the data that can be recovered from the hard drives of used personal computers, a LOT can be recovered from the disk drives of used copiers. I feel rather foolish that this never occurred to me. What happens to your office copier when it breaks down and is replaced, or worse, is traded in for a newer model? Do years of office documents go with it, unencrypted? Among the more interesting things about this video is the revelation that there actually is a proper auto-delete feature available on Sharp copiers — a few extra lines of code for an extra $500, which is about the price of an entire PC today, with Windows installed.

Thanks to Hanspeter Pfister for pointing me to this terrific graphic on how Facebook’s privacy policies have become weaker over the years, and this site that helps you check and modify your own Facebook privacy settings. The New York Times graphic from a few days ago on Facebook privacy also is worth a thousand words (or 5,830, which is actually how long Facebook’s privacy policy now is).

Finally — I was on Emily Rooney’s Greater Boston show last night with Tim Wong, until recently of the Berkman Center, talking about the backlash against Facebook’s new privacy model.

Facebook Privacy: An Oxymoron, again

May 5th, 2010 by Harry Lewis

A bug allowed private chats to be publicly viewable.

People who wonder whether Facebook takes their privacy concerns seriously should be forgiven for wondering.

The (North Carolina) Government Wants to Know What You Bought

April 20th, 2010 by Harry Lewis

Massachusetts has started to get a bit more insistent about collecting MA sales taxes on goods purchased out of state–including over the Internet. This year’s return invited me either to list the actual amount paid and pay the Massachusetts rate on the total, or to pay a “safe harbor” tax on my income. Pay the safe harbor rate and I am exempt from harassment for my out of state purchases, even if I get audited and it turns out I would have owed the state much more based on my actual purchases.

I found this annoying. But actually it seems to me correct. I don’t imagine people were paying those taxes until the safe harbor was introduced, and if I don’t like the safe harbor, I can keep track of all my Amazon purchases and whatnot and pay the 6.25% on those. I can object to the whole notion that stuff I buy out of state and bring or have shipped in state should be taxed, but until somebody changes the rules, that is the way the rules read.

Now the state of North Carolina has done Massachusetts one better and has handed its comparable tax collection problem to Big Brother. The state has demanded that Amazon turn over to its tax authorities detailed, itemized records of everything shipped to anybody in the state. (Amazon has no business address in North Carolina. Only customers are there.)

That’s a lot of data, but of course that’s not the problem. Amazon has it, not just for billing purposes but so it can pitch you different suggestions on rainy Tuesday nights if it notices that you particularly like ordering steamy romances on evenings like that. The granularity of the data is extremely fine, and the state wants it all. Amazon provided some anonymized information — not sure I am happy even with that, given how easily apparently anonymized data can be re-identified — but it doesn’t matter, because the state was not content with that. It wants names and addresses.

Amazon is resisting, thank goodness, on First Amendment grounds–citing individuals’ right to read anonymously. But aren’t there Fourth Amendment issues, too? Given constitutional guarantees of security against unreasonable searches, what possible justification could the government have for demanding to know the shoppings lists of ordinary citizens, not under suspicion of anything?