SCA atarax without prescription is associated with reduced life expectancy, along with an increased buy generic lipitor no prescription usa risk of comorbid, potentially fatal, diseases. People should contact a lasix low price doctor if they experience chronically discolored or thick nails, or buy synthroid lowest price nail separation. Before approving coverage for Elahere, your insurance company buy retin-a may require you to get prior authorization. The ACS notes buy remeron online that it is unclear if lymph node dissection can cure xalatan no prescription cancer that has spread to these areas, but some doctors kenalog no prescription believe that it may prolong a person's life and ease cheapest griseofulvin the pain of cancer growing in the lymph nodes. If clonidine without prescription you develop TB or another serious infection during Inflectra or cheapest cephalexin Remicade treatment, your doctor may pause your use of the purchase cheap prednisolone sale overdose drug until your infection is treated. Ableism is the belief that.

Anyone who wants to work in the new administration has to fill out a questionnaire with 63 extremely intrusive questions. Obama is doing everything he can to avoid surprises, like the Clinton nominees with their under-the-counter nanny payments. But many of the questions are questions only being asked because of the digital explosion and the resulting permanence of detailed information. Here are a couple of my favorite queries (emphasis mine):

Writings: Please list and, if readily available, provide a copy of each book, article, column or publication (including but not limited to any posts or comments on blogs or other websites) you have authored, individually or with others. Please list all aliases or “handles” you have used to communicate on the Internet.

Electronic communications: If you have ever sent an electronic communication, including but not limited to an email, text message or instant message, that could suggest a conflict of interest or be a possible source of embarrassment to you, your family, or the President-Elect if it were made public, please describe.

That is, “Of course, your potentially embarrassing private emails may not disqualify you, not at all. But please tell us about them. And thank you for these details! We always wondered who ‘hilarysux2008’ was, glad to know.”

NYT story here.

Seems to me there are three possibilities here. Either people are not going to work in the administration because of these disclosure requirements. Or the ones who do will be adventureless people who have never taken a risk or had much fun.

Or they will be liars.

Whatever it is, in 10 years, I’m betting, the balance will be struck in a different place.

In a blog post entitled “Windows 7 knows where you are,” Ina Fried goes through the location-tracking capabilities of Microsoft’s next-generation operating system. It will have API’s — hooks for application programmers to grab onto — that will return device’s spatial location, whether revealed through a GPS, triangulation of cell phone towers, or other technologies. That will make it easy to write location-sensitive search engines, for example — so that if you search for “pizza,” you get links, sponsored or not, to pizza parlors near where you actually are, rather than to the world’s most popular pizza chain.

Of course, there are huge privacy issues here — might Microsoft, or the search engine, keep tab on your movements, for analysis or marketing purposes having nothing to do with your searches? Microsoft acknowledges the problem, and has built in some switches the user can turn off. But it sounds to me like the convenience of good searches and the entertainment value of letting your friends know when you are near them will lead most young people, at a minimum, to leave all the switches on all the time. And the controls that are supplied aren’t exactly what you’d probably want — you might like to leave the location-tracking on for an app that gives driving directions, but off for a social networking app. Can’t be done — it’s all or nothing — due to intrinsic limitations of Windows.

Microsoft does give a range of control options, such as turning off location services by default, as well as the ability to limit such services only to specific users or only to applications, as opposed to services that run in the background. However, the operating system doesn’t allow users the option of letting only certain applications access your location. So, for example, if you turn it on for a mapping program, any other Windows application running could also access that information.

The reason, Microsoft officials say, is that Windows doesn’t have a reliable means of determining that an application is what it says it is, so any attempt to limit the location to a specific application would be easily spoofable ‚Ķ.

As we’ve written before (here and here), geolocation is the new cultural frontier.

Talk about cases the Founding Fathers could not have anticipated. A federal court has ruled that computing the hash of a data file (a picture, for example) is a search, and is therefore subject to Fourth Amendment restrictions (that is, the police are supposed to get a search warrant before doing it).

What’s a hash? Hashing is a way of squeezing a lot of data down into a few bits. The same input will always give you the same output (which is called the hash, or the hash value). But because some information is inevitably thrown away in the squeezing process, it’s possible (in general) for two different inputs to give you the same output. The trick in the design of hashing algorithms is to make that unlikely.

Let’s take an example. Suppose we want to check to see if the photograph we have is one of a list of bad photographs (known child pornography, for example). Just storing all the photos on the bad list would take a huge amount of space. But we could hash each of them and just store the hash values. Then we could check our suspect photo against the list of bad photos by computing its hash and seeing if that value was in the list of hash values of bad photos. That check would be quick. Of course, if we got a match, before we arrested anyone, we’d want to compare the photos themselves just to make sure we hadn’t gotten an accidental “collision” where two photos happened to have the same hash.

A simple example of a hashing algorithm would be to treat the image as a sequence of 24-bit numbers and just add them all up, throwing away any numerical overflows. (Like doing arithmetic and just hanging onto the rightmost digits.)

Here’s how Arstechnica reports the relation of all this to the situation of one Robert Crist.

Crist had fallen behind on his rent, and his landlord hired a father-and-son pair to move the delinquent tenant’s belongings out to the curb, where a friend of one of the movers, Seth Hipple, picked up Crist’s computer. When Crist returned home, he began freaking out over his vanished machine‚Äîwhile Hipple was freaking out over what he’d found in a folder on the hard drive: Videos appearing to depict underage sex, which he promptly deleted.

Hipple called the East Pennsboro Township Police Department, and though the computer had been reported stolen, it soon found its way to the Pennsylvania Attorney General’s Office, where special agent David Buckwash made an image of the hard drive and began sifting through its contents using a specialized forensics program called¬†EnCase. Rather than directly examining the contents of the hard drive, Buckwash initially ran the imaged files through an MD5 hash algorithm, producing a unique (for practical purposes) digital fingerprint, or hash value, for each one. He then compared these smaller hash values with a database of the hash values of known and suspected child porn, maintained by the¬†National Center for Missing and Exploited Children. He came up with five definite hits and 171 videos containing “suspected” child porn. He then moved to gallery view, inspecting all the photos on the drive, and ultimately finding nearly 1,600 images that appeared to be child pornography.

No warrant had been sought to do any of this, however, and the judge threw out the evidence gathered from Crist’s computer as a result.

The government is likely to appeal, and a lot rides on the case. If, for example, the ruling is overturned and hashing isn’t a search, then the government would not need a warrant to go to your service provider’s central servers and hash every file, looking for illegal materials.

The British government is proposing to log every telephone call, the address of every email, and every web site visited by everyone in the UK. To fight terrorism, of course.

Bits like these should be regarded as toxins. In theory they can be confined, but the public should be alarmed that so many are being kept, and so little reassurance can be provided about how they are to be contained. As a nice example to ponder, the Washington Post reported yesterday that the Maryland State Police had classified 53 nonviolent protesters as terrorists and entered their identifying information into state and federal databases that track terrorism suspects. What one police official called “fringe people” who needed to be tracked were activists against the death penalty, with no history of violence.

But here’s the best part. Police stated that “the activists’ names were entered into the state police database as terrorists partly because the software offered limited options for classifying entries.”

We’ve all experienced that. Press 1 for this, 2 for that, 3 for a third thing, and what you actually want is none of the above, so you are forced to pick one of the other options. Sometimes this is just bad user interface design; sometimes it is a way of encouraging people to select an option for which you are trying to drive traffic, for commercial reasons, for example. Intentionally or not, this interface bloated the national count of terrorism suspects, at the cost of the personal liberty of innocent people, who are now likely to get shaken down at airports.

And no one can say how many other databases may have been infected with this bogus information.

British civil liberties groups are protesting the data-logging plans, and the government is trying to reassure folks by saying that it’s “only” the addresses and phone numbers that will be recorded, not the contents.

1984 is here to be sure.

In Chapter 2 of Blown to Bits we discuss the Total Information Awareness program, which was cut short but replaced by several other programs aimed at identifying terrorists by sifting through massive quantities of everyday data. A National Research Council report released today comes to the conclusion that such data mining efforts don’t work very well and wouldn’t be a good idea even if they did. The panel is no bunch of hippie leftists; it includes a former Secretary of Defense, computer science experts, and a former president of MIT.

The CNet summary of the report is here. The bottom line:

The most extensive government report to date on whether terrorists can be identified through data mining has yielded an important conclusion: It doesn’t really work.

A National Research Council report, years in the making and scheduled to be released Tuesday, concludes that automated identification of terrorists through data mining or any other mechanism “is neither feasible as an objective nor desirable as a goal of technology development efforts.” Inevitable false positives will result in “ordinary, law-abiding citizens and businesses” being incorrectly flagged as suspects.

This reminds me of the NRC report on strong encryption (Chapter 5), which recommended against legislative efforts to prevent the export of encryption software. It didn’t immediately settle the political argument, but eventually reason won out. Will reason prevail here, and will we go back to a probable-cause basis for searches of our personal information? Or will we act on arguments like the one Senator Gregg used in favor of regulating encryption: “Nothing’s ever perfect. If you don’t try, you’re never going to accomplish it. If you do try, you’ve at least got some opportunity for accomplishing it”?

A report out of the University of Toronto, sponsored by the OpenNet Initiative, reveals that text messages sent via the Chinese variant of the popular Skype software, known as TOM-Skype, are not only filtered and censored, but stored, apparently for later analysis. The report is only 12 well structured pages and easy to read. There is also a New York Times story about these discoveries.

In 2005, Skype, which is owned by eBay, formed a business relationship with TOM Online, a Chinese provider of wireless services, to launch the Chinese version of Skype called TOM-Skype. The service advertises end-to-end encryption, making it a favorite of dissidents and democracy advocates. The Epoch Times reported, for example,

Skype has become a popular communication tool among democracy activists in mainland China in recent years. Due to its excellent vocal clarity, fewer imposed restrictions, and an end-to-end encryption feature making it difficult to monitor, many Chinese democracy activists have favored Skype over traditional telephones and other similar communication tools.

It’s been known for some time that not all text messages were getting through, and that mentioning Falun Gong and such prohibited institutions would cause messages to go undelivered. When called on it, Skype claimed that the messages were simply discarded. Not true.

Not only not true, but drastically not true. The full text of the messages is retained on servers in China along with the identifying information about their source and destination — and so are some messages without any significant keywords, apparently logged based simply on their sender and recipient information.

Due to weak security on the TOM-Skype servers, the researcher was able to download more than one hundred thousand messages and analyze them. Many mentioned the Communist Party or quitting the party or Falun, but others mentioned democracy, the Olympic Games, Taiwan, or milk powder.

The technology is there to do the surveillance — and much of it is in private hands, cooperating with governments in highly profitable ventures that are not what they seem to be.

Skype unequivocally states that there is no surveillance of voice conversations. But why should anyone believe them?

Verizon and AT&T have announced that they will not track their customers’ Internet wanderings without their explicit request. The key is that the default is no tracking; only if the customer affirmatively “opts in” to tracking will it occur.

ISPs were getting some heat from Congress because of privacy concerns, so the move by these ISPs surely is enlightenment prompted by anticipation of a mandate. Nonetheless, it’s not a small matter. The data on what we do on the Internet is an extremely valuable commodity, and these companies might have put up a stronger fight for their right to collect it. Comcast, will you please adopt the same posture?

The Washington Post story on this makes several important points. The opt-in provision is likely to result in a very low level of participation in tracking, unless customers who are being tracked have a perceptibly better experience than those who do not. Still, with millions of users, a lot of data can be collected even if participation is low in percentage terms.

Nothing in the announcement by these service providers limits what individual web services can do to collect data about you by storing cookies on your computer. That mechanism aids the targeting of advertising toward your particular interests. And while informed consent and education about privacy should be major goals for the industry, it is worth remembering that the explosion of the Internet as a service to noncommercial users is largely funded by advertising revenue. Though one should always be skeptical about sky-is-falling statements by trade group representatives, there is some truth to this claim:

“If Congress required ‘opt in’ today, Congress would be back in tomorrow writing an Internet bailout bill,” said Mike Zaneis, vice president of public policy for the¬†Interactive Advertising Bureau, a trade group. “Every advertising platform and business model would be put at risk.”

After yesterday’s anguished report on surveillance of children, let’s try something today that at least starts off on a lighter note.

A report out of New Zealand says that of all the time people spend online while in the office (and for many people, that is most of their office time), about a quarter of it is spent doing personal business. And more than three-quarters of all emails sent from office computers are personal.

Ah, I hear you cry, but it makes me so much more efficient that I get more done than I used to.

Maybe.

And someone in the story points out that it’s better for the business if we do our banking online from our desk than if we take half an hour to walk to the bank.

Maybe.

In any case, these reports cause the corporate efficiency experts to do the lost-time calculations, the vast cost to business of this wasted time. If only we could get our employees to focus on their work, we’d be more competitive.

And it is exactly these considerations that drive companies to install on office computer tools like the ones we discussed yesterday for children — software that monitors what web sites employees are going to, and perhaps blocks certain external connections. (There are other reasons as well. Not a good thing if you email your friend Mary in Oklahoma the spreadsheet you meant to email Mary in accounting.)

The cultural issues are going to take some time to sort out, but once put in place they tend to be hard to move. So read your corporate privacy policy. As we note on page 57, Harvard’s employee privacy policy is surprisingly Orwellian, though I am confident that it’s never used the way it’s written:

Employees must have no expectation or right of privacy in anything they create, store, send, or receive on Harvard’s computers, networks, or telecommunications systems. …. Electronic files, e-mail, data files, images, software, and voice mail may be accessed at any time by management or by other authorized personnel for any business purpose. Access may be requested and arranged through the system(s) user, however, this is not required.

I was pretty shaken by the end of the first day of the Internet Safety Technical Task Force yesterday. I had a meeting right afterwards, which I entered by yelping a primal scream.

All day yesterday, company after company gave presentations on how their products would help keep little Johnnie safe from predators and away from pornography. (You can check the conference program for the names of these businesses and hot links to their products. I should hasten to add that while I didn’t like much of what I was hearing, the meeting was run flawlessly — civil and lively and punctual too. Congratulations for a superb job by John Palfrey and the Berkman Center staff.) Some of the businesses offering solutions then answered the question of what we should do when Johnnie, frustrated with his overbearing parents, goes down the street to Libertarian Libby’s home, where the computer has no spyware: If we didn’t either keep Johnnie out of Libby’s house, or walk down the street ourselves and sell the same product to Libby’s parents, well, we were bad parents.

I tried to make the point that it is developmentally unhealthy to surveil your kids constantly, and safety was not the only value at stake. Growing up and learning trust and self-reliance are important too. Absolutely, was the answer. When your cell phone rings half a continent away because our product just caught Johnnie typing “boobs” into his Web browser, that creates a great opportunity for parent and child to sit down for a heart-to-heart.

I rather think that kids growing up in a 1984 childhood will expect to live in a 1984 adult world, with Big Brother watching over them constantly.

In any case, I am given to understand that there actually isn’t any evidence that predation on children is on the increase, in spite of the Internet horror stories, some of which we repeat in Blown to Bits. (One company actually reported that after monitoring tens of thousands of children, they had reported exactly 3 potential predators to the police.) Moreover, children who are victims are statistically likely to have other issues, and to come from families whose parents (if they have any) wouldn’t spend their nights worrying about their children’s safety. Child predation is a problem, but there are worse problems at which societal resources should be directed (for example, brutal child pornography is on the rise, I understand). Where we seem headed with Internet safety seems mad.

Several of the companies reported that the would retain the information they collected “forever.”

The fundamental problem with the agenda the states’ Attorneys General laid out is that it is premised on a moral and perhaps legal presumption that parents have an absolute right to know everything that their minor (under 18) children are saying and hearing. If society worked that way, it would never make any progress, as the prejudices and taboos of the parents would be handed on perfectly from one generation to the next. That isn’t social conservatism; that’s the preservation of human ignorance.

I am sitting in the meeting of the Internet Safety Technical Task Force at the Harvard Law School, in Pound Hall. Meetings go on the rest of today and through noon tomorrow, and are free and open to the public. There are two separate issues: How can you tell if someone claiming to be a child (when registering for a Myspace account, for example) really is a child (rather than a child predator, for example). And how can you tell if someone claiming to be an adult really is an adult (rather than a 13-year-old boy, for example, trying to look at dirty pictures).

I find the level of interest and investment in these questions quite remarkable, in the absence of data showing that child predation is on the increase or that the number of young adolescents trying to satisfy their curiosity can be decreased. The session was kicked off with remarks from the Attorneys General of both Massachusetts and Connecticut.

And there is almost no acknowledgment of the social costs of heavy identity verification technologies — for example that children who want to learn whether it’s really true that you can’t get pregnant the first time, as they’ve been told by their social peers, will be discouraged from finding the truth on the Internet if their parents don’t want them to get it. It’s neither practical nor (I think) lawful to keep older children away from information they want to get, but that seems to be the way the world is moving. The AG of Connecticut put a grand challenge to the group: “If we can put a man on the moon, we can find a way to make the Internet safe.” Sure — if you don’t mind restricting the free flow of lawful information between willing speakers and willing listeners.

A lot to think about here.