Blown To Bits

Archive for the ‘Uncategorized’ Category

Second Edition Now Available

Monday, August 30th, 2021 by wseltzer

Much has changed since Blown to Bits v1 was published — yet many of the same principles can still guide our thinking about the world of bits.

The Second Edition adds new consideration of artificial intelligence, algorithmic discrimination, and the rise of social media’s new gatekeepers. We track privacy developments after Edward Snowden’s revelations of NSA spying and mass personalization, and watch copyright wars shift from peer-to-peer to streaming (and stream takedowns). We follow as bits perfuse our lives and homes — join us!

Moving on

Monday, December 20th, 2010 by Harry Lewis

So that I can blog about a wider range of subjects, I am moving my blogging activity over to a new Bits and Pieces blog. I’ll keep up my discussions of the digital explosion there, but I’ll also be talking about education and other issues of the day. See you there!

The News on Internet Censorship

Tuesday, July 13th, 2010 by Harry Lewis

Either it’s an election year, or the Massachusetts Legislature and Governor don’t understand how the Internet works. Or both.

Close readers of this blog will remember my discussion back in February of a case in Massachusetts where some creep got off the hook for sending lewd text messages to a child, because the relevant statutory definition of “matter” not to be disseminated did not include text messages. At the time, I said that the definitional problem was easily remedied.

So the Commonwealth remedied it, by including not just text messages but the entire Internet. The new clause in the definition reads as follows:

any electronic communication including, but not limited to, electronic mail, instant messages, text messages, and any other communication created by means of use of the Internet or wireless network

This definition certainly plugs the legal loophole through which that creep escaped after sending little Johnny a text message. Unfortunately the clause also captures Johnny finding his way to the online edition of Fanny Hill, or Memoir of a Woman of Pleasure, or to a site such as Dr. Marty Klein’s “sexed.org,” which gives “Straight Talk on Sex, Love, and Intimacy.” It may also include this site, since I just linked to that 18th century novel and that 21st century advice site. And maybe it applies to any social networking site where someone posts a comment linking to any of the above.

The problem, as ArsTechnica explains, is that “disseminate” is a term carried over from the days when one obtained information by going into a bookstore and buying it. The clerk at the book store could look at Johnnie and tell he was 13, or ask him for an ID if he looked like he might be 17 rather than 18. It also nicely covered sending obscene stuff telephonically or by postal delivery, since those are person-to-person media. The way information flows through the Internet makes it impossible to know where it is going. And there is nothing in the statute that restricts the crime to cases in which you actually know that you’ve reached a minor. You just have to reach a minor, and to know that what you disseminated is harmful to minors.

Dr. Klein, the ACLU, Harvard Book Store, and several other plaintiffs have asked for an injunction blocking the law, which took effect yesterday. The complaint (pdf, 44 pages) makes a number of strong points, of which perhaps the most disturbing is this:

The United States Congress and the states of Arizona, Michigan, New Mexico, South Carolina, Vermont and Virginia previously enacted laws which, like Sections 2 and 3, applied the harmful to minors test to Internet speech. All of them were either held unconstitutional or enjoined on First Amendment grounds. Ohio and Utah also passed such laws. The Ohio statute has been narrowed by the courts to constitutional dimensions. The Utah statute is being challenged in federal court and has been preliminarily enjoined.

This is where I begin to wonder about the effect of the election cycle. Why enact a censorship law pretty much identical to others that have been ruled unconstitutional, if not because it will be politically popular to do so?

In the same vein, the National Review offers an article by Jonah Goldberg and Nick Schulz, Gated or X-Rated? The authors ridicule the open-Internet gurus, and defend Apple for its effort to create a walled garden with no porn. They encourage legislative measures that will support private-sector solutions to the problem of children seeing bad stuff–their particular proposal is the creation of a .kids domain, where only child-friendly stuff would appear. (And where apparently it would be impossible for any 17-year-old to find a link to sexed.org.) The authors specifically call out Free Press and Public Knowledge for transforming the Internet’s “sensible design principle into something approaching an ideology.” “… [T]he culture of the Internet is to oppose anything approaching actual culture. Strong cultures edit and constrict,” they say. Well, it depends what you mean by “culture.” What is the culture of paper, or of books? There isn’t any. Anything goes. Of course society can control what gets printed–except that the culture of the U.S., as defined in its constitution, is that it can’t be controlled very much–and not in ways, as the Supreme Court has repeatedly held, that would unreasonably restrict what adults can legally see.

Nonetheless, Goldberg and Schulz argue, we should have more edited, constricted, walled-off parts of the Internet. They use the metaphor of the “frontier” to describe the goal of the Internet utopians, suggesting that their real agenda–Noam Chomsky gets a shout, of all people–is anti-corporate.

In addition to the practical problems of keeping a big part of the webby structure sterile, the problem is that every attempt to legislate Internet safety has proved to be over-inclusive, to violate the plain language of the First Amendment. And relying on private parties would be a lot less frightening if the world were not converging on a few private information monopolies. If Google and Apple and a handful of media companies control all the content and all the pipes, the private sector “alternatives” become the sole sources.

Recommended reading: Closing the Digital Frontier, in the Atlantic, by Michael Hirschorn. It is an apt metaphor, but it leaves one thinking that Goldberg and Schulz have nothing to worry about. All the digital land is going to be owned and controlled by a few private players anyway, and they will make sure that the Internet provides just what best suits their business purposes.

It is always sad to see conservatives, who ought to be the biggest worriers about information freedom, find common cause with the nanny-staters such as our Massachusetts legislators.

Blog rescued!

Thursday, June 24th, 2010 by Harry Lewis

We owe a big debt to researchers at Carnegie Mellon University, who took it upon themselves to disinfect this blog. As reported earlier, it had been riddled with links to an online drug store, which was riding the coat tails of our Google page rank to attract hits. Huge thanks to Timothy Vidas and Nicolas Christin for figuring out how the infection worked and resolving it. And thanks to Tyler Moore for connecting us to them!

Facebook Privacy: An Oxymoron, again

Wednesday, May 5th, 2010 by Harry Lewis

A bug allowed private chats to be publicly viewable.

People who wonder whether Facebook takes their privacy concerns seriously should be forgiven for wondering.

The Forces Align Against Anonymity

Saturday, April 17th, 2010 by Harry Lewis

Stories on successive days in the New York Times make me wonder if there is any hope of preserving anonymity on the Internet. The forces of security and commerce are lining up to end it, and I am not feeling a lot of pushback.

On Friday, there was some apparently happy news: At Internet Conference, Signs of Agreement Appear Between U.S. and Russia. It takes awhile to learn the nature of the common ground between American and Russian cybersecurity experts.

“Anonymity is an invitation to criminals,” General Miroshnikov said.

Mr. Baker agreed, saying, “Anonymity is the fundamental problem we face in cyberspace.”

And then today, there is a stunning report on refinements in the business of discount coupons. The coupons you print off the Internet look generic, but the bar code may have everything but your social security number in it — even including your IP# and the search terms you used to get to the site where you printed the coupon. This information enables aggregation of extremely fine-grained information about your shopping habits — and adjustment of what offers get extended to which customers.

“When someone joins a fan club, the user’s Facebook ID becomes visible to the merchandiser,” Jonathan Treiber, RevTrax’s co-founder, said. “We take that and embed it in a bar code or promotion code.”

“When the consumer redeems the offer in store, we can track it back, in this case, not to the Google search term but to the actual Facebook user ID that was signing up,” he said. Although Facebook does not signal that Amy Smith responded to a given ad, Filene’s could look up the user ID connected to the coupon and “do some more manual-type research — you could easily see your sex, your location and what you’re interested in,” Mr. Treiber said. (Mr. O’Neil said Filene’s did not do this at the moment.) …

“Over time,” Mr. Treiber said, “we’ll be able to do much better profiling around certain I.P. addresses, to say, hey, this I.P. address is showing a proclivity for printing clothing apparel coupons and is really only responding to coupons greater than 20 percent off.”

Is this the Internet we want?

Judge of Google Books Settlement Seems Skeptical

Friday, February 19th, 2010 by Harry Lewis

Yesterday was the “Fairness Hearing” in the Google Books Settlement case. The New York Times has a good report on it. Judge Chin’s questions suggest he is worried that the settlement goes way beyond what was needed to settle the issues between the parties—which is true, of course. A class action lawsuit over copyright infringement should not be a platform for a world-changing business partnership, with the biggest rewards going to the infringer.

Alas, so far I see nothing to suggest that the privacy issues with the settlement have caught the judge’s attention. I found this paragraph from the ACLU particularly interesting:

Because the settlement does not contain any privacy protections for users, Google’s system will be able to monitor which books users search for, which pages of the books they read and how long they spend on each page. Google could then combine information about readers’ habits and interests with additional information it collects from other Google services, creating a massive “digital dossier” that would be highly tempting and possibly vulnerable to fishing expeditions by law enforcement or civil litigants.

Among the reasons Google will rue the day it decided to roll out Buzz as an opt-out product with your social network harvested from your Gmail address book is that it renders worries like the ACLU’s far more credible. With all that useful data about reader behavior, Google itself will be highly  tempted to repurpose it. After all, it has shown itself willing to do that with your address book, which many of us consider confidential information—why not do it with the information about which books, and which pages of which books, you spend your time reading?

The FBI Presses for Web Tracking

Wednesday, February 10th, 2010 by Harry Lewis

Declan McCullagh of CNET reports that the FBI is pressing Internet Service Providers to keep records of what Web sites customers visit and to keep the logs for two years, to assist in its criminal investigations. It has also asked Congress to require ISPs to keep such logs, arguing that it is only trying to preserve the investigative capabilities it had in the telephone era: for 24 years, phone companies have been required to keep for 18 months logs of the toll calls their customers have placed. McCullagh writes,

What remains unclear are the details of what the FBI is proposing. The possibilities include requiring an Internet provider to log the Internet protocol (IP) address of a Web site visited, or the domain name such as cnet.com, a host name such as news.cnet.com, or the actual URL such as http://reviews.cnet.com/Music/2001-6450_7-0.html.

While the first three categories could be logged without doing deep packet inspection, the fourth category would require it. That could run up against opposition in Congress, which lambasted the concept in a series of hearings in 2008, causing the demise of a company, NebuAd, which pioneered it inside the United States.

Many interesting details there, in particular that the line between “content” and “non-content” information is so fuzzy on the Internet. Would search queries, for example, be content or non-content?

This is way too much information retention.

What Matter Is

Saturday, February 6th, 2010 by Harry Lewis

“There needs to be some legislative changes to the definition of what matter is,” the head of the Massachusetts District Attorneys said yesterday, after the Supreme Judicial Court read the state laws very closely and agreed with the defense that lewd text messages were not “matter” as defined in state law. It’s a great example of how hard it is to write laws that both stay current as technology changes, and are not so over-broad, in an effort to cover cases no one has yet thought of, that they unintentionally wind up criminalizing innocent activities.

Here is the heart of the statute (MGL Chapter 272, Section 28):

Section 28. Whoever disseminates to a minor any matter harmful to minors, as defined in section thirty-one, knowing it to be harmful to minors, or has in his possession any such matter with the intent to disseminate the same to minors, shall be punished by imprisonment in the state prison for not more than five years ….

“Matter” is defined elsewhere as “any handwritten or printed material, visual representation, live performance or sound recording including but not limited to, books, magazines, motion picture films, pamphlets, phonographic records, pictures, photographs, figures, statues, plays, dances.” Now that list was drawn up with some care–it obviously includes everything they could think of at the time, which seems to have been several technological generations ago. I wonder if anyone has similarly challenged whether DVD’s constitute “motion picture films”?

In his opinion, the judge noted that the legislature had changed the law a few years ago to lengthen the prison term to five years, but didn’t bother to change the list of media. So, he concluded, computer to computer communications aren’t covered, and the court has to assume the legislature didn’t intend to include them. The omission is easily remedied, but  it’s not up to the court to do that.

So one creep at least dodged a bullet, and the legislature will no doubt change the law going forward. But it’s a great reminder that the law is a statement of rules, not intentions.

And that it gets stale, not just because of technology changes. Until I was browsing the state’s web site, for example, I didn’t know that adultery was still illegal in Massachusetts (MGL Chapter 272, Section 14):

A married person who has sexual intercourse with a person not his spouse or an unmarried person who has sexual intercourse with a married person shall be guilty of adultery and shall be punished by imprisonment in the state prison for not more than three years or in jail for not more than two years or by a fine of not more than five hundred dollars.

Fornication (“sexual intercourse between an unmarried male and an unmarried female”) is still illegal too, but less serious (“punished by imprisonment for not more than three months or by a fine of not more than thirty dollars”).

Any criminals out there?

Hilary Clinton on Internet Freedom

Sunday, January 24th, 2010 by Harry Lewis

I’ve now both listened to and read Secretary of State Hilary Clinton’s speech on Internet freedom. (That’s a link to the State Dept. home page, where it is still featured. I imagine it will move off shortly.)

It’s a good speech, I think. At least it was good enough to annoy the Chinese. A columnist for the People’s Daily snorted that Google had been reduced to an “ideological tool” of the US government and noted, correctly, that Google is losing the competition with the native Chinese search engine, Baidu. (Note: You can compare for yourself the search results returned by the US version of Google, the Chinese version of Google, and Baidu. But be aware that the link for Chinese Google takes you to servers inside the US, while the link for Baidu takes you, I think, to China. The result is that you may not see google.cn, the Chinese version, as the Chinese experience it. When I tried Googling “Falun Gong” inside China, I lost the Internet connection to my hotel room.)

The China Daily simply denies that Clinton is telling the truth. [A Foreign Ministry spokesman] “said the speech indicated China restricts internet freedom. ‘It is a far cry from the truth,’ he said.” And the People’s Daily accuses the US of hypocrisy. “It is common practice for countries, including the United States, to take necessary measures to administer the Internet according to their own laws and regulations. The Internet is also restricted in the United States when it comes to information concerning terrorism, porn, racial discrimination and other threats to society.” The paper goes on to cite Steve Ballmer as one of the good guys. “Noting that most countries exert some sort of control over information, Microsoft Chief Executive Steve Ballmer said Friday his company must comply with the laws and customs of any country where it does business.

In fact, in her speech, Clinton, after stirring invocations of the US First Amendment and the Universal Declaration of Human Rights, conceded the point about Internet freedom having its limits. Here is the crucial paragraph:

Now, all societies recognize that free expression has its limits. We do not tolerate those who incite others to violence, such as the agents of al-Qaida who are, at this moment, using the internet to promote the mass murder of innocent people across the world. And hate speech that targets individuals on the basis of their race, religion, ethnicity, gender, or sexual orientation is reprehensible. It is an unfortunate fact that these issues are both growing challenges that the international community must confront together. And we must also grapple with the issue of anonymous speech. Those who use the internet to recruit terrorists or distribute stolen intellectual property cannot divorce their online actions from their real world identities. But these challenges must not become an excuse for governments to systematically violate the rights and privacy of those who use the internet for peaceful political purposes.

Now that passage contains a remarkable juxtaposition. A grand buildup.  A concession that there are limits to expressive freedom. A citation of the example of mass terrorism. OK, I’m listening. The next examples are the usual nondiscrimination categories, presented as hate-speech categories. Now I am getting worried; what counts as hate speech is so often in the ears of the listener. To be sure, it is easy to imagine a Tibetan rant about Chinese oppression that the Chinese could reasonably tag as ethnic hate speech. This is beginning to sound like a list of exceptions to freedom big enough to put almost anyone in shackles. Then there is the “issue” of anonymous speech. Secretary Clinton has nothing good to say about it, and then in a flat declaration puts Osama Bin Laden in the same box with millions of American teenagers—in the box of “those use the internet to recruit terrorists or distribute stolen intellectual property.” At this point I think the speech loses its operative edge. It leads inevitably to the conclusion that the speech control tools aren’t the problem—they are necessary in fact—only the way they are used.

So I finished the speech feeling good; it’s certainly better than a speech that emphasized cooperation at all costs, and that might have been expected. On the other hand it leaves me unconvinced that the administration actually has a consistent point of view on cyber-freedom.

One ironic footnote. The streaming video comes via a service called Brightcove. If you click on the “Information” icon on the video window while the speech is playing, you get Brightcove’s who-knew? privacy policy, which explains that “By using the Site, you agree to the terms and conditions of this Privacy Policy. If you do not agree to the terms and conditions of this Privacy Policy, please do not use the Site.” Much of the privacy policy does not apply to visits to the state.gov site, which requires no login and hence generates no personal information. But of course viewing the Internet Freedom video does send Brightcove your IP address, which Brightcove treats as “Non-Personal Information.” And, it says, “we reserve the right to share Non-Personal Information with affiliates and other third parties, for any purpose.” So Brightcove could, for example, sell Harvard University the information that I watched the Internet Freedom video via the wired jack in my Harvard office. Freedom does have its limits, but I might have hoped they fell a bit farther out than that.