ISWC registration deadline this Friday

As a reminder for those who are interested in wearable computers, the early registration deadline for the 7th IEEE International Symposium on Wearable Computers is this Friday, September 26th. You can check out the advance program here.

I’ll be co-teaching the Introduction to Wearable Computers tutorial with Thad Starner, and am also tutorials chair and on the program committee.

ISWC registration deadline this Friday Read More »

Privacy and soft walls

I’ve been reading up on IBM’s recently announced WebFountain project. The system, which has been dubbed Google on steroids, spiders the Net and other databases and applies various data-mining, natural-language processing and pattern recognition techniques to the data. The current system uses 500 parallel-processing Linux boxes, all accessing about half a terabyte of storage in the basement of the IBM Almaden Research Center. IBM’s infrastructure allows clients to customize their searches and standing queries using a library that will “tokenize the data to identify people and companies, and discover patterns, trends and relationships in the data.” The technology is being offered as a service, and is already being sold through a partnership with Factiva. It is being marketed mainly for trend identification and for “reputation management,” where a company watches chat rooms, bulletin boards, newspapers and other sources to see what people are saying about it.

I’m quite interested in the technology, and even have a friend from grad school who has been working on it (Hi Dan!). But the thing that got me thinking was a comment about privacy by Robert Morris, the director of IBM Almaden. As reported in the San Jose Mercury News:

The technology could potentially raise privacy concerns if companies turned its power on analyzing individuals. But Hart and Morris said both companies would protect user privacy.

“Anything we mine is public data on the Web,” Morris said.

But it isn’t yet clear how the company would restrict users trying to use the tool to invade someone’s privacy.

The quote is in line with the comment by The Economist: “No doubt some people will say it sounds a little intrusive. But all WebFountain does is reveal information that is hidden in plain sight.”

Unfortunately, the idea that anything findable on the Net is “public” is a dodge — “public data” is a simplification of what is a much more complex set of social rules. Counter-intuitive as it may sound, privacy rules are not primarily about restricting information access to particular people. The primary purpose of privacy rules is to keep people from using the information in ways that would harm the person who is keeping it secret. This is why companies wink at sharing trade secrets with your wife or husband but are adamant about not revealing them to potential competitors, unless they’ve first signed a non-disclosure agreement. The NDA explicitly restricts harmful uses of the data, making the privacy rules unnecessary.

The idea that privacy is a restriction on power was brought home to me a few years ago by an old fraternity brother of mine. Back when he was still finishing his PhD at MIT he got a call from an MIT campus policeman, who somewhat sheepishly explained that he was calling on behalf of an irate member of the Massachusetts Maritime Police Department. Apparently this maritime policeman had been surfing the Web and had come across a picture from my friend’s undergraduate fraternity days, showing him firing water balloons from a giant funnelator. The campus policeman said he was calling to inform my friend that slingshots are illegal in Massachusetts, and that he wanted to make sure that the device had been destroyed.

So here was a picture that was clearly “public” in that it had been published for anyone to see. The intended audience was anyone who was interested in our fraternity’s annual Water War, plus anyone else who might get a chuckle out of it. You could even say the intended audience was everyone in the world except for particularly humor-impaired members of the Massachusetts Maritime Police Department. If webservers had provided such vaguely-defined access rules, we certainly would have used them.

A more realistic idea of public vs. private spaces is one of intended use, with restrictions on access as a proxy for limiting that use. When I write an article for an academic journal or even a blog entry I expect to be called upon to defend my position. When I write a LiveJournal post I expect much less criticism, and I expect that people who read my postings will be the sort of people who generally agree with me and will be accepting of whatever personal thoughts I write. Both are published on the Web, both are “public,” but different social rules are implied by the relative ease of access, ease of discovery, and the different communities that are most likely to come across my posts. Difficult access provides a kind of “soft wall” that restricts access to certain communities, and the social rules of those communities provide a soft wall that limit how my information will be used. I expect most LiveJournal users would feel violated if information from their posts wound up being used in targeted marketing literature, even though most posts aren’t password protected.

I don’t intend to slam WebFountain with this argument — WebFountain is just the latest technology that is moving soft walls around by changing the ground rules. It was also only a matter of time before such a service was be offered. As a coworker of mine has pointed out, it is almost a certainty that the NSA has already developed such technology. (The argument goes: (a) The NSA would have to be really incompetent not to have done this, and (b) the NSA is not incompetent.) Given this is likely, it seems better for society that such technology be out in the open so people can adjust their expectations about how soft those soft walls really are.

Privacy and soft walls Read More »

Different copynorms for HTTP and P2P?

Ernest Miller has an interesting post over at LawMeme about why there is moral outcry about shutting down music filesharing on peer-to-peer systems, but not about sharing via the Web. (Props to Freedom to Tinker for the link).

Yet there hasn’t been much outcry over the fact that the RIAA has and continues to shut down hundreds of noncommercial websites offering copyrighted MP3s for download without authorization. The RIAA has even threatened lawsuits and gotten college students expelled over their refusal to remove MP3s from college websites. There has been concern (often expressed on LawMeme) about abuse of the DMCA’s notice and takedown procedures, but not much outcry when direct copyright infringement has been shown. Why is there no outraged defense of http filesharing?

I venture that there seems to be a different set of copynorms for the practice of filesharing via P2P and http. Certainly some defend filesharing via both P2P and http, but others strongly defend P2P with nary a word in favor of http filesharing. Although I have no proof, I suspect that the public’s attitude toward filesharing would differ based on the protocol at issue. Would 12-year old Brianna Lahara think it was okay for her to put all her music on a website for the world to copy? Why don’t we see people uploading files to their websites more often? Why aren’t they more upset when told they can’t upload to their website then when they make files available via a filesharing program?

I believe that the difference is that filesharing by http is seen clearly as a public act, while P2P seems more like a private act [Can’t stay away from that Public/Private distinction, huh? – Ed.]. If I were to stand on a street corner handing out CD-Rs to strangers (even were I doing so with no possibility of remuneration of any sort), most people would not consider that proper. If the RIAA were to sue me for such an act, would there be such an outcry over the injustice of it all? Yet, if I handed a CD-R to a friend, most would defend it. The difference is that one is private and the other public.

I think we’re seeing three effects here:

  • I agree that P2P feels more private than the Web, and so people feel the law should butt out. I would argue that the main for this is that P2P software is easier to set up than a webserver, so “normal” people think of P2P as private and HTTP as “that place that I pay someone else to host content for me,” if indeed they have a personal webserver at all.

    If everyone had their own website, I expect you would see similar copynorms for both P2P and HTTP. As completely anecdotal evidence, my more techie friends who have their own websites also share music via password-protected HTTP. It would be interesting to see if this distinction between the copynorms for the two protocols exists on college campuses where every student is given his or her own personal webspace.

  • P2P is newer, and so copynorms were set for P2P at a time when the Internet was used by normal, everyday people. Remember that when Mozilla and Netscape were first introduced people were still panicking about evil teen-aged hackers who could kill people from their bedroom computer and the horrible discovery that (gasp!) there was pornography on the Net. By the time mainstream America was online all the music-sharing websites had already been shutdown and sharing had moved to Napster, so “normal” people haven’t experienced it first-hand.
  • There’s the idea of reciprocation with P2P, where you are generally sharing with people who share with you. I think it’s this aspect that most counteracts the feeling that you’re handing out CD-Rs to strangers and brings it closer to the idea that you’re sharing mix-tapes with your 5,000 closest new friends.

Different copynorms for HTTP and P2P? Read More »

Volokh-Solum debate on IP

I meant to blog this earlier, but Ed Felten beat me to it. Eugene Volokh (The Volokh Conspiracy blog) and Lawrence Solum (Legal Theory Blog) are having an interesting debate on the theory behind the idea of treating intellectual property as tangible property, hinging mostly on the idea of the level of property rights necessary to offer incentives to produce intellectual and tangible goods. The postings so far:

Volokh-Solum debate on IP Read More »

Move over Zuccarini

For those who don’t know, John Zuccarini is the most notorious of the so-called “typo-squatters,” people who register domain names that are common typos of popular websites and then flood the poor fat-fingering visitor with advertisements. Zuccarini had at least 5,500 copycat Web addresses, and the FTC estimated he was earning between $800,000 and $1 million annually from the mostly porn-based banner ads he displayed, in spite of numerous lawsuits against him for trademark violations. Zuccarini was arrested last week under the new Truth in Domain Names provision in the PROTECT Act of 2003, which makes it illegal to use misleading domain names to lure children to sexually explicit material.

But to add insult to injury, no sooner has Zuccarini been arrested than he has been toppled as the typo-squatting king by a new upstart: the domain-name register VeriSign. Trumping Zuccarini’s 5,500 copycat domain names, VeriSign has used their position as keeper of the keys to redirect ALL unregistered typos to their site. Try going to http://whattheheckisverisignsmoking.com/ and see for yourself. VeriSign has posted a white paper on their new move, which creates a top-level “wildcard” registry for every domain-name request in the .com or .net domains. The change redirects any entry without DNS service to VeriSign’s own SiteFinder search engine, including reserved domain names such as a.com and domain names that are registered to other people but don’t have an active name server.

The main problem is that VeriSign is abusing their position as gatekeeper of the com and net domains, which are a public trust and not VeriSign’s commercial property. Network types have also been quick to point out other ways this move breaks things on the Net. Most important to everyday users, Web browsers are no longer able to gracefully handle bad links or mistyped URLs. Most browsers pop up a small dialog box for a bad URL, leaving the user on the old page. With the new changes, browsers cannot give this functionality. (Of course, for people who use versions of IE that redirect to Microsoft’s search-page, the only difference will be a change of masters.) Furthermore, debugging scripts often use domain-not-found errors to check for routing problems; these are no longer returned. And finally, anti-spam software also often uses domain-not-found errors to detect mail from invalid email addresses. (There was also concern that email sent to a typoed domain name would not bounce properly, but it seems this was either not the case or has been fixed.)

As one might expect, the flameage has been fast and furious on this one. Of particular note is the discussion on the North American Network Operators Group mailing list, where members have already contributed several patches to routing software that would essentially ignore VeriSign’s wildcard lookup, restoring the Internet (or at least the portions that apply the patch) to the old way things operated. Many are also simply dropping the IP address for sitefinder.verison.com (64.94.110.11) on the floor. If widely adopted such actions would essentially neutralize VeriSign’s change, but I expect the adoption levels will only be enough to be a statement of protest, not an actual revolution. However, Computer Business Review notes that the Internet Corporation for Assigned Names and Numbers (ICANN), which manages aspects of the DNS for the US government, has yet to weigh in on whether VeriSign’s changes are actually valid according to agreed-upon specs.

UPDATE: It seems VeriSign is only half-handling email correctly. What they’ve done is hooked up their own special mail-handler (which they call the Snubby Mail Rejector Daemon v1.3) that returns a fixed set of responses to SMTP transactions. Currently, VeriSign reads the From and To headers and then returns an error code. This means all misaddressed email relies on VeriSign’s server to bounce mail, and should the server not be available bounces might be delayed by several days. It also means that all addresses of typoed email are actually sent to VeriSign before being bounced, rather than stopped locally. Of course, I’m sure no VeriSign employee would be so criminal as to actually use this information for industrial espionage, nor would he change the Snubby Mail Daemon to actually collect the contents of said messages.

Friends of mine have also pointed out that ISPs and businesses “cache” DNS addresses on their local DNS servers. By claiming that all DNS requests are legitimate, VeriSign is clogging these caches with bad requests.

References

Move over Zuccarini Read More »

Homefront Confidential

Since March 2002, the Reporters Committee for Freedom of the Press has released a semiannual report on how the War on Terrorism is affecting “access to information and the public’s right to know.” The fourth edition of this report, Homefront Confidential, has just been released.

The 89-page report ranks threats to a free press on the same color-code used by the Department of Homeland Security:

  • Red (severe): Access to terrorism & immigration proceedings; restrictions on Freedom of Information Act requests
  • Orange (high): Covering the war; military tribunals
  • Yellow (elevated):The USA PATRIOT Act and beyond; The reporter’s privilege; The rollback in state openness
  • Blue (guarded): Domestic coverage

Homefront Confidential is a stark contrast to the kind of “information wants to be free” rhetoric I so usually find (and, I’ll admit, often speak) here in Silicon Valley. In my techno-optimistic world, information naturally flows straight from bloggers in the field to a public eager for news, with no gatekeepers between us. There is some truth to this notion, and blogs have been credited with breaking the Monica Lewinsky story and keeping Trent Lott’s racist remarks about Strom Thurmond in the public eye, as well as many other successes.

But while blogs and other Internet reporting can both accelerate a story’s propagation and occasionally magnify the voice of an eyewitness or whistleblower, most important news starts in the hands of a few important decision-makers. Without cooperation from the Justice Department, information about closed terrorism and immigration proceedings (including the detainees’ names) is simply not available. Without access to battlefields and military officers, details about our progress in war is not available. The government also has extensive powers to keep information bottled up, from criminal prosecution of whistleblowers under the Homeland Security Act, to legal restrictions on commercial satellite imaging companies, to use of subpoenas to force reporters to reveal their sources. These are all effective restrictions on the flow of information that aren’t deterred by the blogger’s nimble RSS feed.

Information wants to be free in this networked age, but the information that is most important for keeping our government in check is still behind several gatekeepers. In deciding the laws and policies of our land it’s important to remember the converse of this techie creed: Yes, information wants to be free, but freedom also requires information.

References

Homefront Confidential Read More »

More RIAA Blowback

The blowback from the RIAA’s lawsuits continues. First, recording artists like the Grateful Dead’s Bob Weir, Chuck D of Public Enemy, DJ Moby, Steve Miller and Huey Lewis are all speaking out against the lawsuits, and more importantly against the myth that the RIAA is out to protect the artists. The plight of artists is the only source of sympathy the RIAA has, so this kind of talk hurts a lot. Then in a turnabout-is-fair-play move, a California man has filed lawsuit against the RIAA, alleging that their clean slate program is fraudulent because it offers an amnesty the RIAA does not have the right to grant. Finally, the EFF has started a petition to congress that protests the RIAA’s lawsuits, calls for “the development of a legal alternative that preserves file-sharing technology while ensuring that artists are fairly compensated” and asks that the EFF be included in upcoming hearings on the subject. The petition has already received over 12,000 signatures in first two days.

Meanwhile, RIAA president Cary Sherman is invoking that old standby Devil, child pornography, in congress. A pedophile could send “an instant message to the unwitting young person who downloads an Olsen twins or Pokemon file from the pedophile’s share folder on Kazaa,” Sherman said.

What strikes me is how differently this battle is playing out in the press than the CyberPorn and Kevin Mitnick battles did back in 1995. Remember back then, when the word “hacker” was spoken in the same frightened reverence with which we speak the word “terrorist” now. For better or worse, our society has realized in this last decade that there are worse crimes than porn on the Net, worse violations of our civil liberties than export restrictions on our cryptography, and more dangerous people than our own children. We’re wiser now, and that’s good, but I also find I long for the days when I wore my Cypherpunk Criminal t-shirt for political protest, not out of nostalgia.

References

More RIAA Blowback Read More »

Slate’s Guide to the Patriot Act

With tomorrow’s anniversary of 9/11, John Ashcroft wrapping up his national tour for promoting the USA Patriot Act, and President Bush asking for more authority under what is being called the first of several Patriot-II laws, I highly recommend people go read Dahlia Lithwick and Julia Turner’s four-part series, A Guide to the Patriot Act, published in Slate. Lithwick and Turner manage to cut through the spin-doctoring on both sides of the debate, presenting the more controversial parts of the Act without shilling for one side or the other, but while still presenting their own analysis and thoughtful interpretation. It’s a breath of fresh air, cutting between punditry and objective-to-a-fault reporting-without-analysis:

How bad is Patriot, really? Hard to tell. The ACLU, in a new fact sheet challenging the DOJ Web site, wants you to believe that the act threatens our most basic civil liberties. Ashcroft and his roadies call the changes in law “modest and incremental.” Since almost nobody has read the legislation, much of what we think we know about it comes third-hand and spun. Both advocates and opponents are guilty of fear-mongering and distortion in some instances.

The truth of the matter seems to be that while some portions of the Patriot Act are truly radical, others are benign. Parts of the act formalize and regulate government conduct that was unregulated — and potentially even more terrifying — before. Other parts clearly expand government powers and allow it to spy on ordinary citizens in new ways. But what is most frightening about the act is exacerbated by the lack of government candor in describing its implementation. FOIA requests have been half-answered, queries from the judiciary committee are blown off or classified. In the absence of any knowledge about how the act has been used, one isn’t wrong to fear it in the abstract — to worry about its potential, since that is all we can know.

Ashcroft and his supporters on the stump cite a July 31 Fox News/Opinion Dynamics Poll showing that 91 percent of registered voters say the act had not affected their civil liberties. One follow-up question for them: How could they know?

If you haven’t read all 300-plus pages of the legislation by now, you should.

Since I haven’t read all 300-plus pages of the legislation myself, I won’t tell you to do so. But I will tell you to go and read Lithwick and Turner’s guide.

References

Slate’s Guide to the Patriot Act Read More »

RIAA Blowback

As Slate points out, if you’re one of the more than 4 million people who use the KaZaA network on any given day you’ve a greater chance of being hit by lightning than being one of the 261 people the RIAA just sued. The RIAA’s strategy all along has been cultural: scare people into not sharing, and “educate” the public that file sharing is an evil treat to our society’s very survival. Whether these lawsuits (and the thousands more they plan to file) have a chilling effect will be seen over the next couple months. The battle for our hearts and minds, however, is not going so well for the RIAA.

So far the press has reported on a few members of the seamy file-sharing underworld. One is Brianna LaHara, a 12-year-old Catholic-school honors student who was “on the verge of tears when she found out about this.” Another is Heather McGough, a 23-year-old single mom of two who got KaZaA when a friend of her 14-year-old cousin told her she could “get the Gateway to play songs.” Then there’s Durwood Pickle, a 71-year-old grandfather who says his teen-aged grandchildren use his computer during visits to his home. “I’m not a computer-type person,” Pickle said. “They come in and get on the computer. How do I get out of this? Dadgum it, got to get a lawyer on this.”

Each defendant is potentially liable for fines ranging between $750,000 and $150 million, though of course the RIAA is offering settlements. Brianna’s mom has already accepted a quick settlement, paying $2000.

The reactions of the defendants have varied. Yale University photography professor Timothy Davis said he’ll stop sharing music files immediately. “I’ve been pretending it was going to go away,” Davis told reporters. “I’m not some kind of college student who’s downloaded thousands and thousands of things. It isn’t like I’m trying to broadcast these things anywhere.” Most quoted in the news, however, have expressed frustration. “I can understand why the music industry is upset about this, but the fact that we had access to this as the public, I don’t think gives them the right to sue us. It’s wrong on their part,” said Lisa Schamis, a 26-year-old from New York. Schamis added that she is unemployed and would be unable to pay any large fine or settlement. Her sentiment is shared by defendant Vonnie Basset, a bookkeeper in Redwood City, California. “How are we supposed to know it’s illegal? Half the things on the Internet must be illegal then,” said Ms. Basset, who says her 17-year-old son uses KaZaA. “Why don’t they sue KaZaA? Why are they suing the people? That’s the part I don’t understand.”

Marvin Hooker, a 39-year-old San Francisco bank employee, expressed the philosophy held by many. “To me, the way I see it, I am not taking anything from them,” Mr. Hooker said. He compared downloading music to making a copy of music or a tape for friends. “I don’t see people getting sued because of that,” he said. Sylvia Torres, Brianna LaHara’s Mom, put it more simply: “It’s not like we were doing anything illegal. This is a 12-year-old girl, for crying out loud.”

This is, of course, the exact message the RIAA wants to stamp out. But with such normal, mainstream defendants and such out-of-this-world potential fines, it’s hard not to see the RIAA as the big bully extorting everyday citizens.

Attempts by the RIAA to soften the legal attack have met with a good deal of scorn. One attempt is their Clean Slate amnesty program, whereby the RIAA promises not to sue file-sharers who sign a notarized form admitting to copyright violation and promising never to do it again. But as the Electronic Frontier Foundation points out, the RIAA does not actually own any copyrights and member labels are not bound by any agreement they make. Furthermore, such admissions could be used by other rights holders to prove a sharer was a “willful infringer,” which could lead to prison time.

Universal Music Group has even cut the price of a CD from $18.98 to $12.98, citing falling CD sales and, of course, piracy. Their olive branch to consumers, however, is being seen as too little, too late. Renee Graham, of the Boston Globe, writes:

In other words, after years of gouging customers, the recording industry is desperate. Sparked by Napster, and continued through such file-swapping services as KaZaA, Morpheus, and Grokster, the free-music revolution has left the major labels reeling and hemorrhaging. And CD prices, which despite promises to the contrary have steadily increased through the years, turned off even those who weren’t inclined to sit at their computers downloading their favorite tracks.

In an article for The Register, Ashlee Vance points out that this is the first price cut since the CD format came out in the 1980s. At the time, the fact that CDs were a new format was used as an excuse to raise prices above LPs, with the promise that prices would drop as the new format became mainstream. She also points out that just two months ago a pair of music labels were yet again nailed for price fixing by the Federal Trade Commission.

None of this helps portray the music industry as a poor innocent victim, being picked on by wicked 12-year-old girls. As for the effect on file-sharing, I honestly hope that the RIAA’s jihad has a chilling effect for a while. Each turn of the screw has unleashed new technology, from music webpages, to multimedia search pages, to Napster, to complete peer-to-peer file sharing. I keep hoping for one more forced revision to the technology before the music industry finally gets a clue. But I can guarantee who will win this battle in the end. A Forrester report released a few weeks ago reports that 49% of 12- to 22-year olds downloaded music last month. When it comes to pride, stubbornness and brazen pig-headedness, even the RIAA can’t stand up to the combined will of millions of teenagers.

References

RIAA Blowback Read More »

100% Cotton

From Reuters:

CANCUN, Mexico (Reuters) – The United States came under fire for its heavy cotton subsidies Monday with African nations saying free trade talks are meaningless unless Washington stops throwing money at its farmers… [Benin’s trade minister] and ministers from fellow African cotton producers Mali, Burkina Faso and Chad called for the WTO to approve a total ban on subsidies for cotton farmers by 2006.

This has been boiling up for a while now. To put things in perspective, Burkina Faso is one of the poorest countries in the world, and cotton is one of their few cash crops. Most of their cotton farms operate on 1-3 acres, with the planting, weeding and harvesting done by hand. You’d think such farming couldn’t be as efficient as the economy of scale achievable by large-scale U.S. agribusiness, but in fact it costs about 73 cents to produce a pound of cotton in the U.S. and only 21 cents per pound in Burkina Faso.

A few other facts from a 2002 Oxfam briefing paper:

  • In 2001/2002, U.S. farmers received subsidies amounting to $3.9 billion, more than the entire GDP of Burkina Faso, and three times more in subsidies than the entire USAID budget for Africa’s 500 million people.
  • The value of subsidies in 2001 exceed the market value of output by around 30 percent. In other words, cotton was produced at a net cost to the United States.
  • Based on models from the International Cotton Advisory Board, Burkina Faso lost 1% of GDP and 12% of export earnings due to U.S. subsidies.
  • The largest 10 per cent of U.S. cotton farms receive three quarters of total payments. In 2001, ten farms between them received equivalent to $17 million.

It’s unclear how this WTO case will play out. African countries are in an extremely weak negotiating position, because they rely heavily on aid, debt relief and trade preferences. For example, the aid relief provided by the U.S. under the Africa Growth and Opportunity Act (AGOA) can be unilaterally withdrawn, as can U.S. food aid. (The AGOA aid, ironically, is conditional on African governments liberalizing agricultural markets, including cotton.) On the other hand, the conflict is bringing visibility of the problem to Capitol Hill at a time when farm subsidies are being challenged.

References

100% Cotton Read More »