Deets after the jump. Continue reading →
Articles by Jim Harper 
Jim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.
Follow @Jim_Harper
This podcast, put together by the high-performance folks at the Performance Marketing Association, is pretty good, though I do use the word “hedonic” at one point, which is a bit much.
My expectations of the Electronic Frontier Foundation are high. It’s an organization that does a tremendous amount of good, advocating for rights to freely use new technologies. Alas, a blog post about how good EFF is would be as interesting as a newspaper story about the lack of house fires in Springfield. So I’ll share how I feel EFF has gone wobbly on Bitcoin.
Bitcoin, the very interesting distributed digital currency that is inflation-, surveillance-, and confiscation-resistant, has been getting a lot of attention. EFF announced yesterday, though, that it would reverse course and stop accepting donations denominated in Bitcoin.
Its justifications, laid out in a blessedly brief and well-organized blog post, were three: Continue reading →
If you’re like me, you woke up at the crack of dawn today to maximize your enjoyment of World IPv6 Day. Don’t want to miss a minute! If you’re like me, you’ll also say untruthful things as a very dry form of sarcasm. I hope you got that.
Whatever your interest in IPv6—learn more by reading this heresy—you should take interest in whether the next generation of the Internet protocol will erode or enhance your ability to protect privacy. That’s a question that’s been gnawing at me for a long time.
IPv4 was designed without enough numbers to accommodate the worldwide, multiple-device Internet we’ve got today. IPv5 seems to have disappeared—and I’m desperate to know what happened to it. (see above re: sarcasm) Now we’re talking about IPv6, a major feature of which is that it has enough numbers to assign one to every device on the globe.
IPv6’s ginormous number space is great for simplifying the maintenance of quality communications on the modern Internet, but it could suck for privacy. You see, if every device can be assigned a permanent number, that number will act as a permanent identifier, and lots of privacy-reducing inferences can be drawn. I.e., “If I saw this IP number before, it’s probably the same device and the same person I dealt with before.” Communications and interactions that don’t require or benefit from tracking become trackable anyway. We lose a structural protection of privacy.
Luckily, the designers of the IPv6 protocol thought of that. Christopher Parsons explains in a thorough post from last year that the IPv6 protocol calls for rolling assignment of randomized numbers for initiators of communications. A Web server has to have a fixed address, of course. It’s the target of communications requests, and people need to know where to find it. But the computers that ask for content from such servers do not. IPv6 allows those devices to have transient, pretty darn random numbers that change with regularity. This way, the records of your surfing that come to rest in servers all over the world cannot be combined into a dossier of everything you ever did online. Your computer’s IP address does not become your de facto worldwide identifier.
But here’s the question: To what extent is this part of IPv6 being implemented? Are the organizations implementing IPv6 including randomized numbers for initiators of communications? Parsons has a clever turn of phrase suggesting one reason why they may not: “the ‘security institutions’ are better at dissolving privacy protections than the privacy community is at enshrining privacy in law.” It could also be simply that there’s some cost associated with IPv6’s randomization.
So, does anyone know the status of randomization in the IPv6 protocol? Is it being implemented?
The good news, I think, is that it seems fairly easy to test whether an ISP is deploying IPv6 in full or short-cutting on randomization. Set up a server out there, ping it with a consistent communication, and see if it sees the communication coming from a consistent IP address. If it does, then IPv6 randomization is not working. That’s a problem.
Given the wisdom of “trust but verify,” I suppose this is not only an appeal for information about present practice, but a request that some group of technical smarties out there set up a system for routine verification that IPv6 randomization is fully and properly implemented by Internet service providers and other major deployers of Internet protocol. If you’ve already done it, do tell! Thanks!
It might be tempting to laugh at France’s ban on words like “Facebook” and Twitter” in the media. France’s Conseil Supérieur de l’Audiovisuel recently ruled that specific references to these sites (in stories not about them) would violate a 1992 law banning “secret” advertising. The council was created in 1989 to ensure fairness in French audiovisual communications, such as in allocation of television time to political candidates, and to protect children from some types of programming.
Sure, laugh at the French. But not for too long. The United States has similarly busy-bodied regulators, who, for example, have primly regulated such advertising themselves. American regulators carefully oversee non-secret advertising, too. Our government nannies equal the French in usurping parents’ decisions about children’s access to media. And the Federal Communications Commission endlessly plays footsie with speech regulation.
In the United States, banning words seems too blatant an affront to our First Amendment, but the United States has a fairly lively “English only” movement. Somehow, regulating an entire communications protocol doesn’t have the same censorious stink.
So it is that our Federal Communications Commission asserts a right to regulate the delivery of Internet service. The protocols on which the Internet runs are communications protocols, remember. Withdraw private control of them and you’ve got a more thoroughgoing and insidious form of speech control: it may look like speech rights remain with the people, but government controls the medium over which the speech travels.
The government has sought to control protocols in the past and will continue to do so in the future. The “crypto wars,” in which government tried to control secure communications protocols, merely presage struggles of the future. Perhaps the next battle will be over BitCoin, an online currency that is resistant to surveillance and confiscation. In BitCoin, communications and value transfer are melded together. To protect us from the scourge of illegal drugs and the recently manufactured crime of “money laundering,” governments will almost certainly seek to bar us from trading with one another and transferring our wealth securely and privately.
So laugh at France. But don’t laugh too hard. Leave the smugness to them.
The Computers, Freedom and Privacy conference—the original privacy conference—is June 14th through 16th at the Georgetown University Law School here in D.C.
It has a neat layout this year, with a focus on each of the topics—computers, freedom, and privacy—on each of its three days. I’ve always found that it’s a rollicking conference at which the newest ideas and problems get aired. It’s got some big draws if you’re into that kind of thing: Senator Patrick Leahy (D-VT) will speak on Thursday. But there really is something for everyone. TLFer’s Ryan Radia and Berin Szoka will join yours truly and other experts on a panel entitled “Do Not Track: Yaaay or Boooh?”, which should be fun.
Check out the agenda, then register.
If you haven’t seen it already, be sure to give a read to Friedman Prize winner Hernando de Soto‘s recent piece in Business Week, “The Destruction of Economic Facts.” It’s a fascinating perspective on the economic and financial turmoil that is wracking the United States and the world.
As de Soto perceives more easily from working in developing economies, an important input into functioning markets is good information—about property, ownership, debts, and so on. The “destruction of economic facts” is one of the roots of instability and uncertainty in Europe and the United States, he says. “In a few short decades the West undercut 150 years of legal reforms that made the global economy possible.”
The law and markets are information systems, says de Soto:
The rule of law is much more than a dull body of norms: It is a huge, thriving information and management system that filters and processes local data until it is transformed into facts organized in a way that allows us to infer if they hang together and make sense.
If you’re interested in information and transparency, it’s worth a read.
As a rule of thumb, when I have to spend a given amount of time straightening out a company’s poor service or unscrupulous practices, I’ll spend an equivalent amount of time giving that company some payback. Today’s victim: T-Mobile. Fear the blog post.
A letter from Asurion Warranty Services arrived in my mail today thanking me for signing up for their “Premium Handset Protection Bundle” for T-Mobile phones.
Oh no I didn’t. It costs $5.99 a month for repair and replacement of my newly upgraded phone. That’s pretty much the price of a phone per year for such protections. Bad deal. I haven’t lost or damaged a phone in a decade, and I didn’t agree to get have this charge added to my phone bill.
I am on hold right now, trying to learn just how this got onto my bill. Friendly, helpful T-Mobile customer service people have told me that I should go down to the T-Mobile store where I upgraded in order to straighten this out. No I shouldn’t. T-Mobile should be straightening this out right now over the phone, with an apology and a thank you.
I am done with my 40-minute phone call, in which friendly customer service supervisor Kassidy K. (#1204178) tried to assign me the task Monday of calling the store where I upgraded my phone to get this straightened out. I explained to Kassidy K. that I’ve made the only call I need to—that’s the call we were on. Her next work-day is Wednesday, and I told her I expected to hear from her about this being cleared up.
If I have to make another call, it’s just as likely to be about returning my phone and canceling my service as getting this charge removed from my bill.
You people can argue all you want about top-down—whether the government should allow the AT&T-T-Mobile merger. I’ll do bottom-up—whether T-Mobile should get my business.
Sometimes free-marketeers are branded “free market fundamentalists” or something similar by their ideological opponents. The implication is that our preference for a society in which free people interact voluntarily to organize society’s resources is an irrational desire or a religion. I’m sure there’s a similar epithet we give to nanny staters—oh, there’s one, “nanny staters”—who we believe to have excessive faith in government solutions.
Market processes have decent theoretical explanations, such as Friedrich Hayek’s essay, “The Use of Knowledge in Society.” It’s not the easiest read, but lovers of the Internet, who see the genius of its decentralization, should see similar genius in markets as a method for discovering society’s wants and uniting to achieve them—without coercion.
From time to time, we also point out examples of how market processes work to deliver even intangible goods like privacy. So, for example, I noted market pressure against Facebook’s privacy-invasive “beacon” advertising system in 2007. Berin pointed out in 2008 that market forces caused Google to remove an oppressive clause from the Chrome end user license agreement. Google competitor Cuil made a run at the search behemoth based on privacy that year, something I noted briefly then (and Ryan and I discussed in the comments). I’ve also noted the failure of many to find true market failures.
As Cuil illustrates, not every privacy play works, but companies routinely pitch the public on the privacy merits of their products and the demerits of others’. It’s not a highly visible process, but it sometimes gets a little more visible when it fails. So thank you, Facebook, for a big #FAIL in the privacy competition area this week. You provide us a nice lesson in one of the ways markets work to meet consumer privacy demands.
You see, Facebook hired PR firm Burson-Marsteller to do a whisper campaign on the privacy demerits of a Google product called Social Circle. By pushing the story of privacy problems with a Google effort in the social networking space, Facebook hoped to thwart a competitor that it fears. Success would also be a success for privacy protection. If Google were doing something wrong, and Facebook were to make the case to the public, Google would lose face and it would lose business. Most importantly, a privacy-invasive product—as determined by public consensus—would recede. Markets often work by silently shunning products that don’t cut it. (Again, hard to see if you’re not looking for it, or if you’re committed to disbelieving it.)
Facebook appears not to have succeeded. Prickly privacy advocate Chris Soghoian outed the Burson-Marsteller campaign. Dan Lyons of the Daily Beast cornered Facebook into confessing its role in the attack on Google. And privacy commentator Kashmir Hill gives the privacy issues with Social Circle a “meh.”
When it happens differently, you get a change in a service like Social Circle—the way Facebook changed “beacon” and Google changed the Chrome EULA. These are anecdotes, and they reflect but one element of the market processes that shape products and services. But it’s something that “market denialists” should consider as they dig deep to explain to themselves and others how various mechanisms in our society work.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.