Privacy, Security & Government Surveillance

The Cost of DDOS Attacks

by on July 8, 2009 · 21 comments

Over the July 4th weekend, websites in the United States and South Korea were under heavy assault.  As the New York Times reported:

The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, The A.P. reported, citing officials inside and outside the American government.

The Washington Post, which was also attacked over the weekend, reported that 26 government and commercial sites were targeted in attacks that the National Intelligence Service are calling “elaborately prepared and executed at the level of a group or a state.” Officially, no one is pointing their finger at North Korea, but the targets of the attacks and other recent provocations from the North make it a very likely suspect.

But what’s truly scary isn’t who is attacking US computers, but how. The only real cost of an attack such as this one is writing an effective bit of malware that can spread itself around, compromise tens of thousands of machines, and allow an attacker to call on this army of unwilling silicon conscripts whenever it wishes.  When viewed from the hundred-billion-dollar heights of nation-state budgets, this cost is essentially zero.

Continue reading →

SHARE: 21 comments

New Self-Regulatory Principles for Online Behavioral Advertising

by on July 2, 2009 · 5 comments

The leading trade associations in the online advertising industry have just released their new self-regulatory principles—the first comprehensive self-regulatory principles industry has produced, which track closely with the suggested guidelines released by the FTC in February.

I commend the industry for setting a new standard in transparency, consumer control and data security. These Principles do much to empower Americans to make their own decisions about privacy, but I fear that many critics of so-called “targeted advertising” will never be satisfied, no matter how high industry raises the bar.

These critics have insisted that ordinary users can’t be trusted to make the “right decisions” about privacy and have insisted on imposing restrictive default “opt-in” rules for the online data collection that makes online advertising valuable to websites that rely on ad revenue.  Such pre-emptive privacy regulation would stunt the growth of revenue for the “Free” online content and services we’ve all come to take for granted.  During a time of economic recession, and as traditional media like newspapers struggle to make the transition from print to the Internet, it’s more important than ever that policymakers allow self-regulation to evolve.  Only by doing so can we expect continued innovation and creativity online. We must all remember:  There is no free lunch!

I’ll lead a panel discussion on July 10 on Capitol Hill about “Regulating Online Advertising: What Will it Mean for Consumers, Culture & Journalism?”  Please RSVP here.

SHARE: 5 comments

Facebook, Twitter, Online Identity Integration & the Future of Anonymity

by on June 29, 2009 · 13 comments

The Wired article (“Great Wall of Facebook: The Social Network’s Plan to Dominate the Internet — and Keep Google Out“) I discussed yesterday touched on another issue near & dear to my heart (besides the importance of smarter advertising): the future of online anonymity. The article lays out Facebook’s “4-Step Plan for Online Domination,” which involves “colonizing” the web though Facebook’s Connect (launched Dec. 2008) and Open Stream API (launched April 2009) initiatives, which:

don’t just allow users to access their Facebook networks from anywhere online. They also help realize Facebook’s longtime vision of giving users a unique, Web-wide online profile. By linking Web activity to Facebook accounts, they begin to replace the largely anonymous “no one knows you’re a dog” version of online identity with one in which every action is tied to who users really are. To hear Facebook executives tell it, this will make online interactions more meaningful and more personal. Imagine, for example, if online comments were written by people using their real names rather than by anonymous trolls. “Up until now all the advancements in technology have said information and data are the most important thing,” says Dave Morin, Facebook’s senior platform manager. “The most important thing to us is that there is a person sitting behind that keyboard. We think the Internet is about people.”

The bolded prediction of what I would call “Online Identity Integration” is already happening.  To take one tiny example, readers can now post comments on the TLF by logging into Disqus (our Comment Management System) through their Facebook (or Twitter) account, which will also allow them to automatically share those comments on Facebook (or Twitter). This is purely opt-in: Users are free to continue to post anonymous comments. But as more websites and platforms implement such Identity Integration functionality, a growing percentage of online speech will be tied to profiles offered by major social networks.

Some free speech advocates are sure to bemoan Identity Integration as directly undermining online anonymity. Continue reading →

SHARE: 13 comments

A Posterboy for Advertising’s Pro-Consumer Quid Pro Quo

by on June 28, 2009 · 23 comments

The advocates of regulation pay lip service to the importance of advertising in funding online content and services but don’t seem to understand that this quid pro quo is a fragile one:  Tipping the balance, even slightly, could have major consequences for continued online creativity and innovation.

Michael-Mr-YogatoWho is this handsome young man and why does he have “Mr. Yogato Stamped Me!!!” on his forehead? More importantly, why does he look so darn happy?

Flashback: Earlier this week, my partner Michael (pictured) and I visited Mr. Yogato, a frozen yogurt shop in Washington’s Dupont Circle neighborhood which describes itself as “the FUNNEST yogurt experience you’ll ever have.”

Apart from serving exceptionally tasty frozen yogurt and letting customers play a vintage Nintendo, Mr. Yogato is famous for the eight “Rules of Yogato,” which offer discounts if users achieve certain feats, including:

  • Answering devilishly difficult trivia (10% off—or extra if you fail)
  • Reciting the Stirling battlefield speech from Braveheart in a great Scottish accent (20% off)

But the best discount, which Michael does every time (unless I’m there to help identify, say, countries that end in ‘L’), is offered for wearing the Yogato stamp on your forehead. Being stamped is, of course, almost as much fun as singing along to “Mr. Roboto” if you’re lucky enough to hear that played while you’re in the shop (10% off).  But the real fun is in engaging passersby on the street about the icy-sweet joys of Yogato. It’s also, of course, probably the most effective advertising Mr. Yogato could ever want.

So, the next time you hear Adam Thierer and I talk about the benefits of advertising, especially online, just remember that while there is no free lunch (nor free frozen yogurt), there is discounted frozen yogurt.  It’s a simple, obvious quid pro quo:  10% off in exchange for spreading the Gospel of Yogato. Continue reading →

SHARE: 23 comments

Facebook v. Google v. the Techno-Aquarians

by on June 27, 2009 · 16 comments

Fred Vogelstein’s essay in Wired, “Great Wall of Facebook: The Social Network’s Plan to Dominate the Internet — and Keep Google Out” describes the intensifying clash between Google and Facebook—a clash that focuses on the ability to target advertising:

Like typical trash-talking youngsters, Facebook sources argue that their competition is old and out of touch. “Google is not representative of the future of technology in any way,” one Facebook veteran says. “Facebook is an advanced communications network enabling myriad communication forms. It almost doesn’t make sense to compare them.”

Apart from noting that Facebook directs users to Microsoft’s Bing as its default search engine for the Internet at large, the most interesting part of the article is Facebook’s “4-Step Plan for Online Domination”:

1. Build critical mass. In the eight months ending in April, Facebook has doubled in size to 200 million members, who contribute 4 billion pieces of info, 850 million photos, and 8 million videos every month. The result: a second Internet, one that includes users’ most personal data and resides entirely on Facebook’s servers. 2. Redefine search. Facebook thinks its members will turn to their friends—rather than Google’s algorithms—to navigate the Web. It already drives an eyebrow-raising amount of traffic to outside sites, and that will only increase once Facebook Search allows users to easily explore one another’s feeds. 3. Colonize the Web. Thanks to a pair of new initiatives—dubbed Facebook Connect and Open Stream—users don’t have to log in to Facebook to communicate with their friends. Now they can access their network from any of 10,000 partner sites or apps, contributing even more valuable data to Facebook’s servers every time they do it. 4. Sell targeted ads, everywhere. Facebook hopes to one day sell advertising across all of its partner sites and apps, not just on its own site. The company will be able to draw on the immense volume of personal data it owns to create extremely targeted messages. The challenge: not freaking out its users in the process.

Facebook can’t keep losing money forever.  Indeed, investors are willing to keep sinking money into Facebook during Phases 1-3 because they think it will pay off in Phase 4—when Facebook really threatens to be a fGoogle-killer.  But rather the fact that investors are willing to subsidize the creation of a wonderful platform now used by 200 million people (one fifth of all Internet users worldwide), or that Facebook might finally provide a counter-weight to the fearsome Google, the People for the Ethical Treatment of Data (PETD) are appalled.  One commenter on the Wired story put it best: Continue reading →

SHARE: 16 comments

PFF Capitol Hill Briefing: Online Advertising Regulation (July 10)

by on June 26, 2009 · 7 comments

If you’re in D.C. on July 10, I hope you’ll join us for the following panel discussion (noon-2pm in Room 208 at the U.S. Capitol Visitor Center), which I’ll lead as moderator:

Proposals to regulate advertising and data collection on the Internet, mobile phones, and interactive television, hold the promise of enhancing consumer privacy.  On the other hand, “smart advertising” allows more relevant advertising to be targeted directly to individual consumers, making markets more competitive, significantly increasing the funding available for creating free content and services, and increasing the effectiveness of all forms of free speech.  These issues and more will be discussed at “Regulating Online Advertising: What Will it Mean for Consumers, Culture & Journalism?” a congressional seminar hosted by The Progress & Freedom Foundation.

A panel of experts will discuss such topics as the cost of regulation to consumers, its impact on journalism and other non-commercial content, and First Amendment issues concerning the future of culture and political discourse.

Please RSVP here.

SHARE: 7 comments

There is No Free Lunch! No Advertising, No Media

by on June 25, 2009 · 633 comments

Adam Thierer and I have been trying to drive home a simple message in the ongoing debate about targeted online advertising and privacy:  “There is no Free Lunch!”  We don’t have a lot of friends in this debate, since nearly everyone else seems to assume that online content and services will just continue to fall like manna from heaven if politicians strangle advertising online.  So I was particularly heartened to read the following from Shelly Palmer:

This is the most serious question facing content producers today. Content costs money to produce. Third-party advertising/sponsor support is one model, promoting your own products is another, subscription is a third. At the end of the day, there are only three ways it works: I pay, you pay or someone else pays. Unfortunately, there is no business model called “no one pays.” In the case of MediaBytes, the model is “I pay.” It works for me as stated above. But, apparently, a fairly large number of people in my audience are uninterested in seeing even relevant product offerings. Is advertising over? If so, what’s next?

Amen! Shelly hosts a daily Internet talk show on technology and media called MediaBytes.  He  recently tried inserting a short ad at the beginning of the show to cover the significant costs of production:

The show is produced every business day and requires a research staff, a writer (me), an editor, an encoding/distribution manager and an affiliate relations staff. The reason for the production overview is that, this particular two-minutes may look like a talking head combined with some graphics and clips, but the work flow for any given show takes approximately 6 hour and all of the people involved in the production are on salary here at Advanced Media Ventures Group. And, for the record, MediaBytes, and the associated production materials, takes up approximately 25% of my day.

Unfortunately, Shelly’s audience seemed to feel entitled to receive the fruit of his hard work for free—without suffering the  agony of watching… horror of horrors: advertising!. Continue reading →

SHARE: 633 comments

TPW 44: Unsafe at Any Setting (A Conversation with Chris Soghoian)

by on June 19, 2009 · 5 comments

chris soghoianIn episode #44 of “Tech Policy Weekly,” Berin Szoka and Adam Thierer engage in a debate with Internet security expert Chris Soghoian, who is a student fellow at the Berkman Center for Internet & Society at Harvard University. He is also a Ph.D. candidate at Indiana University’s School of Informatics.

Chris is an up-and-coming star in the field of cyberlaw and technology policy as he has quickly made a name for himself in debates over privacy policy, data security, and government surveillance.  He straddles the line between academic and activist, and the role he often plays in many tech policy debates is somewhat akin to what Ralph Nader has done in many other fields through the years. Except, in this case, instead of “Unsafe at Any Speed” it’s more like “Unsafe at Any Setting,” since Chris is often raising a stink about what he regards as unjust or unreasonable privacy or security settings that various online websites or service providers use.

On the show, Chris talks about two of his recent crusades to get certain online providers to change their default settings to improve user security or privacy: (1) His effort this week to get major email providers—and Google in particular—to change their default security settings on their email offerings; and (2) his earlier crusade to create permanent opt-out cookies to stop behavioral advertising by advertising networks.

There are several ways to listen to today’s TLF Podcast. You can press play on the player below to listen right now, or download the MP3 file. You can also subscribe to the podcast by clicking on the button for your preferred service. (And do us a favor, Digg this podcast!)

[display_podcast]

Continue reading →

SHARE: 5 comments

When You’re Getting Software or Other Stuff on the ‘Net for Free, what are the Costs?

by on June 19, 2009 · 8 comments

freeCome one, come all. ACT will be hosting a lunch event next Tuesday (June 23) at noon on privacy, free software, and government procurement.

We’ll discuss “free” software (ie. no license fees, free as in beer). It’s a nuanced take on some of what Chris Anderson will surely be talking about in his upcoming book on Free—where does the $ come from in software that we all use for free on the web, or that we download to our computer?

To answer this question, we’ll attempt to update traditional Total Cost of Ownership analysis for ad-based software and services. There’s a lot of discussion about privacy, security and sustainability considerations of cloud based solutions. In addition, the event will deal with skeptics who think that “free” means no business model at all. We’ll describe how free software and services are usually just one aspect of a larger enterprise geared toward expanding market penetration and increasing revenues. Mike Masnick described this in a recent Techdirt post.

I’m going to moderate, and our speakers will be Rob Atkinson at ITIF, Tom Schatz at CAGW, and Peter Corbett of iStrategyLabs.

We’ll be releasing a paper on all this, so come join us for lunch and a lively discussion–and best of all, it’s FREE!!

Further details are here.

SHARE: 8 comments

Export Controls: Impediments to Tech Free Trade

by on June 18, 2009 · 19 comments

I’ve spent the past couple of months interning for a large Silicon Valley technology company doing export compliance work. The company I’m working for does an enormous amount of its business overseas. And it exports, well, technology products, many of which are controlled. Laws ostensibly designed to prevent terrorism and proliferation in fact control way more than weapons and chemicals – indeed, they regulate even extremely mundane goods like servers, software with encryption, and the technical data used to design and build such products.

As a result, it has to employ large numbers of people to comply with the US’s, the EU’s, and other countries’ export control regimes. The US’s is particularly complicated, with a long list of prohibitions, some which can be circumvented if an exporter gets a license and exceptions to the licensing requirement (based on the classification of the goods, the destination country, the end-user, and the end-use). In addition, there are lists of parties – companies, universities, and individuals – with whom no company can do business. Companies that provide lots of goods and services: hardware, software, courseware for training on the products, etc., have to screen those lists many times – when a customer buys a product, when she signs up for training, when a part is shipped from a manufacturer, etc. They also have to spend lots on classifying their products and devising schemes to ensure compliance at every step in their complicated supply and distribution chains. And, because of the US “deemed export” rule, they often cannot share information with their US-based engineers who are citizens of other countries (who were hard enough to obtain visas for in the first place!).

And, yet, the US system – with all its complexity – still requires less effort than some other countries’, which require a license to export every controlled good. That entails significant delay and processing costs. Unfortunately, too little attention has been paid to these costs on doing business internationally when passing feel-good “anti-terrorism” and “anti-proliferation” laws and regulations.

As Tim Lee points out, some of the more ridiculous encryption controls have finally gone away, but as technology advances, more and more products will fall into a category (which are often based on technical performance) that requires a license. So, as American products improve, the costs of sending them overseas increases! One would think politicians supposedly worried about the trade deficit would see this as counterproductive to their goals of increasing US exports and reducing imports… but that’s politics!

SHARE: 19 comments

← Previous Entries

Next Entries →