Things that Go ‘Bump’ in the ‘Net

Though many didn’t think it possible – and even more didn’t notice – the TechLiberationFront team outdid itself yet again at last night’s Alcohol Liberation Front event. The room was buzzing with excitement as the brightest tech policy lights on the . . . um . . . first floor of the Science Club gathered to imbibe and share their latest thinking on . . . um . . . stuff.

More than a few people were trying to place estimates on attendance. It was clear that the number of TLF fans – dare we call them “groupies”? – had at least doubled compared to prior events, possibly tripled, and maybe even quadrupled. Let’s just say TLF begoogled its prior showings. Because that doesn’t really mean anything, but it sounds awfully impressive and kind of techie too.

Joining in the fun – or at least aware of our presence (some of them) – was the D.C. Mobile Monday chapter. D.C. MM had hosted drinks on the second floor which almost made it worthwhile to hear a presentation from Working Assets on how they used text messaging in the last election cycle.

The event ended consistent with the old line, “You don’t have to go home but you can’t stay here.” Some people’s wives were out of town. Others are just red-blooded Americans. You see, Science Club is not far from some fine dining establishments . . . .

SHARE:

There was a blogosphere dust-up last week when the Washington Post reported on a law student who had been savaged in Internet chat rooms and subsequently not been hired by any of the many law firms she interviewed with. It’s a perfect story for the Post because Washington has so many lawyers and because the culture here lags in tech-savvy.

Reliable TechDirt debunked the story somewhat by pointing out that employers would be foolish to rely on such things in their hiring decisions.

Now, Volokh conspirator Ilya Somin points out that, given her credentials, the law student was probably left without major-law-firm work on the merits.

Like this person, when I interviewed for law firm summer associate jobs as a second year student at Yale, I had “graduated Phi Beta Kappa [from my undergrad institution], ha[d] published in top legal journals and completed internships at leading institutions in [my] field.” And, very similar to her, after interviewing at a dozen big DC firms, I ended up with two call backs and zero offers. Why did this happen? Frantic later investigation showed that the main culprits were precisely some of the credentials listed above. Because of them (particularly the publications), firms feared that I would go into academia and either never take a permanent job with the firm, or leave after just a year or two. A highly paid associate who quickly jumps ship for academia is far less profitable for a firm than one that stays for several years and can eventually bill hours as a senior associate.

Once again, “blame the Internet” fails to hold up. Law firms and other employers are unlikely in general to use salacious information that is anonymously posted, or long outdated, in their hiring decisions. Correlation is not causation.

SHARE:

Here’s the most interesting claim in the lawsuit filed by parents against MySpace alleging its negligent failure to protect their daughters:

14. Plaintiffs allege and are prepared to show proof that, at all times relevant to the claims alleged herein, said parents were variously too busy, preoccupied, or self-absorbed to attend to their ordinary parenting duties. Alternatively and additionally, the willfullness and independence of their victim children was intimidating and exhausting, for which reason responsibility for defending and guarding the interests of said victims shifted to defendant MySpace.

/satire

SHARE: 2 comments

Dave Weigel points out MyDeathSpace, a site that provides links to the MySpace pages of people who have recently died. Dave is counting the hours until Congress bans the site. I’m not so sure, though. There’s no doubt that the idea is tasteless, and I certainly wonder about anyone who visits the site regularly. But it’s hard to think of a good rationale to make the site illegal. I mean, you can’t just make it illegal to link to web sites created by dead people, and the site isn’t really hurting anyone. Of course, that doesn’t mean Congress won’t think of some way to score political points by shutting the site down, but maybe, like Paris Hilton and Britney Spears, the site will continue to be tacky but not illegal.

SHARE:

What do y’all think about this? (courtesy of Slashdot)

Underground hackers are hawking zero-day exploits for Microsoft’s new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.

The Windows Vista exploit–which has not been independently verified–was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.

In an interview with eWEEK, Trend Micro’s chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.

This feels kind of bogus to me. I’m sure there are lots of people trading Windows exploits on the Internet, but who would pay $50,000 for such an exploit? And if there were people paying $50,000 for Windows exploits, I would expect them to be extremely nervous about being caught by law enforcement agencies. Which I expect would cause them to shun online auctions, which by their nature involve exposing your activities to a large number of other people.

Continue reading →

SHARE: 10 comments

Clyde Wayne Crews of the Competitive Enterprise Institute has a new piece out on cybersecurity, online vigilantism, and white hat hacking. It explores the many avenues for countering bad actors in the online environment, and draws a line between reaching out to aggress against them and using deception and guile to confound and frustrate them.

The piece is apparently motivated by the the “Peer-to-Peer Piracy Prevention Act,” introduced a couple of years ago, which would have given the music industry immunity from liability for accessing peer-to-peer networks and attempting to prevent trade in their copyrighted material. Crews says “the industry is bound to try again.” His conclusion: “Explicit liability protection for particular classes of white hat hacking is ill advised. . . . A green light for hacking can work against broader cybersecurity and intellectual property goals, and there are alternatives.”

SHARE:

Declan has a long and interesting argument between Suresh Ramasubramanian, who’s the postmaster for several million email users, and Danny O’Brien, an EFF activist coordinator.

A couple of weeks ago, AOL’s email system briefly blocked any email that had the dearaol.com URL in it. EFF responded by accusing AOL of deliberate censorship:

“This proves the DearAOL.com Coalition’s point entirely: left to their own devices, AOL will always put its own self-interest ahead of the public interest in a free and open Internet,” said Timothy Karr, campaign director of Free Press, a national, nonpartisan organization working on media reform and Internet policy issues. “AOL wants us to believe they won’t hurt free email when their pay-to-send system is up and running. But if AOL is willing to censor the flow of information now to silence their critics, how could anyone trust that they will preserve the free and open Internet down the road? Their days of saying ‘trust us’ are over–their credibility is zero, zip, nada.”

But as Ramasubramanian persuasively argues, it’s likely this was an honest mistake on AOL’s part: a few AOL users probably got unsolicited emails from DearAOL’s “send this to a friend” feature and flagged them as spam. AOL’s system probably concluded from that that dearaol.com is a spam address and started blocking emails that mention it. AOL fixed the problem within a matter of hours.

Ramasubramanian rightly takes EFF to task for crying censorship without making any attempt to resolve the problem with AOL first. Administering email for tens of millions of people is a difficult job. It’s especially difficult when those users are clamoring to reduce the amount of spam in their inboxes. We can and should criticize AOL when its system screws up, so that consumers are aware of any problems, (personally, I much prefer email servers that leave the spam-filtering to the client side) but it’s not helpful or reasonable to immediately become confrontational about it.

I think this accentuates what makes the DearAOL campaign wrongheaded in the first place. EFF is rightly vigilant about censorship by the government because we only have one government and it has immense power. We can’t afford to give the government the benefit of the doubt because if the government abuses its power it has the potential to shut down the expression of views it disapproves of. Once we give up a freedom to the government, we may never get it back.

The AOL situation is very different. There are plenty of ways to communicate outside of AOL’s email service, so it’s unlikely that AOL would have much success preventing the discussion of ideas it doesn’t like. Moreover, unlike the government, AOL has competitors. If it begins doing obnoxious things with its email, its customers can switch to alternative ISPs. Moreover, many consumers want AOL to filter their email in order to prevent spam and viruses from being transmitted on their networks.

Civil liberties organizations like EFF and the ACLU properly take a confrontational posture any time they see signs that the government is trying to stifle free expression. But the same posture simply isn’t appropriate when they’re dealing with private companies. As I’ve written before that I don’t think this is the sort of thing EFF should be getting tangled up in in the first place. EFF’s core competence is in resisting censorship by the government. The tactics that work well against government censorship come across as unreasonable and cartoonish when directed at a private company.

SHARE: 12 comments

This proposal by AOL and Yahoo! to charge postage for bulk email doesn’t strike me as a terribly good idea. It’s pitched as an anti-spam tactic, but that doesn’t seem right. Spam will still be spam. It will continue to be filtered out as best as AOL is able using traditional spam filters. Some spam will continue to get through, just as it does now.

What AOL and Yahoo are doing is attempting to take a cut every time a legitimate business wants to communicate with its customers. For example, I’ve given Apple permission to send me occasional emails: I like their products and don’t mind an occasional sales pitch. I know that if I get tired of those emails, I can banish them with an “unsubscribe” request. Apple values its relationship with me and wouldn’t risk my anger by sending emails after I’d asked them to stop.

I don’t see how I benefit in the slightest if my ISP begins charging Apple for the privilege of sending me those emails. To the contrary, by discouraging some companies from offering bulk-email subscription services, I would actually be made worse off if the policy is enforced aggressively. Smaller companies, non-profits, and others on tight budgets might decide that they simply won’t deliver their emails to Yahoo and AOL email addresses.

Whatever benefits this plan might have for consumers (so far, I’m not seeing any), fighting spam is not one of them. While I fully support their right to charge for the valuable service they provide, it seems misleading to pretend this plan is somehow for the benefit of their users, rather than simply a way for them to generate more revenue.

SHARE: