There are no two ways about it: Google is doing good things on privacy.
The video below provides ordinary people very important information that will empower them with the awareness they need to protect their privacy. To those of us who are technically aware, the information presented here is a little obvious, but the average Internet user doesn’t know it. They need to.
http://www.youtube.com/v/kLgJYBRzUXY
Over the long haul, this kind of education will be
much more effective protection for consumers than privacy regulation – and it will have none of the costs of regulation: in wasted tax dollars, market-distorting rent-seeking and regulatory capture, etc.
The video raises some important new points and questions, of course:
Continue reading →
A very good observation from Latanya Sweeney in an interview with Scientific American.
Think about it: we leave fingerprints all over the place, just like our SSNs are all over the place. As we use fingerprints to regulate access to more value, the value of collecting fingerprints and faking them will rise.
It won’t be tomorrow or next week, but watch for fingerprint-based identity fraud – if we rely on that biometric too much. DNA has the same quality. Other biometrics, like vein recognition, are neither easy to collect nor to reproduce (though, yes, both of these facts are technology-contingent).
In my book, Identity Crisis, I talked about the qualities of identifiers: fixity, permanence, and distinctiveness. Biometrics like fingerprints and DNA are high on the scale of fixity and permanence, but may drop in reliable distinctiveness with advanced forgery techniques.
The better designed systems will use biometric identifiers that are not only hard to forge, but that are somewhat hard to collect. Biometrics that can only be made available through some volition on the part of the individual will be the most secure.
A great insight from Avi Rubin, who attributes it to California Secretary of State Debra Bowen:
The current certification process may have been appropriate when a 900 lb lever voting machine was deployed. The machine could be tested every which way, and if it met the criteria, it could be certified because it was not likely to change. But software is different. The software lifecycle is dynamic. As an example, look at the way Apple distributes releases of the iPhone software. The first release was 1.0.0. Two minor version numbers. When the first serious flaw was discovered, they issued a patch and called it version 1.0.1. Apple knew that there would be many minor and some major releases because that is the nature of software. It’s how the entire software industry operates.
So, you cannot certify an electronic voting machine the way you certify a lever machine. Once the voting machine goes through a lengthy and expensive certification process, any change to the software requires that it be certified all over again. What if a vulnerability is discovered a week before an election? What about a month before the election, or a week after it passes certification? Now the point is that we absolutely expect that vulnerabilities will be discovered all the time. That would be the case even if the vendors had a clue about security. Microsoft, which arguably has some of the best security specialists, processes and development techniques issues security patches all the time.
Software is designed to be upgraded, and patch management systems are the norm. A certification system that requires freezing a version in stone is doomed to failure because of the inherent nature of software. Since we cannot change the nature of software, the certification process for voting machines needs to be radically revamped. The dependence on software needs to be eliminated.
USA Today reports that most are unaware of the dangers facing them at public Wi-Fi hotspots, which brought to mind an interesting question about municipal Wi-Fi. What incentive is there for municipalities to provide encryption and other security technologies?
The article mentions that AT&T and T-Mobile are the largest providers of free Wi-Fi hookups in the country and although the Wi-Fi itself is unsecured, both companies encourage the use of freely provided encryption software. The incentives for both companies seem fairly obvious. If people are going to be Wi-Fi users they need to feel safe and encryption technology is a way to do this. Customers stay safe and continue to use the service, making AT&T T-Mobile and other providers money.
Do municipal setups have the same incentives? Depending on the financial structure of such a system I can see how there would be little incentive to provide security software or other safeguards to users. Yet these Muni-Fi services would still distort the market, making it less likely for companies–that might be affected by privacy concerns–to invest in those areas.
Question: Does Muni-Fi pose a risk to security because of the lack of incentives to push security solutions and its edging out private competitors who have that motivation?
The New York Post is reporting that the New York Times is going to ditch its paywall, making all of its new content freely available to the world. The rumor comes a week after rumors that Rupert Murdoch is considering doing the same with the Journal.
It’ll be interesting to see how long Salon and The Economist can soldier along with a paywall/daypass model. They’re both excellent publications, yet I hardly ever visit them because the blogs I read hardly ever link to them. My sense is that they’d be significantly more prominent if they had gone free a few years ago.
Hat tip: Yglesias, who concludes that the Internet will “make being an important opinion writer less financially lucrative, relative to other professions, than it once was.”
The video game industry’s string of unbroken First Amendment court victories continued this week with a win in the case of Video Software Dealers Association v. Schwarzenegger. [Decision here.] In this case, the VSDA and the Entertainment Software Association brought a suit seeking a permanent injunction against a California law passed in October 2005 (A.B.1179), which would have blocked the sale of violent video games to those under 18. Offending retailers could have been fined for failure to comply with the law.
The court’s decision overturning the law was written by Judge Ronald Whyte and it echoed what every previous decision on this front has held, namely:
Continue reading →
Over at Reason Julian chastises the Democrats for their spinelessness in passing the FISA “modernization” this weekend:
The hasty passage of the massive USA PATRIOT Act, a scant 45 days after [the 9/11] attacks, was ill-considered but understandable. Six years later, however, the administration has grown comfortable with the prerogatives panic affords. And, perversely, it has learned that it can continue to wield those prerogatives even under a Democratic majority, provided it insists on regarding Congress always and only as a last resort.
Consider the provenance of this “emergency” legislation. President Bush first authorized the National Security Agency to carry out a range of surveillance activities without court order, the full scope of which is still unknown, but which at the least included monitoring communications between persons in the United States and targets abroad. (Wholly international communications had always been exempt from the privacy restrictions imposed by U.S. law.) When this was revealed by
The New York Times late in 2005, the administration insisted that national security required that intelligence agents be allowed to bypass even the super-secret—and highly compliant—FISA courts. Then, following the 2006 midterm elections, which gave Democrats a congressional majority, the Department of Justice abruptly announced that it had found a way to work within FISA after all. Finally, according to The LA Times, a spring ruling by a FISA court judge found that even this restricted version of the six-year-old program ran afoul of the law.
Suddenly it became urgent that Congress “modernize” what was invariably described as “the 1978 FISA statute,” conjuring images of forlorn agents in white polyester leisure suits vainly hunting for al-Qaeda terrorists hidden under Pet Rocks. Yet FISA had already been updated dozens of times since its initial passage, including six major amendments since the September 11 attacks, giving the administration myriad opportunities to request all the “modernization” it required, subject to thorough public debate. But even this manufactured urgency, it seems, was not enough. On the eve of the legislature’s August recess, House Democrats had worked out a compromise bill with Director of National Intelligence Michael McConnell, which preserved a modicum of judicial oversight over the expanded surveillance powers it granted. But the White House pronounced this unsatisfactory, threatening a veto and demanding still broader powers. If Democrats did not yield completely before Congress adjourned, Bush said, they would “put our national security at risk.”
More where that came from. I’ve also got a summary of the bill over at Ars.
Do you mean to tell me that muni wi-fi networks will actually cost money? I’m shocked, shocked, I tell you. Where’s the free lunch we were promised?!
[see
San Jose Mercury News story below]
Municipal WiFi: A not-so-free lunch
by Sarah Jane Tribble
Mercury News
08/06/2007
It’s been more than a year since Silicon Valley’s Joint Venture Wireless Project first announced plans to build a regional wireless network, giving millions of local residents free access to the Internet. But that network won’t be so free after all, and the area’s millions of local residents may not really use it.
While initially the project was lauded as a way to give the masses affordable Internet, key organizers have gently shifted the focus of the network from serving residents, for free, to giving businesses and city governments wireless access, for a price. …
But the increasing focus on dollars and cents reflects a trend nationwide: As cities strive to provide wireless Internet service, they’re realizing it can’t truly be free.
[Read the rest here.]
Slashdot reports on a new flashlight that makes subjects puke when you point it at them.
A Slashdot commenter says:
Just browse a few pages on myspace…you’ll get a similar nauseating effect.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.