Rik Farrow maintains an archive of the pre-copy-edited versions of his (and those co-authored by Richard Power) Network Defense articles for Network Magazine from July 1997 to April 2004. As a collection, they represent an interesting snapshot of history of network security.
Susan Crawford gave a talk at Princeton a couple of weeks ago about “Two views of the Future” of the Internet. I hope to someday transcribe my notes into a post. In the meantime, I thought I’d give a plug for OneWebDay. Just as Earth Day (April 22 of each year) is a time for reflection, celebration, and action in support of the planet, OneWebDay (September 22 of each year) is a time for reflection, celebration, and action in support of online life.
More information can be found on the OneWebDay website.
It is becoming increasingly difficult to protect one’s personal data these days. The threat, of course, is that the more complete a profile someone has on you, the greater chance that the information can be used against you for everything from unwanted solicitations to identity theft. Computers are very good at combining information from multiple sources to build up a profile. In fact, this is the business model of the credit bureaus. Every time you give out a bit of information about yourself to anyone, there’s some risk that it could find its way into your “global profile” and be used against you.
Even if you trust the entity with which you share your information, things can and do go wrong. The March 20, 2006, issue of InformationWeek magazine has an article, The High Cost Of Data Loss, which describes incidents of customer data-loss affecting millions of people. This cover caught my eye as it had a picture of Princeton computer science graduate student Alex Halderman; the article states:
J. Alex Halderman, a doctoral candidate in computer science at Princeton University, about a year ago received a letter from the University of California, Berkeley, where he had been accepted as a graduate student in 2003, advising him that his personal data had been compromised. A university computer had been stolen that contained files with names and Social Security numbers of applicants and others at the university.
Berkeley warned people affected by the breach to be on the lookout for scam artists who might try to contact them under the pretense of being affiliated with the school. Halderman was shocked that two years after he applied to UC Berkeley, the application remained susceptible to a data breach. “It’s amazing that data can be on file for years, even when you think you’re finished with it,” he says. “There’s no way to take it back.”
Alex’s experience illustrates that once information has been shared it is generally not possible to “un-share” it. I recently met with a representative of a company that holds some of my retirement funds to discuss my allocations. During the course of the conversation, the representative asked some questions about salary and retirement plans which was noted on a yellow pad of paper. Additionally, I answered a short questionnaire to assess my risk tolerance which was entered into an untethered laptop computer. The meeting went well but I was never told that the salary information was going any farther than the yellow pad. My mistake was not to make my wishes known that the information I provided was not to be kept on file. Sure enough, a week or so later I received a “confirmation letter” with all the information listed. It was clearly a form letter generated at the corporate office from data in a big database. I immediately returned the confirmation letter with a note asking that my profile be removed. A week or so later, I received a phone call from a customer service manager to discuss my request. The conversation was cordial and long but only partially effective. It turns out that once the data exists in the system, there is no way to remove it. The best he could offer was to set the values to obviously bogus values (like an annual salary of $1). The manager was surprised that I was sensitive about this — after all, (1) they take special measure to protect the data and (2) if I met with a different planner in the future they would need to have the information. My counter to this was (1) data gets lost/stolen/misused anyway (USA Today just reported that a Fidelity Investments laptop computer containing sensitive data on 196,000 retirement-account customers was just stolen) and (2) I could easily bring the information to each face-to-face meeting.
In addition to carefully considering whether to share personal information, you can also push back and see if the requester really needs it or if there is a way for you to get the goods or service without providing the information. Recently I renewed my family’s membership to a local swimming pool club. The application stated that proving the full birthday for all members was mandatory. After several e-mail messages I learned that the insurance company required that the club have this information on hand in the event of an emergency. In this case, I reluctantly decided that this was OK. In another case, I made a purchase at a nationwide home improvement store where my receipt indicated that I won a $10 gift certificate and could claim it by either visiting a website or by calling a phone number. I went to the website and saw that one of the required fields on the web form was birth date. Rather than using a bogus birth date, I tried the phone number. Interestingly, I was able to claim my prize without giving out this information — the system never even asked.
Does this mean one should never share personal information? No, but it does mean that each time you do, you should think about the associated risks and benefits. What makes this trade-off tricky is that the benefits are often obvious and immediate and the risks are more nebulous. An interesting example of an unexpected use of seemingly benign information involved Farrell’s Ice Cream Parlor Restaurant customers who signed up for free ice cream on their birthday. The obvious benefit of sharing this information is that they would get free ice cream. However, in 1983, the U.S. Selective Service purchased a list of names and birthdays of boys turning 18 that year so that they could be reminded to register. Food for thought.
From Risks Digest 24.18 (which obtained the information from Slashdot):
An anonymous reader writes “The New Jersey legislature is considering a bill [link] that would require operators of public forums to collect users’ legal names and addresses, and effectively disallow anonymous speech on online forums. This raises some serious issues, such as to what extent local and state governments can go in enacting and enforcing Internet legislation.”
The key provisions of the bill are:
2. The operator of any interactive computer service or an Internet service provider shall establish, maintain and enforce a policy to require any information content provider who posts written messages on a public forum website either to be identified by a legal name and address, or to register a legal name and address with the operator of the interactive computer service or the Internet service provider through which the information content provider gains access to the interactive computer service or Internet, as appropriate.
3. An operator of an interactive computer service or an Internet service provider shall establish and maintain reasonable procedures to enable any person to request and obtain disclosure of the legal name and address of an information content provider who posts false or defamatory information about the person on a public forum website.
The bill would make any operator of an “interactive computer service” (e.g., comments in a weblog) or an ISP liable to damages caused by a posting if the operator did not enforce section 2 (above) of the bill.
Peter G. Neumann, chairman of ACM Committee on Computers and Public Policy, states:
This of course would have considerable impact on all Internet newsgroups, and opens up the question of liability that out-of-state moderators would have. It also greatly increases the difficulties for whistle-blowers who might wish to publicly air vital concerns without the obvious risks of retribution. Seems like a bad piece of legislation to me.
This would also have a tremendous impact on operators of weblogs. To what extent would operators have to go to ensure that the name and address provided was accurate? Would they be required to periodically verify that the contact information is current? If someone posts an item that becomes a thread, would they be obligated to take down the entire thread if the person can no longer be contacted?
Sounds like a bad piece of legislation to me, too.
In the article, Senate Approves Curbs on Some Patriot Act Powers, The New York Times reports:
If Mr. Feingold spoke for the bill’s critics, Senator Jim Bunning, Republican of Kentucky, offered another perspective in support of the antiterrorism measure: “Civil liberties do not mean much when you are dead.”
Had he been around in 1775, I guess that Senator Bunning wouldn’t have agreed with patriot Patrick Henry’s, “Give Me Liberty or Give Me Death,” speech either.
I hadn’t heard the term Penguinistas before and it made me chuckle. Here’s the context from LinuxDevices.com:
Another defenseless gadget has fallen prey to the relentless march of the Penguinistas. Tim Riker’s eLinux.org [link] website has published extensive, detailed instructions for creating a cartridge that can boot any unmodified Mattel JuiceBox into a Linux-based environment.
The EFF reports:
As part of the on-going DMCA rule-making proceedings, the RIAA and other copyright industry associations submitted a filing that included this gem as part of their argument that space-shifting and format-shifting do not count as noninfringing uses, even when you are talking about making copies of your own CDs:
“Nor does the fact that permission to make a copy in particular circumstances is often or even routinely granted, necessarily establish that the copying is a fair use when the copyright owner withholds that authorization. In this regard, the statement attributed to counsel for copyright owners in the MGM v. Grokster case is simply a statement about authorization, not about fair use.”
Part of their argument against space-shifting (i.e., making backup copies) and format-shifting (i.e., ripping to MP3) is that replacements are readily available at affordable prices. Well, let me think… If I want to make a backup copy, I can spend 50 cents for a CD-R or buy a new CD (with potentially horrible DRM software) for $15. Likewise, if I already own the CD, why would I then pay iTunes 99 cents a song for the same content?
The other day, I attended a talk titled, “The Future of Music and the 5¢ Solution — How artists and consumers can reclaim ownership of music,” by Daniel Levitin, a professor in the psychology department of McGill University, who has had an impressive career in the music/recording industry.
The basic idea behind the talk was originally proposed by Sandy Pearlman and Professor Levitin in March 2005 — Specifically, that the Apple iTunes price point of 99 cents per song is much too high and that a price point closer to 5 cents per song would substantially increase revenues for record companies and artists.
His argument that the price point is too high is based on the [2004 ?] statistics that there were 300 million legal iTunes downloads and 30 billion illegal downloads (where one billion is a thousand million) during the year. By lowering the price and getting some fraction of the illegal downloaders to become paying customers, you increase revenue. By using a simple-minded calculation, I figure that at a 5 cent price point 18.8% of those 30 billion illegal downloads would have to have been paying downloads instead to generate the same gross revenue. Here are some other price points:
| Price per Song | Percentage of the 30 billion illegal downloads that would need to be legal/paying downloads |
| $0.99 | 0.0% |
| $0.50 | 1.0% |
| $0.10 | 8.9% |
| $0.05 | 18.8% |
| $0.01 | 98.0% |
Of course, the economics are not that simple. Such an adjustment would eat into the total sales ($3B in 2004) and simultaneously encourage the legal downloaders to potentially purchase even more music. Note that Professor Levitin emphasized that 5 cents was an example; it could be bigger or smaller as long as it was greater than zero. Also, instead of purchasing a song with unlimited plays, one could imagine that each time a song is played, the consumer is charged, say a tenth or a hundredth of a cent. The idea is that the actual value would be small enough that an individual consumer doesn’t really care but still generates a revenue stream.
In order to discuss how consumers and musicians can reclaim ownership of music, Professor Levitin gave a rather interesting overview of the record industry. I wasn’t able to keep up with all the details. Here are some of the main points he made:
The main take-aways from this discussion are (1) the distribution of revenue is not fair to artists, and (2) the consolidation of the record industry, the radio broadcasters, and the radio programmers has reduced the diversity of broadcast content to the point that 90-100% of radio play is from the four major labels. The major labels have a market share of about 75% meaning that about 25% of the record industry gets little or no radio play.
For the people paying 99 cents a song, dropping the price by a factor of twenty sounds great; however, how does one get people to pay (even a nickel) for something they’ve always gotten for free? The answer: value add-ons.
The value add-ons could be that every song (including The Beatles) would be available online for every codec (i.e., in every format: MP3, AAC, Ogg) and that downloaded songs would not be corrupted and their tags would be accurate. Also, there would be the assurance that the musicians are participating in the revenue stream—musicians should be able to make a living as musicians.
Professor Levitin made a point of noting that the idea of paying for something that was once free is not without precedent. He gave two examples: TV and books. In the case of TV, if you use an antenna to pick up the broadcast signal, it is free. However, people regularly pay $50 a month for cable. I’m not sure that this is analogy completely works for digital music. I do concede that the cable signal is likely to be better than that from an antenna and that’s worth something. Having extra channels on cable is more a case of “bundling” rather than value-added. In the case of books, libraries will loan you one yet people still buy books. At this point in the talk, someone from the audience pointed out that people simply like to own the artifact—the actual book or CD—for reasons that may be purely emotional.
If you’re like me, the growth rate of your CD collection significantly dropped after graduating from college—after that, there were far fewer people available to recommend music for you to try. If every song becomes available on the web, simply finding new music that you are likely to want to buy becomes a big problem. Given its decrease in diversity, broadcast radio is not likely to be much help. Professor Levitin explained that a recommendation engine would represent a significant value add-on. The recommendation engine would need to take into account a user’s personal tastes as well as their current mood. He then showed a screenshot of a system he worked on from MoodLogic.com.
Interestingly, the recommendation engine idea points to how the record industry might evolve to where music is 5 cents a song: Professor Levitin wrapped-up the talk by suggesting a buy-out by the major search engine companies. While there are certainly non-trivial differences between Internet searching and music recommendation, there are no doubt similarities. If Google, Yahoo, Microsoft, and Ask were to purchase a significant portion of the record industry, they would be in the position to index all available music and implement the proposal.
Because the talk only lasted about an hour, we weren’t able to explore the nuances of the proposal in depth. While preparing this weblog entry, I’ve had the time to think about how I’d like the system to work. For me, the big issues preventing me from acquiring music online are:
With the right kind of cryptographic protocols, it should be possible for me to anonymously purchase a song while still compensating the musicians.
In addition, I would like to use a recommendation engine. However, the design of MoodLogic’s system requires that one’s collection be uploaded to their servers for analysis. From MoodLogic’s Privacy Policy:
Why does MoodLogic identify my songs? Do they need to know what’s in my collection?
Simply stated - If we don’t know what songs you have, we can’t help you organize them, clean their tags, discover new music, or build one click playlists.MoodLogic understands digital audio - and we know that a very high percentage of files have been linked with incorrect (or altogether missing) filenames and tags. It’s not easy to sort your music if artist and song names are misspelled - and it’s impossible to build one click playlists if your songs can’t be linked to descriptive data. In an effort to eliminate this problem, MoodLogic developed powerful media recognition technology to identify songs (and return their profiles) without the need for filenames or tags.
MoodLogic also compiles lists of identified songs, which help us better understand our community on an aggregate basis while improving the quality of our services. MoodLogic also may publish lists of such aggregated data (like ‘most popular songs’) so that others may also benefit from this information.
Instead of uploading my collection, I would much rather their system work like a virus scanner. That is, I periodically download (on a subscription basis) updates to the recommendation database so that I could get the latest recommendations.
Referring to a Doctor Fun cartoon in which a man objects to an RFID implant until he learns that the implant is also a cellphone, digital camera, and an MP3 player, Bruce Schneier writes, “This is 100% right.”
I agree—in fact, the same argument could apply to the privacy implications of the new version of the Google Desktop. If you bundle enough goodies with a technology that threatens privacy, people will buy it anyway. Just a spoonful of sugar makes the medicine go down…
The EFF is recommending that users do not use the new Google Desktop because it greatly increases the risk to consumer privacy. It seems that the the new “Search Across Computers” feature will send copies of one’s local documents to Google’s servers so that they can be searched by the user from, say, their work computer.
The trouble is that due to the provisions of the Electronic Communication Privacy Act of 1986, there are fewer legal protections on one’s files when they are stored with an online service provider (OSP) as opposed to when they are stored on your home computer. To access your home computer, the government would require a search warrant; to access files at an OSP they would only need a subpoena. A subpoena issued directly to an OSP could mean that you might not even be notified.
Powered by
WordPress.
Entries (RSS)
| Comments (RSS).
This work is licensed under a Creative Commons License.
