February 29, 2004

VOIP: Shirky on "Plan A" / "Plan B"

Label 2003 "Collapse of Denial," and compare Vonage (replace the phone system slowly and from within) to Skype (replace the phone system, period), says Clay Shirky in his essay "VoIP - Plan A vs Plan B" (2/26/04).

For decades, monopoly control was the cost of service guarantees. But with the monopoly franchise came the burden of high taxation and regulatory costs passed on to customers. The introduction of competition breaks down the stability of that three-part bargain, argues Shirky.
Critics of the new competitors grumble that VoIP is just a parasitic technology and its rise will bankrupt the teleco's DSL market (subsidized by those monopoly margins on POTS) on which it rides. Shirky differs, noting that the bankruptcy of the old railroad companies did not mean the end of rail service or the ripping up of the physical rail system. Nor will the arrival of a market economy in voice communication mean the end of the copper wire infrastructure. (Read more ... )

VoIP companies like Vonage embrace the new technology but the old business model, suggests Shirky. The Skype model doesn't contemplate a "phone company" ... just a protocol ... no presence to regulate. That undermines the concept of charging the user anything (think AIM, ICQ, Kazaa and Gnutella).

Established telcos are overestimating Vonage and underestimating Skype, suggests Shirky, and fighting it the way that the RIAA has been fighting P2P music sharing. He suggests that if old telco succeeds in killing or assimilating Plan A (like Vonage), it will increase the likelihood of success of the "far more radical challenge from Plan B."

Clay Shirky closes saying:

"The only thing that might save Plan A from death by delay is evidence that users are adopting Plan B in large numbers, using the internet for voice applications completely outside the framework of telephony as we've known it for more than a century. We should all hope that happens, because if wide adoption of Plan B convinces the regulators and incumbents to acclerate their VoIP offerings, the users benefit. And if it doesn't, Plan B will be all we get, so we may as well start experimenting with it now."

This essay is available at Clay Shirky's Writings About the Internet, and was originally distributed 2/26/04 through his "Networks, Economics, and Culture" mailing list, licensed under the Creative Commons Attribution License, by which the licensor (Clay Shirky) permits others to copy, distribute, display, and perform the work. In return, licensees must give the original author credit. Subscribe to the mailing list.

See also, "VOIP as Reality Revives Call for Regulation," (Unintended Consequences 12/15/03).

DougSimpson.com/blog

Posted by dougsimpson at 06:12 AM | Comments (0) | TrackBack

February 27, 2004

Data theft hits 4.5 MM Softbank accounts

4.5 million subscriber names, phone numbers, postal addresses, email addresses and Yahoo Japan IDs were leaked from Softbank Corp., the largest provider of broadband access in Japan, it reported to Reuters.

Toyko police arrested four individuals suspected of stealing the confidential data and demanding a payment from Softbank to avoid it being leaked. An insider is suspected. Softbank's CEO Masayoshi Son accepted responsibility, apologized and took a 50% salary cut for 6 months. Reuters reported that credit card, bank account and password details on a separate database were not compromised.

Softbank said it has since put restrictions on how many staffers can access databases, and upgraded a system of logging access history.

Source:Yahoo! News - Softbank Says Data on 4.52 Million Subscribers Leaked(2/27/04).

Questions:

  • Are background checks and stronger audit controls necessary for those with access to sensitive databases?
  • If one of the larger companies in Japan has this vulnerability, how many others in the developed world are also at risk?
  • Is this a failure of security best practices, or a failure to *follow* security best practices?

    DougSimpson.com/blog

    Posted by dougsimpson at 01:51 PM | Comments (0) | TrackBack
  • February 26, 2004

    Essay on Seven Principles for Good Practice in Undergraduate Education

    Chickering and Ehrmann's 1996 essay on The Seven Principles, updated with additional citations and references for distance and online education. The seven principles:

  • 1. Good Practice Encourages Contacts Between Students and Faculty
  • 2. Good Practice Develops Reciprocity and Cooperation Among Students
  • 3. Good Practice Uses Active Learning Techniques
  • 4. Good Practice Gives Prompt Feedback
  • 5. Good Practice Emphasizes Time on Task
  • 6. Good Practice Communicates High Expectations
  • 7. Good Practice Respects Diverse Talents and Ways of Learning

    More at: Implementing the Seven Principles, Ehrmann and Chickering

    See also "Seven Principles of Effective Teaching: A Practical Lens for Evaluating Online Courses" by Charles Graham, Kursat Cagiltay, Byung-Ro Lim, Joni Craner and Thomas M. Duffy (The Technology Source, March/April 2001).

    DougSimpson.com/blog

    Posted by dougsimpson at 05:19 AM | Comments (0) | TrackBack
  • February 25, 2004

    UK Cybercrime rising, to target financial sector

    The financial sector is the biggest target of cybercrime in the U.K., according to reports at an e-Crime Congress in London. Len Hynds, head of Britain's National Hi-Tech Crime Unit (NHTCU), reported that three firms alone suffered 60 million pounds damage. A police survey of large companies found over 80% had experienced some version of cybercrime last year. Yet 25% perform no security audits (Read more ... )

    "Phising" was a new scam, with over 50 UK businesses reporting becoming victims last year. Phishers send bogus emails purporting to be from financial sites, tricking consumers into revealing account numbers, passwords and other private data.

    Police point to organized crime gangs in Eastern Europe and Asia. A Microsoft security spokesperson, David Aucsmith, predicted that future attacks will be against banking, payroll and business transaction systems. The survey found that over 25% of the large firms surveyed did not conduct regular security audits.

    Source: Cybercrime Costing UK Business Billions (Reuters, 2/24/04)

    See also:

  • BBC factsheet on the NHTCU (UK)
  • Legal and CyberCrime Resources portal at Labmice.net
  • U.S.D.O.J. Cybercrime resource site (USA)
  • Computer Crime Research Center (Russia)

    And: "California Guide on Disclosure of Personal Info Security Breach" (Unintended Consequences, 10/24/03)
    And: 'People are the "weakest link" in data security' (Unintended Consequences, 2/24/04)

    Microsoft's David Aucsmith will be speaking at the March 26-28, 2004 "CyberCops" conference sponsored by the Information Society Project at Yale Law School.

    Questions:

  • Does Britain need a law like California S.B. 1386, that requires disclosure of a security breach affecting personal information?
  • Should regular security audits by a government-licensed and certified security firm be a requirement for stock exchange listing and government subcontracts?
  • Should the same or different security audit requirements apply to companies that handle private data as government contractors?

    DougSimpson.com/blog

    Posted by dougsimpson at 04:36 AM | Comments (0) | TrackBack
  • February 24, 2004

    People are the "weakest link" in data security

    MSNBC reports that private data about hundreds of children was publicly exposed on the Net by government subcontractors seeking some temp help. According to the 2/8/04 report by MSNBC, files with the names, birthdates, even work schedules of the children's caregivers were posted by a computer consultant struggling with a database problem, and stayed online for weeks.

    Kent Kisselbrack is a spokesman for the New York Office of Children and Family Services, which regulates the county agency that leaked the data, says MSNBC. "Personal information of the nature that was on this Web site, especially information about children, it's not appropriate for this kind of information to be available to the general public," Kisselbrack told MSNBC.

    MSNBC says that the county agency had subcontracted database work to a community college, which hired a third party consultant, who in turn used RentACoder.com to find help. That contractor made several public postings for help and attached a zipped copy of the file he was working on ... containing the data about hundreds of children, all according to MSNBC.

    Child privacy and online safety advocate Parry Aftab operates WiredSafety.org and was quoted about the incident as saying: "This is horrible."

    Source: MSNBC - Government agency exposes day-care data (2/8/04)

    Perhaps some of the creativity and money now being spent on controlling the unauthorized flow of pop music on the Net should be redirected to controlling the unauthorized flow of private data about children? Perhaps the RIAA has something in their playbook for a situation like this.

    Questions:

  • Has the guardian or "next friend" of an affected child an effective remedy against the county or the contractor and subcontractor?
  • Are there changes in law or regulation required to reduce the chances of this happening again?
  • What are the minimum standards of care to which government agencies should be held when outsourcing work on sensitive data?

    DougSimpson.com/blog

    Posted by dougsimpson at 07:37 PM | Comments (0) | TrackBack
  • Caller ID for Email: Spam Fighter?

    Microsoft plans to unveil "Caller ID" specs for email at a RSA conference, according to analysis at IDG News Service. Sendmail Inc. also announced impending release of tools for e-mail sender authentication. Authentication of the origin of emails is considered by many to be essential to combat spam, viruses and identity fraud. Source: Microsoft to unveil antispam plans (Internet Business News from The Industry Standard - 2/24/04)

    See also Unintended Consequence's Emergence of the Accountable Internet (2/10/04)
    and Susan Crawford's The Theory of Everything (2/6/04)

    DougSimpson.com/blog

    Posted by dougsimpson at 02:35 PM | Comments (0) | TrackBack

    "Abuse of Copyright" Charge against Diebold

    A federal court may soon rule on abuse of copyright charges against Diebold. Represented by the Electronic Frontier Foundation (EFF), ISP Online Policy Group (OPG) and two students at Swarthmore have sued Diebold for damages, alleging misuse of DMCA "take down" orders relating to Diebold e-mail archives relating to its e-voting software. EFF Legal Director Cindy Cohn says: "Diebold used phony copyright claims to silence public debate about voting, the very foundation of our democratic process."

    Links to additional information and the case number are found at this source EFF: Judge to Rule on Consequences for Diebold's Misuse of Copyright Law (February 9, 2004)

    DougSimpson.com/blog

    Posted by dougsimpson at 05:39 AM | Comments (0) | TrackBack

    Bev Harris on E-Voting and DMCA

    beSpacific archives a BuzzFlash interview with Bev Harris, circa September 2003. Harris is author of Black Box Voting: Ballot-Tampering in the 21st Century. BuzzFlash asks Harris about her research that suggests that e-Voting "may be the Trojan Horse of voting machine reform, allowing elections to be stolen more easily than in the past." They ask why she argues that electronic voting machines "pose a threat to democracy."

    She also explains how the DMCA was used by an e-voting software company (Diebold) to shut down her entire website because it linked to a site that had a link to an unrelated site that offered copies of documents on which the software company claimed copyright. According to Harris, the documents (leaked by someone) showed a pattern of misconduct by the software company, including actions potentially affecting the last Presidential vote tally in Florida.

    Bev Harris' other books include a book of tips on identifying accounting fraud and recovering embezzled funds, called "How to Embezzle a Fortune." Harris' current book can be purchased or downloaded through BlackBoxVoting.org or through this beSpacific link.

    DougSimpson.com/blog

    Posted by dougsimpson at 05:07 AM | Comments (0) | TrackBack

    February 23, 2004

    Configuring the User in Social Network Software

    Social networks, "Small Worlds," code as law, and the "YASNS phenomenon" form the threads of Danah Boyd's notes from her recent E-Tech presentation, "Revenge of the User" at the February 2004 O'Reilly Emerging Technology Conference. Comments on Milgram's "Small Worlds," Larry Lessig, Mitch Kapor, Granovetter's "Strength of Weak Ties," Scott Feld and the power of foci. Her comments circle around the emergence of various constructed social networks like Friendster, orkut, LinkedIn and Tribe. She talks about "Fakesters," fake profiles created for fun ("Homer Simpson") or evil (Neo-Nazis).

    Her biggest gun in this proto-essay is aimed at the efforts of the creators of such networks to "configure the user," to forcefully shape the way that the system is utilized, saying at one point: "When technologies are built, the creators often have a very limited scope of desired and acceptable behavior. They build the systems aimed at the people who will abide by their desires. Often, their users don't have the same views about how the technology should be used. They use it differently. Creators get aggravated. They don't understand why users won't behave. The demand behavior. First, the creator messages the user, telling them that this isn't what is expected of them. Then, the creator starts carrying a heavier and heavier stick. This is called configuring the user. And y'know what... it doesn't work."

    She closes with the challenge that social software must recognize the disparate uses of various users, and must support a "live and let live environment." She closes saying that "You can't kill unwanted behavior without also killing desirable behavior. This is a design challenge, an architectural challenge and a social challenge. And, of course, a business challenge."

    Danah Boyd is a Ph.D. candidate in the School of Information Management and Systems at UC Berkeley, researching articulated social networks. She did her Masters work at MIT Media Lab, and her undergraduate work in computer science at Brown. Her presentation notes have attracted many excellent comments and Trackbacks. A valuable piece to students of network theory, at: apophenia: my etech talk: revenge of the user

    DougSimpson.com/blog

    Posted by dougsimpson at 05:04 AM | Comments (0) | TrackBack

    February 20, 2004

    March 26-28 CyberCrime Conference at Yale

    Yale Law's Information Society Project reminds me that registration is filling up for the CyberCrime conference on March 26 - 28 at Yale.

    The conference will bring together policy makers, security experts, law enforcement personnel, social activists and academics to discuss the emerging phenomena of cybercrime and law enforcement. Participants will question both the efficacy of fighting cybercrime and the civil liberties implications arising from innovations in law enforcement methods of operation.

    The writing competition has already attracted high quality submissions (40 international submissions for the writing competition and 30 pre-invited presentations). In addition to a day-and-a-half of panels, the keynote will be by Dan Geer - Principal, Geer Risk Services , Verdasys, Inc., with a dinner speech by John Podesta - President and CEO, Center for American Progress. Should be a extremely valuable program.

    CyberCrime and Digital Law Enforcement Conference -- Schedule and Participants

    DougSimpson.com/blog

    Posted by dougsimpson at 01:54 PM | Comments (0) | TrackBack

    February 19, 2004

    Blogs = "that thing that brings in money"

    New Congressman Ben Chandler (D, Ky) turned $2k into $80k in donations in two weeks. How? Ads on blogs with a liberal bent. Before the campaign, he probably didn't know what a blog was, his campaign manager told Wired. He does now, and is going to Congress. The publisher of one Chandler-friendly blog, Daily Kos, told Wired that the key to success in a campaign blog is to make readers feel they have a stake in the race.

    Chandler's ad campaign was handled by Blogads, and noted going rates for ads on popular weblogs, including Calpundit, Talking Points Memo and Eschaton.
    All according to: "Blogs Pump Bucks Into Campaigns" (Wired News, 2/18/04).

    DougSimpson.com/blog

    Posted by dougsimpson at 05:09 AM | Comments (0) | TrackBack

    February 18, 2004

    Windows Trade Secret Code may have been out for 3 years

    IT Security firm iDefense says the Windows code may have been leaked as early as 2001, has been modified, and is just now spreading. Not all agree that the release of the code will offer an advantage to malware and virus writers. Microsoft reasserted its claim that the code is copyrighted and a trade secret and that it will take "all appropriate legal actions to protect its intellectual property."

    Source: "Microsoft says shared source not to blame for leak"(The Standard, 2/17/04)

    See also: Unintended Consequences: Windows Source Code Leaks, Shared (2/13/04)

    DougSimpson.com/blog

    Posted by dougsimpson at 09:00 AM | Comments (0) | TrackBack

    Too Busy for Virus Protection, and Its Not My Job Anyway

    Surveying 1000 workers in the UK revealed yawning holes in anti-virus security: users too busy, apathetic or irresponsible to take the most basic security precautions. And blaming the virus and spam epidemic on someone, anyone else. Gillian Law, "UK workers too busy to worry about viruses" The Industry Standard (2/16/04)

    See Bruce Schneier, "The Economics of Spam"(2/15/04) (Schneier is the author of the best sellers "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish and Twofish algorithms.)

    And Jerry Lawson's "Plan to Stop Spam"(2/17/04)

    DougSimpson.com/blog

    Posted by dougsimpson at 05:32 AM | Comments (0) | TrackBack

    February 17, 2004

    Online Rumors and the Frailty of Reputation

    Students at Columbia sleuthed online, trying to verify Drudge Report rumors about John Kerry and a female intern named by certain newspapers. After a detailed blogging of their research, they concluded that the rumors were too thin to risk harming the reputation of a fellow graduate of the School of Journalism. They also realized that they added to the swarm of online traffic that caused the search engines to suppress links to the subject's professional work in favor of links to scandal-mongering about her.

    What if they had been less responsible? The case illustrates the hazards of the new, decentralized 'press' that rushes to share everything, regardless of truth, and the increasing importance that readers use independent, suspended judgment when reading raw sources.

    It may also be good to think about how the Web can "learn" to evaluate the reputation of news sources that may lack the traditional backstop of an editorial desk and nervous legal department.

    Columbia Spectator Online - Journalism Students Rule Out Rumors

    See also: Batzel v. Smith (9th Cir. 2003), containing a warning that bloggers and listserv operators risk legal expense (or worse) if they fail to fact check before actively republishing statements that could be defamatory if not accurate.
    Unintended Consequences: Batzel v. Smith No Blanket Blogger Immunity

    DougSimpson.com/blog

    Posted by dougsimpson at 09:36 AM | Comments (0) | TrackBack

    Call for Speakers: CyberThieves in the Corporate Vaults

    Seeking panelists from several disciplines to speak on digital intrusions and misappropriation of corporate secrets for the Connecticut Bar Association Annual Meeting.

    Topic scenario:

  • Loose collaborations of malware writers, "script kiddies" and professional criminals use common search tools and "social engineering" to find and exploit weak points in corporate security systems.
  • Disgruntled insiders and political activists collaborate to spread privileged and confidential corporate records and trade secrets through the world-wide peer-to-peer network before the owners know they are out.
  • Viruses, worms and other "malware" commandeer thousands of computers to swarm over and deny services to targeted corporation or government websites.
  • Others quietly infect computers, sniff out and steal private financial and identity data and passwords.

    CyberThieves in the Corporate Vaults (working title) will address the legal issues and practical challenges of this environment, including:

  • What is the state of the law?
  • What changes are needed in user behavior, law enforcement and legislation?
  • What is the role and impact of the global community?
  • How to balance security with civil rights?

    We seek panelists who are authorities in the following disciplines:

  • Cyberlaw
  • Criminal Law
  • Forensic (Investigative) Security
  • Intellectual Property Law
  • Constitutional Law
  • International Law
  • Sociology and Organizational Dynamics
  • Additional disciplines that you may suggest

    The panel will be a presentation of the Technology Section of the Connecticut Bar Association, to be held at the CBA's Annual Meeting on Monday, June 7, 2004 in New Haven, Connecticut.

    Potential panelists, please contact me with a brief description of your background in one or more of these disciplines, with links or citations to prior writings relevant to the topic. Please, no attachments by email.

    My contact information is at: DougSimpson.com/blog

    Posted by dougsimpson at 09:12 AM | Comments (0) | TrackBack
  • February 16, 2004

    Gross on the Lesson of the Dean Campaign

    Matthew Gross, Howard Dean's former chief blogger, shares thoughts on the campaign, the Internet and working with Joe Trippi in an interview, saying that the lesson of the campaign is "that technology, coupled with true grassroots support, can level the playing field. Actually, it can flip the playing field on its head, as it did in 2003. " "Exit Interview" (2/13/04) He expands a bit in his new blog, Deride and Conquer: "Never Apologize, Never Explain-- But Maybe Expand a Bit".

    DougSimpson.com/blog

    Posted by dougsimpson at 09:57 AM | Comments (0) | TrackBack

    Scam "unsub" site shows value of online IDs

    Scamming spammers harvested email addresses at a fraudulent site that mimicked the federal "do not call" registry site. Apparently, many fell for it, and the U.S. government has issued warnings to consumers. See: Federal Citizen Information Center - News and Notes

    Proposals for an "Accountable Net" that include use of persistent authenticated online identification tools might enable users to confirm a site's legitimacy in such cases. But many object to systems that would require online IDs, fearing the loss of freedom that might come with the loss of online anonymity.

    See: Susan Crawford blog :: The Theory of Everything

    Most of us would not let a stranger into our homes without some third party picture ID, even if they were wearing a shirt with the gas company's logo and carrying a tool box. Increasingly, businesses won't let a stranger into their back offices, (and certainly not onto their airplanes) without first seeing some third party picture ID.

    Why do Internet users expect to behave differently? If there was a system of persistent, authenticated identification for websites and email senders, how would such a system be best structured?

    DougSimpson.com/blog

    Posted by dougsimpson at 05:17 AM | Comments (0) | TrackBack

    February 15, 2004

    EISIL: Electronic Info System for International Law

    Developing database that includes links to primary sources of international law available free online. Organized by The American Society of International Law, with support from the Mellon Foundation, Northern Lights Internet Solutions, and its authors:

  • Anne Burnett - University of Georgia School of Law
  • Marci Hoffman - University of California at Berkeley School of Law
  • Gail Partin - Dickinson School of Law, Pennsylvania State University
  • Jill Watson - American Society of International Law
  • Jean Wenger - Cook County Law Library
    EISIL - Electronic Information System for International Law

    DougSimpson.com/blog

    Posted by dougsimpson at 09:02 AM | Comments (0) | TrackBack
  • Atom and RSS Compared

    Jerry Lawson at NetLawBlog points us to a resource comparing the new Atom format for newsfeeds to the RSS standard developed by David Winer and ceded to Harvard. Jerry doubts that the additional complexity of the Atom fomat will outweigh "the additional costs and confusion." Netlawblog: Atom vs. RSS

    My experience is that Google has been a good judge of cost/benefit outcomes, and is no fan of unnecessary complexity. Their Blogger subsidiary has chosen to offer Atom formatted feeds instead of RSS. I don't know enough about the two technologies to form an opinion, but am glad that there is competition. Competition always seems to make both the market leader and the challenger improve.

    For some background, see: Unintended Consequences: Atom v. RSS: Google weighs in (2/13/04).

    DougSimpson.com/blog

    Posted by dougsimpson at 07:34 AM | Comments (0) | TrackBack

    February 13, 2004

    Windows Source Code Leaks, Shared

    The leak and frantic P2P sharing of the Windows source code, reported by Reuters, is only the latest in intrusions that spill important intellectual property and trade secrets into the public domain. So many potential suspects exist that finding them may be impossible, suggests Reuters in this story: RPT-Net file-swappers snap up Windows source code

    Has the Windows system become too big and unwieldy to be sustained as a trade secret? The sack of Rome did not end civilization, but it ended Roman hegemony and set the stage for the emergence of more complex distributed organizational systems. Of course, there was that uncomfortable interim stage we call the Dark Ages. But, you can't make omelets without breaking eggs.

    DougSimpson.com/blog

    Posted by dougsimpson at 01:37 PM | Comments (0) | TrackBack

    Atom v. RSS: Google weighs in

    Can a more complex, opensource spec successfully 'invade' the marketspace of an established, proprietary entrant? No, we're not talking about Linux v. Windows.

    Reports are that Google and Yahoo are on opposite sides of this competition and that Google's Blogger subsidiary will offer only the Atom syndication standard. This widens the riff between supporters of Atom and those of the widely used RSS standard backed by David Winer's folks at the Berkman Center at Harvard. Source: Google spurns RSS for rising blog format - News - ZDNet

    Thanks for beSpacific for the pointer to this story and for its topic archive on RSS.

    Atom Spec Wiki.
    Feed Validator on RSS.
    See also the Exec Summary of a Knowlogix paper presented at a conference on content syndication last month, containing comments regarding the theory and utility of RSS and other Internet-based content syndication technologies.

    DougSimpson.com/blog

    Posted by dougsimpson at 05:50 AM | Comments (0) | TrackBack

    February 11, 2004

    Did Transparency of Web Support Hurt Dean?

    Former Howard Dean campaign manager Joe Trippi told Reuters that they "couldn't figure out how to tell people we had a problem without raising the wrong impression. Part of the problem is that the press are reading our blogs (Internet journals)." Trippi also suggested that the campaign's openness signalled its moves to its opponents and its decentralization fragmented its message.

    Trippi continued to encourage Internet activism as the best fund-raising and voter-inspiring tool for the Democrats come November. Source: Yahoo! News - How Web Support Failed Dean in Crunch: Ex-Manager

    DougSimpson.com/blog

    Posted by dougsimpson at 07:33 AM | Comments (0) | TrackBack

    "Insane" Wait for Windows Security Patch

    Can Windows' keepers adapt fast enough to meet "swarming" security challenges? eEye Digital's founder calls "insane" the 200-day delay between its report of a Windows security flaw and Microsoft's response, in a 2/10 Reuters story.

    Marc Maiffret, co-founder of eEye Digital Security, told Reuters that his company discovered and reported the flaw to Microsoft six months ago. A Microsoft representative responded that the pervasiveness of the software flaw required time to fix. A representative of Network Associates urged regular use of Windows Update to keep the popular operating system in proper form to resist known security threats.

    Source: Yahoo! News - Microsoft Warns: Critical Flaw in Windows

    DougSimpson.com/blog

    Posted by dougsimpson at 07:27 AM | Comments (0) | TrackBack

    February 10, 2004

    Are Googledorks reading your secrets?

    If your personal or corporate private information is on the Net, it may reside somewhere accessible to "Googledorks." Once indexed and archived by a search engine, data is hard to resecure from "Googlehacking," the practice of searching the Net for unlocked "back doors" to information. "Online Search Engines Help Lift Cover of Privacy" (More ... )

    Johnny Long, a CSC researcher, speaks and writes on the subject and told the Post: "The scariest thing is that this could be happening to the government and they may never know it was happening," Long said. "If there's a chink in the armor, [the hackers] will find it."

    Ed Skoudis, an INS Inc. consultant called it "point-and-click hacking" and tells of using search engine tricks to find a spread sheet with thousands of Social Security and credit card numbers in an exposed sector of a bank's network.

    An FBI spokesman, Paul Bresson told the Post that such activity is not necessarily illegal, if the information accessed is not subsequently used for some improper purpose. "I don't know what law's been violated just for searching" on a publicly available search engine, he told the Post.

    Source: "Online Search Engines Help Lift Cover of Privacy," (Washington Post, 2/9/04; Page A01).

    Thanks, again to Sabrina Pacifica

    See also Wired News: Google: Net Hacker Tool du Jour (March 4, 2003).

    Such searching may have been the way Diebold's e-voting emails got out in the public domain, for example.

    Controversy continues over proposals to extend copyright protection to databases. If mere "sweat of the brow" compilations of facts, they have little or no copyright protection under US law except those parts that may qualify as creative elements. Feist Publications, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340 (1991).

    Regarding proposals to extend copyright protection to databases see, e.g. , a 9/23/03 statement of David O. Carson, General Counsel, United States Copyright Office regarding the "Database and Collections of Information Misappropriation Act of 2003."

    On January 21, the House Judiciary Committee reported out the Database and Collections of Information Misappropriation Act (DCIMA), H.R. 3261.

    See a critical student comment on the bill, calling it "unconstitutional and misguided."

    Were mere collections of data protected by copyright, the DMCA's anti-circumvention rules (and accompanying criminal penalties) might apply to them, even if someone "went around" the access control tools via an unlocked back door. The DCIMA may go farther, but may require judicial testing of its validity.
    Comments?

    DougSimpson.com/blog

    Posted by dougsimpson at 07:25 AM | Comments (0) | TrackBack

    Emergence of the Accountable Net

    Governance of the Internet ... will it be by a centralized authority, a democratically elected international body, or will it continue to emerge as a self-organized, decentralized system that is adaptable but not always perfect? And which is the best defense against the information age challenges of spam, spyware and intrusive viruses?

    Three cyberscholars are wrestling with that question and defending an early exposure draft of their paper "The Accountable Net." They are on a road show that stopped at Yale Law School last week, as part of the Harvard-Yale Cyber Scholar Working Group's monthly meetings. Yale's Information Society Project hosted the presentation and defense of the paper by Susan Crawford, David Johnson and John Palfrey. (More ... )

    Esther Dyson recently described the accountable Net in an article for the New York Times as "an Internet of people, companies and services that are accountable to one another rather than to some omniscient central authority." The current anonymity of users on the Net is part of the challenge to be overcome. Dyson: "The basic rule is transparency: You need to know whom you are dealing with, or be able to take proper measures to protect yourself. The accountable Net is a complex system of interacting parts, where users answer not just to some central authority, but to the people and organizations whom they affect."

    Dyson concedes that even in a Net that is peer-governed through social networks, there is a vital role for governments, "ready to prosecute extreme cases of fraud and misrepresentation (as well as crimes such as identity theft, antitrust violations and other traditionally offline crimes)."

    The three cyberscholars and Dyson express confidence in the ability of individuals and private firms, acting cooperatively, to develop responses to the triple threat of spam, spyware and security. They suggest that the alternatives of strong government control at one center, or of a control system dependent upon a global democratic consensus, leave much to be desired.

    At Yale, their proposal came under spirited challenge from scholars who may not share the author's confidence. They plan to incorporate the comments they are receiving from this and other appearances into their final paper.

    See: Susan Crawford blog :: The Theory of Everything

    The Accountable Net will be a topic at PC Forum this spring, with presentations by heavyweight cybersecurity cognescenti.

    Post Script:
    Since my note on the Yale presentation, John Palfrey has posted his remarks re the Accountable Net, as made at a subsequent conference in Geneva, in "Internet Governance Presentation, and the Accountable Net" (2/25/04) on his weblog. That includes a link to the current working draft of the Accountable Net paper.

    DougSimpson.com/blog

    Posted by dougsimpson at 05:22 AM | Comments (0) | TrackBack

    February 08, 2004

    Reading: Axelrod's "The Evolution of Cooperation" (1984)

    Cooperation serves as the life blood of distributed, self-organizing systems. Without a Hobbesian central command, such a system's collective success depends upon the emergence and duration of cooperative behavior. Axelrod's seminal analysis of "durable iterated Prisoner's Dilemma" simulations proposes a theory of cooperation "based upon an investigation of individuals who pursue their own self-interest without the aid of a central authority to force them to cooperate with each other." Alexrod (1984) p. 6.

    Emergence of cooperation is not dependent upon consciousness or friendship, as Axelrod illustrates through documented examples and reasoning in his book. It does depend upon what Axelrod dubbed "the shadow of the future," (the likelihood and importance of future interaction) and the power of reputation resulting from recognition of other players and recall of their past behavior. He provides four guidelines for individual success in such encounters, as well as a prescription for shaping one's environment to promote cooperation. (More ... )

    Durable, Iterated Prisoner's Dilemma

    A staple of game theory experiments, the Prisoner's Dilemma represents the situation in which two allied suspects are separated and their cooperation with each other tested. Their captors (and the prisoners) know that if both remain mute, they both obtain the modest Reward (R) of making the prosecution's job harder so that they might (or might not) go free. So the captors offer each one a substantial Temptation (T) for being the first and only of the pair to testify against the other, but make clear that if both squeal, both get only Punishment (P). If only one succumbs to temptation and talks, his faithfully mute confederate gets the Sucker's payoff (S).

    Give the four outcomes numerical weights (such as R=3, T=5, P=0 and S=1), and you can represent the game mathematically and simulate it on a computer. When you run it through thousands of instances using various strategies competing against each other, it is said to be "iterated." When the various strategies that represent simulated players repeatedly go against each other and are allowed to recognize and remember the preceding behavior of the other simulated players, the iterated game is said to be "durable." Combined, the simulation is a "durable, iterated Prisoner's Dilemma."

    In his book, Axelrod analyzes the elements that determined the success or failure of various strategies in the durable, iterated Prisoner's Dilemma simulation. He used his results to develop a Cooperation Theory "based upon an investigation of individuals who pursue their own self-interest without the aid of a central authority to force them to cooperate with each other." Alexrod (1984) p. 6.

    Cooperation Can Emerge if the "Shadow of the Future" is Great Enough

    Axelrod organized several open tournaments in which he invited game theorists, psychologists, computer scientists, game playing youths and the general public to write and submit strategic algorithms. He then ran those strategies against each other in durable iterated Prisoner's Dilemma simulations.

    Axelrod found distinct differences in the relative success of various strategies based upon the importance given to future encounters with the same players. If the players expect to meet again, they are more likely to cooperate than when dealing with a "one time only" counterpart. "The future can therefore cast a shadow back upon the present," writes Axelrod, "and thereby affect the current strategic situation." For purposes of mathematical representation in his simulations, he gave the relative weight of the next move a "discount parameter" represented by the letter "w" in his equations.

    Strategies based upon cooperation can be successful, he found. So, also can strategies based upon refusal to cooperate. Which succeeds depended on the circumstances and the values of the various parameters of the game .

    The Success of "Tit for Tat"

    In the simulation tournament Axelrod organized, the "Tit for Tat" strategy consistently got the highest total score after many iterations. That strategy is simply: start out cooperating, then do whatever the other player did (cooperate or defect) on the last move.

    Axelrod's analysis of the data from the tournaments (detailed in the book) resulted in his identification of four characteristics that proved advantageous for all strategies, and in which Tit for Tat excelled.

    1) They were "nice," never the first to defect.
    2) They were "forgiving," able to cooperate after a defection.
    3) They were "provocable," retaliating for defection with defection.
    4) They were "clear," their strategy easy for other players to understand.

    "The Gear Wheels of Social Evolution Have A Ratchet"

    Axelrod also analyzed the chronology of the emergence of the success of the cooperative "Tit for Tat" strategy, developing theoretical propositions for when various strategies are "collectively stable." A strategy is "collectively stable" if it survives by continuing to outscore new strategies that attempt to invade its environment.

    His analysis led him to the conclusion that the primeval "All Defect" strategy can be collectively stable. But his data showed that cooperation can emerge, even in an environment characterized by "All Defect" players ("a world of 'meanies'") if "nice" players (such as Tit for Tat players) enter in clusters, and the players in those clusters can distinquish "meanies" from "nice" players. If a "nice" strategy is provocable (like Tit for Tat) it can successfully "invade" a hostile environment, become stable and established, then defend against the invasion of clusters or individuals using another strategy. "Thus, the gear wheels of social evolution have a ratchet." Axelrod (1984) p. 21.

    His analysis derives from the inherent logic of game theory. It is not dependent upon affinity between the cooperative parties, because it has been observed emerging between warring armies in trench warfare. It is not dependent upon consciousness, because it emerges among lower forms of biological organisms.

    The Biological Realm and Dawkins' "Selfish Gene"

    For support in the biological realm, he points to the Kinship Theory represented by Richard Dawkins' "The Selfish Gene" (1976) and Reciprocity Theory illustrated by studies of symbiotic relationships between unrelated biological species. As Dawkins has demonstrated, biologically related animals tend to cluster together, and they tend to instinctively behave altruistically among their own family group. These characteristics are adaptive and tend to be naturally selected, becoming genetically "hard wired." This provides the clustering of cooperators necessary for game theory to predict success and "collective stability," even in a hostile environment, given the right balance of payoff parameters.

    Axelrod's Prescription for Shaping the Environment

    Axelrod provides five suggestions for transforming a strategic setting to foster the emergence of cooperation.
    1) Enlarge the shadow of the future by making interactions between players more frequent and more durable. This can be done by keeping others away (exclusive clubs are one example), by establishing hierarchy and bureaucracy that concentrates interaction between specialists, and by decomposing issues into smaller, more frequent encounters rather than a few large ones.
    2) Change the payoffs. Governments and gangs change payoffs by increasing the penalties for defection. Even a small change can tip the balance between the value of the reward for cooperation and the penalty for defection.
    3) Teach altruism. Valuing cooperation for its own sake tends to be self-reinforcing.
    4) Teach reciprocity. Always turning the other cheek can encourage exploitative behavior. Discouraging exploitation by being provocable promotes overall cooperation.
    5) Improve recognition capabilities. Reliable identification of players is essential to the ability to verify which have cooperated or defected in the past and to act accordingly.

    If cooperation is "hard wired" into our universe by the mathematical laws of game theory, Axelrod's work and writing are an important element in the understanding of that phenomenon.

    Robert Axelrod, "The Evolution of Cooperation" (1984).
    The author was Professor of Political Science and Public Policy at the University of Michigan when this book was first published.

    DougSimpson.com/blog

    Posted by dougsimpson at 02:06 PM | Comments (0) | TrackBack

    Netwar v Netwar

    Microsoft and SCO have each posted a $250,000 bounty for information leading to the arrest and conviction of the propogator of the MyDoom worm. Tristan Louis, a blogger at TNL.net, suggests Putting the Open Source Community to Work on MyDoom. He adds the additional level of irony by suggesting that if the reward is collected, it be added to the OSDL Linux Legal Defense Fund.

    However a collected reward may be applied, the idea of using a distributed network organization to counter a malware threat is an interesting concept ... somewhere between market and hierarchy. (See Unintended Consequences: Powell's Studies of Network Forms of Business Organization for some notes on Powell's work and link to his article by that name)

    An article at the Register last summer questioned the market incentives of antivirus companies for actually finding and shutting down virus writers. Hierarchical solutions tend to be slow and sometimes encumbered by conflicting interests, both internal and external.

    Scholars find that a network is the organizational form most adaptable to change. Columbia Professor Duncan J. Watts , for example, cites the example of the Toyota-Aisin crisis, as noted in Unintended Consequences: Reading: Watts: Six Degrees. Is it the optimal response here?

    Comments?

    DougSimpson.com/blog

    Posted by dougsimpson at 05:29 AM | Comments (0) | TrackBack

    February 07, 2004

    Irwin Schiff Case Gets Delusional, but Appealing

    Tax scofflaw Irwin Schiff is delusional, say his attorneys (and his psychiatrist), and fantasizes that he is the only person who can interpret the federal income tax law. Not so, says his friend and co-defendant Cindy Nuen, who told the New York Times (Feb. 7, 2004 page B3) that his lawyers have filed that "ridiculous" defense just because they won't argue that the United State income tax law is "meritless and fruitless."

    Of course, the truly delusional are always the last to know. See, e.g. Avika Goldman, "A Beautiful Mind" (Ron Howard Film 2001). (More ... )

    The case also involves a pending appeal of a District Court injunction entered in June against Schiff or his associates selling his latest book advocating filing "zero revenue" returns regardless of your income. #357: 06-16-03 COURT ENJOINS IRWIN SCHIFF AND TWO ASSOCIATES

    The ACLU filed an amicus brief in the District Court, and issued a statement in May. "This matter is significant because it is an attempt to ban a book that primarily consists of a political diatribe attacking the government," said Allen Lichtenstein, General Counsel with the ACLU of Nevada and author of the ACLU brief. "Regardless of what one thinks about the author's theories, his right to espouse them must remain unhindered."

    Some remarks on the legal theories of the case ( U.S. v. Schiff, No. CV-S-03-0281-LDG-RJJ (D. Nev.) from Law.com

    The Times reports that the Court of Appeals for the Ninth Circuit will hear oral argument on Schiff's appeal on Tuesday, February 12.

    Comments?

    DougSimpson.com/blog

    Posted by dougsimpson at 10:41 AM | Comments (0) | TrackBack

    Delaware upgrades e-services for Corp filings

    Search and reserve corporate names online, make corporate filings and get filing history on business entities formed in Delaware (including 58% of the Fortune 500) under the new "Delaware @ Your Service" system.

    Unveiled this week by Governor Ruth Ann Miller, the Corporate Name Reservation and Information service is available at the Division of Corporation’s website . A comprehensive list of Delaware e-Government services is available on the State’s web portal by selecting “Delaware @ Your Service.”
    Source: Press Release: 020404 - New Online Corporate Services

    Thanks to Sabrina Pacifica for pointing to this resource.

    Posted by dougsimpson at 05:40 AM | Comments (0) | TrackBack

    February 06, 2004

    Got Arabic Federalist Papers?

    The author of Blog "Flit" is coordinating inquiries after Arabic-language editions of the Federalist Papers, currently in hot demand and short supply in Iraq. He reports that the US Embassy in Jordan, which has been a source, is out and does not plan to reprint. He says that he has found an impending source of reprints at the US Embassy in Egypt.
    Flit(tm): Federalist Papers in Arabic IV

    I have an American friend who is guest-teaching American legal systems at a law school in Kurdish Northern Iraq. He is looking to distribute The Federalist Papers in Arabic and would appreciate learning of an affordable source. If you know of a source, please Comment, Trackback or email me.

    DougSimpson.com/blog

    Posted by dougsimpson at 04:25 PM | Comments (1) | TrackBack

    Pentagon Scraps E-Voting System

    The Pentagon has decided to scrap an Internet-based electronic voting system intended to serve military personnel and overseas citizens in the fall elections. A security audit report cited and agreed with general security problems with e-voting systems, and found that with the Internet-based "Secure Electronic Registration and Voting Experiment (SERVE)," the problems were exacerbated.

    The report was careful to praise the efforts of the government contractor that attempted to build a secure system. The full report is online: "A Security Analysis of the Secure Electronic Registration and Voting Experiment."

    Thanks to Sabrina Pacifica for the heads up on this report. beSpacific: E-Voting System Scrapped by Pentagon.

    Posted by dougsimpson at 01:21 PM | Comments (0) | TrackBack

    February 03, 2004

    Sensitive Info in Wired World: Yale ISP Reading Group

    Readings are now online for first session of a reading group concerning the legal aspects of the PORTIA project. This semester, the group examines legal aspects of: copyright and digital rights management; SPAM and freedom-of-speech; privacy-preserving data mining; privacy-preserving data surveillance; and a topic to be announced. It will meet for five evening sessions at Yale Law School in New Haven, CT, starting February 5. (more ... )

    The Yale Information Society Project describes the NSF-funded PORTIA (Privacy, Obligations, and Rights in Technologies of Information Assessment) as "a five-year, multi-institutional and multi-disciplinary attempt to examine, define and create technological systems that ensure the rights of data owners, data users, and data subjects. The project’s primary participants include professors from the Yale Computer Science department (as well as participants from other leading institutes in the U.S. and abroad). In addressing these issues, the project confronts difficult legal questions that pertain to privacy, intellectual property, and information law."

    More info at:
    Session1: Copyright, Digital Rights Management, and Privacy
    Monday, February 9, 2004
    Led by: Eddan Katz, ISP Fellow.

    I plan to attend all five sessions. If either of my occasional readers are there, please introduce yourself.

    DougSimpson.com/blog

    Posted by dougsimpson at 05:41 AM | Comments (0) | TrackBack