[227] in Privacy_Forum
[ PRIVACY Forum ] 2007 Preview: Newt's Muzzle, Google's Data,
daemon@ATHENA.MIT.EDU (privacy@vortex.com)
Thu Dec 21 19:26:55 2006
Message-Id: <200612212328.kBLNSlFo004624@chrome.vortex.com>
To: privacy-list@vortex.com
Date: Thu, 21 Dec 2006 15:28:47 -0800
From: privacy@vortex.com
Reply-To: PRIVACY Forum Digest mailing list <privacy@vortex.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: privacy-bounces+privacy-forum=mit.edu@vortex.com
Content-Transfer-Encoding: 8bit
2007 Preview: Newt's Muzzle, Google's Data, and Microsoft Over the Line
( http://lauren.vortex.com/archive/000204.html )
Greetings. As 2006 draws to a close, I wanted to review three
issues from this year that are likely to be of considerable note in
2007. One is a bizarre blast from left field (or more precisely
"right field"), the next is a pressure cooker data problem that we
must resolve soon, and the last demonstrates how anti-piracy efforts
can cross the line from reasonable to arrogant and potentially
dangerous.
The latter two of these topics may cry out for legislative attention
if voluntary approaches continue to be impotent -- and with the new
Congress coming into power we may have our best shot of
accomplishing something positive on the federal level if legislation
indeed becomes necessary.
I realize that many people shudder at the prospect of legislation,
fearing that it may make matters worse, that lobbyists will warp
beneficial efforts into twisted mutations of intent, and similar
concerns. These are indeed real risks, but we're also seeing the
increasing risks of allowing important technology issues that affect
society at large to be determined solely by corporate entities
who -- quite naturally and understandably -- have their own agendas
and priorities. Again, I'd prefer to see things done on a voluntary
basis, but we may have to bite the bullet and give legislation the
old college try.
But onward to the issues ...
OK, what the blazes is Newt's Muzzle? A couple of weeks ago, former
Speaker of the House Newt Gingrich started spouting off (first in a
speech and just a few days ago on NBC's "Meet the Press") about how
useful it would be to censor the Internet. The example he's using
(for now) is "jihadist" Web sites, and he'd like a panel of federal
judges to decide which sites would be "closed down."
Outside of showing his true colors when it comes to freedom of
speech issues, Newt is also displaying a woeful lack of understanding
of the Internet and how essentially impossible (and counterproductive)
attempts at censorship really are in this environment.
The UK Guardian asked me for an op-ed on this topic, and it went up
on their Web site a few days ago as "Can Newt Nix the Net"
( http://www.pfir.org/guard-newt-oped ). Rather than my taking much
more space discussing the matter here, if you're interested in Newt's
thinking (and my views on the Internet censorship topic in this
context), please visit that link.
Even though Internet censorship (despite the help of U.S. technology
companies that provide systems to foster its deployment) is
ineffective, it is still a tremendously counterproductive waste of
time, resources, and human creativity, and distorts communications
in ways that are both unnecessary and potentially result in
dangerous backlashes. This is an issue that will only become more
important in 2007 and beyond.
Onward ...
The data retention controversy -- the battle to determine how much
data is reasonable for search engines and other entities to maintain
on their users -- is becoming ever more a red flag issue. In 2006
alone we saw the specter of the feds going after Google data
in DOJ vs. Google, AOL releasing privacy-invasive search keyword
lists, and issues of Chinese use of U.S. company Internet records
to track dissidents, among other similarly distressing activities.
The concerns in this area go way beyond Google, but as the most
powerful player in the Internet search industry, Google has a special
responsibility to be a leader, not only by fulfilling their "don't be
evil" slogan (and I do believe Google's motives are benign) but also
by not creating infrastructures that allow others to do evil. It is
in this latter respect that it appears Google "talks the talk" when
it comes to concern about how their data could be abused by
outsiders, but hasn't "walked the walk" by taking sufficient
definitive steps to make such abuse impossible.
Again, I'd prefer that this entire area (industry-wide, not just
Google) be dealt with on a voluntary basis. But as I've discussed in
detail over at the California Initiative For Internet Privacy
( http://www.cifip.org ) and links referenced there, if voluntary
approaches don't work we may have to take the next step, either at the
California initiative level or -- given the upcoming changes in
Congress -- perhaps at the federal legislative level (an option that
did not appear reasonably to be on the horizon when I wrote the
existing CIFIP essay). While some of my reservations about the
California state legislature might apply to Congress as well, it is
undeniable that a federal approach to these issues could be far more
effective, that is if -- and only if -- we need to choose the
legislative course.
This is a complex area, with the competing goals of mandated data
destruction to protect users' privacy, and the desires of governments
to mandate data retention, continuously at odds. We have a tremendous
amount of work to do to reach a reasonable outcome.
Finally ...
There's been a lot of discussion about the anti-piracy features in
Microsoft's new "Vista" Windows operating system
(e.g. http://lauren.vortex.com/archive/000194.html ). I've had a
number of very friendly conversations with MS executives regarding
the issues surrounding their anti-piracy implementations, and in
particular their new ability to functionally "hobble" Vista systems
that they believe are pirated.
The more that I've considered this, the increasingly unreasonable and
hazardous this functionality appears to be. It turns the assumption
of innocence on its head -- you have to take affirmative steps to
prove to Microsoft that you're not a pirate if your system appears
on their suspect hit list. As we know from Windows XP, there are
all sorts of ways that honest consumers can end up with systems that
have cloned copies of the OS (often installed by repair depots to
replace trashed copies of the original system after disk failures,
for example).
Many consumers don't even realize the difference between the hardware
and operating system of their computers. Many will ignore the
warning messages that MS will send before triggering a system hobble,
assuming that the messages don't apply in their cases, or that they're
phishing or virus come-ons. The mere existence of the mechanisms to
initiate the hobbling may represent an attractive attack vector for
destructive hackers, who might well get their jollies by shutting
down a few thousand (million?) PCs at a time.
Vast numbers of these computers will be in highly important
applications in business, health care, government, and the
military. Yes, Microsoft says you're not supposed to use them for
critical applications. But we know what the real world looks like,
and even the definition of "critical" can be nebulous.
Even more to the point (and this also relates to the data retention
issues above) it is extremely problematic to assume that it is even
reasonable for individual corporate entities to have total ad hoc,
carte blanche authority to make these decisions on their own,
decisions that technologically have an enormous and ever increasing
impact on individuals and society at large.
I might add that while the new Microsoft anti-piracy systems are of
particularly concern, there are other anti-piracy technologies being
deployed that carry similar risks, including but not limited to a
range of upcoming Digital Rights Management (DRM) systems.
I keep saying "voluntary is best" and I mean it. In all of these
topic areas I've discussed, voluntary approaches are always to be
preferred. But in our society, a key role of legislation is to help
provide mechanisms for "power-sharing" in situations like these, if
voluntary and cooperative approaches prove to be failures.
We are all part of this. We can sit on our hands and watch as mute
spectators -- or we can get our hands dirty by reaching directly
into the innards of the machines -- figuratively speaking -- and
helping making sure that these systems serve not only their
immediate masters, but also society's requirements as well.
None of this will be trivial, of course. But to quote the great
animated philosopher "Super Chicken" -- "You knew the job was
dangerous when you took it."
Have a great holiday season, and all the best for 2007.
Take care, all.
--Lauren--
Lauren Weinstein
lauren@vortex.com or lauren@pfir.org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
- International Open Internet Coalition - http://www.ioic.net
Founder, CIFIP
- California Initiative For Internet Privacy - http://www.cifip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
_______________________________________________
privacy mailing list
http://lists.vortex.com/mailman/listinfo/privacy
