Privacy

If you haven’t had your daily fill of irony yet, let me tell you about the Euro-skeptic, free marketeer news organization appealing to European regulators to guarantee “fair returns” in the wake of Internet-driven disruption.

On Wednesday, News Corp released a letter from its CEO Robert Thomson to the EU competition commissioner Joaquín Almunia, criticizing Google and championing regulators to act against the search provider, following similar demands by the news publisher’s European peers.  Unfortunately, Thomson’s letter received about as much fact-checking as a News Corp tabloid.  (Jeff Jarvis has already annotated the letter’s “staggering” “willful blindness to irony” on the News Genius platform).

News Corp publications have championed tech disruption before, but apparently those principles go out the window when News Corp is the one being disrupted.  In fact, News Corp’s own Wall Street Journal previously complained that Google had become its competitors’ “piñata,” who were demanding “a regulatory veto” notwithstanding the fact that they “haven’t demonstrated any economic harm” stemming from the search provider.  Yet this week, News Corp itself jumps into the piñata party, waving the European banner. MORE »

{ 0 comments }

Earlier this month, at the Black Hat 2014 conference, Yahoo announced that it would implement end-to-end encryption in its Mail service by 2015. This announcement came on the heels of Google’s June announcement of a Chrome browser extension that would make it easier to do the same for data leaving the browser for a specific recipient (Yahoo’s implementation is a fork of Google’s publicly released source code).

End-to-end encryption of message content through OpenPGP, even as implemented by the savvy engineers at Yahoo and Google, is by no means a privacy cure-all on its own. However, when end-to-end is viewed along with earlier developments, like an always-on secure connection (via HTTPS) for Gmail or multi-factor authentication, it’s becoming clear that the tech industry is taking improved consumer privacy seriously, both in word and deed. MORE »

{ 0 comments }

What sounds like a surreal Monty Python joke is actually a serious question facing Internet users and companies following the ruling yesterday by the Court of Justice of the European Union, Europe’s highest court.

In the ruling by the full court against Google the court has decided that Google must remove from its index information relating to Mr Costeja Gonzalez. The trick here though is that this information is entirely legitimate according to Spanish law and the newspaper that published the story in 1998 is not publishing a correction. Copies of that story will remain on file in libraries.

Google will, however, need to remove links to the story from its index. This is equivalent to telling libraries that they can keep a copy of the newspaper on file, but that librarians must not tell anyone how to find it. Indeed, it may well be that the search systems of all libraries in the European Union will need to delete links upon request as well. And this to publications in the bowels of the building. This may create even more headlines.

The digital world has provided the general public, and specialists such as researchers and historians, the ability to find information quickly and cheaply, and to compare different sources. This is the essence of a plural, democratic society. This ruling will likely mean that the elite, those with access to well resourced libraries with well stocked back copies of newspapers, journals and books, will continue to be able to dig up information: legally available information. If they can find it in the library. The rest of us won’t, in the European Union at least.

Let us consider some of the possible effects. MORE »

{ 0 comments }

This post is part of the Disruptive Competition Policy Forum recap series.

Details below. MORE »

{ 0 comments }

This post is part of the Disruptive Competition Policy Forum recap series.

Details below. MORE »

{ 0 comments }

If you think competition between companies drives innovation, what might happen when they also have to go up against autonomous pieces of software running distributed across millions of computers through the Internet and around the world? It sounds like something out of a Singularity obsessed science fiction novel, but if you know where to look, the bones of this idea are already beginning to be seen today. The results might look pretty strange still, but there are some fascinating things happening in the “Distributed Autonomous Corporation” (DAC) area.

A DAC is a (so far) hypothetical construction that could perform at least some of the same functions as a corporation, non-profit organization, or other grouping of humans without the centralized legal or physical trappings of those organizations. This could be accomplished by creating a blockchain-type system (similar to that running Bitcoin) in which the code that makes up the DAC runs. DACs are simply algorithms tied to payment accounts that pay for their own computing cycles used, are paid for the services they provide, and can modify their own code.

DACs as an idea have been tossed around the Bitcoin community for a few years, and were somewhat codified in a series of blog posts by Stan Larimer beginning with “Bitcoin and the Three Laws of Robotics”. Larimer posits that the Bitcoin system itself is a DAC, suggesting that much of the network’s value comes from “performing a trustworthy confidential fiduciary service,” much like a Swiss bank would do. Unlike a Swiss bank, however, Bitcoin is open source and thus anyone can look at the code and be relatively assured that the network itself will act as designed and is worthy of trust. Of course, as we’ve seen time and again since the launch of the Bitcoin software, the same cannot be said of the human beings that may provide any related services.

MORE »

{ 0 comments }

When we talk about competition in the cloud services marketplace, we’re usually thinking of Google’s services, Amazon’s AWS, Dropbox’s storage, or VMWare’s large-scale virtualizations. But those types of cloud offerings are coming up against some unique competition lately: personal cloud offerings that are open source and meant to be run from inexpensive computers within the home such as the credit-card-sized $40 Raspberry Pi. For online services that are aimed at consumers, such as web mail, document storage, calendaring, and others, these personal cloud projects aim to help give users a privacy protective alternative if they want one. How well do they work? I spent my free time over the past week setting one up for myself and it turns out the biggest challenge actually comes from the broadband providers.

I started out by buying a Raspberry Pi computer and a 16GB SD card off Amazon and installing ArkOS on the SD card. ArkOS is an open source linux server management console that, once installed, gives the user the ability to install web, mail, file storage, and other services with the click of a mouse. At least, that’s the idea. ArkOS is still very much in alpha, and there isn’t yet a plugin to run an email server (though plans for such are very much on the todo list). Fortunately for me, however, I have a little bit of experience in Linux administration and I managed to get email up and running. ArkOS does have a personal file storage and sync plug in, called OwnCloud, which I also set up.

The most immediate problem facing a personal cloud user, however, isn’t the alpha nature of the software or a lack of familiarity with the arcane inner workings of Linux; it’s a domain name. Or, more specifically, the IP address connected to the domain name. The domain name system is one of the magical underpinnings of the Internet that turns the URL you know, like facebook.com, into the series of numbers that the routers and switches use to let you communicate with a server far away.

It’s those numbers that are the problem. Called IP addresses, each ISP has a certain number of them to hand out to their users. Without one, you’re not on the Internet. Oh, and we’re running out of them as more and more people bring more and more devices online (a point that I’ll come back to in just a second). Getting all of their users to properly configure their computers to use an assigned IP address is a hassle, so ISPs generally use Dynamic Host Configuration Protocol (DHCP) to automatically assign computers to an IP address.

All well and good, except that with DHCP you can’t guarantee that you’re going to get the same IP address every time you start up (in practice, with most ISPs, you actually do, but you can’t be sure). Without static IP address, it is hard to set up a domain name to point to your brand new server, as you would have to notice that the address had changed then update the DNS every time. While the use of DHCP is a matter of convenience for most ISP customers, some ISPs do provide users with the option of getting a static IP. My Internet access is through Verizon FiOS, who will let their business customers purchase a static IP for a monthly fee. In the end it would have ended up costing me around $50 additional per month. Fortunately there are technological solutions, including running a program every once in a while that will check to see if your address has changed and automatically update your DNS records.

MORE »

{ 0 comments }

Today President Obama gave a speech and issued a Presidential Policy Directive (PPD) surrounding the reforms he is making to the National Security Agency and international intelligence gathering in general. In the PPD, the President recognized that collection of signals intelligence poses risks to “our commercial, economic, and financial interests, including a potential loss of international trust in U.S. firms.” While it was gratifying to see the President grappling with the issues that we’ve been exploring for months, the actual policy changes proposed were high level and the devil, as they say, will be in the details.

There must be at least some hope, however. We have, today, policies regarding when the U.S. government will collect information on foreigners and how it will treat that information when it is collected. People everywhere can begin making decisions about which online services to trust with our data based on the features of the service and their respect for our data — rather than the geographical location of the service itself.

For many months now, the focus of commerce on the Internet has been a connection to the United States. If the U.S. government follows through on some of the privacy protections that everyone deserves, it will be a start that can bring us back to the ideal world where companies from everywhere compete on their products rather than the surveillance performed by governments.

{ 0 comments }

In retrospect, the technology industry must have seemed so trusting of the government just a year ago.

Back then, hardly any big-name firms produced “transparency reports” outlining how many law-enforcement inquiries they received, and many hadn’t even taken the lesser step of publishing the guidelines governing their responses to those queries.

And even when they pushed back against government curiosity, they didn’t bother telling us about it. Google, Yahoo and Microsoft had all decided to require warrants before turning over stored e-mail to law-enforcement investigations—an interpretation of the Electronic Communications Privacy Act’s loose provisions only upheld by one circuit court—but didn’t disclose that until early 2013.

And then the agency charged with cracking the digital security of American adversaries elsewhere found itself thoroughly “p0wned” by contractor Edward Snowden.

Snowden’s exposure of the National Security Agency’s PRISM scheme for data queries and a massive phone-metadata-collection effort soon enough set off a rush to publish transparency reports—FacebookYahoo and most recently Apple have followed the lead of GoogleTwitter and Microsoft.

MORE »

{ 0 comments }

SANTA CLARA–The state of consumer privacy in the digital world is sufficiently scrambled that the security tools in one app introduced at the DEMO Fall conference here came designed to short-circuit the kind of interactive marketing research undertaken by another.

In one corner of this little episode of Spy vs. SpySnoopWall‘s upcoming Android app offers granular control over entire subsystems of a mobile device–for instance, its Bluetooth or NFC wireless–as well as the reach of individual apps to things like the contacts list or the camera. Other future releases from this Las Vegas firm promise a similar array of kill switches for iOS, Windows and Windows Phone.

In another corner, Eyeris Technologies aims to mass-produce focus-group testing with EmoVu. The Mountain View, Calif., firm will invite Web users to opt into granting its site access to their webcams so it can study their facial expressions (in addition to identifying their gender and their approximate age)  as they watch video clips. Is this ad funny enough? Is this horror-movie trailer scary enough? An advertiser will be able to tell.

More often, products launched in four-minute presentations at IDG Enterprise’s annual pitch conference offered a trade of a useful service or feature for information about you. A reasonable trade or a creepy one? That may depend on the user.

MORE »

{ 2 comments }