In Order to Have a Free Market, You Need to Have Choices

One of the great things about a “Free Market” is that if you don’t like the company you are getting services from, you can always go somewhere else. 

Well, except if you’re dealing with Internet Service Providers and live in North Carolina.  Then you’re pretty much screwed.  You see, Governor Bev Purdue says that she will neither sign nor veto H.129.  Now for those who do not know, H.129 is a bill that would put restrictions on cities that currently provide internet service to its citizens (Wilson, Salisbury, Morganton, Davidson, and Mooresville), and would significantly hinder any efforts by other cities to pursue their own municipal internet services. The obvious winners in this action are Time-Warner cable and AT&T, who have spent a lot of money improving their services, er, buying politicians, er, let’s just say, they’ve spent a lot of money over this. 

Some of the provisions in H.129 state that cities:

• Shall provide nondiscriminatory access to private communications service providers on a first-come, first-served basis to rights-of-way, poles, or conduits owned, leased, or operated by the city unless the facilities have insufficient capacity for the access and additional capacity cannot reasonably be added to the facilities.
• Shall not use city resources that are not allocated for cost accounting purposes to the city-owned communications service  to promote city-owned communications service in comparison to private services or, directly or indirectly, require city employees, officers, or contractors to purchase city services
• Shall not subsidize the provision of communications service with funds from any other noncommunications service, operation, or other revenue source, including any funds or revenue generated from electric, gas, water, sewer, or garbage services.
• Shall not price any communications service below the cost of providing the service, including any direct or indirect subsidies received by the city-owned communications service provider and allocation of costs associated with any shared use of buildings, equipment, vehicles, and personnel with other city departments.

The bill ensures that companies like Time Warner Cable and AT&T will continue to be the dominant players in most North Carolina markets, even with higher pricing and speeds that often lag far behind what cities themselves can provide for its residents.

Never mind the fact that these municipalities decided to vote to band together and provide its own municipal services.  And why did they do that?  Because the Internet service providers were dragging their feet and underserving the market.  The community did not have a choice that was fast and inexpensive, so they created one.  And because they are offering their community an alternative that is better, the telecoms run and pay off politicians to curtail it. Because as we all know, municipalities should not have an “unfair advantage” over the private sector.  In this case the unfair advantage is a service that is better, faster and cheaper.  You know, those same arguments that are used when a government decides to outsource a municipal service to a private company. 

Funny how that works.

Protecting IPs From Whom?

It may be summer soon, but there is a chill in the air.  Legislation known as the “Protect IP Act” has been introduced in Washington.  Basically it is the successor to the Combating Online Infringements and Counterfeits Act that made its way through congress back in November. 

This is how the bill would work.  The U.S. Department of Justice would receive the power to seek a court order against an allegedly infringing Web site, and then serve that order on search engines, certain Domain Name System providers, and Internet advertising firms–which would in turn be required to "expeditiously" make the target Web site invisible.

Needless to say, Google is not happy.  The bill would also make Google, which makes most of its profits from its online advertising products, stop serving ads or sponsored links to those sites deemed as infringing. To quote Executive Chairman Eric Schmidt on Wednesday:

"If there is a law that requires DNSs [domain name systems] to do X, and it’s passed by both houses of Congress and signed by the president of the United States and we disagree with it, then we would still fight it.”

…

"If it’s a request, the answer is we wouldn’t do it. If it’s a discussion, we wouldn’t do it”

…

"So, ‘let’s whack off the DNS.’ OK, that seems like an appealing solution but it sets a very bad precedent because now another country will say ‘I don’t like free speech so I’ll whack off all those DNSs.’ That country would be China.”

As my dad used to say, those are fightin’ words.  And in many ways he is correct, because the main thrust of this is not the Pirate Bay and similar sites, as one might suspect, but rather Wikileaks. 

You see, under this law, leaking information such as governmental cables or embarrassing and/or damaging bank information showing rampant fraud and the like is basically distributing copyrighted material, and therefore subject to the takedown.  See how that works? Do not think for a minute that any of that was lost upon the members of congress who see the site as something they would like to see go away, and soon.

Of course the MPAA had words to fire back, seeing that they basically wrote the bill for the esteemed members of congress.  Michael O’Leary, an executive vice president for MPAA, in a statement:

“Is Eric Schmidt really suggesting that if Congress passes a law and President Obama signs it, Google wouldn’t follow it? As an American company respected around the world, it’s unfortunate that, at least according to its executive chairman’s comments, Google seems to think it’s above America’s laws. And the notion that China would use a bipartisan, narrowly tailored bill as a pretext for censorship is laughable, as Google knows, China does what China does.”

That last part may be true.  But if China does it, does that mean that we must follow their example?

Hubris

As more and more details come out about this week’s security breakdown at Sony, one thing is becoming clear:  even if you think you’re safe, add a couple of more security layers.  Because you are not safe. 

According to the New York Times, the hackers made off with a database that included customer names, addresses, usernames, passwords and as many as 2.2 million credit card numbers.  Reuters is running a story that covers the number of class action lawsuits being filed on account of the breach.  The price Sony could eventually pay out in time, legal fees and lawyer costs are on the clock. 

Why? 

VentureBeat tracked down George Hotz, aka “GeoHot”, who recently settled a lawsuit with the company over hacking into the PlayStation 3’s hardware. While Sony may consider him as public enemy number one, Hotz relies that he had nothing to do with the attack.  Considering the fact that he recently settled with Sony rather than go through years of legal wrangling, (plus the fact Hotz’s main gig is hardware hacking, not database cracking), it would tend to exclude him from the line up.  But his reaction sums up what is going on nicely:

“The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.”

And therein lies the point.   Companies feel it is easier to hire another lawyer rather than to fix the problem.  That the threat of lawsuits is a deterrent to hackers.  It isn’t.  You have a database with the names of customers and and their credit card numbers.  Threatening legal action with a room full of empty suits doesn’t matter, especially when the chance of catching the bad guys is slim. 

As Hotz points out, engaging the hacker community may be the best option.  Hackers are, for the most part, highly intelligent and creative people who are usually more than happy to point out the failures of your system. Make it a once a year game – give the money you would pay an overpriced lawyer to write nasty letters to the first person who can crack your system and show you where to fix it.  Admit you don’t have all the answers. 

After this fiasco, it might even be seen as a huge cost savings.

Can’t Drive 55? Blame TomTom

People love to drive fast.  The police love writing speeding tickets to people who do.  Fact of life in the driving age.  So upon hearing this morning’s story I had to chuckle.  You see, the fine folks who make the GPS units known as TomTom have been selling their data to the Dutch police.  The Dutch police have been using the data, primarily the speed of driving data, to set up speed traps throughout Holland.  When people found out about this, they were not amused.  And TomTom publicly apologized for the sale. 

Now before we go any further, according to TomTom, the information is totally anonymous.  The speed data is used  by TomTom to help people avoid bottlenecks, accidents and school zones. And in a world of fastly shifting revenue streams, as more smartphones offer GPS navigation service, TomTom has been forced to compensate for declining profit by increasing sales in other areas, including the selling of traffic data to government sources.

The traffic data helps police and government planners know where the usual bottlenecks and safety problems are so they can plan accordingly.  But the side effect is that data also lets you see the areas where people speed.  The police are unable to see just who was speeding, only that there is speeding occurring in certain places on a consistent basis.  When you know that, you know where to set up your speed trap.

The main concern here is about privacy.  Even though TomTom has said the data is completely anonymous, in the world of data, it rarely is.  It’s not hard to fathom a scenario in which data supplied by TomTom could be used to figure out sensitive information about its users, such as where they live and work.  All it takes is someone dedicated enough to do so.  That is why people are upset. 

Of course, drivers in the US have had the site speedtrap.org to let them know where the usual speed traps are.  The site has been up for years and provides you with exactly where the police regularly set up their speed traps.   No GPS unit required for that one.  Just good, old fashioned information sharing on the message boards.  The thing the internet was originally set up to facilitate. 

The More You Know (And Shooting Star)

Time for the weekend wrap up.  And to start, let’s look at the law, shall we?  First the firm Righthaven appears to be in some hot water.  You see, Righthaven, that wonderful law firm that sues first and asks questions later, is a little perturbed over the judge’s ruling concerning their lawsuit over Brian D. Hill, an autistic blogger from North Carolina.  How perturbed?  Enough to defy the federal judge by refilling commentary the judge had stricken from the record.  Why would they do that?  To have the 58 other bogus lawsuits assigned to another judge.  If so, they better hope they do not get the federal judge in Las Vegas, who just unsealed the company’s heretofore confidential agreement with the Las Vegas Review-Journal in a related lawsuit against political blog Democratic Underground.  This is really the one everyone should watch, because if the Democratic Underground wins, it means that every other lawsuit Righthaven has brought in regards to the Las Vegas Review-Journal could be thrown out.  Grab some popcorn and stay tuned. 

---

Staying with the law, The Supreme Court will hear Microsoft call to change patent law in a way that could help both the Windows developer and many other technology firms fend off patent troll lawsuits. The move is partly a self-interested one for Microsoft, which is hoping to use the change as a way of escaping its loss to i4i in a patent lawsuit over XML in Word. Microsoft had been found violating i4i’s patenting and unsuccessfully challenged the verdict in front of the Supreme Court. However, this has the support of some of the largest companies in the industry, including Apple, Cisco, eBay, Facebook, Google, Intel, and Verizon. 

Opponents have mostly included 3M and pharmaceutical companies that are worried their patents, on which they base most of their business, will be overturned. The Pharmaceutical Research and Manufacturers of America group argued the incentive to develop new drugs would be "substantially reduced."  Patent trolls will be watching this.

---

And finally, a story of lawsuits would not be complete unless you had an outraged parent.  It seems like even after Apple included parental controls over in-app purchases on games for iPhones and iPads, some parents are saying that it isn’t enough.  Earlier this week, Garen Meguerian of Pennsylvania filed a lawsuit against Apple that says the company’s policy for in-app purchases doesn’t go far enough to prevent children from buying currency or points inside apps and games. The lawsuit, filed in the U.S. District Court for Northern California, requests class-action status and asks for unspecified damages and legal fees.

You see, Meguerian brought the suit after his nine year old daughter racked up a bill of $200 after buying virtual currency for the free games she had downloaded.  While Meguerian makes the point that even though Apple requires a password not only to in order to purchase anything within the app store, but also anything within an app, it is the same password.  To which all I can do is offer a pro-tip: You should become familiar with the product you just gave your child before you do so. This is Apple, not Fischer-Price.  Somewhere along the line, you need to be responsible. 

The Ballad of George and Sony

“Christ you know it ain’t easy,
You know how hard it can be.
The way things are going
They’re gonna crucify me.”

John Lennon, The Ballad of John and Yoko

George Francis Hotz is a highly regarded 21 year-old who first came onto the scene by jailbreaking iPhones, causing a great deal of hullaballoo amongst the population. 

In the end of 2009, Hotz announced his efforts to hack the Sony PlayStation 3, a console widely regarded as being the only fully locked and secure system of the seventh generation era. He blogged about his progress, announcing that he had successfully hacked the machine by enabling himself read and write access to the machine’s system memory and having hypervisor level access to the machine’s processor. Sony announced firmware updates; Hotz then announced plans of a custom firmware, similar to the custom firmware for the PlayStation Portable, to enable Linux and OtherOS support, while still retaining the features of newer firmwares.

I will take a step back here to say at this point, Hotz was simply a home-brew hacker showing off all this gee-whiz stuff to the public. This was not anything major, nor should it have been.  In fact, the pool of those people who would actually do such a thing within the entire pool of PS3 users could fill an auditorium.  A small auditorium.  Given the fact that this population is mainly dedicated enthusiasts, what happened next is a lesson in how not to run a business.

On January 2, 2011, George Hotz posted the root keys of the PlayStation 3 on his website. Sony immediately filed a lawsuit and demanded social media sites, including YouTube to hand over IP addresses of people who visited Geohot’s social pages/videos. Paypal granted access to Sony for them to view Geohot’s PayPal account. The judge of the case has given permission to Sony to view the IP addresses of everyone who visited geohot.com (George’s website).  Two things here.  Yes, Hotz was wrong to post the keys on his website.  But Sony forgot the one law of the internet: once it’s out there, it’s out there. Better to contact George and, I don’t know, hire the kid in order to make a better product.  After all, he’s doing more for the product than their engineers at that point. 

People were outraged over the heavy handedness of Sony’s lawsuit and contributed to George’s legal defense.  Then Anonymous (that band of merry internet pranksters, God love ‘em) got into the act, pronouncing

"Your corrupt business practices are indicative of a corporate philosophy that would deny consumers the right to use products they have paid for and rightfully own, in the manner of their choosing," continues the pronouncement. "Perhaps you should alert your customers to the fact that they are apparently only renting your products? In light of this assault on both rights and free expression, Anonymous, the notoriously handsome rulers of the internet, would like to inform you that you have only been ‘renting’ your web domains. Having trodden upon Anonymous’ rights, you must now be trodden on."

And then, as they say, it was on.  It really looked like this was going to be a real fight.  Add then this article from Ars Technica this morning:

“The legal action between Sony and George Hotz has come to a close, with both sides seemingly happy with the results. Sony has Hotz agreeing not to do bad things to its hardware, and Hotz gets to be left alone and continue with his life. Neither side has admitted any liability in the matter…”

What happened?  Two things.  This was going to be a legal Battle Royale. Could you see the next five to ten years of your life being consumed by this?  I can’t.  If you’re Sony, even though you have a room full of lawyers, you have just take a massive hit publicity-wise, right when you really did not need it.  Are you willing to throw what little reputation you have left on the altar over some smart kid showing you up?  Doubtful.  Is it better that both sides take a step back, and take a breath?

Yes and no. 

The fact is, while George can now go back to his life, some of the legal questions that needed answering will not be answered.  The fact is there are lawsuits of this nature every day. The non-fight only goes to show the world that Sony will spare no expense in suing anyone over their product.  But it points to a larger problem.

I still think the worst part of this is that the copyright owners come down on relatively law abiding citizens like a ton of bricks, while the real criminals remain free to pursue their criminal enterprises. Regardless of whether you think George’s actions were right or wrong, he’s basically a regular citizen – works, goes to school, pays taxes, etc. He was there for Sony to sue, operating under his real name and with real contact information available, and not living on the proceeds of illegal activity.

On the other hand, the guys who run illegal factories turning out millions of counterfeit games, DVDs, or whatever generally go free. What is worse is that these people are known to officials who claim to be protecting copyright.  Sony is pursuing regular people like Hotz, who almost surely lost money on this whole venture, while seemingly not even attempting to pursue the acutal criminal violators who are driving around in Bentleys.

That is the real criminal act here.

Epsilon Data Fail

Last week I received a message from my usual grocery store. I have an affiliation card with them, you know one that allows you a few cents off products in return for them getting information from you concerning your buying habits. The message was letting me know that it was possible that my email address had been taken from them. An e-mail hack, I thought.  Great.  Something else to watch out for.  At least that was all it was, I thought.  Then came the same message from another affiliation card.  Then another card.  Then the bank that I have a credit card with.  Then the phone company.

That is when I started to be very concerned, which is a nice way of saying I was on the phone asking questions and trying to keep from yelling at the harried but polite voices on the other end of the line.  Apparently, I was not the only one. You see, I am part of what appears to be the largest breach of data in US history.  And now I am going to be watching my e-mail very carefully over the next few months, because I am now at a high risk for phishing and other scams.

OK, here are the particulars.  When a company gets your e-mail address as part of an affiliation card or customer account, they do not just sit on it.  They use it to contact you concerning any offers they have pending or any type of general information.  But they do not do this in-house.  They use an outside company to do that, like a company called Epsilon.  So if someone should hack into a company like Epsilon, they are able to get information about a lot of customers over a range of companies, not just about people who shop at Kroger, for instance. 

That is exactly what happened.  Epsilon, which provides marketing services via email to about 2,500 companies, put a warning on its website on Friday stating that its systems had been “exposed by an unauthorized entry” into its email system.  It is not yet known who perpetrated the attack, which US law enforcement agencies have begun investigating.

“The information that was obtained was limited to email addresses and/or customer names only,” Epsilon said in its statement. “A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.” Other information, such as passwords or credit card details, are not thought to have been exposed, but never the less, this is a huge hack. 

How many people are affected?  Given the number and names of the companies that use Epsilon (Kroger, Marriott Rewards, US Bank, JPMorgan Chase, Capital One, Citi, Walgreens for starters), it could be millions.  And out of those millions, it only takes a handful of people to fall for a phising expedition to make money for criminals. 

What to do in the interim?  Double check your emails and do not just click onto a link, especially if it is a company that is a part of this breach.  You may also want to change your current account e-mails to another address for these companies.  A pain in the neck, certainly, but it beats dealing with the aftermath of being scammed.

The More You Know (And Shooting Star)

Take a few days away and all the things that happen…

First, in the land of law, Ars Technica reports that a former lobbyist for the RIAA has become a federal judge, ruling on, of all things, three mass file-sharing lawsuits.  But we should expect nothing but a clear-cut ruling, based entirely on the law.  Because conflict of interests happens to other people.

However, if you feel the need to press the panic button, you can.  According to Reuters, some day soon, when pro-democracy campaigners have their cellphones confiscated by police, they’ll be able to hit the “panic button” — a special app that will both wipe out the phone’s address book and emit emergency alerts to other activists. 

In hacking news, mySQL was hacked over the weekend via a blind SQL injection. Hackers extracted usernames and password hashes from the site, which were subsequently posted to pastebin.com. Any easy to guess login credentials could be easily extracted from this data using rainbow tables to match dictionary passwords to their hash values.  This only points out that if it’s made by a person, a person can crack it.  Just remember that the next time someone tell you smugly that something cannot be hacked. 

Finally, we lost a true visionary over the weekend.  Paul Baran passed away at the age of  84.  Baran conceived the Internet’s architecture at the height of the Cold War. Forty years later, he says the Net’s biggest threat wasn’t the USSR – it was the phone company.  So right then, so right now.

The First Thing We Do, Let’s Replace All the Lawyers With Computers

Back in the 80′s the old joke was to tell people that they could be replaced with a non-functioning button.  After all, the tech boom was beginning to get into full swing and it looked like automation could eventually replace anyone.  Of course not everyone has been replaced entirely.  Those that couldn’t, have been off-shored.

However, an article in today’s New York Times , John Markoff shows that the saying may still have some legs. If you are a lawyer or a paralegal, you need to watch your back, as the computers are now coming for you. 

Using the same types of language comprehension software that was used by the Jeopardy contestant “Watson”, computers can quickly sift through millions of documents in discovery phase to find relevant links that would take an small army of paralegals months of billable hours.  Softwares can detect changes in writing styles, find nuances and even positve or negative sentiments in e-mails, text messages or even recordings, all for far less than your normal room full of laywers would charge. Far less. As Bill Herr, who as a lawyer at a major chemical company used to muster auditoriums of lawyers to read documents for weeks on end told the Times,

“From a legal staffing viewpoint, it means that a lot of people who used to be allocated to conduct document review are no longer able to be billed out. People get bored, people get headaches. Computers don’t.”

More importantly, when presented with a mountain of information, people sometimes zone out and miss things. Herr used e-discovery software to reanalyze work his company’s lawyers did in the 1980s and ’90s. His human colleagues had been only 60 percent accurate, he found.

What does all of this mean?  Mike Lynch, the founder of Autonomy, a major meaning-based firm, is convinced that the legal sector will start to see a drop in employees sooner than later.  He estimates that the shift from manual document discovery to e-discovery could reduce manpower to the point that one lawyer would suffice for work that once required 500 and that the newest generation of software, which can detect duplicates and find clusters of important documents on a particular topic, could cut the head count by another 50 percent.

But in all fairness, the document that the software selects will need to be read by a human, at least for now.  And in the end, a human lawyer will need to go in front of a human judge.  But if Watson is any indication, even that may change in the future.

The Internet Never Forgets

A little over a year ago, I wrote a post about the European Union debating a bill that would give net users the option to have old data about themselves deleted.  France’s President Sarkozy said last year: “Regulating the Internet to correct the excesses and abuses that come from the total absence of rules is a moral imperative!”  Strong words.  France’s leadership at the coming G8 summit also signifies more dialogue, as Sarkozy hopes to discuss the right on an international stage.

I mention this again, because in January of this year, Google refused Spain’s request to remove 90 links concerning certain plaintiffs. Many of the links Spain wanted to remove included newspaper articles and information from public record, often painting the plaintiffs in a bad light. Besides arguing that the process would be “expensive” (as every company does), Google argued that such a request would violate the “objectivity” of the Internet search.

The problem is that both the President of France and the corporate entity Google are right.

Now many of us have had a moment (or two) where we are less than perfect.  The only problem is that these days, those moments can be captured and placed on the net for everyone to see, forever (or close to it).  A “right to forget” law could stop us from being permanently held to ransom by unguarded actions from our past. Point for le President.

However, if that memory is currently part of a public record; i.e., newspapers or courts, then any researcher has a right to be able to find such records.  To “forget” is to destroy the entire idea of archiving. Point for le Google.

As I originally wrote, this whole idea becomes complicated when going beyond the personal.  In the case of corporate personhood, this could possibly be used as a tool to whitewash the past.  Union Carbide and Bhopal India?  History to be remembered or an embarrassing “corporate moment” that should be left in the past?  As someone once said, “Laws are not made to be broken, they are made to be interpreted.”  Given a poorly written law and room full of smart lawyers, you can start to see where history could be rewritten because certain things could no longer “exist”.

While I have had more than my share of bad moments, I will grudgingly own up to them.  Mainly because I know that while some people never forgive, the fact is, for now, the internet never forgets.