Greetings. For years I've talked about the bizarre conflict between calls to rapidly delete or anonymize data that could be used for abusive tracking of Internet users, vs. calls from other quarters -- mostly in law enforcement -- for extended retention of such data.

Sometimes different divisions of the same governments are pulling on opposite ends of this particular issue.

So at the same time that Google, for example, has made excellent strides in limiting the retention periods for non-anonymized tracking data (such as IP addresses), we see pressures rising from police agencies pushing in exactly the opposite direction.

Now this conflict has become even more explicit, with word that the FBI has been pressuring ISPs to maintain two years of user Web browsing data -- something that -- to the ISPs' credit -- no major U.S. ISP is thought to be currently doing.

Similar pressures -- including calls for explicit laws to require such retention -- have also been spewing forth from other law-enforcement-related organizations for quite some time, with the usual claim that c-porn investigations (somehow this usually seems to be listed ahead of terrorism concerns) justify the creation of a massive Internet activity records surveillance regime.

Right now the focus appears to be on origin and destination IP addresses, which ISPs can easily capture on any direct connection (including https: encrypted connections), to the extent that proxies are not in use.

But a bit of mental exploration illuminates why the proponents of mass Internet data retention will never be satisfied with IP addresses alone.

Let's think about why.

First, most Web sites are actually "virtual hosts" -- meaning that hundreds, thousands, or even more individual Web sites may be served on the same destination IP addresses.

For surveillance records to be useful, it is certain that authorities would want to know exactly which sites, and in many cases ideally which specific URLs, were being accessed.

Unless deep packet inspection (DPI) were employed to spy on unencrypted traffic (or sophisticated man-in-the-middle techniques were attempted against encrypted traffic when practicable) the obvious means to determine specific site and URL information would be from server-side logs.

That is, authorities would need to go to the operators of the Web servers in question and request or demand the logs that showed which sites had been accessed at particular times. These same logs would typically provide URL information as well.

Combine this with ISP-provided source and destination IP address data, and ISP mappings of which subscribers were assigned to particular dynamic IP addresses at any given point in time, and you have everything you need to reduce the privacy of typical Web browsing to the level of postcards on parade. So passing ISP data retention laws or otherwise strong-arming ISPs into maintaining the data of interest won't do the trick alone -- you need to force every public Web site to similarly maintain log data and make it available to authorities on demand.

But wait a minute. We know that simple IP addresses can't themselves be relied upon to pinpoint individuals, even in the same household. And wouldn't people who didn't want to be tracked learn to rely on proxies, public Internet access points in libraries and coffee shops and ...

Hmm. How to box in those freedom-loving would-be criminal types?

Perhaps that's where Microsoft's Craig Mundie, who as I noted a few days ago is pushing for an Internet "Driver's" License, can help achieve a totality of Internet surveillance nirvana.

Any sort of "Internet User License" concept would be fraught with many more technical and infrastructural complexities than the "simple" data retention requirements discussed above, and would also be subject to various workarounds by the savvy.

But some relatively definitive means to identify individuals as opposed to only identifying Internet connections themselves would seem to be an ultimate Internet surveillance requirement, as anonymous Internet usage would increasingly undermine the ability of retained Internet connection records to provide the necessary raw meat for the sorts of surveillance society activities that are being propagandized as necessary for society's survival.

Internet surveillance proponents will attempt to claim that -- at least for now -- all that they really want is the Internet equivalent of called telephone number records.

Don't you believe it. The Internet has become integral to virtually every aspect of our lives. The spread of Cloud Computing -- a technology with enormous positive potential if appropriately managed and protected -- will further wed us all to distant servers.

The Internet sites and URLs that we visit, and the associated data that we send and receive, can reveal everything from the day-to-day trivia of our lives to our deepest passions and fears. Our personal, economic, political, and virtually every other aspect of our existence can increasingly be directly or indirectly discerned from the pulsing of our broadband connections.

The ability of Internet users to confidently trust the organizations and instrumentation of the Internet, everything from ISPs to Web services themselves, is not only a matter of faith in those specific entities' own veracities, but also a question of knowing that those enterprises will not be corrupted, blackmailed, or otherwise forced into the role of surveillance operatives at the behest or demand of potentially well-meaning, but still overzealous law enforcement paradigms.

Crime, terrorism, and the other evils of society are dark enough specters without attempts to control them shunting us into a different sort of nightmare.

Benjamin Franklin's now oft-quoted admonition that, "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety" has never been more relevant.

In the calls for steps toward a Surveillance Internet, we can hear the echos of past governments who promised their citizens law and order, and in the process marched them down the path of good intentions directly into figurative Hells on Earth.

We won't be fooled again.

Will we?

--Lauren--

Greetings. I woke up this morning to find my inbox flooded with concerned notes regarding a reported agreement being negotiated between Google and NSA - the National Security Agency ( [1] and [2] ).

The general trend of the messages, mostly from the same people who routinely treat me to rather paranoid anti-Google tirades, was largely along the lines of, "Here's another reason not to trust big, bad Google with our data."

I have no information beyond what has been published publicly regarding either this reported agreement or the Chinese-based attacks that are apparently the direct catalyst for the exploration of such an arrangement.

But I can explain why I'm not particularly concerned about this "partnership," so long as Google is being sufficiently careful and compartmented -- which I strongly suspect they are.

Older generations of NSA operatives are no doubt somewhat bemused by the openness with which the agency is discussed these days. Years ago, the official existence of "No Such Agency" was purposely kept so publicly nebulous that conference attendees from the agency routinely wore name tags only identifying their organization as "Department of Defense."

My first direct contact with NSA occurred many moons ago. I was sitting at a rather rickety CRT display in the UCLA ARPANET computer room, hacking at Unix OS code. A coworker popped his head into the noisy room, and announced that "two guys from NSA have shown up and want to speak to you."

Hmm. A quick mental review didn't reveal any recent felonies that might be of particular interest to the pair, so I popped out into the quiet of the "Boelter Hall" basement hall.

And sure enough, there awaited a couple of polite young men in dark suits holding notepads. Fascinating.

As it turned out, they had come to ask for software advice. At that point in time, before the widespread availability of terminal independent programming libraries like "termcap" and "termlib," I was something of the point man for ports of a particular Unix application to different terminal environments.

The NSA team wanted to talk about that application and some of the related porting issues -- and we had a nice chat. I wondered at the time why they hadn't just called or sent an e-mail -- I was LAUREN@UCLA-SECURITY back then and easy enough to reach. But maybe it was like the "hovercraft" guy in the current Orbitz commercials, who flies around hand-delivering refund checks because, what the hell, "We have a hovercraft!"

Years later, I discovered that NSA had become interested in my experiments with Unix-based newswire data collection and indexing, but that's another story.

The above was a long way of saying that NSA is both a premiere R&D institution and a signals intelligence (SIGINT) data collection and analysis organization.

That various serious abuses both long past and quite recent (at least the ones we know about that have come to public light) have occurred in the latter aspect of NSA is well documented -- James Bamford is the recommended starting point for interested readers new to the NSA sagas.

Yet it's undeniable that NSA represents the nation's most concentrated resource relating to cryptography and what now seems to be popularly called anti-cyberterrorism.

Controversies associated with NSA's involvements even in these regards have certainly been recurring facts of life -- NSA roles in the development of cryptosystems such as DES and AES are well-known examples. Recent over-enthusiasm by some members of Congress for proposals to establish direct NSA involvement in the day to day aspects of Internet security have justifiably raised significant privacy and other concerns.

But the fact still remains that the expertise represented by NSA in the computer security field is unparalleled in key contexts, and it is utterly reasonable that Google (and other technology firms) would consider carefully structured associations with NSA in the existing environment.

The devil is in the details, naturally. But Google knows that the continued patronage of their users is integrally associated with those users feeling confident that their data is safe from abuse.

I cannot visualize a circumstance under which Google would voluntarily agree to any partnership with NSA that could possibly marginalize or jeopardize that confidence. Of course -- and speaking only theoretically -- if Google were forced by governments to involuntarily cooperate with privacy-invasive schemes, we'd be faced with a whole different class of serious problems way outside the scope of the current discussion, and with far-reaching consequences for our democracy. But (based on all available evidence, one hopes) that's not where we are today.

It would however be extremely useful for Google to make as much information as possible publicly available regarding any association with NSA. At least the outlines of any data sharing arrangements should be announceable without negatively impacting operational effectiveness. A sustained lack of information in this regard tends to fuel the kinds of conspiracy-focused rumors that just love a vacuum.

NSA is perhaps a quintessential example of a government agency that exists as a double-edged sword. Properly directly and harnessed, its resources for our positive protection are vast. But if "running amok," NSA possesses at least equal potential for civil liberties abuses on a massive scale.

It makes perfect sense for Google -- like various other firms -- to work with NSA towards a better understanding and preventing of cyberattacks, so long as sufficient NSA isolation from Google user data is guaranteed.

But to use the vernacular, when dancing with Godzilla, it's always a really good idea to plan out your steps very, very carefully in advance -- for you never, ever want to find yourself underfoot!

--Lauren--

Greetings. I'm about to pose some difficult questions. I won't assert that I know the answers to them all or even suggest that succinct answers are possible. But the questions themselves cut to the heart of some of the most contentious and emotional ethical issues of the Internet today.

A California appeals court has just unanimously ruled that a lawsuit may move forward against the California Highway Patrol, related to horrific imagery of an 18-year-old girl decapitated in a traffic accident. The photos were allegedly forwarded by one or more on-scene CHP officers to another party, and then spread widely across the Internet.

The victim's family has been trying for years to hold the CHP responsible for the dissemination of these images, and to somehow reduce the impact and exploitation of these nightmarish photos and the associated hateful abuse that has spread across the Net. Many of the sites exploiting these images attempt to portray themselves as "educational" in nature -- but in reality most are merely purveyors of what the film industry calls "torture porn" -- but in this case they're dealing with the horrific death of a real person, not fictional characters and special effects.

Regular readers know that I'm firmly opposed to censorship and have praised Google's recent commitment to cease censorship of Google search results in China.

I have also suggested in the past that some sort of "dispute resolution" mechanism -- to deal with unusual or exceptional situations triggered by search engine results -- would be worthy of both consideration and debate. If you have a few minutes to spare, here is a pointer to some discussion of this issue.

So it's with some consternation that I consider the easy availability of the accident photos in question being facilitated via Google Images.

A simple search on the victim's name in Google Images yields seemingly endless copies of the exceedingly gruesome photos, even when Google SafeSearch is set to its most strict setting.

Let's be very clear. I'm not suggesting that the photos be banned. And indeed, Google is merely indexing and archiving imagery that is by definition actually posted and hosted at external sites not under Google's control.

But even given these facts, would it be fair to say that Google has no role to play in the exploitation and monetization of these images, and in the continuing grief that they cause the victim's parents and other family members?

Again, Google isn't the creator or poster of the photos in question. But Google is almost certainly the primary mechanism through which the vast majority of persons discover and locate these images.

There are some relatively simple amelioratory steps that I'd suggest in this specific case.

Google could take a more proactive stance to avoid having such images being so openly displayed when not in completely unfiltered SafeSearch mode. My hunch is that flagging most of these specific accident photos as posted -- even on an ongoing basis (based on keywords and Google's advanced image analysis algorithms) -- would be relatively straightforward given Google's resources.

More broadly, this case brings into focus a class of issues representing extremely difficult ethical dilemmas that often aren't subject to improvement through engineering alone.

Censorship is not only dangerous but essentially impossible to completely enforce on the Internet. A single copy of a text or photo (or musical performance or feature film for that matter), posted on the Web is likely to publicly survive in some form into technological perpetuity. That's the reality, like it or not.

On the other hand, it can be argued that Google and other aggregators of indexing information and links do bear some ethical responsibility to try -- within the bounds of common sense, free speech, and technical practicality -- to help avoid the widespread dissemination of exceptionally hurtful and damaging materials in unfiltered search result contexts.

In other words, it really should not be so easy to stumble across photos of a decapitated 18-year-old girl when Google Image search results are in a strict filtering mode.

At the macro level, to say that dealing with such issues is a dilemma presenting major scaling challenges is a significant understatement. But as I've earlier noted, there are a wide variety of situations where the algorithmic precision of search engine rankings can do real and completely unwarranted harm to actual people.

Which brings us to perhaps the most important question associated with this entire topic. From both technical and ethical standpoints, can we honestly say that it's unreasonable or impossible to research and deploy steps that would help prevent thoughtless acts conducted over the course of a few minutes -- like the alleged sending of those accident photos by CHP officers -- from endlessly dragging other persons through a living hell?

Not censorship. Not a ban. Not new laws.

Rather, just doing a better job at further extending ethical considerations to search, in a fusion of software engineering and humanism.

If we instead choose to insist that this cannot be accomplished, we're eerily invoking the lyrics of Tom Lehrer's comedic critique of German/U.S. rocketry pioneer Wernher von Braun": " 'Once the rockets are up, who cares where they come down? That's not my department', says Wernher von Braun."

As Lehrer sang them, many years ago, the words were very funny indeed.

In the real world of the Internet, these ethical issues are both difficult and serious -- but I believe subject to reasonable and effective resolution, given the will to do so.

I can think of no organization better positioned and suited than Google to be in the vanguard of this important area. I trust that they are up to the challenge.

--Lauren--

Greetings. About a week ago, in Google and the Battle for the Soul of the Internet, I noted that:

Even here in the U.S., one of the most common Internet-related questions that I receive is also one of the most deeply disturbing: Why can't the U.S. require an Internet "driver's license" so that there would be no way (ostensibly) to do anything anonymously on the Net?

After I patiently explain why that would be a horrendous idea, based on basic principles of free speech as applied to the reality of the Internet -- most people who approached me with the "driver's license" concept seem satisfied with my take on the topic, but the fact that the question keeps coming up so frequently shows the depth of misplaced fears driven, ironically, by disinformation and the lack of accurate information.

So when someone who really should know better starts to push this sort of incredibly dangerous concept, it's time to bump up to orange alert at a minimum, and the trigger is no less than Craig Mundie, chief research and strategy officer for Microsoft.

At the World Economic Forum in Davos two days ago, Mundie explicitly called for an "Internet Driver's License": "If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance."

When applied to the Internet, this is the kind of logic that must gladden the heart of China's rulers, where Microsoft has already announced their continuing, happy compliance with the country's human-rights-abusive censorship regime.

Dictators present and past would all appreciate the value of such a license -- let's call it an "IDL" -- by its ability to potentially provide all manner of benefits to current or would-be police states.

After all, a license implies a goal of absolute identification and zero anonymity -- extremely valuable when trying to track down undesirable political and other free speech uttering undesirables. And while the reality of Internet technology suggests that such identity regimes would be vulnerable to technological bypass and fascinating "joe job" identity-diversion schemes, criminal penalties for their use could be kept sufficiently draconian to assure that most of the population will be kowtowing compliantly.

I used the term "police state" in the text and title above, and I don't throw this concept around loosely.

The Internet has become integral to the most private and personal aspects of our lives -- health, commerce, and entertainment to name just a few on an ever expanding list. While there are clearly situations on the Internet where we want and/or need to be appropriately identified, there are many more where identification is not only unnecessary but could be incredibly intrusive and subject to enormous abuse.

And I might add, it is also inevitable that serious crooks would find ways around any Internet identification systems -- one obvious technique would be to divert blame to innocent parties through manipulation and theft of associated IDL identification credentials.

It was perhaps inevitable that the same "Hide! Here come the terrorists!" scare tactics used to promote easily thwarted naked airport scanners and domestic wiretapping operations, not to mention other PATRIOT and Homeland Security abuses, are now being repurposed in furtherance of gaining an iron grip on the communications technology -- the Internet -- that enables the truly free speech so terrifying to various governments around the world.

It's true that some persons advocating police state IDL concepts are not themselves in any way inherently evil -- they can for example be well-meaning but incredibly short-sighted.

However, I would be less than candid if I didn't admit that I'm disappointed, though not terribly surprised -- especially in light of Microsoft's explicit continuing support of Chinese censorship against human rights -- to hear a top Microsoft executive pushing a concept that is basic to making the Internet Police State a reality.

In the final analysis, evil is as evil does.

--Lauren--

Greetings. Love it or hate it, we all know that Adobe Flash has become the de facto standard for Web video -- that is, it's now by far the most common mechanism for delivery of streaming (and "steaming") video on YouTube, news sites, and most everywhere else.

Without getting into the convoluted details of licensing, containers, and codecs, the bottom line is that Adobe effectively controls Flash, and reported disputes between Adobe and Apple have contributed to keeping Flash off the iPhone, and now, the iPad. During the big iPad unveiling a few days ago, many observers noted Web page "missing plugin" holes where Flash content would otherwise have appeared.

In fact, until last night, some of Apple's most prominent promotional materials for the iPad appeared to show Flash content being displayed -- triggering a complaint to the Federal Trade Commission, and very sudden changes in those promos.

By the way, released Android systems don't have full, recent Flash players either yet, but this functionality was demonstrated many months ago, and Flash for at least some Android versions reportedly will be released quite soon.

Back to Adobe vs. Apple. Apparently in an attempt to pressure Apple on this score, Adobe has now published a montage demonstrating what the absence of Flash means on various pages. What attracted particular attention and raised eyebrows was that one of Adobe's examples happened to be a hardcore porn site ("Bang Brothers").

With rapid adoption of HTML5, it may be possible to move Web video out from under Adobe's control by replacing Flash entirely. YouTube and Vimeo have just started beta testing HTML5 video players.

However, there's another issue. Right now those tests (as far as I know) are using HTML5 as a container for H.264 encoded video. H.264 itself (actually now part of the MPEG-4 standard) is also encumbered by various licensing issues.

To get fully out from under this licensing mess, one possibility would be to use HTML5 with an open codec such as Ogg Theora. Whether or not Ogg Theora in its current state of development is efficient enough to be used by high volume video sites like YouTube is currently a matter of some dispute.

Sometimes it feels like only Glinda the Good Witch could untangle all this. Unfortunately, the ruby slippers are not public domain.

--Lauren--

Greetings. Since Apple's unveiling yesterday of the iPad, one of the more vexing questions has been why such an advanced device lacks any sort of integral camera -- a small front-facing camera would seem a perfect match, and likely wouldn't increase the overall production costs dramatically vs. the significant additional appeal it would have given the iPad itself.

Was it really a matter of cost? Or perhaps a ploy to sell the next iPad version that actually might include a camera? Or maybe an unwieldy webcam hookup via the added cost dongles (needed for any USB attachments to the iPad) was considered to be good enough?

My curiosity finally got the better of me, so for the first time in years I called up my old friend Ersatz T. Compeer, who always seems to have the proverbial inside pulse of hi-tech. Ersatz is a nice enough guy, but rather disconcerting to be around. He'll never reveal where he gets his information, and the parade of black sedans with dark windows that seem to tail him everywhere makes a lunch meeting feel like a visit to Berlin's old Checkpoint Charlie during the Cold War.

"Thanks for taking the time to talk to me today Ernie!" I began.

"Always a hoot, Lauren," he replied. "So you wanna know about the mysterious missing iPad camera, huh?"

"Yeah. Like I mentioned in my e-mail, it just seems so weird that Steve left something so obvious out. Were any of my guesses correct? Cost? Positioning for the 2.0 version, or ..."

"No. No. No. Jeez Lauren. How many times do I have to say it? You have to look through a glass darkly to understand situations like this," he said.

"Oh boy. Are you about to feed me another one of your wacky conspiracy theories?" I asked.

"Wacky? When have I ever steered you wrong?"

"Well, there was that gunk you fed me about a Google Dyson Sphere project ..."

"Trust me! They're still working on that! They're just trying to scale up gradually before announcing the beta ..."

"OK, Ernie. Fine. Just relax. Now, what about an iPad camera?"

"Just think about it for a minute Lauren," said Ernie. "If there was a nice, front-facing camera on the iPad, what would be the first thing you'd want to do with it?"

"I know what you'd want to do with it Ernie, but I'm not a pervert," I said.

"C'mon Lauren, get real. Now, what's the obvious super-whiz-bang-deluxe application for an iPad with a front camera?"

"Well, uh, video calls I guess."

"Give the man a cigar!" said Ernie. "That's right, video calls. iPadders would want to Video Skype and Google Video Chat their little hearts out!"

"So what's wrong with that?" I asked.

"You're not thinking again, Lauren. What's unusual about video calls compared with other kinds of typical mobile data usage?"

"Well. Let's see. They're pretty data intensive, at least compared with audio-only VoIP ..."

"Right ..."

"And given that you usually want to see someone's face throughout a video call, you probably need a continuous, symmetric data stream," I said. "And since most mobile data networks are optimized more for downstream than upstream data ..."

"Keep going ..." said Ernie.

"But I don't see ... Oh no!" I exclaimed.

"Ah! It's sinking in, is it buddy boy? Which mobile carrier is the current iPad built for?"

"AT&T."

"Yeah. AT&T. The hardware won't even support T-Mobile's 3G frequencies, not to mention non-GSM systems like Verizon or Sprint ... correct?"

"Yes Ernie," I said. "And nobody's going to be making video calls at lower than 3G speeds. AT&T. It just didn't occur to me!"

"And that's the same AT&T that's been driving iPhone users crazy with mobile network congestion and other mobile problems for ages," said Ernie. "Not only that, they're pricing the iPad data plans below typical price points. Can you imagine what would happen if piles of iPad video calls started hitting their network? It's the obvious killer app! Everyone with an iPad would want to do it!"

"So you're suggesting that if the iPad had included a built-in camera usable for video calls, AT&T couldn't have handled the load?" I asked.

"Handle it? Can you imagine what it would look like -- hell, smell like -- to have AT&T cell sites across the country all melting down at once? I mean physically melt down. Bubbling copper. Molten slag. Liquefied ..."

"I get the idea, Ernie. But wait a minute. Why couldn't you include the camera on all of the iPads and then just restrict users to video calls over Wi-Fi? Or only include the camera on the iPad models that don't include the 3G radios?"

"Would you want to try explain that kind of restriction to users? And how long do you think it would hold up with half the universe trying to hack around it? You really believe it'll work to tell potential buyers that the cheaper Wi-Fi-only unit includes a camera but the more expensive model that also has 3G leaves the camera off? Hell, Apple is already being dragged over the coals for their anal app approval and acceptance apparatus -- how much worse would you have them make an already nasty situation?"

"All right Ernie. I'm convinced. So what's the solution?"

"Solution? I'm not offering solutions. You just asked me why there wasn't an iPad camera, and I'm just telling you what I know. Take it or leave it," said Ernie.

"This stuff sure gets complicated ..." I said.

"Yep. But that's half the fun. Look bro', gotta go. Nice talking at ya'. And remember! Google Dyson Sphere! You heard it here first! Was that just a click on the line?"

"You're always hearing clicks, Ernie. Thanks. Try to stay out of trouble," I said.

"Exit, stage right!" said Ernie.

--Lauren--

"This will destroy That. The Book will destroy the Edifice."
     -- The Archdeacon - Notre Dame de Paris - Victor Hugo (1831)

"Google's mission: to organize the world's information and make it universally accessible and useful."
     -- Google Company Overview (2010)

Greetings. Around seven years ago, in an article for Wired News, I invoked Victor Hugo's words that encapsulated a common view of the power elite when faced with the reality of a rapidly spreading printing press technology. The concept of information -- a commodity more valuable than any gem in the scheme of human affairs -- being openly available to the "unwashed masses" seemed terrifying.

Now fast-forward and it's easy to see why the words of Google's mission statement appear to be triggering similar fears, and backlash, among some governments around the world. Organized, universally accessible information is anathema to those who rule through carefully skewed information regimentation.

Of course, such fears regarding the Internet and its ability to encourage the free flow of information have been brewing for years, basically since the Internet's nose first began poking out from under the tents of DoD labs and the ivory halls of academia.

But Google's ongoing very visible dispute with China has brought these issues back front and center into the spotlight, and a number of rather idealistic notions often expressed by some in the Internet "intelligentsia" appear somewhat ragged under this new illumination.

It has been popular, for example, for some in the Internet community, including various of my contemporaries, to suggest that the Internet would trigger the blossoming of an international "Digital Democracy" that would sweep past domestic borders and somehow encompass most of mankind in a grand new age where old concepts of national identity and conflict would be swept aside.

Being something of a student of history, I was never able to enthusiastically buy-in to this particular optimistic vision. While I've long argued that attempts to censor or filter Internet information will virtually always fail in the long run, in the shorter run authoritarian information regimes can make ordinary citizens' lives extremely uncomfortable -- or even very short.

Yes, you can use a VPN or proxies to get around most Internet restrictions, but if the penalty for getting caught doing so is 20 years at hard labor, and the finest Deep Packet Inspection (DPI) hardware that money can buy is put to the task of pinpointing such violators -- well, it would be understandable if most persons decided not to take the risks in the first place.

Make no mistake about it, information is the part and parcel of authoritarian regimes' most expansive plans and also their greatest fears.

The control of information available to a population is foundational to most dictatorships, whether this means confiscating radios, banning newspapers, or limiting Internet access. Information -- that is, the information deemed suitable for distribution by the powers-that-be, is a powerful tool for furthering their desired goals.

But "unapproved" information carries the opposite status -- it's often viewed as dangerous and subversive, something to be tightly throttled and ideally stamped out completely.

It becomes clear why Google is so often in the cross-hairs these days. The Internet is so vast that without the kind of organized search access that Google provides, much of the Internet's data effectively might not exist at all, since the average user would have a difficult time finding it, assuming its existence was even known in the first place -- similar to (but much worse than) badly misfiled books in a very large library.

In a related vein, Google's YouTube provides the most egalitarian mechanism yet devised for ordinary people to share the most potent of video presentations, exposing to the entire world that which some governments would much prefer remain unspoken and unseen.

But disturbingly, the calls for Internet restrictions of many sorts, often including various demands being made of Google, aren't just coming from the usual authoritarian "suspects" -- but also from countries like Australia, Italy and more.

Even here in the U.S., one of the most common Internet-related questions that I receive is also one of the most deeply disturbing: Why can't the U.S. require an Internet "driver's license" so that there would be no way (ostensibly) to do anything anonymously on the Net?

After I patiently explain why that would be a horrendous idea, based on basic principles of free speech as applied to the reality of the Internet -- most people who approached me with the "driver's license" concept seem satisfied with my take on the topic, but the fact that the question keeps coming up so frequently shows the depth of misplaced fears driven, ironically, by disinformation and the lack of accurate information.

We've seen much the same happen with the politicalization of Internet Net Neutrality debates, with some mostly right-wing commentators aligned with anti-neutrality forces spreading the Orwellian "big lie" inanity that Net Neutrality is akin to a massive government takeover of the Internet, and applying classic "divide and conquer" techniques in an attempt to coopt natural allies of Net Neutrality over to the side of the equation dominated by the very large ISPs.

At the nexus of so many of these controversies stands Google. It would be difficult to argue that this doesn't seem like a highly unusual position -- a position of enormous responsibility and gravitas -- for a single commercial firm to occupy.

And yet, it seems likely that in the current environment perhaps only an international organization of Google's size, scope, and singularly atypical corporate culture has a realistic chance of systematically nudging events globally in a positive direction toward increased Internet freedoms.

As the China events show, this is a matter of continuing calibration and adjustment, and there are no guarantees regarding happy endings. Human history suggests that it would be foolhardy to assume that even the noblest of motives will always win out over domestically or internationally perpetuated fears and associated propaganda.

But in any battle over ideas, history also teaches that widespread access to information -- in "Google-Speak" that goal of "universal accessibility and usefulness" -- is always better for society in the long run than restrictive information and censorship policies aimed at "short leash" control of populations.

In the scheme of events, the Information Wars have really only just begun. The outcomes of these battles won't only determine the fate of the world population's access to information, but in many respects their ability to exercise a wide variety of other very basic human rights as well.

For all of these issues are linked in highly complex ways, and that's not just via Web sites, but throughout the very core of the human psyche.

Perhaps the historical path from Victor Hugo to Google isn't really all that surprising after all.

--Lauren--

Greetings. It didn't take very long for Microsoft's CEO Steve Ballmer to make crystal clear the philosophical differences between his firm and Google.

In a fascinating speech to an outstanding bastion of upstanding business practices that I'm sure we all know and and love -- a Houston gathering of oil company executives -- Ballmer made it clear that if you're a repressive government with a terrible and rapidly decaying human rights record, Microsoft has a censorship deal for you!

On the same day that Secretary of State Hillary Clinton presented a powerful speech supporting Internet freedom that by implication strongly backed Google's recently announced change in China policy and its refusal to continue censoring Google Search results in China, Ballmer was offering to censor Bing in any manner that Beijing requests. Just send him legal notice, and the offending results are Kaput -- Gone -- Vamonos!

Perhaps even more disturbing than Ballmer's "Come to Bing for Censorship!" promotion was his bizarre attempt to equate the rapidly declining human rights and civil rights environment in China with U.S. bans on pornography involving children, and the French ban on Nazi imagery. His presentation of these latter two examples as being morally equivalent to the kind of pervasive censorship, repression, and punishment that is increasingly taking place in China today is nothing short of ludicrous. It's more than a little frightening if he really doesn't see the differences that make China's censorship regime ever more nightmarish for those freedom-seeking citizens unwilling to toe the government's party line.

Ballmer has frequently demonstrated a number of rather clownish traits, but his offer of continuing practical support for China's pervasive information repression isn't funny -- it's boorish, shameful, and reprehensible. And those are just the "family-friendly" terms that come to mind.

For several years -- basically since soon after the start of the censored google.cn project -- Googlers at various levels within the company have expressed their discomfort to me regarding the arrangement, and their hope that the availability of Google Search even in censored form would perhaps help lead to an opening up of China with a blossoming of information, communications, and civil rights freedoms for its population.

It's now apparent that this didn't happen, and China took advantage of the situation to not only increase repression within its only country, but also to strike out at the rest of the world. Google's evolving new China policy is a logical and admirable response to this reality.

On the other hand, Steve Ballmer appears to be comfortably ensconced within a fantasy world -- where human rights matter not at all if they get in the way of business, and where attempting to expand Bing seems to take priority over all else.

Ballmer's attitude is a disgrace to Bing, Microsoft, and of course to himself as well.

Very sad, indeed.

--Lauren--

Greetings. In FiOS Scamming the Elderly a couple of days ago, I expressed my extreme displeasure at the horrendous (whether legal or not, yet to be determined) sales techniques used to pressure the elderly father of a friend of mine into signing up for FiOS services (on a long-term contract) that he didn't want or need.

Since that posting, I've discovered more subterfuge -- they even signed him for FiOS TV after he explicitly told them that he already had cable TV and wanted to stay with it.

Today I finally reached Verizon, and after fighting my way through the usual impediments and multiple transfers I successfully canceled the order. I hope.

Verizon won't provide written confirmation that the order has been killed, and simply tells you to use the original order number for reference. We'll see if his existing, non-FiOS Verizon phone service ends up being disrupted, and I've told him that if any Verizon crews show up at his house, just send them packing back to the depot.

I plan to pursue the issue of the tactics used by the Verizon door-to-door hit squad. Verizon reps I spoke to today refused to reveal whether or not such workers were Verizon employees or (more likely I'll bet) contract workers on commission.

There was an amusing aspect to canceling the order. I felt it appropriate to record the call, so that I'd have a proof of this order activity in case there was an "issue" regarding the order's status later on.

Complexities of individual state laws regarding notifications of recording aside (one-party vs. two-party states), my policy is to always notify the other party when I'm recording a call.

Imagine my surprise when I discovered that the Verizon reps I talked to absolutely and indignantly refused to continue the calls when I told them that I was recording. This despite the fact that virtually the first words out of the Verizon phone system are "call may be monitored or recorded."

So, being a law-abiding, ethical citizen, I stopped the recording and so informed the reps. Their hesitation to continue the calls was unmistakable. "Did he really stop recording?"

The technical term for this attitude on the part of Verizon is of course referenced by the acronym CYA. They want to record you for their protection, but heaven forbid if you desire to record them for the same reason.

But given Verizon's sleazy FiOS sales practices, the fact that they behave similarly disrespectful of their customers' concerns at the call center level shouldn't really surprise anyone.

It's almost as if the long gone but widely despised General Telephone sometimes still lives on as a ghostly spirit in aspects of its descendant Verizon.

Cue the theremin ...

--Lauren--

Greetings. We know that major telephone/cable/ISP companies have many great people managing them and working for them in various capacities.

But when it comes to sales tactics, sometimes it's difficult to come up with sufficiently descriptive terminology that doesn't involve hard-core expletives.

When sales techniques descend to the level of elder abuse, I'll admit I'm nothing short of livid. And that's how I feel right now.

I've just learned that earlier today, a pair of slick, fast-talking Verizon door-to-door FiOS representatives (I'm still trying to find out if they were Verizon employees or third-party sales reps) scammed the elderly father of a friend of mine here in L.A. into signing up for a one-year contracted bundle of expensive FiOS services that he didn't want or need.

Apparently by implying that a change to FiOS was already a fait accompli, they pressured him into immediately signing even though he was obviously confused.

I'll be working to untangle this starting on the first business day that I can reach Verizon.

But for now, the next time that someone questions the need for more regulation in this area, here's one more example to cite.

More later. Take care, all.

--Lauren--

Greetings.

This one's from the "Fun with Photoshop and Google Images Department":

There's a funky old 1972 movie called "Children Shouldn't Play with Dead Things" -- but we might want to headline a new embarrassment for the FBI by the somewhat similar title: "The FBI Shouldn't Play with Google Images!"

Actually, the situation would be even more funny if it weren't potentially so serious. On Friday, to considerable fanfare and media attention, the U.S. State Department released a "digitally enhanced and aged" image of Osama bin Laden, complete with a reminder of the $25-million reward for his capture or obliteration.

Just one problem. It didn't take long for a top Spanish lawyer and Member of Parliament to notice that the new image representing the world's most wanted man was ... uh ... strikingly similar to his own face. Cough, choke, spit out the coffee onto the newspaper! Ouch.

Now comes the really good part. The FBI originally had claimed that it aged terror suspect photos using "cutting edge" technology. But after Gaspar Llamazares (who turns out to be a critic of the U.S. "war on terror") expressed concerns about sharing much of his face with someone carrying such a massive bounty, the FBI admitted to using a somewhat different procedure in this case.

It turns out that they lifted a photo of Llamazares from an old campaign poster found on Google Images, then simply cut and pasted his hair, jaw line, and forehead onto bin Laden's face.

The State Department has now pulled that photo down from their wanted terrorists Web Site.

As you can imagine, Llamazares is most definitely not amused.

But it could have been worse. The FBI might have used images of Conan O'Brien and Jay Leno to update bin Laden's visage.

Now that's scary.

--Lauren--

Greetings. Some of the initial dust is starting to settle just a bit in the wake of Google's announced change in China-related operational policies, and it's fascinating to observe the range of reactions.

One almost immediate result of my posting that strongly supported Google's decision has been a number of people asking if I still stand by my previous statements of support for the concept of cloud computing. Don't the Chinese attacks on Google and other companies, that triggered Google's policy changes, demonstrate a weakness in cloud services?

I still am enthusiastic about cloud computing, and I still feel that there are some important areas of cloud services where more work needs to be done. But more on that in a moment.

While I believe it's fair to say that most reactions to Google's announced China-related changes have been extremely positive, there have been some negative voices.

China of course officially is far from thrilled. My favorite official statements from Chinese officials on the matter so far include: "Properly guiding internet opinion is a major measure for protecting internet information security" -- and a warning that Internet businesses must adhere to "propaganda discipline."

Propaganda Discipline. Now that's a nifty turn of phrase if ever I've heard one.

Well, it's pretty clear where official China stands on this, anyway.

An accusation has been floating around suggesting that Google's only real motivation for the China changes was to give Google cover to extract itself from its "underdog" search status vis-a-vis Baidu.

Fiduciary responsibility alone would suggest that Google considered the financial ramifications of actions with the potential of drastic effects on their China-based operations. But there's no rational reason why Google would want or need to "cover" a straightforward business decision in the manner some folks are suggesting -- that's nonsensical. And to argue that Google would purposely create an "international incident" of this sort on such a basis is assuming a degree of functional sociopathy around the level of Norman Bates. Sorry, I just don't buy the paranoid argument.

Another concern being bandied about relates to the (unconfirmed at this point) rumor that part of the attack on Google involved access to a couple of Gmail accounts via a Google "law enforcement compliance" system.

Some observers have expressed outrage that such a system would even exist -- but frankly I'd be surprised if something at least functionally equivalent was not in place. Given that Google must respond to legal demands for information from law enforcement, a system dedicated in some way to that end would seem at least logical. And the header-type data obtained by certain of the (apparently) Chinese attacks (as opposed to message contents that were reportedly not accessed in this context) are the sort of "pen register" type of data that is commonly associated with certain common types of law enforcement information demands.

Whether or not such a compliance system was in play in these attacks, we know that certain aspects of security at Google and elsewhere were compromised. And this brings us back to the question of cloud computing safety.

But to answer that question, we have to consider the security implications of non-cloud systems as well.

Both from security and privacy standpoints in a perfect world (including pretty much unlimited free Internet bandwidth and lots of otherwise free time on your hands as well), it could be argued that keeping all personal data, e-mail, etc. on your own local computers would be a nifty setup.

However, we of course don't live in a perfect world. Maintaining your own mail servers -- and the security of those systems -- in today's Internet environment can be tough work. I know -- I build and operate my own servers, and even on a relatively small scale it can be challenging to keep attacks and other problems at bay. And let's face it, most computer users have not one iota of interest in spending their days (and sometimes nights) maintaining such systems.

If you want to provide remote access to your own services or collaborative environments -- via ssh or other tools -- even more work is involved and additional security considerations come into play. And then there's the issue of system backups. Sad to say, vast numbers of computer users have no usable backups of their data of any kind!

One reason why Google applications like Gmail have become so popular is that they offload so many of these issues onto Google's shoulders (in fact, Gmail has now switched over to using https: by default -- a major and extremely worthwhile boost for what I call "opportunistic encryption.")

But yes, a cloud service can be an attractive target, by offering the potential attacker at least the theoretical possibility of breaching large numbers of accounts in one fell swoop.

So as with so many other aspects of technology, we see that there's little black or white to these situations, but lotsa shades of gray. To judge any given cloud computing or cloud data storage environment involves not only the capabilities of those services, but also by contrast your own capabilities and desires in terms of operating your own systems and associated infrastructure to perform those same services.

For many individuals, companies, organizations, and even cities or larger entities, moving some or all information technology functionality to the cloud may make good economic and security sense, especially compared with what they could do in these areas on their own locally.

This calculus should be conducted in each case with the understanding that no systems -- locally operated or in the cloud -- will have perfect security, and that security breaches of some sort can eventually occur. One advantage of the cloud is that in most cases it is usually much faster to effectively roll out security updates across the entire population of cloud users than when dealing with non-cloud, locally-operated computing environments.

We can certainly assume that Google and the other organizations impacted by these recent attacks will be taking due steps to further secure their systems based on what has been learned. Computer security improvements tend to be more evolutionary than revolutionary, but like in so much else of life we tend to learn the fastest when challenged the hardest, and ultimate perfection is a pipe dream, not a practicality.

The decision to use -- or not use -- cloud services is an individual one. But my stand on the topic hasn't changed at all as a result of these recent attacks. Cloud computing shows enormous promise and is extremely valuable for all sorts of applications today. But we're in the infancy of this technology, and there's a great deal of important and exciting work yet to be done as this area advances. That work will undoubtedly include security and privacy enhancements as key aspects, and much of what we learn from intrusions will often significantly impact these development efforts in positive and useful ways.

Perhaps we should be publicly thanking the Chinese attackers for their "contributions" to the evolution of our cloud computing projects?

Uh, no!

--Lauren--

Greetings. Almost exactly four years ago, when I first visited Google's Santa Monica offices and presented a talk on Internet issues, one of the topics that I discussed was Google's operations in China.

Google's presence in China has been controversial from the beginning, particularly to the extent that they involved the operation of a version of Google Search (google.cn) that presented censored search results as required by the Chinese government.

Some observers have characterized such an arrangement as a "deal with the devil" from day one, but I've preferred to view the situation in somewhat more nuanced terms. Google indicates to Chinese users when results have been censored, and Google has argued that it made sense to have a presence in China -- even on such terms -- to provide at least some access to Google resources for Chinese Internet users, rather than those users having no access at all.

I've found this argument to have considerable merit, but I've never been happy about this state of affairs. Google and China is probably the single most frequently mentioned Google-related policy area about which I've been asked my opinion over the years. And I've never been fully satisfied with my answers to such queries.

Chatting with Googlers after that talk I gave in Santa Monica, I remember expressing my specific concerns that the China arrangement appeared unstable in light of historical precedent in China -- particularly in regards to a very poor human rights record -- and that the probability of some sort of "trust" breakdown appeared rather high.

Now it appears that the solid excretory matter has hit the fan. You can read considerable details over on the Official Google Blog.

Briefly, after a series of data breaches and attacks related to the Gmail accounts of Chinese human rights activists (and attacks targeting other firms as well that Google discovered in the course of investigations), Google has announced that it will not be willing to continue censoring Google Search results for China going forward, even though this may result in Google having to shut down all Google operations in China.

I congratulate Google on this decision. They attempted over the years -- in what I believe to have been good faith -- to thread a very complex policy needle to avoid having a major proportion of the world's population ending up being cut off from services that most of us now take for granted in our everyday lives. Google's hope was that China would respond in a positive way with improved civil rights and less fettered access to information for China's citizens.

But China appears to have dropped the ball and has been moving backwards toward ever more restrictions. Google is responding to the current situation in a resolute and completely appropriate manner, even though the negative financial impact on the firm from this decision could be quite significant to say the least. I hope that Google detractors will remember the events today the next time that they're tempted to claim that Google only cares about money and nothing else.

Exactly how these events related to China will all play out in detail is unclear at this point, but Google's statement that they are unwilling to continue censoring Chinese search results seems completely unequivocal.

Once again, I applaud Google's decision to take a "new approach" toward dealing with China from this point forward. Three cheers and two thumbs up!

--Lauren--

Update: CNBC Interview with Google's David Drummond regarding this situation (New York Times Video -- ~11 minutes)

Greetings. With sales support and technical support issues surrounding Google's launch of their new Nexus One Android phone rather vividly in the spotlight right now, this seems like an appropriate time to revisit a recurring theme of significant interest to me, the topic of Google's customer support in general.

This is most assuredly not a simple matter, and any attempt to paint this subject as suitable for easy solutions or quickie analysis is doomed to be pretty much useless or even counterproductive. So this is going to be a rather long piece. Sorry about that, Chief.

Regular readers know that I've discussed this topic various times in the past in relation to different aspects of the perceived problems.

I'll try to avoid repeating at length here what I've previously said and recommended in those prior postings -- here are links to a couple of these for backstory reference:

Google's "Failure to Communicate" vs. User Support

"Google Ombudsman" (Part II)

An initially unexpected result of my various writings on Google support problems has been a continuing flow of Google-related issues being sent to me by frustrated Google users, including concerns ranging from trivial to serious.

A common thread is that most of these users claim to have been unable to obtain an adequate response (or in many cases, any non-automated response at all) from Google in reaction to their concerns. These users then start Google Searching on the topic of Google support problems, find my essays, and start forwarding their problems to me!

It's gotten to the point where it's rare for a day to go by without my receiving at least one such e-mail from an upset or concerned Google user. But this does provide me with some interesting insights.

Obviously, I'm not in a position to directly act on Google-related issues. But I do try to help when I can.

Sometimes it's just a matter of clearing up misinformation. Google conspiracy theories float around the Net like flotsam and jetsam, and concerned users often are all too willing to buy into "assume the worst" scenarios.

A common example of this is persons who feel that Google is purposely and unfairly censoring or otherwise damaging their sites' "search ranking reputation" on Google. But at least in my experience, every example of this brought to my attention by concerned site owners has had an innocent explanation.

Sites can be bumped or flagged when they become infected by malware that Google detects. Such infections can occur in ways that the site owner isn't even aware of, resulting in loud (but inaccurate) protests that "my site is clean!"

Another example is sites who have indulged -- sometimes at the urging of less than scrupulous "Search Engine Optimization" (SEO) firms -- in site design practices aimed at boosting their sites' Google search results rankings, but that violate Google's Webmaster guidelines (which are quite explicit and well documented).

In my experience, Google tries very hard to maintain the "purity" of natural search results and to avoid inappropriate bias in those results.

Anyway, you get the idea -- some of the Google problem queries that I receive are pretty easy to deal with via just a bit of relevant information, understanding, and the willingness to appreciate that people get upset about situations where they can't seem to get anyone to respond to their concerns in what they consider to be a useful manner.

Another class of users who come to me with Google issues have genuine operational problems. Perhaps they've been trying to get what they consider to be a specific, privacy-problematic photo removed from Google Street View. Or maybe they're having an issue with Google Voice that is causing them call problems, or perhaps merchant-related ad or Google Checkout issues.

In some cases I'll have information readily available that can help, but other times I go digging for it around the Net, and occasionally I'll need to make some direct queries via my own channels to try help these folks.

The bottom line is that the vast majority of them seem to be thrilled that someone is at least paying attention to their problems.

A key point -- nothing seems to irritate people with Google-related issues more than the perception that they are being ignored, and that their concerns are just falling into automated black holes when submitted to Google Help forms.

There are all sorts of official Google Help Forums of course, but these seem to frustrate many people rather than help them in even common situations. They often seem to run pretty much in an "automatic" mode, with user contributed suggestions (sometimes useful, sometimes just plain wrong) mixed in with everything else, and frequently no formal Google presence other than perhaps a Google employee who pops in occasionally with a comparatively isolated comment.

Again, the perception of a "black hole" related to posted or submitted Google-associated customer service problems runs rampant in the e-mail that I receive on Google topics, with users complaining that they have no confidence that concerns submitted to Google will receive any kind of useful and relevant response or resolution at all from Google in any given case.

There's another class of complaint that is perhaps the toughest to deal with, people who have policy-related concerns with Google (and often, with search engines in general). This can include (for example) persons or firms who feel that false information about them consistently ranks to the top of search results and that they have no way to correct or even respond to what they feel is damaging misinformation.

This is a very tough nut to crack -- particularly since search engines in general do not control the content of the external sites that they index. I've discussed this particular class of policy concerns previously (including in Search Engine Dispute Notifications: Request For Comments) and won't go into it more now, since in my opinion the topic resides at the outer edge of more conventional customer support issues, but that's not to diminish its importance in any way.

The folks over at Blendtec run a really fun site, with a vast collection of videos showing their "nuclear" blenders pulverizing an incredible range of objects. "Will it Blend?" is their very appropriate slogan. ("iPhone smoke. Don't breathe this!")

Over at Google, it could be argued that the slogan "Will it Scale?" is equally venerated -- and with good reason.

Google is dealing with unbelievably vast numbers of users, most of whom pay exactly zero to Google -- nuthin' -- to use Google services.

I have long sensed that Google is aware at various levels of their customer support problems, but has felt stymied about deploying solutions given perceived cost and scale issues, particularly when dealing with a mostly non-paying user base. That's just my opinion, of course, I'm certainly not speaking for Google.

The issue of paying vs. non-paying users is an interesting one. To be sure, most Google users don't pay Google in the same sense that they authorize a payment to their ISP every month. Yet Google's primary ad-supported business model is based on the concept that those non-paying users still represent a revenue stream via their ad clicks. And Google is now a central part of many millions of lives -- whether paying customers or not -- so simply because so many Google services are positioned as "free" to most users does not obviate Google of reasonable and effective support responsibilities.

Is it practical to offer the vast universe of "free" Google users the same level of support as received by, say, paying Google Apps users?

Perhaps not, but I would argue that the current state of Google customer service is increasingly unacceptable to Google's users in general, and damaging to Google as well.

The apparent lack of foresight in this sphere relating to the Nexus One launch seems surprising -- direct sales of a complex physical product can easily be predicted to need significant consumer hand-holding. But Google can fix the most obvious aspects of this particular issue pretty easily, even if they need to resort to contracting with outside customer service phone banks to help with pre- and post-sales Nexus One (and future direct sales devices) issues.

In contrast, the broader Google support issues beyond the immediate Nexus One story are likely not so easily solved. But I do feel that they are solvable in practical ways.

At the macro level, a "triaged" approach to user concerns is crucial. The "Ombudsman" concept that I have previously explored (as linked above) could be an important aspect of this.

Another critical element of a successful customer service structure is a formalized system for dealing with queries of all types that reduces, or ideally eliminates, the "black hole complaint form" effect that is so incredibly upsetting to users with Google-related issues.

This would require the allocation of significant manpower and the spending of not insignificant amounts of money. So be it. Trying to finesse around this matter indefinitely is likely leading to even more problems for everyone involved.

There are various ways to structure such an improved support environment to help keep the scaling issues under control. One possibility -- and I'm not necessarily recommending this, but only pointing it out as perhaps worthy of discussion -- would be to charge a small "per incident" fee (to otherwise non-paying Google users) for expedited responses to problem issues. This would encourage such users to use available self-help resources when possible, but still provide a practical path for more assistance as appropriate.

Google has attracted some of the best technical talent in the world. In many ways it's the new Bell Labs of its day, and I've long held Bell Labs in very high esteem indeed.

Google's employees include among the most intelligent and perceptive persons I know -- individuals who are also genuinely concerned about a broad range of issues and how Google impacts them. It's a popular misconception to assume that Google is all about money. They're a very powerful business to be sure, but the Google corporate ethos -- as I perceive it -- genuinely is concerned with a much broader range of humanistic concerns beyond the financial bottom line. Perceptions of Google skewed by negative customer service experiences is likely acting to obscure this fact -- and that's a genuine shame -- but not an intractable one.

If Google tasks its collective talent with the challenge of providing world-class customer service, I have absolutely no doubt that they can set an extremely positive example in this regard for the entire Internet.

No, it won't be easy. But it's very much worth doing, not just for the sake of Google's users, but for Google itself, and for the broader Internet community as well.

--Lauren--

Greetings. The body image scanner lobby is out in full force to convince governments around the world to buy their products, and to scare the flying public into sheepishly putting up with these invasive devices that will not even be effective in stopping dedicated terrorists.

But money talks -- as demonstrated by Bush-era Homeland Security secretary Michael Chertoff making the TV rounds promoting these scanners. Oh, by the way, he now works for one of the companies that manufacturers the scanners. Surprise!

There's lots of false or misleading information floating around regarding the scanners themselves.

First is the claim that there's nothing to worry about related to the radiation from these devices. There are two types of units -- millimeter wave and backscatter x-ray. The former do not produce ionizing radiation, but recent research suggests that they still carry risks of cellular changes. X-rays we know far better, and the proponents of this technology make various claims about how little dosage is involved in each scan.

These dosage numbers seem to vary all over the place, even changing dramatically from day to day on Web sites that purport to be giving accurate information. Comparisons with background radiation at altitude and time spent in the sunshine is fine, but the bottom line is that statistics clearly indicate that subjecting mass populations (including frequent flyers) to even small amounts of additional radiation will result in additional cancer deaths. Many deaths? Probably not that can be proven, anyway. But if your "lucky" number comes up, too bad for you.

Another issue -- the claims of safety regarding these scanners all assume accurate calibration. Yet we've recently seen that major hospitals -- including right here in L.A. -- have been found to have medical CAT x-ray scanners that in some cases massively overdosed patients (not just on one bad day, but over long periods of time) with radiation, enough to cause burns and hair loss, not to mention other potential problems down the line. That's in relatively calm and clean hospital environments. If airport body scanners end up badly calibrated -- as is typical for baggage x-ray units that vary widely in intensity -- the risks are obvious.

The many detailed naked images floating around the media and Net from various scanners are widely known. The level of detail can be astonishing. A recent YouTube video purported to show how easy it was to digitally reverse such images to show a naked positive (I noted this video earlier today in another venue.)

That video turns out to have been doctored but was convincing. Why? Because my own experiments have shown that reversing such images does indeed yield almost identical effects. Here's my reversal [Adults Only] of an image provided by TSA as part of a widely seen demo.

Pro-scanner propaganda screams that new scanners don't show this level of detail.

That's only partly true. There are newer systems that display more "symbolic" imagery (e.g. "chalk line" body images). But the fact is that many of the units in use today do display full detail.

Perhaps of even more concern, my sources that have been involved in the evaluation of body image scanners in security contexts tell me that the ability of such scanners to actually find contraband on body areas where it can theoretically be detected (e.g. not in body orifices, etc.) varies directly with the level of detail shown. The less detailed the image, the more likely bad stuff will slip through. Also, I'm told that in practice it's often necessary to have two-way communication between the security personnel at the scanner and the remote scanner viewer, in order to instruct the scanning target to reposition themselves in various ways to get a full scan. And of course, the full detailed scan is the initial result internally in all cases, whether or not a simplified image is actually displayed to the operator.

The irony of all this is that the use of a "booty bomb" -- explosives inserted into the body in various ways, is an effective mechanism to evade all of these body imagery systems that don't use body-penetrating x-rays.

Unfortunately, the more clearly one looks at the reality of these scanners and how they're being promoted, the murkier the image actually becomes.

--Lauren--

Greetings. Various media points are reporting fairly widespread complaints about customer support and technical problems related to Google's new Nexus One Android phone. The volume of postings appears to have been sufficient to trigger Google's "real time search" mode for the search term "nexus one complaints" at this time.

The customer support complaints seem to involve both pre- and post-sale issues, tales of finger-pointing between T-Mobile, HTC, and Google -- and a reported lack of other than (currently slow) e-mail support from Google related to the phone.

I do not know at this point the extent to which these complaints are or are not representative of the overall Nexus One user population. In these kinds of situations, you usually hear from the people with problems, not the folks who are satisfied. Of course, it's the former group who most need an effective support structure in such environments.

I did receive an unsolicited message from a reader (possibly reacting to my The Google "Nexus One" Saga Turns Ugly blog posting from yesterday) expressing incredulity that his Nexus One arrived with voluminous legal disclosure documentation but (he reported) no manual of any kind.

Concerns over the Nexus One's 3G performance appear to be piling up. Again, it is impossible to estimate at this time how representative these are, and of course any associated real problems (if actually related to the phone itself) could be caused by anything from hardware issues (usually a hassle to fix) to firmware issues (typically much easier to deal with).

Since my longstanding concerns and recommendations regarding Google's support structure in general are already quite well known, I won't go farther into that aspect here for now.

--Lauren--

Blog Update (January 11, 2010): Google's Customer Support Dilemma Intensifies

Greetings. Until now, I didn't feel any particular need to comment here about Google's new "Nexus One" Android phone. It's gotten plenty of press (by some standards, perhaps too much for its own good), and while it appears to be a very nice phone, it is in many respects essentially a souped-up MyTouch (HTC Magic) -- in fact like the MyTouch it's manufactured by HTC.

I make no secret of the fact that I'm a big fan of Google's open Android OS ecosystem. I carry a (rooted) G1 Android phone (HTC Dream) which serves me well, I do my own Android development, and I've never felt any need whatsoever to look back over my shoulder at Windows Mobile. And while I've noted that I'd happily work with a Nexus if it appeared out of thin air, it's also true that without a physical keyboard it's not a good fit as a primary phone for me, given my high e-mail volumes.

The current Nexus is a GSM-only phone (and the Verizon version will be CDMA only) -- and this GSM Nexus will work 3G domestically only on T-Mobile (not AT&T) -- exactly like the G1 and MyTouch. The price of an unlocked Nexus purchased from Google is in line with other unlocked smartphones, as is the discounted price with T-Mobile contract.

So again, it's a very nice phone. And if Google can get this much publicity out of its launch and is happy with the results, more power to them.

Unfortunately, much of the technical and mainstream media has treated this product launch as a key battle in an assumed Google vs. Apple (Android vs. iPhone) war -- which is to my mind a false comparison.

After all, the iPhone and associated Apple products (like the coming Apple tablet computer) are products of a purposely closed technical ecosystem, with hardware and software development tightly controlled by Apple. Android, on the other hand, is designed to run on a vast range of hardware manufactured by different companies, and it's difficult to imagine how its software development could be any more open without descending into chaos.

In significant ways (and I mean this in a very positive sense!) Android is positioned something like a free, open source version of Microsoft Windows. That is, unlike Apple OSes that only run on Apple hardware, Android -- like MS Windows -- is designed to run on lots of different types of hardware (not limited to phones of course) from a vast range of sources. And Android is well positioned to inter-operate and merge in very useful ways with various Google products and services, including the Chrome OS and other Google systems.

So while there's a natural tendency to try compare the Nexus One with the iPhone via various vectors such as screen size, number of apps available and such, these comparisons are really missing the point of what Google is trying to do -- so far quite successfully -- with Android in the longer run.

A couple of days ago, New York Times columnist David Pogue wrote what I would classify as a generally upbeat and essentially accurate (if not particularly enthusiastic) review of the Nexus One. I don't always agree with David, but I thought his review hit the salient points fairly well. He may not be as excited about Android overall as I am, but I certainly wouldn't have categorized his review as notably unfair or biased.

So I was rather dismayed to read his column today, where he recounted the blast of hateful comments he received in response to that review, leading him to write:

"... Android appeals to precisely the sort of frustrated, anti-establishment people who have no trouble writing abusive notes."

His reaction may be somewhat overwrought, but is completely understandable. There's no rational reason why anyone trying to deal seriously with these complex technical issues should be expected to put up with that sort of abuse. Nor do such juvenile outbursts directed toward reviewers like Pogue do anything to advance the interests of we who support Google's efforts with Android.

I won't belabor the old Rodney King "getting along" stuff here, but I will suggest that these issues are important enough that we would all be well served by at least trying to act like adults when debating such topics (and at other times as well!), and that a bit of respect goes a hell of long way even when you disagree strongly with someone else's opinions.

"Do unto others as you would have others do unto you" -- remember?

That's the "nexus" of the matter for me -- and I hope, for you as well.

--Lauren--

Greetings. At the ongoing Consumer Electronic Show in Las Vegas, auto manufacturers appear to be in a race to kill more motorists than ever before.

This has nothing to do with speed or brakes per se, and everything to do with an escalating array of distracting dashboard gadgets.

Let's start with a fact. Distracted driving kills. And there are a wide variety of possible distractions. One reason that I have consistently opposed laws banning the use of hand-held cell phones when driving is that such laws do not address the core problem of distractions, which has nothing whatever to do with whether devices are hand-held or not. In fact it's the mental distractions related to interacting with these systems that create the risks. (Please see U.S. Group Wants Total Driving Cell Phone Ban -- Or -- "Are you talking to yourself again?" and associated retrospective links, for my previous discussions related to this topic.)

We know that people have died as a result of distractions caused by simply fumbling around with ordinary car radios while driving. In-dash GPS systems add another layer of distraction that is difficult to resist, even with voice guidance, but it can also be argued that GPS provides a key capability important to the basic goals of driving -- for example, getting to the right place without resorting to distracting paper maps and the like.

But lately auto manufacturers have been piling on far less necessary entertainment extras, including all manner of video playback capabilities (while driver-side video is usually supposed to be disabled while actually driving, this lockout can often be easily defeated).

Now comes word from CES that Ford is bringing Twitter services to their in-car "Sync" system -- right at the same time that moves nationwide to ban text-messaging while driving have been gathering momentum.

I like Twitter. I use it (@laurenweinstein all the time, on desktops and on my Android phone. But the thought of people driving while receiving or sending tweets -- whether as text or audio -- scares the hell out of me.

Perhaps worst of all, Ford CEO Alan Mulally reportedly told an audience at CES that because Sync is voice-activated, it's safer for drivers than using their phones in the car.

I won't call Alan a liar. Let's just say that he appears to be dangerously misinformed. Virtually every reputable study I've seen on this topic has reported that hands-free and hand-held cell phone use while driving carry the same significant distraction risks.

As I mentioned above, these dangerous distractions are intrinsic to the mental processes of interacting with these systems, and these are fundamentally the same when driving whether you're holding a cell phone, talking on a speakerphone, or even interacting with Twitter in a hands-free mode.

I like my Internet toys as much as the next person -- probably even more than most people. But I don't love them enough to want people dying as a result of auto manufacturers pushing ever more dangerous extra-cost distractions into our vehicles -- in their never-ending quest to stay financially afloat.

Much as I hate to say this, it may well be appropriate for some preemptive federal regulatory activity in this area.

Most of us need our cars. But killing or dying due to tweets or other unnecessary driving distractions is just plain stupid -- and in many cases likely criminal as well.

--Lauren--

Greetings. Among the hard core of Internet Geekdom (of which, I must admit, I'm a charter member) you'll frequently hear the phrase "Bits are bits" -- often in the context that at the digital level, all content -- Web pages, movies, TV shows, music, and so on, are composed of the same fungible zeros and ones, at least theoretically capable of flitting around the Internet with equal ease.

But in the real world, various forces work to channel and control the flow of bits, in the furtherance of various goals. Many of the key issues related to Network Neutrality are focused on a range of controversies and conflicts associated with these efforts to manage and monetize the movement of data around the Internet.

Most Net Neutrality discussions to date have focused on the ways in which a few dominant ISPs, who in the U.S. control the vast majority of Internet users, could use their leverage in ways that favored or disfavored particular content, create anticompetitive situations for outside Internet content vs. content affiliated with those ISPs, and so on.

But we've very recently seen a saga that demonstrates another potential aspect of the situation that could become important for persons and organizations concerned about Net Neutrality.

In a nutshell, the question is this: Could Web services use their popularity to "extort" payment from ISPs in exchange for continued direct access to those services by those ISPs' subscribers? As an alternative to directly charging users themselves for site access, this might seem attractive to unscrupulous entities.

For example, could a popular social networking site, knowing that many tens of millions of persons organized their lives around the site, go to an ISP and demand, say, a buck a month per ISP subscriber (regardless of whether individual subscribers ever visited that particular Web service or not) -- or alternatively face that ISP's IP addresses being blocked by that Web service?

Of course, such blocking would not be absolute -- subscribers in the know would find a way to access the site via proxies and such. But would an ISP want to risk the backlash from most subscribers who suddenly found themselves unable to access their favorite site in a conventional manner?

At first glance this entire scenario might seem like Fantasyland. What content provider or other Web site would be so wacko as to try "blackmailing" an ISP that way?

And yet, we've seen something rather like this play out just a few days ago, when Time Warner Cable (TWC) subscribers were caught in the middle of a battle royale between their cable company and FOX, specifically whether or not TWC could continue carrying key FOX over-the-air channels on TWC systems in major cities.

This was big news -- the thought of missing some football games or episodes of The Simpsons drove many viewers into a flurry of consternation and panic.

Battles over "retransmission" are not new, but this escalation, both in terms of rhetoric and potential pass-through costs to cable and satellite subscribers going forward, is very significant, since the new venue is battles over traditional "free" locally transmitted channels, not cable-only channels.

While TWC and FOX finally settled (exact terms moving forward not officially released as far as I know) at the urging of the FCC, subscribers in at least one other cable system were not so lucky at the end of 2009, actually losing some popular cable channels when other agreements couldn't be reached.

What does all this have to do with Net Neutrality?

Remember -- bits are bits. Television distribution is moving rapidly toward Internet "IP"-based models. AT&T's U-verse is already an "IPTV" system. The evolution plans for digital cable all appear to lead ultimately to IPTV.

Meanwhile, content providers are beginning to offer TV programming directly through conventional Internet sites, sometimes linked to being a subscriber of particular cable systems.

This is Convergence with a capital C, and the distinction between "TV" and the "Internet" is already blurring. At some point down the line the visible differences are likely to vanish completely as far as most people are concerned. CBS? NBC? PBS? FOX? YouTube? Eventually -- and not that far in the future -- these will all be the same bits feeding into the same boxes and displaying on the same screens in people's homes.

And so we come back to the scenario in question. If FOX can threaten to block Time Warner Cable subscribers unless TWC coughed up a dollar per sub, could
"MyTwitFaceSpace.com" do essentially the same thing as a quickie or even long term revenue enhancer? And if they tried, would it work? Would the money potential outweigh the backlash? Could such a course be legal in the absence of Net Neutrality regulations that prohibited such demands and actions?

When the technical distinctions between different modalities of content delivery fall away, the possibility of particularly distasteful monetizing strategies migrating across a range of associated services would seem all too real unless moderating influences -- or in some cases regulatory controls -- are present.

It's an issue at least worth thinking about.

After all -- bits are bits.

--Lauren--

Greetings and Happy New Year!

I hadn't planned a blog post for today, but in the course of research a few hours ago I stumbled across a site that at first had me chuckling, but that I found increasingly disturbing the more I thought about its privacy and other implications. I'll provide the link at the end of this item -- as we proceed you'll understand why I'd prefer that you read this posting entirely before considering if you want to actually visit the site for yourself.

Dedicated to "The lighter side of law enforcement," it's sort of loosely like a giant wacky Facebook for cops, but includes photos that likely would violate Facebook's terms of use -- and that of most other (non-porn) sites.

The site is apparently registered to an individual in New York. While it may not be officially affiliated with police departments, the nature of the contents suggests that the site enjoys the cooperation in some manner of various police agencies and personnel.

The silly, off-color, and other jokes, plus a wide range of associated oddities, can easily be viewed as folks in a tough job letting off some steam.

But one section of the site, featuring an array of mostly uncensored photos of fully naked men and women interacting with police in various public contexts (protests, arrests, etc.) seems highly problematic, especially since the lack of any "masking" of photos makes many of the individuals completely identifiable.

It's one thing to argue that such photos show the reality of what law enforcement deals with, or that the photos' subjects were in public contexts where they had no expectation of privacy.

But the juxtaposition of these photos within a joke-filled "lighter side" Web site suggests that the images are present to amuse and titillate, not teach and inform.

One also can't help but wonder where these photos originated. Bystanders? Official police photography? On the scene media?

Regardless of the sources for the photos and other materials, the apparent "nod and wink" (if not fully active) association of various police agencies with this site strikes me as rather inappropriate at the very least.

But perhaps I'm being too sensitive about this and it's all just in good fun with no real privacy implications at all. Or perhaps some of the site's materials being displayed as they are actually do break privacy laws in some jurisdictions. I won't even try to pass judgment at this point. You can make up your own mind.

The site is called The Police Daily.

Their adult-oriented section can be reached via the "Police Flashers" link in the navigation bar on the left side of their home page. Frankly, I don't want to link to that section directly.

All in good fun? Or taking the "lighter side" of law enforcement too far?

What do you think?

--Lauren--

Greetings. Here's a "fun" question to think about as we get ready to close out 2009. With politicians clamoring for massive deployment of full body scanners at airports, how long do you imagine it will take before we start to see headlines like the title of this posting, inappropriately blaming the Internet generally and Search Engines in particular for the mess that these scanners are likely to create?

Subscription sites for body scan celebrity images (and different sorts of sites focused on imagery of children) would seem inevitable, as well as more routine "gawking at the big breasts" sites.

Despite claims of privacy improvements, most of these full body scanners still present imagery in astonishing detail.

Getting the images to the outside world will be relatively straightforward, despite the claims that images aren't recorded and that observers will be isolated.

When there's money to be made, it will be done.

Saving the images should be pretty easy. The observers simply need any sort of small (and you can get them teeny tiny these days!) digital image capture device that they can use to shoot images directly from the scanner display screens. If camera cell phones aren't allowed in the "naked body observation chambers," any of many other minuscule digital image devices -- if necessary easy to sneak in using the same sorts of techniques that would-be terrorists will use to defeat the body scanners -- can be employed.

Observers can snap images of general or specific interest for the amusement of friends and family, and for local posting on nearby walls, then upload the best ones to the Web sites later. "Wow, take a look at the [blank] on that [blank] -- Whooo!"

Celebrity shots (including politicians of course) would require a bit of coordination. The easiest way would be to simply have an associate near the body scanners to allow for matching up images (based on time of scan) after the fact. "Yeah, Senator Bilbo and his family came through at 8:05. You got those? Great!" Real-time signaling using a variety of easily accessible means will often be another possibility of course, depending on the logistical set up at any given airport.

Sound far fetched? Too complicated? Nobody would bother?

Given human nature ... ya' really wanna bet?

Oh, and by the way, while the body scanners will probably be great at finding nail clippers that the magnetometers missed, you definitely can rest assured that any serious terrorists will either (a) target the wide variety of venues other than airports and/or (b) hide their explosives through a variety of uncomfortable but certainly not novel methods that these body scanners can't touch, including orifice insertions, and external masking techniques taking advantage of the limitations of these scanners.

When it becomes obvious how easily the current body scanners can be defeated by determined terrorists, are we ready for full strength, full-body x-rays and/or routine body cavity searches for the privilege of flying? Because those are the obvious next steps that are already in use among other "captive" audiences (such as inmates).

The only real cure for terrorism is coordinated intelligence -- in the IQ, political, and "three-letter agency" senses. Trying to scan and search terrorists out of existence makes for a fine show and votes in the next election, but simply guarantees that those persons who hate us will adjust their techniques and targets to render our expensive and depersonalizing anti-terror scanning efforts ever more impotent and useless.

--Lauren--

Blog Update (January 9, 2010): Fun With Body Scanner Images -- and Cutting Through the Body Scanner Bull

Greetings. When it comes to complex technical issues with political overtones, muddying the waters is a time-tested technique to try draw attention away from the pertinent facts.

In recent years, there arguably has been no better example of this game plan in action than in the way that forces opposed to Net Neutrality have organized their offenses.

We've seen all manner of fanciful, irrelevant anti-neutrality arguments thrown into the pot. For example, anti-neutrality proponents have argued that Internet content edge-caching (like that used by Akamai, Amazon, Google, and many other Web services) somehow violates net neutrality principles -- clearly a false assertion.
There have been claims that major, popular Web services represent monopolies akin to the warped and restricted environment present in the U.S. Internet access (ISP) landscape -- again, not true -- another disingenuous attempt to divert consumers and regulators from actual facts.

Today's New York Times provides a case in point, with a "sour grapes" op-ed by an author promoting the wacky idea that FCC Net Neutrality regulations should also include "opinion neutrality" -- oops, sorry that's not what he actually said -- the term he uses is "search neutrality" -- but really they amount to the same bizarre concept.

There are so many vectors from which to disassemble this "search neutrality" argument that it's hard to know where to begin.

We can start with the obvious. Unlike most consumers' interactions with ISPs, changing search services is literally just a single URL click away. Changing ISPs -- even amongst the extremely limited (if any) cost-effective broadband choices available to most U.S. Internet users, is often nothing short of harrowing. Net Neutrality relates specifically to ISPs because ISPs are -- by definition -- the only path to the Internet for most Internet users. Every single byte of data that we send or receive is in the hands of our ISP. No non-ISP Internet service, even the biggest ones -- come anywhere near such a universal access to our data.

Add to that the fact that the few large, dominant ISPs who control the majority of U.S. Internet subscribers are now rapidly moving into the content provision business (e.g. video), and are deploying usage and bandwidth caps that impact competitive Internet content but not most of their own content -- well, the anticompetitive fox guarding the hen house analogies are impossible to ignore.

The big ISPs have mostly attained their dominant positions by virtue of their historical, legislatively-mandated monopoly telephone and cable origins, that gave them an enormous advantage against all comers. Combine that with the industry's cherry-picking of areas for high-speed Internet deployments, the telephone industry's decades-long trail of broken deployment promises, plus their intense lobbying aimed at restricting effective Internet access competition -- and the regulatory focus on ISPs is clearly well placed.

The designated enemy of the anti-net-neutrality forces these days is usually Google. Google is very large and certainly dominant in search over much of the world. But it attained that position not by buying politicians to maintain monopolies, nor by attempting to restrict competition, nor by dirty tricks.

Fundamentally, Google has simply provided better products, that more people want to use. And anyone else is free to do the same thing, at least as long as ISPs aren't permitted to strangle the Internet playing field via their total hold over Internet access to all sites!

Finally (for now) one other point of interest. The author of the "search neutrality" op-ed in question is apparently upset about how Google orders search results, especially those of his own company. But his example of MapQuest's decline in favor of Google Maps undermines his own case. Almost any unbiased observer would be forced to admit that Google's maps system has simply represented a more full-featured product than MapQuest's for many applications.

Similarly, the author's complaints about his own firm's treatment by Google have been undermined by independent analysis suggesting that these complaints are the result of his firm's own Internet operational philosophy and site design, not bias by Google.

As we're increasingly faced with the intersection of technology, money, and politics, it is unfortunately inevitable that we'll see everything (possibly including the kitchen sink) thrown into these debates by those parties who wish to undermine the true facts -- by sowing the seeds of confusion among consumers, legislators, and regulators alike.

But even though these are technically complex matters, they are in terms of some basic aspects of human experience -- especially when viewed through the lens of history and past behaviors -- not all that difficult to understand.

--Lauren--

Greetings. A few days ago, I briefly discussed my belief that "cloud computing" has and will have enormous promise, but I also expressed the concern that some fundamental security and privacy issues -- while solvable -- may not be sufficiently developed today to satisfy the requirements of all potential users.

I received quite a few comments, mostly asking in what circumstances I believed that cloud computing is or isn't appropriate for any given application.

That's a difficult question to answer succinctly, since user requirements vary so widely, and the very concept of "cloud computing" (as the term tends to get tossed around) covers a great deal of territory -- storage, e-mail, real and virtual machines for general purpose remote computing, and so on.

So right now I'll just touch on a couple of points. As always, there are lots of trade-offs involved in the selection of information technologies.

One basic issue is the degree of privacy that you desire or require, vs. the costs you're willing to pay. For example, since most Internet users have neither the capability nor inclination to run their own mail servers (though significant numbers would do so if their ISPs didn't forbid it!) it's common to host (at least part of the time) your e-mail "in the cloud" -- e.g., on ISP servers, Google's Gmail, or whatever.

Such remote e-mail hosting, whether accessed via POP, IMAP, Web browsers, or other means, is different in key ways from local mail storage.

First off, as long as the e-mail is on remote servers, it's likely better backed-up than if it was just sitting on your own computer. On your own machine, statistics suggest that your mail and other data likely isn't backed-up well or at all. On the other hand, e-mail not under your immediate control will likely incur a different (and in some respects generally weaker) set of legal (privacy) protections than e-mail in the cloud.

Does this really matter in practice? The easy answer is yes -- but that wouldn't be entirely accurate. For many people, the trade-off between reliable remote storage and comprehensive (e.g. Gmail) mail handing functionalities, vs. theoretical privacy concerns, may skew heavily toward the cloud. This may particularly be true for services like Gmail that offer the option of full-time TLS (https:) secure connections between user browsers and Google servers. However, there are other users who wouldn't want to store their e-mail remotely under any conditions, for any period of time longer than required for transit and delivery (with server-to-server crypto at least of the STARTTLS variety when possible).

The honest analysis is that these sorts of decisions are very much personal ones. The key is to try be sure that you fully understand the implications -- both positive and negative -- of these choices, and not choose your applications and services paths solely based on the say-so of either boosters or detractors.

When you're mostly concerned with remote storage rather than remote computing and processing per se, the situation can sometimes be a bit more straightforward.

If you simply wish to store data securely and reliably "in the cloud," then there's no obvious reason why the service provider would typically need access to the plaintext data or the means to decrypt encrypted data.

Various interesting work has been proceeding in this area.

The open-source Tahoe-LAFS project shows particular promise for providing a cloud-based, encrypted, reliable remote system for storing data -- much like a secure, distributed RAID environment.

With the increasing sophistication of client-side applications operating in advanced browser-based, server-supported cloud environments, it seems likely that a range of applications beyond "simple" storage will increasingly be able to function in modes where the actual data will not need to be plaintext accessible to the cloud provider.

But here again, there will be trade-offs. Some functionalities will likely perform more comprehensively or faster with server-based processing requiring plaintext data availability. Some valuable and popular services that may be viably provided for free when users allow plaintext scanning (e.g., of e-mail for ad displays) might not exist or might need to be fee-based without such scanning.

In the future, it's possible that both the free and fee service models will coexist in new contexts that don't exist widely today, perhaps based on both service capabilities and user-selected privacy paradigms.

It's undeniable that the future of computing is in the clouds. But the shape of Internet clouds, like the clouds fleeting across an azure sky, are a process rather than a fait accompli. Our sky gazing at cloud computing has only just begun.

--Lauren--

Greetings. Yesterday I suggested that "Operation Chokehold" -- an apparently satirical call for an iPhone-based protest against AT&T's mobile data network that appears to have rapidly morphed into a real event -- was irresponsible and even potentially deadly.

A number of iPhone users and others contacted me with their arguments about why Chokehold is a simply grand and glorious idea.

Let's explore their thinking, along with an ethics quiz question to ponder. We'll leave aside for now the obvious point that purposely flooding the network with data in an explicit attempt to disrupt its operations is certainly a violation of the AT&T Terms of Service.

Some observers feel that since AT&T's mobile data network is so bad in many areas anyway, hardly anyone would notice even a large-scale attempt to flood the network with data in protest. Others suggested that AT&T was "so evil" (some mentioned their ongoing PATRIOT Act wiretapping concerns) that any protest was justified, and that to argue against protesting corporate activities would reduce us to -- for example -- the current situation in Iran. A couple of people were concerned that the protest had been compared with terrorism in some quarters. I would call the protest potentially criminal, but not terrorism -- given that the latter generally involves a different motivation, at least by my personal definitions.

A more common theme -- which I noted as a legitimate concern in my original item -- is that important services perhaps shouldn't be using these kinds of public mobile networks in the first place. This is a serious issue, but the reality is that given the funding and other limitations of many public safety infrastructures, it is not uncommon for some workers, who are going to do anything they can to get their jobs done (whether officially approved or not) to use ordinary cell phones and conventional mobile data resources, at least as fall-backs to their official equipment.

Several people suggested that even though the problems with AT&T's mobile data network are already very well documented, the protest would help to highlight the situation and emphasize how dangerous it was to use that network for crucial activities.

The issue of public safety takes us to the ethical quiz. I find it very useful when analyzing Internet issues to try find historical or non-Internet comparisons and analogies that might help to focus the situation.

So let's think about a typical freeway (or thruway for you Easterners). This freeway is pretty busy much of the day. Sometimes it's awful -- traffic slows to a crawl. Ambulances, whose drivers are always trying to find the quickest routes to move their patients, sometimes choose to use the freeway at times when they expect the traffic will be relatively light and especially when their patient needs particularly urgent care. Getting stuck in traffic -- for example behind an accident -- could result in a dead patient (this is not merely a hypothetical outcome).

Now one day, the "Our Freeways are Too Damn Crowded" group coordinates a protest among their members. They want to completely shut down a major freeway at midday for an hour, when it would ordinarily be moving along pretty well in that particular area.

At the designated time, drivers from the group synchronize their movements across a section of freeway and pretend to have simultaneous engine failure, completely blocking the road.

The ensuing mess takes more than an hour to clear up. Just behind the protest blockage is a now trapped ambulance carrying a critical patient. The ambulance driver -- based on his experience and traffic reports up to that hour -- had chosen to take the freeway as the best route for that particular trip.

Due to the delay, the patient dies.

The ethical question: Should the protest organizers (and/or the persons who actively engaged in the protest) be held culpable in some manner for that death?

If your answer is no, then a secondary question would be how many deaths would be required "up front" for you to change your mind? 5? 100? Or do you feel that innocent deaths -- even if low probability -- resulting from such an event are always justified to make a point?

Please be sure to include the text of a condolence letter to the families of any victims with your replies as appropriate.

Odds are that the Operation Chokehold protest won't kill anyone. It may in fact not even be significantly noticed. Those aren't the issues. The question is whether even taking the risk (whether proposed satirically or seriously in the first place) for the purposes of protesting iPhone performance is worth the chance of innocent persons being harmed, however small that risk may be.

Common sense, and basic ethics, say no.

--Lauren--

Greetings. Whether or not it started "merely" as a satiric suggestion, plans to disrupt AT&T's mobile network as a protest against iPhone data performance are childish, stupid, irresponsible, and potentially extremely dangerous.

Users of iPhones share the same data network with other AT&T mobile users, including public safety workers and other users with critical functions accessing resources via laptop dongles and the like.

To purposely attempt to disrupt a publicly used mobile data network of this sort is criminal -- or should be. While one can argue about the advisability of using public data networks for crucial functions, the reality is that they are, and without being overdramatic, such "Chokehold" demonstrations could actually cost lives.

--Lauren--

Greetings. One of the worst-kept recent telecom-related secrets is finally out, with "official" word that Google will be selling a GSM-based cellular smartphone.

Bits and pieces of stories regarding this HTC-produced Android phone (the same manufacturer as the Android G1 and myTouch) have been dribbling out for months.

Various sources are tagging this basic device as "Nexus One" -- aka HTC Passion.

Presumably this carrier-unlocked device will include both EDGE+3G bands for T-Mobile and AT&T, plus associated international frequencies.

If HTC follows its usual pattern, a more or less similar phone will appear at some point for Verizon/Sprint CDMA, but not necessarily a full "Google Experience" device. (Both of the names HTC "Passion" and HTC "Dragon" tend to be used interchangeably, but not necessarily correctly, in some circles).

Unfortunately from my standpoint, smartphones without physical keyboards are non-starters for me in terms of routine use these days, but of course remain very useful for my Android testing and development purposes -- so if someone tossed me a Google Phone/Passion, I definitely wouldn't throw it back in their face!

Typical iPhone users should be willing to at least give the new "Google Phone" a good look-see if the price point is right, and assuming that they're willing to embrace the open Android market rather than iPhone's locked-down "We Are the Law" market environment.

Still, it may be tough for some iPhone users to drag themselves away from Mama Apple's controlling grasp, especially given the iPhone market's enticement of a veritable plethora of "farting" apps, a sheer quantity of digital flatulence unmatched by similar Android apps at this time.

--Lauren--

Greetings. In Facebook's Devious Privacy Ploy, I strongly criticized various aspects of Facebook's recent changes to their privacy settings environment, particularly elements of their new recommended defaults -- that I feel are nothing less than a privacy disaster.

But it's always useful to try find a silver lining even in the darkest clouds, so today let's explore how the new recommended Facebook privacy settings are in some ways the "gift that keeps on giving" -- and can be used to help fill your bank account with riches -- if you're a criminal, that is.

To quote Gene Wilder as Leo Bloom in 1968's The Producers: "Let's assume, just for the moment, that you are a dishonest man."

How could you leverage Facebook's recent privacy changes toward your goal of achieving true "money is honey" status?

The key is Facebook's new recommended default that makes user postings ("Posts by Me") available to everyone, in contrast to the earlier essentially equivalent category of "Status and Links" -- which defaulted to "Only Friends."

Recommended defaults are extremely powerful. It can be expected that vast numbers of Facebook users, likely the majority over time, will accept the new defaults and rarely if ever take advantage of the new "per posting" privacy options that are now available.

As a bold crook, this plays directly to your advantage.

For your Facebook blackmail operation to blossom, you'll probably want to concentrate on the vast bounty of posted photo albums that will be open to public viewing, where previously they would likely have been restricted only to any given Facebook user's friends. These photos are gold to your criminal operation.

As we know, many Facebook users unwisely post a variety of "compromising" photos on Facebook to share with their friends. These often involve partying, drinking, and other potentially embarrassing (or even illegal) activities. You can use these ingrained posting habits -- combined with Facebook's new privacy changes -- to your definite monetary advantage.

The technique is simplicity itself, but you'll need to get going now for maximum payoff.

Simply troll around Facebook gathering up every potentially embarrassing photo that you can find. Archive them carefully, along with all other available Facebook information related to the associated users. You can do this on a small scale and manually, or on a larger scale via automated techniques.

Massive numbers of Facebook users will have inadvertently exposed such materials to "Everyone" as a result of Facebook's new recommended defaults. By collecting these photos and other compromising Facebook items now, you'll be in a position to monetize them to your benefit later, after these users have belatedly realized that exposing that stuff so widely -- particularly those nasty photos -- was a really, seriously bad idea.

Ah, but they're too late! You've already got 'em by the ... well, you know what.

Now comes the fun part. Keep watch and note when users who previously had exposed embarrassing materials suddenly change their Facebook settings to clamp back down and limit access. Many of these Facebook subscribers will be the patsies who'll end up buying you everything that you've ever dreamed of.

The rest is obvious. You simply -- via various reasonably difficult to trace communications channels -- offer a "service" to these Facebook users to help prevent archived copies of those formerly exposed photos and other goodies from falling into the hands of boyfriends, girlfriends, spouses, current or potential employers, law enforcement, and so on.

With a little luck, the bucks will come rolling in.

But as you count your ill-gotten gains, be sure to give thanks to those good folks at Facebook who made it all possible -- when they pushed their users into exposing to the world all those personal goodies that are now so enriching your life.

Yep, there's still a lot of money to be made on the Web!

--Lauren--

Greetings. The Net is abuzz about some major privacy changes by Facebook, which show signs in key ways of being yet another in their continuing history of ham-handed privacy gaffes. No, I'm not concentrating today on their notorious "beacon" system, though it was just announced that Facebook is shutting beacon down and paying almost $10M to settle a related lawsuit.

No, today let's talk about how Facebook has attempted to deceptively shill users into lowering their privacy protections, in the false guise of supposedly improving their privacy settings.

I am not a big Facebook user. In fact, I am hardly a Facebook user at all. I have an account for research purposes, but I don't publicize it. I've routinely ignored the multitude of "friend" requests I receive from people who find the account (and I do essentially the same thing for "LinkedIn" requests -- where I don't even have a account).

My attitude toward these services is that -- at least for me -- they do not bring significant value. Plus, the noise level of associated phishing, spam, and other crooked solicitations is way too high, and frankly the amount of time required to maintain more social networking accounts along with everything else I deal with would just be unproductive.

That's not so say that anyone else need share my opinions, but I hope this explains to those legitimate folks who have tried to contact me via those services why they did not receive responses (on the other hand, I'm plenty easy to contact in a multitude of other ways).

Facebook of course is all about sharing information. But as we know from a continuing sequence of news stories, many people are getting seriously burned from sharing their personal information on Facebook.

Youngsters -- and even adults -- are getting into trouble for photos they post showing partying or drinking. People have been fired -- or not hired -- on the basis of such photos. In one recent case, an insurance company has tried to kill a woman's health coverage, apparently because they thought she was having too much "fun" as shown in a Facebook entry.

Amanda Knox's very recent murder conviction in Italy may have significantly been unfairly influenced by the Italian media's fascination and exploitation of her Facebook materials. Law enforcement is now using Facebook for sting operations, even for such relatively mundane matters as targeting underage drinkers.

Without attempting to evaluate right now whether or not such uses of Facebook should be viewed as legitimate, it is clear that keeping the minutia of your personal life offline is obviously a good step to help ensure that you won't be subjected to judgment and possible exploitation based on that information.

But for those persons who do feel the desire to share their lives online, having complete control over the manner of that sharing is critical.

Unless you're a celebrity or some other sort of public figure, sharing more than the absolute minimum of personal information with the the world at large ("everyone") via Facebook usually just doesn't make sense. Even if you're a young person seemingly with nothing to lose, it must be remembered that once information, photos, or other data have been publicly available for any period of time, they are likely to be available in some form, archived somewhere, essentially forever. And photos that didn't seem to matter when you're 16 may have a whole different impact when you're 30.

Be that as it may, the key to using Facebook "safely" -- to the extent that this is possible -- is by consistent and careful use of their relatively confusing privacy controls, that determine which information that you put online will be shared with particular classes of users.

So it's a pretty big deal when Facebook, as they've just done, completely revamps their privacy system, and forces all uses to make new selections about virtually all aspects of their Facebook privacy.

Unfortunately, the manner in which Facebook has done this shows all the signs of being what amounts to a nasty privacy scam.

To be fair, the Facebook privacy changes are not all bad. For example, they now permit per-item controls over privacy settings. That's a positive change.

But the truly devious aspect of what Facebook has done is their choosing of new recommended privacy defaults for all users -- presented during the new "forced" privacy changes dialogue -- that in many cases seriously reduce default privacy protections on Facebook entries, in ways that will often share with much larger audiences key materials that you may previously have (wisely) restricted only to, for example, your friends.

While it's possible to override these new "suggested defaults," one of the worst actions that can be taken in a privacy context is to try manipulate users into accepting reduced privacy protections on a default basis, especially in the context of promoting "improved" privacy settings.

It's duplicitous, deceitful, and as with Facebook's ill-fated beacon system, calls into question the entire underpinnings of Facebook's "ethical" structure.

The reason why Facebook would risk behaving this way seems rather clear. They've watched as more "broadcast" oriented systems like Twitter have gained massive popularity, and Facebook wants a bigger piece of that pie.

Twitter users by and large are fully aware of the fact that they're potentially "tweeting" to the entire world. In many ways that's the whole point. And since this is understood, the sorts of information we tweet tends to be rather carefully framed with this in mind.

Facebook on the other hand is attempting to coerce users into drastically changing privacy settings on a potentially vast range of personally-sensitive materials in ways that could in some cases -- no kidding! -- seriously upset or damage their lives.

If users wish to voluntarily and without coercion increase the visibility of their Facebook data that's fine.

Facebook's new system of proposing changed defaults for most users, that will often drastically reduce users' privacy, is difficult to categorize as anything other than basically exploitative and -- yes -- evil.

--Lauren--

Update: Dave Farber has announced that his dispute with Expedia has now been resolved. Too bad that so much unnecessary hassle was involved in getting Expedia to do the right thing.

Greetings. The Internet has undoubtedly and significantly brought all manner of remotely-accessible benefits to many aspects of our lives. These advantages are often extremely enticing, so much so that they tend to mask the evil twin that sometimes lurks parasitically along for the ride.

For some Internet-based services use the fact of Internet access as an excuse to mask a depersonalized lack of customer service, and in some cases a vacuous dearth of ethical conduct -- while still merrily charging our credit cards.

Case in point is massive travel service Expedia -- which trumpets itself as the world's leading online travel company.

Over the last few days I've watched a tragic saga play out over on David Farber's "IP" list, as we've learned of his intense upset at Expedia's refusal to refund monies paid for a trip canceled due to the likely terminal illness of his wife.

Expedia apparently hasn't even been willing to escalate concerns about this matter to a level beyond the, "Sorry, you're screwed!" customer "support" level.

Obviously firms need to be on the lookout for fraudulent attempts to cancel services. But in cases such as Dave's, where not only are the medical realities well documented, but the various involved airlines and hotels apparently would be willing to refund, Expedia's middleman role clutching tightly to the money in this situation is nothing short of unconscionable.

It's possible that Expedia actually does have -- hidden somewhere in their policies -- a clause that handles these sorts of situations in a humane and reasonable manner. But if Expedia patrons are unable to access such policies (if they even exist), and can't get past useless Web help forms and script-reading phone agents whose main purpose appears to be avoiding refunds come hell or high water, then Expedia has proven itself to be unworthy of patronage -- or even existence in any form as far as I'm concerned.

Perhaps this is all some sort of misunderstanding. If so, I invite Expedia to contact me directly and I'll be happy to help sort this out, and then I'll gladly report back here about Expedia's prompt attention to this situation.

But being big and powerful is not an excuse for being petty and greedy. Even if Expedia's actions in this case so far are completely lawful, they appear on their face to be, frankly, abominable.

When the Internet becomes a convenient vehicle for abusing people in clearly unfair and unethical manners, such behaviors denigrate not only the companies and customers directly involved, but also ultimately the entire community of Internet firms and users.

This should be unacceptable to us all.

--Lauren--

Greetings. Google has announced an early implementation of Web Sockets in their Chrome browser, that shows much promise for helping to reduce a significant bottleneck in a variety of browser-based applications.

However -- and I'm gonna keep hammering on this! -- I still unfortunately cannot recommend Google Chrome as a general purpose browser until it includes reasonable per-site cookie controls at least up to par with what Firefox (and to some extent IE) natively offer. If this can be accomplished via a Chrome plugin, that's OK -- but there's no plugin to do this yet in Chrome as far as I know (am I wrong?)

I'm not a hardcore cookie hater, and clearly there are many reasonable uses for cookies, particularly for state control. But the "all, nothing, or no '3rd party' cookies" choice palette is insufficient. Users who wish to block cookies from specific sites (e.g. when they don't wish to be tracked by those sites) are typically stuck in Chrome with the only option being to turn off all cookies in a manner that breaks logins at most sites that require authentication.

Admittedly, some people get themselves into trouble with per-site cookie controls, by blocking cookies necessary to logins (creating the infamous "repeating login dialogue" effect).

But this is still not a valid excuse for users being unable to control -- per site and in detail -- how cookies will be managed in their browsers.

When I made earlier queries about this issue to Google, I was told that better Chrome cookie controls were on the wish list, but would have to wait. However, with so many sophisticated features now being rolled out for Chrome seemingly almost daily, the lack of better cookie controls -- which by all rights should not be a comparatively major implementation task -- seems more glaring. I might add that the same issue persists in the standard Android Web browser as well.

I hope that Google will move on this matter with due diligence.

--Lauren--