"50 Ways to Wreck the Network" - With Apologies to Paul Simon

"50 Ways to Wreck the Network"
To the tune of "50 Ways to Leave Your Lover"
With apologies to Paul Simon.

MP3 Audio (3:24 minutes / ~3.1 MB)

Lyrics Copyright © 2012 Lauren Weinstein. All rights reserved.

The problem is I worry too much,
I pondered one dark day.
But this Internet policy stuff,
Is so confused in every way.

It's as if somebody
Just wanted to take it all away.
There must be 50 ways to wreck the network.

It seemed Net speech was pretty free,
It was quite chill.
But now governments and Hollywood
Are circling for the kill.
And the Web is slipping into space
Where freedoms are quite nil.
There must be 50 ways to wreck the network.
50 ways to wreck the network.

Just block the whole site, Mike.
Go censor the file, Kyle.
Now spy on the mail, Dale.
And you're on your way

Do a bandwidth cap, Jack.
Takedowns in mass, Ash.
Steal the crypto key, Lee.
And watch the geeks flee.

Just ban the whole site, Mike.
Now censor the file, Kyle.
Go spy on the mail, Dale.
Who needs to be free?

Do the bandwidth cap, Jack
Takedowns in mass, Ash.
Steal the crypto key, Lee,
And watch them all flee.

There's ICANN's domain scam,
Cyber-scaremongers, too.
There are people blaming Web cookies
for everything but the flu.
It makes you wonder if folks realize,
how much they really have to lose.
There must be 50 ways to wreck the network.

So many leaders seem bought out
Or without clue.
And I thought to myself,
The title of this song isn't quite true.
When you start to think about it,
You can really get to feeling blue.
There's actually more than 50 ways to wreck the network.
More than 50 ways to wreck the network.

Do a DOS attack, Jack.
Go rip off the cert, Bert
Block the TLD, Lee.
Charge your usual fee.

Tear the servers apart, Art.
Downloaders in jail, Dale.
Screw the due process, Les.
Assume they're guilty!

Great DOS attack, Jack.
Ripped off the cert, Bert.
Blocked the TLD, Lee.
Charge your usual fee.

Rip the servers apart, Art.
Downloaders in jail, Dale.
Screw the due process, Les.
We won you see!

- - -

--Lauren--

The Somewhat Strange Saga of Twitter's New Tracking

You may have noticed an array of articles in the media last week proclaiming that Twitter is now supporting the "Do Not Track" Internet browser initiative.

The U.S. Federal Trade Commission (FTC) was talking about it. Even the White House blogged about this yesterday.

Regular readers may know that I've become rather dubious regarding the essential value of "Do Not Track" as currently being envisioned and implemented (e.g. Do-Not-Track, Doctor Who, and a Constellation of Confusion), particularly as this is frequently entwined with the senseless "demonization" of Web cookies (Google, Safari, and a Clamor of Cookie Confusion).

Just yesterday we heard about a $15 billion dollar class action lawsuit against Facebook, related to cookies and tracking. Now, I'm most definitely no friend of Facebook -- I refuse to even use them other than maintaining placeholder accounts -- but this lawsuit appears to be ludicrous, blatant litigation abusive opportunism in action.

My view on cookies in this context is fairly simple. I find it disingenuous to attack cookie usage when no actual, purposeful, or significant privacy-related harm to users has occurred.

Which brings us back to Twitter and Do Not Track.

With all the talk of Twitter now supporting Do Not Track, I wonder how many people stopped to think, "Wait a minute, what is Twitter tracking in the first place for which Do Not Track is even relevant?"

The focus on Do Not Track had the effect of de-emphasizing the fact that Twitter has now begun to deploy a broad, cross-site tracking regime, which will track and correlate your visits to non-Twitter sites that include (for example) Twitter-related buttons or other elements, as part of new system to make Twitter follower suggestions and provide additional upcoming features.

In other words, Twitter's new embrace of Do Not Track is in conjunction with default enabled, cookie-based tracking that they weren't doing at all up to now, a fact that was not highlighted (or in some cases even mentioned) in most of those stories and articles about Twitter last week.

Now personally, I feel that Twitter itself is handling this in a responsible way. Twitter has provided various mechanism to opt-out of their new cross-site tracking. You can use the browser Do Not Track mechanism if you wish (though I continue to consider that suboptimal for various reasons). You can opt-out via your Twitter profile. You can log out of Twitter (this stops tracking until you log back in). Twitter also says they will start deleting your detailed tracking data after about 10 days from collection. Twitter has also been proactive telling people about this, sending out email notifications.

So I have no problem with the functional structure of Twitter's new tracking system itself.

Still, it is very similar in essence to the sorts of tracking systems for which Google, Facebook, and others have been criticized. Twitter's system, like those others, is opt-out in nature rather than opt-in, though in reality this distinction is much less clear-cut and much more complex than most people assume (see Opt-In Dystopias).

It is understandable that promoters of Do Not Track chose to emphasize that aspect of Twitter's announcement, rather than the new tracking system that Twitter is deploying.

And again, I think that Twitter is handling their new initiative in a responsible manner.

Yet I do feel that it is important for us to understand the essential commonalities in these systems, whether from Twitter, Google, Facebook, or anyone else. We should not be playing "litigation gotcha," with fundamentally innocent cookie issues being warped into weapons -- to try extract massive fines and settlements -- when no genuine harm was done to users in the first place.

Ultimately, all the technical details of cookies and JavaScript and the alphabet soup of Web protocols aside, our use of the Internet is based largely on the trust we place in firms to handle our data responsibly.

Whenever I say this, I frequently receive responses that assert, "They're all the same! They're all crooks! None of them can be trusted!"

But this is all demonstrably not the case. Different firms have different management and ethical sensibilities, and attempts to paint them all with the same brush are not only simplistic, but just plain wrong as well.

Of course, it's our individual judgments as to whom to believe, whom to trust, and which firms we choose to patronize. That's true in the Internet world just as in our "brick and mortar" lives away from these display screens.

At the very least, we should strive for these choices to be based on reality rather than conjecture, to be the result of reason and not of reckless rage.

Otherwise, no matter how much false satisfaction we might feel for now, we're all the long-run losers.

--Lauren--

Google, Governments, and the Control of Search Results

A pair of Google-commissioned papers, one released just today, have triggered considerable controversy relating to ongoing antitrust investigations of Google by various regulators, including the U.S. Federal Trade Commission (FTC) and the European Commission.

The first of these reports explores issues of First Amendment protections as applied to search results, the latter examines various proposed "remedies" for the supposed "search bias" of which Google has been accused by some parties.

These are both relatively long, rather legalistically focused documents, and there have been complaints regarding their having been commissioned by Google itself.

Those complaints seem specious. The facts described by these reports are public record, open for everyone to see. The analysis presented in both will either stand or fall based on their own content, irrespective of who paid for their creation.

Perhaps of more concern is the fact that most of us aren't lawyers, and the majority of observers probably will not have the patience to dig through those detailed documents in their entirety.

So let's see if we can cut to the chase.

Why does Google exist? Or more to the point, if you use Google services -- and you probably do -- why do you do so? What are you (not in terms of topics, but in terms of your experience as a user) looking for when you use Google Search?

I believe it's appropriate to focus on Google Search here, rather than the range of other Google services. While Search is but one aspect of an increasingly interrelated palette of Google-provided services, Search tends to be the center of attention both for users and critics of Google.

It's popular in some quarters (particularly among Google's various adversaries), to refer to Google as a "monopoly," but this is demonstrably a false characterization by any normal definition of the word.

In fact, just a few days ago, a "Slate" author noted how trivially easy it was to switch from Google Search to Microsoft's Bing, and that he found the search results from Bing to generally be quite similar to those he obtained from Google.

So this brings us to the Search Results themselves.

Google's mission statement is well known: "To organize the world’s information and make it universally accessible and useful."

Yet have you ever really stopped to consider what "useful" actually means on the enormous and rapidly expanding Web?

There are many sources of "information" on the Internet.

If you simply want to look up the names and address of local merchants, you can use various "white pages" sites or other directories. If you're more interested in the additional data that paid advertising brings to your decision-making process, there are "yellow pages" sites, and a range of other directory sites for that purpose as well.

But when you go to a general purpose search engine, like Bing, or Google, or one of the many others, you're either explicitly or implicitly almost always looking for opinions or answers.

*Opinions* -- opinions in terms of the search engine's recommendations about which sites will most usefully meet the criteria of your search, and the key word here is very much *usefully*. For when looking at organic (natural, non-ad) search results listings, you're almost always actually seeking an appraisal, an opinion, not a simple directory listing per se.

That's what Google and Bing (to name just two) try to accomplish. They attempt to provide useful opinions about which sites on the Net will be most useful to answer your query, or when your query is such that a direct answer can be provided, to offer that result directly for your convenience, as well as a list of recommended sites for relevant additional perusal.

This is the very essence of providing the best user experience. This is the goal, what these sites are actually all about.

And succeeding at this complex task, by definition, involves value judgments -- opinions. In this case, opinions and judgments made by complex algorithms, constantly being tweaked to make sense of the essentially infinite range of possible combinations and Internet destinations, not to mention accomplishing the enormous task of weeding out spam, phishing sites, and sites trying to unfairly "game" the system through various forms of subterfuge.

Understanding these efforts by search engines -- not only by Google -- to provide genuinely *useful* search results is important toward recognizing why demands for nebulous and dangerous concepts such as "search neutrality" make no sense, and would be utterly disastrous to users.

Because "search neutrality" would literally represent -- one way or another -- the government dictating the opinions of search engines, micromanaging search results, and inevitably morphing search engines from providers of useful answers and recommendations, into "fend for yourself" directories and listing services.

In fact, the concept of compulsory "neutrality" is effectively contradictory to the candid presentation of opinions. Honest opinions are almost never neutral. It's like the old Soviet Union, where you were free to publicly and impotently espouse any opinions you wished, so long as they were identical to the formal party line.

Trying to enforce "neutrality" in search results means that algorithmically evolved judgments to usefully order sites for the best query results become forbidden -- resulting in a chaos of lost confidence at the hands of government associated "search purity" bureaucrats.

To make information *useful*. That's the goal of Google, and Bing, and the many other sites that index the Internet in various ways. There are many choices, many options, many opinions, innumerable points of view.

Concepts such as "search neutrality" would be a death knell to genuinely useful, reliable, and trustworthy search results, and provide the government with an unprecedented ability to control the presentation of Internet information as it sees fit, now and into the future.

Personally, I very much prefer to have search results decisions in the hands of Google, and Bing, and the other organizations whose agenda is providing maximally *useful* information for the global community of Internet users.

Enforced "search neutrality" could easily mean the end of search as we know it, and the beginning of a broad, encompassing, government-mandated Internet information control dominion.

That's my opinion, anyway.

--Lauren--

Torches, Pitchforks, and Google Privacy

Quickly! How is President Obama's birth certificate like discussing Google privacy issues? Got it yet? Still thinking? Sorry, time's up!

The answer is -- regardless of how logically and rationally you approach either of these topic areas -- there are people who insist on forcing fetid fairy dust into the discussion, invoking a range of "what if" and conspiracy scenarios suitable for late night cable TV viewing.

I should know better by now. Really I should.

Someone (probably not Albert Einstein, Benjamin Franklin, or Mark Twain -- despite what you may have heard -- but possibly mystery writer Rita Mae Brown) once said that "the definition of insanity is doing the same thing over and over and expecting different results."

By that rather clinically problematic definition, maybe I should have joined the tea table with the Mad Hatter long ago. Clean cups! Clean cups!

I keep attempting to discuss privacy topics with a rather cold logic that might earn praise from the Vulcan Science Academy, but some of the reactions I get seem to be straight out of Clown College.

No, wait. That isn't being fair to clowns. Not at all.

I'll put it another way.

My posting from last Saturday -- How "Privacy Correctness" Is Leading Us Dangerously Astray -- generated a range of responses.

Many of these were thoughtful indeed, on all sides of the relevant arguments. This seems completely appropriate. It isn't chopped liver we're talking about, these are complicated issues involving "bleeding-edge" aspects of society, philosophy, and technology. There are no easy answers. This is hard stuff, and reasonable people can be expected to disagree in significant ways regarding these subjects.

Yet what can throw you for a loop is when you receive rants that cause one to question whether or not we're all currently even living on the same planet.

It seems that whenever privacy issues are invoked, especially any that involve Google, there are folks out in the Internet ether who immediately start dousing torches with kerosene and sharpening their pitchfork prongs for maximal effect. And we know what usually follows in the next scene.

A great deal of this -- what I will tactfully label as overenthusiasm -- is likely the direct result of misinformation about the underlying reality of how these complex technologies and systems work, blended with a strong dose of emotion.

I'm also forced to somewhat cynically suspect that various other aspects of the dramatically illogical reactions -- in some cases, anyway -- are calculated specifically to damage any parties who dare express views not in compliance with the privacy "party line," and perhaps also to keep some groups' funding tills teeming.

Still, much of the village mob contingent is seemingly being driven by human nature, and (very likely, I'd assert) by the overall radicalization and coarsening of discourse in our ever more toxic political environment.

So the arrays of associated obscene diatribes inflating my inbox shouldn't be a surprise, even as they are disappointing.

Again, these topics are difficult, and important. They are very much in need of exposition and spirited dialogue.

But frankly, the time I spend on these issues does not improve my health nor good looks, and definitely doesn't help to pay the bills.

I will not engage with anyone who is unable or unwilling to show a minimum of common courtesy.

Agree or disagree with my stands on the issues as you will. I would hope for no less. But if you can't be civil, if you can't be rational, if you're going to insist on spiking your communiques with the sort of nonsensical, fallacious filth that has become all too common in the political realm, I will treat your messages in the same manner in which I dispose of spam, frauds, phishes, and unsolicited holiday fruitcakes.

On the other hand, I most certainly welcome the opportunity to work with anyone who is seriously interested in these matters -- so cogent contacts and reasoned discussion are always appreciated.

And you don't even need to show your birth certificate.

Isn't that a relief?

--Lauren--

How "Privacy Correctness" Is Leading Us Dangerously Astray

You're probably familiar with the term "politically correct" and its ramifications. Simply stated, "political correctness" relates to the narrowing of discussions, often by focusing on specific examples of "violations" (in a range of circumstances) that in reality do not have notable intrinsic, relevant, or significant impacts.

Political correctness can be purposely used as a weapon to manipulate debates, or it can be the result of genuine confusion regarding the actual facts of a situation. Frequently, political correctness issues involve both of these facets.

As we look at the almost daily parade of supposed "privacy problems" that splash across the Web and other media, followed by calls for investigations, massive fines, and sometimes large-scale governmental interventions -- a fundamental question arises.

To what extent are we concerned about actual, important, substantive privacy concerns, and conversely, to what degree are we engaging in -- perhaps to coin a phrase in this context -- unwise, counterproductive, manipulative, and even potentially dangerous "privacy correctness."

At first glance, it might appear that the seeming sheer complexity of the technology surrounding privacy these days would make such determinations difficult.

Cookies and Flash, JavaScript and AJAX, encryption and targeted ads. And so on. How can anyone be expected to untangle all this in terms of privacy concerns?

In reality though, the complex nature of these technologies -- many of which are key to providing and helping to pay for services that users have come to expect, usually without charge -- offers a clue that we may be spending our time looking in the wrong places.

One thing we can be absolutely sure about is that new, even more complex technologies -- many of which may have privacy-related ramifications -- will be arriving almost continually. To assume that everyday users of the Web and other environments will have the time or inclination to understand the functioning and external relationships of these underlying mechanisms seems unrealistic at best.

In fact, as we've seen in recent cases involving Google and their use of Web cookies and collection of unencrypted Wi-Fi data , even hard-core techies and experts on these systems may at times become enmeshed in "privacy correctness" quandaries, with various forces insisting that particular actions represent serious privacy violations, while other observers see only insignificant transgressions or none at all.

Cookies and Wi-Fi have been around for many years. What of new technologies coming down the line? Are we going to go through these battles individually and repeatedly, expecting consumers to incorporate such ever more intricate complexities in their various combinations into their routine Internet usage decisions?

And what of the impacts that considerations of genuine privacy concerns, vis-à-vis "privacy correctness," will have on issues of great import to society at large, such as calls for vast communications surveillance regimes, expansive cybersecurity legislation, and so on?

There are some guidelines that I use in my own analysis of these issues today, that may be generally useful in these respects.

First, like it or not, what's public is public. I say this a lot, and many people don't really like the idea, but that doesn't change the underlying truth.

It is foolhardy to pretend that something already out in the public sphere, especially (but not necessarily) on the Internet, can then somehow be effectively restricted or controlled. Trying to convince people otherwise is quintessential "privacy correctness" and can dangerously lead to false assumptions about what information is or is not actually available publicly.

Efforts to restrict information that is already public, ranging from governmental data, to photographs easily taken from municipal streets, to unencrypted Wi-Fi signals, can only serve to harass legitimate and innocent usage, while "bad players" will find ways to continue essentially unencumbered. Public is public. Period.

But what about data that isn't public, that has been shared with individual entities perhaps? This is the category that sheds light on what I would call true privacy problems, in contrast to generally false "privacy correctness" issues.

Except where absolutely mandated by law, when personal information provided to or collected by one organization is sold or otherwise provided to another organization without the explicit permissions of the persons involved, a significant privacy violation may well have occurred.

Health information, financial transaction data, communications addressing and contents, Web search activities, and so on -- these are all types of data that users have a right to expect will routinely stay in the hands of the entities they've chosen to trust. Genuine violations of that trust, allowing user data to flow to third parties without user permissions or valid court orders, can be devastating to users and ultimately to the organizations involved as well.

On the other hand, cavil complaints about complex Web cookie handling, especially in the course of providing services that users have requested, and in the face of contradictory and confusing technical specifications, appears to fall squarely back into the realm of disingenuous "privacy correctness" machinations.

I mentioned trust earlier. In the final analysis, trust is a cardinal aspect of our dealings in all aspects of our lives, online and offline.

On the Internet, on the Web, if we trust the organizations that we've chosen to patronize -- whether we're paying for their services or not -- it makes little sense to endlessly engage in an attempted micromanagement of their underlying cookies, JavaScript, or other rapidly evolving technologies, or to play a fundamentally exploitative form of "gotcha" when technical lapses occur that do not have actual privacy-damaging characteristics as I noted above.

And if you don't trust a firm enough to accept this, perhaps you should consider taking your business elsewhere. If you insist on assuming that most Web businesses are fundamentally evil, and can't be trusted regardless of how well behaved they are today, then perhaps you should consider, for your own peace of mind, not using the Internet at all.

Or, we can endeavor to see beyond the specious premises of "privacy correctness," and concentrate instead on actual, genuine privacy problems that are deserving of our serious attention.

What may seem at first to be "correct" -- isn't always right.

--Lauren--

Al Capone's Ghost Congratulates ICANN

X-Ethereal-From: Alphonse Gabriel Capone
X-Date: Fri 4 May 2012 20:02 ZDT
X-To: ICANN (Marina del Rey, California, U.S.A., Terra, DIM489Q94-0003)
X-Subject: Congratulations on your great work!

Gang,

I know that this letter will come to you as something of a surprise, given that we don't know each other, and I ceased my corporeal existence over 60 years ago.

I don't get many chances to write, but I was able to obtain permission this time so that I could congratulate you all on a job well done!

Back when I was alive, I was very interested in finding ways to turn new inventions and technology into quick money. Many of the techniques I chose may not have been entirely legit, I'll admit, but you guys have exceeded anything in my wildest imagination, and completely legal, too!

You can guess by now that I'm referring to your announcement today that your fantastic Internet gTLD top-level domain name racket had raked in more than a third of a billion dollars! Even with inflation from my day, that's a hell of a take, and you haven't even collected all the payments, and this is all with your application system still broken after a month! Amazing!

Yes, I've been watching your wonderful activities for quite sometime!

I know you're probably unaware that we have fairly good Internet access service here now. We recently switched over to using the DTN (Delay-Tolerant Networking) protocols designed for outer space projects, since typical delays to us are, shall we say, even more of a hassle.

I've gotta tell you though, if you boys had been around Chicago when I was in my prime, we might have had a serious competition going.

You know I made a lot of money, most of it from booze but quite a bit also from the girls and gambling and "protection" we could provide. OK, I also bought a lot of milk for school kids and opened up soup kitchens and such. I'm a family man at heart.

But you're putting me to shame. 350 thousand thousand dollars, plus! I think about all the meals for the needy and health care and other things your depressed 21st century economy needs, and you've still managed to suck all that dough out of people's hands, and real moola too, not those stock payments we hear about so much now.

I saw a note where your outgoing boss even said publicly that you are deep with conflicts of interest, yet you still plow ahead with your protection racket to make a relative few incredibly wealthy at the expense of the entire world, and increase confusion, spam (we get it here, too!), and other Internet-related crime that will result. Now that's moxy!

If I still had a body, I would bow to you, and that would be a first for me.

I wish we could have worked together. You're my kind of crooks.

Don't bother writing back. But I'll be watching ya', and loving every minute!

Sincerely yours in admiration,

"Al" Capone, Deceased

- - -

--Lauren--

Black Magic, Big Lies, and the Perverting of the Internet

Author Arthur C. Clarke has been famously quoted as saying, "Any sufficiently advanced technology is indistinguishable from magic."

His assertion may be arguably correct, but he neglected to make an important related stipulation. Was he referring to good magic or bad magic? Did he mean the wondrous powers of Glinda or the dark arts of the Wicked Witch of the West?

Does it matter? Isn't technology fundamentally just a set of tools, mechanisms that take on the ethics (or lack of ethics) of those who wield them?

One need only look at the way Internet-related issues are being perverted for greed and political advantage, at the manner in which Big Lies are dispensed like candy, to see the evil side of the equation at work.

Even persons who feel that they are soundly grounded in science, the folks (yes, like me, too) who smile knowingly at the foolishness of evolution deniers and global warming doubters, who jeer at nutcase sheriffs and Tea Party toadies -- yes, we're no different in this respect -- we too can be fooled.

The toxic cauldron of "gotcha" and Big Lie politics, the rise of illogical conspiracy theories and designated enemies, wars without end, so-called "friends" we've never really known -- all these and more have seeped into our collective consciousness, have gradually undermined our rationality, our thinking, and have likely made most of us perhaps more than a little bit crazy.

It's as if we now reside within a recurring "Groundhog Day" version of "The Emperor's New Clothes" -- with fabrications promoted as reality, and dissembling touted as truth.

In the Internet space, the examples -- many of which I've discussed extensively in the past -- are all around us, dripping with the putrid smells of greed, and the lust for power and political control.

Much vitriol is directed at Google these days -- perhaps to be expected with such a large target, comprised (as are all firms) of imperfect human beings.

Yet many of the accusations and their promoters are without logic, are senseless upon the application of even a modicum of serious thought.

Google is accused of what amounts to vast privacy conspiracies, even though no evidence of such is present, and even given that engaging in such behavior -- with competitors essentially just a click away -- would likely be suicidal. Millions of words are angrily written about Google's legal, though officially unsanctioned, collection of fragmentary, unencrypted Wi-Fi data from public airwaves, of exactly the same sort that any of us could easily gather with any modern laptop or cell phone in a simple drive around practically any neighborhood in the industrialized world. Whole websites are devoted to this "wardriving" hobby, and entire industries have been built upon such technologies, yet the Big Lie is that Google has done something awful in this vein.

ICANN, castigated by their own outgoing CEO as being rife with directly relevant conflicts of interest, continues to pursue its extortionist domain name expansion "gold rush" scheme, to suck billions of dollars from the global community toward the enrichment of anointed sycophants, their hands outstretched to pick the pockets of the world during already painful economic times. ICANN's Big Lie in this instance is that the Internet needs all these new gTLDs, that somehow the average Joe and Jill will benefit, while in reality the result will be more confusion, more spam, and more crime for all but the chosen few who will sit at the top of the increasingly corrupt Domain Name System pyramid.

The handful of dominant U.S. ISPs fight against Net Neutrality, against even the merest hint of regulations, while piling on arbitrary bandwidth caps, data throttling, and anticompetitive streaming services carefully positioned to take maximal advantage of these giant ISPs' massive control over most persons' Internet access. These firms claim that this is all to the consumers' advantage. This is yet another of the Big Lies, indeed.

Our leaders proclaim that "other countries" are the evil censors, the Internet blockers, the enemies of freedom. And yet it is the USA itself that has perverted the rickety obsolescence of the DNS into a weapon for site shutdowns and global censorship without due process, that supplants free speech and liberty with the greed of entertainment industry behemoths, and is now using legitimate cybersecurity concerns as an excuse to decimate privacy laws while claiming they're doing exactly the opposite. These are all facets of a Big Lie we've collectively heard innumerable times down through the centuries -- that this is all for our good, that anyone who complains is an idiot, unpatriotic, or both -- and that we should all just shut up and be docile, cooperative sheep to be sheared.

I've worn out many a keyboard writing of such things in the past. I've made my voice hoarse in discussions.

I have no desire to tilt at windmills. I do not underestimate the forces arrayed to not only protect the status quo, but to push the dark side ever deeper into our wallets, our lives, our very thoughts.

But if we continue in our complacency, in our willingness to be manipulated by Big Lies and Big Greed, we will not only have failed to fight the enemy, to at least try to make some degree of fairness and rationality an underpinning of our technologies and technological world, but we will have allowed ourselves to be consumed -- one lie at a time, one bite after another -- by the beasts of our own creation.

--Lauren--

Scathing New Report Accuses Google of Unauthorized Air Collection

WASHINGTON (ZAP) -- It's been a bad week for Google. First, a Federal Communications Commission (FCC) report -- released in essentially unredacted form by the search giant itself -- accused the provider of free Internet services of inappropriately collecting fragmentary, unencrypted, publicly available Wi-Fi data via vehicles engaged in their "Street View" mapping project. Though Google asserts that these completely legal activities were not sanctioned by management, and the FCC admits no laws were broken, the Commission demonstrated its condemnation of lawfully receiving plaintext transmissions from public airwaves by fining Google $25,000.

Now -- in a stunning double blow to Google -- comes word of an upcoming joint report from the U.S. Food and Drug Administration (FDA) and Environmental Protection Agency (EPA), that will reportedly castigate Google for permitting their Street View drivers to breath air without prior authorization in the vicinity of homes and businesses passed by Street View vehicles.

A leaked excerpt of the FDA/EPA report states that, "It is likely that Google's Street View drivers directly inhaled carbon dioxide and other atmospheric components that had been previously respired by occupants of local dwellings and commercial facilities, without having first obtained explicit permission to do so. We additionally note the strong probability that Street View drivers so inhaling may have illicitly and at least temporarily incorporated some elements of such insufflations into their body tissues, without practical mechanisms having been prepared by Google for the categorization and separation of authorized vs. clandestine utilization of associated molecular constituents from associated atmospherically amalgamated respiratory contents and gaseous chemical fractions."

The trenchant report also stipulates, "While it is true that virtually any terrestrial oxygen-dependent organisms with conventionally configured lungs would have been easily capable of breathing the same air, in the same locations, in a similar manner, we hold Google to a higher standard than merely what's legal and necessary to sustain life, and are contemplating punitive actions including fines plus strict sanctions and prohibitions against Google employees respiring public atmospheric components, whether authorized or not."

An appendix to the report indicates similar concerns on the part of European Union (EU) leadership, including a quote from the EU Commissioner for Tropospheric Privacy, proclaiming, "Here in Europe, we take the privacy of citizens' exhaled carbon dioxide, nitrogen, and even argon with enormous seriousness. If we determine that Google Street View drivers have been ingurgitating these materials into their bodies without permission while driving public thoroughfares, the full and powerful dynamism of EU enforcement regimes will be brought to bear directly and firmly on such incorrigibly aerobic corporate scofflaws."

A Google spokesman had no immediate comment regarding the new FDA/EPA "breathing violations" report, but could be heard repeatedly bashing his head into a nearby office wall.

- - -

--Lauren--
"Yes, this is a satire."

Stopping Congress' Cybersecurity CISPA Nightmare

In the wake of the 9/11 tragedies, the U.S. Congress rushed to quickly pass the ostensibly anti-terrorism PATRIOT Act. While we can reasonably view their motives as mostly virtuous at the time, over the years many observers have come to view PATRIOT as a classic example of bad, knee-jerk legislation, that had far more of an impact in terms of damaging the civil liberties of honest citizens than it did genuinely fighting true terrorism.

In their scramble yesterday to pass CISPA -- H.R. 3523: The Cyber Intelligence Sharing and Protection Act of 2011 -- Congress' House of Representatives has created a framework for attacks on civil rights and privacy that not only far exceed the abusive potential of the much despised (and currently sidelined) SOPA and PIPA legislation, but also that of PATRIOT itself.

It didn't have to be this way. We can all acknowledge that cybersecurity is a serious issue, and that real cybersecurity threats do exist.

But as I've noted in CISPA, Cybersecurity, and the Devil in the Dark and elsewhere, cybersecurity has become a new target for exploitation by intelligence agencies and commercial profiteers alike, and CISPA legislation in particular has seemed increasingly problematic from the word go.

The rumor was that various amendments would be added to CISPA before yesterday's House vote, to correct some of the more egregious privacy problems contained in the main legislation.

Instead, in an absolutely stunning display of disrespect for legitimate privacy concerns and other civil rights, the House not only failed to make the legislation better before passing it by a 248 to 168 margin, but by voice vote they actually made it incredibly more dangerous and outrageous.

The result is one of the most toxic witch's brews against civil rights and privacy as can be imagined.

Overriding decades of privacy protections in current law, CISPA would now permit firms and other organizations to hand over to authorities vast quantities of your personal Internet communications -- essentially any and all of it -- whenever it is felt that essentially undefined "cybersecurity" events are at hand. No judges, no warrants, no probable cause required.

High school student trying to crack a system to download a game for free? Cyberattack declared!

Misconfigured hardware or software causing a denial of service problem? Cyberattack declared!

Anything that seems at all out of the ordinary and you want to pass the buck as quickly as possible? Cyberattack declared!

It's obvious that with only a modicum of imagination it will be trivial to declare a cyberattack or other "cybersecurity event" to trigger CISPA virtually on demand.

But wait, it gets better (as Darth Vader might say). All of this personal Internet data turned over to the government isn't restricted to fighting cybersecurity attacks per se.

Not only can it be shared with intelligence agencies, where it will tickle and enhance vast databases the names of which we couldn't even imagine without an SCIF clearance, but this data could also now be used for a vast range of other purposes, even including (somehow you knew Congress was going to work this in there somehow) fighting child porn.

And any entities sharing your private data with the government under CISPA are covered by broad liability immunities in the legislation, that will encourage them to divulge private data first and ask questions ... maybe never.

We all want to protect against real cyberattacks, child porn, and terrorism.

But CISPA has evolved -- especially after the House's actions yesterday before passage -- into one of the most potent spying and civil liberties adverse pieces of legislation ever proposed, much less passed by a branch of Congress.

In light of this, firms who expressed support for CISPA in the past would be wise to reevaluate their positions, and those who have taken a neutral stance might now wish to at least consider a formal statement against the legislation in the form passed by the House.

The U.S. Senate has yet to take action on CISPA, and President Obama was threatening to possibly veto it even before the House's travesties of yesterday.

But if you objected to SOPA and PIPA, if you care about the privacy of your Internet communications, this is no time to be on the sidelines.

Tell your Senators and the President in no uncertain terms that you want appropriate cybersecurity legislation, but that you are unwilling to flush your civil rights down the toilet in the process. And do keep in mind who voted for CISPA in the House. You may want to express your displeasure to them as well.

CISPA has become a dramatic demonstration of good intentions on the part of some being warped by the bad and greedy intentions of others, and of Congress -- at least the House of Representatives -- seeming to show a disdain of liberty that is awesome in its recklessness.

Like I said, it didn't have to be this way. We do definitely need responsible legislation dealing with serious cybersecurity issues -- no doubt about it.

Yet without major changes to protect our rights, CISPA is a trap, a pit in the darkness, a nightmare in waiting for us all.

CISPA and its kin must be definitively, absolutely, and unambiguously stopped in their tracks.

--Lauren--

A Reminder About the "DNS Changer" Trojan

There's been a lot in the news today about the DNS Changer trojan, still likely affecting vast numbers of PCs and Macs. With the renewed push to remind users what's at stake, I wanted to very quickly provide a recap and a list of useful resources regarding this important issue.

DNS Trojan has been around for approaching five years or so, but last November a massive effort by the FBI and others resulted in a number of arrests and the seizure of associated server systems.

At its peak, perhaps an estimated 14 million computers were involved globally.

What's particularly insidious about this situation is that users' systems could be infected with DNS Trojan for long periods, which resulted in their Internet activity being diverted through compromised DNS servers and opening up vulnerabilities to even more infections, without users even being aware of what was happening.

When the related server systems were seized, it created a quandary. If the servers were simply disconnected, all user systems currently infected with the trojan would no longer resolve Internet domain names to addresses, and would for all practical purposes be "cut off" from the Internet.

While it is relatively straightforward to solve this situation if you know the procedure and have the necessary information, fixing this is not something that is obvious to most users.

So it was arranged for "clean" DNS servers to temporarily replace the nasty ones, originally until last month, and then extended to July 9. This kept users with contaminated systems from losing most Internet connectivity, but didn't actually remove the trojan, either.

So barring another court extension, systems that are still infected with DNS Changer that have not cleaned out the Trojan and repaired their DNS systems, are going to lose their address resolving capabilities on July 9, and that means they won't be accessing any websites in normal manners.

Whatever your location (this attack was not limited to the U.S. alone), it is important to verify that your systems, both PC and Mac, are free of DNS Changer as soon as possible. Don't wait for the deadline!

Here are some useful resources to help with this:

A good overview article from PC World provides a lot of background information and additional links.

The DNS Changer Check-Up site will give a quick "green" or "red" status on your system, though it is not guaranteed to be 100% accurate since ISP-based actions to deal with this situation may fool this test.

The official FBI page explaining the Trojan and more details regarding what was known as "Operation Ghost Click" is also definitely worth visiting.

The important thing to remember is that while you have a couple of months before the actual shutdown that will affect infected systems, you should act now to make sure your systems are clear of DNS Changer, and avoid being unpleasantly surprised down the line.

If you have any additional questions, please drop me an email and of course I'll try to be of assistance.

Take care, all.

--Lauren--

Google and Others: Evil, Weird, or Something Else?

An interesting article appeared today in The New York Times, titled Don’t Be Evil, but Don’t Miss the Train.

While I don't agree with everything in that piece, it does take an unusually nuanced view of complex situations involving Web giants like Google and others, topics that all too often are reduced to simplistic (and inaccurate) platitudes in the media.

I would assert that there's an important, implicit lesson that comes from the article's discussion as well: Communication is Critical.

For example, the article notes the (once again in the news) story of Google's collection of unencrypted Wi-Fi "payload" data from their Street View vehicles, which has triggered complaints both in the U.S. and other countries. The article says about this:

"Evil? Hard to know. But certainly weird..."

This is a particularly interesting assessment. Why is it "hard to know?"

I've long been on the record as believing that way too much has been made of Google's Wi-Fi lapse, which I do believe was entirely accidental.

But we're wrong to assume that everyone will automatically make the same assumption or even believe it.

After all, what percentage of politicians, or Internet users in general, have done packet level debugging, or know what "tcpdump -w" does -- or have even heard of "tcpdump" for that matter? And what proportion of typical Internet users have experienced how easy it can be to accidentally leave debugging code enabled in deployed and distributed software?

In the absence of relevant communications and information, it's an unfortunate aspect of human nature to assume the worse, to start believing the conspiracy theories, and in fact to play into the hands of those forces who purposely spread misinformation about their competitors or other "designated enemies."

When users can't get substantive answers to their questions or meaningful responses and explanations for their problems, they're not going to be concerned with issues of scale, they're only going to know that they feel like they're being ignored. And especially for folks with relatively serious issues, this is a recipe for damaging rumors and bad relations all around, especially when such cases, even when based on misinformation or misunderstandings, go viral and break through into mainstream media. Problems that could have been easily solved early on can quickly evolve from annoyances to public relations nightmares, and worse.

It's all too easy for we technologists to assume, even if only subconsciously, that "most people" will be of a similar mind as ours, and will react in much the same way that we and our colleagues would be expected to behave in any given situation.

Much or even most of the time, this assumption is simply not in conformance with reality.

None of this is usually a question of good or evil per se -- like the rest of the world, technology doesn't actually work that way.

But it is very definitely true that communications with users is key, and in the long run will usually be worth whatever it costs to provide, both in terms of people and funding, for Web services of every size, from the very smallest right on up.

In this way, we all stand a good chance of avoiding having our well-meaning actions (and our innocent mistakes) being misinterpreted as confusing, or arrogant, or weird, or worst of all of course -- as evil.

--Lauren--

Why Preserving an Open Internet is Now the Most Important Thing in the World

Almost a year ago, in Why the Internet is the Most Important Thing in the World, I suggested that the Net had gained this status due to its massive and increasing role as the infrastructure for all manner of electronic communications and information accessibility on the planet, and as such had become the preeminent enabler for solving all manner of critical problems facing the global community.

In the months since then, we've seen battles over SOPA and PIPA -- both pushed back for now, though anyone who believes the RIAA and MPAA are just taking their marbles and going home should consider the discount purchase of a classic old bridge connecting Manhattan and Brooklyn. In fact, the entertainment behemoths have made it clear that this is only Round One.

We've seen the F.U.D. (Fear, Uncertainty, Doubt) regarding "cyberwar" ratcheted up to a fever pitch -- especially by those parties in a position to handsomely profit from the cybersecurity arms race -- giving birth to CISPA legislation that I consider to be highly problematic and potentially dangerous in its current form.

Around the world, countries are generally not becoming more open regarding the Internet, they're become less so, sometimes dramatically less so.

This isn't happening only in China, but also in Australia, India, Great Britain -- and elsewhere, including here in the U.S.A. as well.

All manner of ostensibly reasonable justifications -- from politics to security to economics (and of course "protecting children") -- are being flogged for all possible advantages by those parties who prefer a tightly controlled and censored Internet, rather than an open one. I choose to assume that the purveyors of a restricted Internet truly believe in their causes and mean no evil, even though I feel that their models could easily morph the Internet from a wonder into a nightmare.

And then there are the various Web services' so-called "walled gardens" -- the most obvious of which is Facebook, which has become something of the "roach motel" of user data -- the raw material of the social graph flows in, but very little can be viewed or searched from the outside.

In general, as increasing amounts of Web activity become entrapped inside closed ecosystems, whether Web-based per se or within "restrictive app"-environments (though not all app environments need be restrictive) -- the Open Internet become less and less ... open.

Google's co-founder Sergey Brin recently discussed his concerns about the deterioration of the Open Internet.

I think he was 100% spot on the mark, but some observers have suggested that his comments simply represented Google's economic concerns.

Obviously, Google's fortunes are largely tied to the Open Internet, without which, services such as broad-ranging search and many other key functionalities would be impossible.

But this does not in any way invalidate Sergey's commentary.

Because in many respects Google's ability to "organize the world's information and make it universally accessible and useful" (as noted in their mission statement) is very much a direct measure of the Internet's openness for all of us.

Google thus becomes the designated target for those forces who wish to remake the Internet into a meek, censored, tightly controlled shadow of itself. And at the same time Google becomes something of a proxy for all of us who depend upon the Open Internet -- even those persons who never use any Google services.

This is the fundamental reason why we see Google at the center of so many battles related to the "soul" of the Internet.

Yes, Google's business model is largely dependent on the Open Internet to succeed, the same Open Internet that is in all of our best interests -- all of us who are true believers in freedom of speech, civil rights, and equitable access to information, that is. And that category of "true believers" also includes everyone I've ever known at Google, irrespective of economic issues.

Ultimately though, this isn't about Google at all, no matter how disingenuously "closed Internet" advocates attempt to frame their arguments.

An Open Internet is increasingly absolutely essential to freedom of communications, freedom to search, freedom to learn, and just about every other freedom you or I could list.

Communications. Information. It is through these concepts, these realities, that innovations are created, problems are solved, dictators are vanquished, and the world advances.

And similarly, it is through control of these constructs, restrictions on information and communications, that ideas are crushed, lives are enslaved, and dictators flourish.

It has always been so, one way or another, since the dawn of mankind.

We need not posit conspiracies or secret societies to understand why the "big picture" concerning the Open Internet is of such concern, or why our actions now are of such crucial importance.

The Internet is the underpinning of our technological future. That future can be open and glorious, or it can be closed and potentially grotesque beyond measure.

Personally, I'll vote for open and glorious, every time.

--Lauren--

CISPA, Cybersecurity, and the Devil in the Dark

The threat of "cyberattacks" is real enough. But associated risks have in many cases been vastly overblown, and not by accident of chance.

The "cybersecurity" industry has become an increasingly bloated "money machine" for firms wishing to cash in on cyber fears of every stripe, from realistic to ridiculous. And even more alarmingly, it has become an excuse for potential government intrusions into Internet operations on a scope never before imagined.

There are warning signs galore. While we can all agree that SCADA systems that operate industrial control and other infrastructure environments are in need of serious security upgrades -- most really never should have been connected to the public Internet in the first place -- "war game" scenarios now being promulgated to garner political support (and the really big bucks!) for "cyber protection" have become de rigueur for agencies and others hell bent for a ride on the cybersecurity gravy train.

Phony demos purporting to illustrate mass cyber attacks are more akin to Fantasyland than reality, and the turf war between the Department of Homeland Security (DHS) and intelligence agencies such as CIA and NSA in this sphere should give all of us cause for significant concern.

The Cyber Intelligence Sharing and Protection Act (CISPA - H.R. 3523) has become the embodiment of hopes for those entities who hope to turn overblown fears of cyber attacks into a pipeline for potentially massive access by government into the private data of Internet users.

Sponsors of the legislation tout its relative shortness and generality, but those are precisely among the aspects that make this legislation so problematic.

CISPA effectively overrides virtually all existing laws related to Internet privacy protections. And since CISPA offers firms access to government cybersecurity "threat data" in exchange for ostensibly voluntary feeding of data back from those firms to the government, and provides for broad protective immunity for companies that choose to do so, a pantheon of tech heavyweights have lined up in support.

Just a few of the firms who have to various extents professed direct support of CISPA include Facebook, Symantec, Verizon, IBM, Intel, Microsoft, and Oracle. There are many others.

Notably absent from this list is Google, who has not taken a formal position on the existing CISPA legislation and apparently is unlikely to do so.

Google's current approach to CISPA seems particularly prescient.

While it would be absolutely incorrect to attribute bad motives to the firms supporting CISPA, the legislation itself is in my view so vague and general that it represents largely an "empty vessel" capable of enormous potential damage if deployed and then subjected to the inevitable stream of court interpretations.

CISPA claims to ban using data collected under its authority for other than cyber threat activities. But we've seen such data compartmentalization bans fall many times before in other data collection contexts.

Since the legislation creates such a broad override of existing privacy protections, and such encompassing immunities for firms that provide associated data to the government, the lack of specificity in so many aspects of CISPA creates what could be the opportunity for a "perfect storm" of abuses down the line.

There are indeed genuine risks of serious attacks on the Internet and connected infrastructural systems. But in the fog of the military-industrial complex's rapid push into this area, it has become obvious that realistic assessments are being shoved aside in favor of scare tactics, agency power struggles, and "get rich quick" scheming.

This entire area has become a quintessential example of sowing F.U.D. -- Fear, Uncertainly, Doubt -- while legitimate questions of privacy and individual rights are purposefully being marginalized.

We saw much the same thing happen after 9/11, with the knee-jerk rush to pass the PATRIOT Act and Homeland Security Act, with a range of profiteering and abuses against individual liberties that then resulted -- even leading the U.S. down the evil path of torture.

We must avoid a repeat of this madness.

Information sharing can be a crucial element of cybersecurity, but for legislation addressing this area, the devil is very much in the details, and the lack of details in CISPA is an invitation to possible privacy disasters.

To the extent that cybersecurity threats do exist, the desire to quell them must not be permitted to run slipshod over our personal privacy, liberties, and associated protections in existing laws.

We can work together to help protect ourselves from actual cyber threats, without allowing ourselves to become cyber schnooks in the process.

--Lauren--

Facebook, Instagram, Google, and the Monopoly Fallacy

Ah yes. The Net is abuzz with the sound of a billion dollars (I'm refraining from the Dr. Evil references with great effort) landing in Instagram's lap, courtesy of Mark Zuckerberg's Facebook. And whatever the associated mix of cash and Facebook stock turns out to be, that's one hell of lot of moolah for a firm that's only been around a couple of years, has a grand total of 13 employees, and zero income (not to mention nada profit).

They don't even have their own infrastructure -- they use Amazon Web Services array of servers, though one might assume now that at some point those functionalities will be assimilated into Facebook's farm.

But what really fascinates me about this acquisition is how it puts another nail firmly in the coffin of false arguments that Google, Twitter, or various other large Web services firms are monopolies in their operational spheres, potentially or currently in need of antitrust enforcement.

What is Zuckerberg really buying with Instagram?

The entire management and staff of the company can be counted on three hands, with fingers to spare. Good people to be sure, but probably not worth a billion dollars.

What of Instagram's core technology -- letting people take photos, pretend to be artists by applying various filters (a capability provided by innumerable other programs and apps), then sharing the results with their so-called friends and followers -- is there a billion dollars of value there?

Some 30 million or so Instagram users come along (like it or not!) with the deal, who will almost certainly find themselves intimately entwined with Facebook's existing 800-odd million users at some stage. A significant collection of warm bodies, but a billion bucks worth? Hmm.

So again, what is Zuckerberg really getting for that billion dollar price tag?

Peace of mind.

My gut feeling is that Facebook saw the shadow of a significant potential competitor forming in cyberspace, and decided to nip it in the bud -- while it was still practical to do so just by throwing a chunk of money in the appropriate direction.

But how could Instagram -- no infrastructure, no income, hardly any employees -- be a threat to the 800-pound gorilla of social networking that is Facebook?

Zuckerberg isn't my idea of a good role model, but he's nobody's fool.

He knows full well what many of us have been saying for years -- that disruptive competition on the Web can appear and grow quickly at any time, and will usually be essentially just a single click away for your current users.

The Cadillac that is Facebook looked in its rear-view mirror, and realized that the little Nash Rambler of Instagram was pulling up with surprising speed.

With users increasingly able to easily extract their data from existing services if they want to switch -- Google has long supported Data Liberation, and Facebook is now moving in a similar direction -- that "one click away" competitive reality is now even more the order of the day.

And the counterexamples are equally instructive.

Where effective competition does not exist, cannot be easily created, or where users cannot move between competitors without pinning the hassle meter in the red zone, we see complacency and often abusive behaviors that indeed do call for regulatory approaches.

Microsoft's antitrust problems were fundamentally the result of their unwillingness to play fair, by their maneuvers to lock PC manufacturers and users into Windows environments whether they wanted to be there or not.

The giant ISPs in the U.S. who control most Internet access have spent decades manipulating the regulatory and political environments to purposely limit effective competition, to make it as difficult as possible for subscribers to switch services where any competition did exist, and to utterly control the "road" that connects subscribers to the Internet itself.

There was no "one-click" escape from Microsoft's anticompetitive behavior, and there isn't one today for users in the increasing concentrated, restrictive, and manipulative world of the immensely powerful major U.S. ISPs.

So perhaps we owe Facebook and Mark Zuckerberg some gratitude after all.

They have helped to illustrate the fallacies of accusations claiming evil monopolistic behavior by Google or other major Web services firms where users are free to easily switch between competitors, while also pointing us toward a better understanding of why regulatory oversight of the dominant ISPs is so badly needed.

The key to understanding Internet competition is in the click.

Facebook has provided us all with a billion dollar lesson in why this is true.

Just please don't send us the bill.

--Lauren--

ICANN Announces Surprise Termination of Domain Name Expansion Program; Plans Own Dissolution

Sunday, 1 April 2012

MARINA DEL REY, California (ZAP) -- In a stunning and unexpected announcement, the Internet Corporation for Assigned Names and Numbers (ICANN) has announced the immediate termination of its controversial and much criticized plan for a vast expansion of generic top-level Internet domain names (gTLDs), and has set an aggressive timetable for the dissolution of ICANN itself.

ICANN has been increasingly condemned for what many observers have called erratic and inappropriate decision-making processes, leading to the U.S. Department of Commerce refusing to renew a key ICANN function last month, and ICANN's own outgoing CEO publicly implying that conflicts of interest on the ICANN board of directors have allowed ICANN to be co-opted by moneyed "domainer" speculation interests.

ICANN spokesman Seymour Murdochian discussed his organization's drastic change of course as he snacked on Beluga caviar spread over Wonder Bread, while watching his Rolls-Royce Silver Shadow being washed and detailed in Beverly Hills.

"I realize that there are many serious allegations outstanding against ICANN these days," said Mr. Murdochian. "We're blamed for ignoring the best interests of the global Internet community. We're accused of implementing an extortionist protection racket via an enormous domain name expansion program, that would ultimately suck billions of dollars out of the Internet economy and would only serve to enrich the "domain-industrial complex" operating those domains. People claim that we arrogantly ignore legitimate concerns of trademark holders, are complicit in helping the U.S. government disable domains around the world without due process, waste money on unnecessary global travel to exotic locales, have become totally owned by a "gold rush" mentality via wealthy powers at the top of the DNS food chain, and even that we use overly expensive hand soap in our office restrooms," added Mr. Murdochian.

"I want to be absolutely clear that the ICANN board of directors takes firm and uncompromising exception to such a characterization. Our hand soap is not outrageously expensive, and given the amount of hand washing we do around here, having quality soap available is a necessity, not a luxury," Murdochian noted.

Murdochian then explained ICANN's recent change of heart. "After extensive discussions internally, with our travel agents, and with our personal portfolio managers, we've decided that the time is ripe for us to bow out of formal Internet affairs. We want to make way for the creation of new Internet governance models that can be purpose-built to better serve the entire Internet community around the world, will reduce the risk of Internet fragmentation that has been rising as domestic governments increasingly threaten not to play along with our current schemes, and will help reduce the risk of a potentially disastrous Internet takeover by politically-encumbered organizations such as the United Nations or International Telecommunication Union."

"Therefore, we've announced that effective immediately, all ICANN activities related to new Internet top-level domains are permanently ended. We will be refunding all associated fees already paid by applicants, and as a token of our appreciation for past support will be including with each refund an approximately 1.5 carat, 'H' color, 'SI' quality diamond from our vaults."

"We have filed appropriate notifications with the Department of Commerce and foreign governments expressing our intention to cease all ICANN operations no later than a year from now on 1 April 2013."

"I'll be reachable for additional comments at my summer home on the Riviera if there are any other questions," said Mr. Murdochian, just before his chauffeur whisked him away.

Asked about these unexpected, dramatic developments, Lauren Weinstein, a long-time Internet technologist and vocal critic of ICANN's domain name plans, said that, "It's indeed encouraging to see ICANN finally doing what's really right for the entire global Internet community, and abandoning their plans to fleece the Internet at large for the benefit of domain speculators and associated opportunists. A new alternative to ICANN and to existing organizations like the ITU and UN is definitely the way that we need to proceed to make the Internet better for everyone around the world. It's a shame though that this process has taken so long, and that this entire article is only an April Fools' Day posting."

ZAP/NYC 20120401 0916

- - -

--Lauren--

"Frustrated": The Results of My "Google Issues and Problems Survey"

Last Saturday, as a followup to Why Google Needs an Ombudsman - Now More Than Ever, I posted my Google Issues and Problems Survey.

Well over 1000 submissions have already been received, and after scanning through these rapidly, the trends are already clear enough to discuss some of the findings (in fact, the pattern of replies was already pretty obvious within the first 24 hours).

First, a few important provisos. This was what's known as a "self-selected" survey. This means that only people sufficiently motivated to participate chose to do so -- there was no "reaching out" to the population at large. This has the effect that results cannot be viewed as being suitable for accurate statistical generalization beyond the set of respondents themselves.

Also, by its very nature -- "issues and problems" -- this survey would not be expected to capture the opinions of people who do not have significant Google-related problems or issues to report.

Finally, the open-ended nature of the survey questions resulted in many people submitting what amounted to detailed essays discussing their concerns, often co-mingling various of the survey questions into combined answers. This has made quantitative analysis of those answers problematic -- so I'll be concentrating on a more qualitative discussion here.

Around 22% of the submissions involved privacy-related concerns of one sort or another. Of these, it appears that around 73% of the described issues were based on misunderstandings of actual Google privacy policies (including related confusion seeded by media articles and users misinterpreting actual Google policies).

In many cases users claimed they had attempted to obtain clarification of their concerns from Google directly without receiving substantive replies, and/or had attempted to obtain information from Google Help Forums -- but received no answers, inadequate answers, or conflicting answers from Forum participants. Usually no official responses were forthcoming, according to these submissions.

Of the 27% of privacy-related concerns that did not appear to relate to misunderstandings or misinterpretation of Google polices, a variety of issues were reported. These ranged from topics associated with search results, to Gmail issues, and a notable number of people expressing consternation about specific data in Google Maps, Street View, and/or Google Earth.

These map-related concerns usually involved either claims of inaccurate data being displayed, or accusations that Google had ignored repeated requests to remove particular Street View imagery and the like.

Many of these submissions were from persons who appeared to be very upset with (what they felt to be) potentially serious privacy-related issues, who recounted in extremely lengthy detail the history of their attempts to contact Google, and receiving no response, or non-substantive "form letters" with no appeal or "escalation" mechanisms noted, and so on. Some mentioned trying to call or even visit Google in desperation to reach someone for help.

The 78% of submissions that did not primarily involve privacy turned out to be somewhat similar to the privacy-related concerns in significant aspects. There was a roughly 55/45 split between reports that appeared to be based on misinterpretations or misunderstandings, vs. other issues.

While there were concerns and problems noted related to Maps and such in this latter category as well, there many more issues raised about Gmail (especially sudden mass loss of email) and Google Voice. Submissions like these tended to be quite boisterous regarding the importance of email and voicemail, and frustration over the inability to reach anyone at Google to provide useful assistance.

A particular Google Voice aspect that frequently was mentioned was problems related to Sprint/Google voice integration, with users claiming Sprint had told them to contact Google for help, and then being unable to obtain useful assistance from the Google side. Various of these users said they had simply given up.

One case I looked at in more detail involved someone who said he had been trying for a long period to fix a Google Search result problem that he said was very disruptive to his business, but he could find nobody at Google directly or in Google Help forums who could or would assist. The search results in question did seem very odd at first glance, but it took me only about 10 minutes of digging to determine that his problem was almost certainly DNS -- not specifically Google -- related. If someone had helped him with this early on, he wouldn't have spent a long period in public forums condemning Google.

There were also a variety of issues raised about various paid Google ad services and other fee-based Google services, mostly too detailed to go into here right now. Numerous of these involved search and ad ranking controversies of various sorts -- many of which I would classify as misunderstandings.

In a number of instances, business owners reported that they had provided credit card information to Google to "claim" their business addresses and a designated amount of free Google advertising, had never used the advertising, but still found Google-related charges on their credit cards that they had been unable to reach anyone at Google to remove. I asked one of these persons why -- if all else had failed -- they had not filed a dispute with their credit card company or bank? He replied that he saw no point since "there's no way I'm going to win against Google."

In both the privacy and non-privacy categories, the twin issues of not actually understanding Google policies or services, and/or overwhelming frustration with trying to get substantive assistance for Google-related problems, came up again and again.

Customers of paid Google services seemed relatively more satisfied with their support options, but many of these users claimed that they used both free and paid Google services, and found even the paid support to still be seriously lacking at this time across the universe of Google-related issues.

A very significant number of respondents (including those currently using free Google services exclusively) specifically noted that they'd be willing to pay (new) reasonable fees (either monthly or per-incident) to get meaningful assistance when there are problems, as exemplified by this quote from a survey participant who explicitly granted me permission to publish his comments when he sent in his form:

"... It's a sign of what I think is a greater problem with Google: there is absolutely no way to get support for ANY issue, policy or technical, for most of Google's services. For all my issues, I'd be willing to pay a small monthly fee (or even a one-time "trouble" fee) if there was a way to get the issue resolved."

That's probably enough of a survey overview for now. Once again, I want to emphasize what I said at the beginning of this posting. This was a self-selected survey, that by definition only encompasses users with problems or issues that they chose to report. Any generalizations to a larger universe of Google users would be entirely inappropriate.

However, it does seem reasonable to note the common threads that run through these submissions. It is certainly the case that it's a matter of major concern when significant numbers of users and customers are misunderstanding your services or policies, or are having longstanding problems that in many cases could have actually been easily understood or resolved under the appropriate information and/or support structures.

It is from this category of "lost users" -- who usually could have been helped very early on -- from which often come negative stories to friends and business colleagues, and complaints that trigger misleading, sensationalistic media reports, angry letters to politicians, and other unnecessary damaging impacts that in most cases could have been relatively easily avoided.

The single factor that stands out above all others in the survey results is that -- novice or expert, confused or "right on the mark" -- users abhor the frustrating feeling that they are being essentially ignored when they have issues or problems related to services that they use regularly and have come to depend upon.

Solving this problem isn't simple, and isn't without costs. But the benefits for everyone concerned would seem enormously important in the long run.

--Lauren--

Google Issues and Problems Survey

Blog Update (March 28, 2012): "Frustrated": The Results of My "Google Issues and Problems Survey"

---

To quote Jack Benny: "Wellll!"

The reaction to my posting a couple of days ago -- Why Google Needs an Ombudsman - Now More Than Ever -- has by far resulted in the most related email messages I've ever received for any of my blog or email postings in memory.

First , thank you all who responded, especially those of you who took the time to write in considerable detail.

In light of this turn of events, I'm launching a "little" survey to try better understand, in a somewhat more systematic way, any Google-related issues or problems of concern. [Update: 25 March 2012: This also includes any relevant matters related to Google's YouTube or other divisions of Google.]

I'd like to keep this as simple as possible.

Responses should be emailed to gissues@vortex.com. Choose the "Subject:" line as you wish, but please keep it relevant.

Unless you explicitly indicate otherwise, the details of your response will be kept confidential, though I may publicly summarize aggregate results. In some cases I may followup with you by email if I think more information would be useful, but if you request that I don't reply, I will honor that of course. Your email addresses related to this survey will not be used for any other purposes.

Please only include one Google-related problem or issue topic in any single email response, but feel free to send multiple emails if desired.

And without further ado, here are the survey questions:

1) Briefly, what is the nature of your issue or problem related to Google?

2) Do you personally consider this to be:

• (a) a policy issue (related to Google, Inc. terms of service, privacy policies, user support procedures, etc.)
• (b) an operational issue (something that isn't working in the manner you expect)
• (c) both
• (d) neither

3) Does this issue or problem relate to the use of:

• (a) free Google services
• (b) paid Google services
• (c) both

4) On a scale of 1 through 10, how would you rate the severity of your Google-related problem or issue, where:

• "1" is "not a big deal, so minor it really doesn't significantly affect my usage"
• "5" is "a hassle sometimes, but I can live with it"
• "10" is "awful, so bad I won't use the service and won't recommend it to anyone else"

5) Have you attempted to get more information about and/or assistance with your Google-related issue or problem?

6) If you answered "yes" to (5), what steps did you take to try get information or to otherwise resolve your issue or problem? (E.g., contacted Google directly, used a Google Help forum, used non-Google forums, consulted with non-Google users or experts, etc.)

7) If you answered "yes" to (5), were you able to get the information you needed and/or solve your problem to your satisfaction? If so, which of the methods that you listed in (6) were most useful?

8) If you answered "no" to (7) above (your issue or problem is still unresolved despite your efforts), what would you personally consider the appropriate resolution to be? How will you proceed if the matter remains unresolved?

9) How would you rate yourself regarding experience in the area of concern? Beginner, experienced, expert, etc.?

10) Anything else relevant you'd care to add about this Google-related issue or problem?

Please email your responses to gissues@vortex.com.

Thank you very much for taking the time to participate in this survey!

--Lauren--

Blog Update (March 28, 2012): "Frustrated": The Results of My "Google Issues and Problems Survey"

Why Google Needs an Ombudsman - Now More Than Ever

Blog Update (March 28, 2012): "Frustrated": The Results of My "Google Issues and Problems Survey"

Blog Update (March 24, 2012): Google Issues and Problems Survey

---

I knew immediately this morning that I was facing what I call a "Did you see this?" day. That's what I call the effect of checking my inbox when I get up, and seeing a long series of messages with subject lines blaring variations on "did you see this?" - "you have to read this!" - "hey lauren, what do you have to say about this?" - and so on.

In today's case, the object of so much sender "affection" was a Gizmodo article titled The Case Against Google, that might charitably be described as a quite extensive "overview" of complaints regarding recent Google practices.

As might be expected in such an piece, the author chose to illuminate his points in pretty much the worst possible light.

I've previously discussed my views regarding various issues that he describes, for example in these blog postings:

Google, Safari, and a Clamor of Cookie Confusion

Google's Privacy Policy Changes: Revolution? Evolution? Or Confusion?

A Few Thoughts on Google's "Search, plus Your World"

... and others.

And as much as I disagree with the author's interpretations on most of his points, there are two aspects of his piece with which I do agree.

First, he suggests that Google is being hammered by complaints in numbers and ways that are increasingly of concern. While I would assert that most of these complaints are exaggerated -- the results of misunderstandings, and all too often the offspring of "dirty trick" campaigns by anti-Google forces -- it is still undeniable that the pressure on Google has really ramped up lately.

He also asserts that the core product of Google is now "Google itself" -- not simply Search. He expresses "shock" at this revelation, but this evolution has actually been obvious for quite some time, nor is there anything at all nefarious about it.

The author himself notes that the kinds of services Google wants to provide (and let's face it, that most users want) cannot reasonably function in a set of isolated "silos" -- the original compartments that are the natural result of Google's adding new services gradually over a period of years.

Evolution of more integrated services not only better serves users, it permits for more easily understood unified privacy policies, data "dashboard" controls, and other useful functions.

This also helps explain why attempting head-to-head comparisons of Google+ and Facebook are essentially wrongheaded. Google+ is not actually a standalone service per se, but should be interpreted within the context of the overall Google ecosystem of which it is an increasingly key aspect.

While Google's moves creating a coordinated "Google Experience" (rather than a set of somewhat disparate and relatively compartmented applications) have brought great benefits to users, there is also a downside, as exemplified by the tone of the Gizmodo article.

A unified Google platform, especially in services application areas where Google is dominant, and particularly for persons who are not deeply versed in the details of associated technical and policy realms, can find itself portrayed as scary, even a threat -- a situation that Google's adversaries are very willing to exploit.

In my opinion, this presents a communications challenge that goes significantly beyond the scope of traditional corporate communications, which is why I've in the past invoked the "Ombudsman" concept in relation to Google, and suggested that Google could benefit significantly from such an employee.

There are various roles that an ombudsman (or ombudsman team) can productively fill, especially for corporations that need to maintain the trust of their users -- and the general public -- for the furtherance of best practices along a variety of vectors.

An ombudsman can be crucial in helping to deal appropriately and promptly with out of the ordinary user problems and complaints, that in the absence of such handling may blow out of control into breathless, damaging, and often utterly inaccurate media stampedes of dramatic (and undeserved!) condemnations. Are there decidedly nontrivial scaling issues involved in accomplishing this role effectively? Certainly. Is it possible to accomplish this economically with appropriate triage and planning? Definitely.

But particularly in the context of the unfortunately not uncommon Gizmodo article sensibilities, the ombudsman's most important function is to act as an unbiased "observer, analyst, and explainer" of issues -- often highly controversial ones -- that can arise at the interface between companies, their users, and the public at large.

This is definitely not a role for the thin-skinned. Ombudsmen are employees of their companies, but must be recognized by both their companies and the public as being honestly concerned about the interests of all involved parties, and be capable of resisting pressures to inappropriately skew any analysis.

To be effective, ombudsmen must have fairly direct access to both operational teams and high level personnel at their firms, but ombudsmen normally do not have "special powers" and cannot dictate actions to their firms, only make recommendations (typically some publicly, while others are private recommendations strictly within the firms themselves).

As you can imagine, it is not uncommon for an ombudsman to feel that they're "between a rock and a hard place" while balancing the job's complex requirements.

Yet such balance from an ombudsman can be key to helping assure that a firm's intentions and goals are not accidentally or purposely misconstrued by observers.

And though the ombudsman's role may be viewed as being somewhat thankless in various respects given the complicated interests and issues involved, and while it can frequently take something of a "leap of faith" for a firm to entrust an ombudsman in the first place, the benefits all around -- for corporate organizations and the public that depends upon them -- can be enormous.

Paradoxically, even in the most sophisticated and methodical of technological realms, often a leap of faith begins the most logical path towards the best possible tomorrow for us all.

--Lauren--

Blog Update (March 28, 2012): "Frustrated": The Results of My "Google Issues and Problems Survey"

Blog Update (March 24, 2012): Google Issues and Problems Survey

Posted by Lauren at 03:46 PM | Permalink