February 27, 2015

Google's Gutsy Reversal: Explicit Content Blogger Ban Rescinded

Just a few days ago, in With Sudden Blogger Change, Google Drags Their Trust Problem Back into the Spotlight, I expressed strong concerns over Google's decision to both retroactively and proactively ban most "explicit content" from their Blogger platform, with only a month's warning and no real explanation offered at the time for such a dramatic policy change.

The next time someone tries to tell you that Google doesn't listen to user and other public concerns, you can prove that person wrong by pointing them at this story, because Google has now announced that they are completely rescinding that new policy.

It takes some serious fortitude to publicly admit when you've made a policy mistake. What's more, Google has taken the gutsy approach and has reversed the previous decision entirely. It would have been far easier -- given the real pressures that exist around explicit content -- to have left the new policy in place with an explanation and significantly extended deadlines.

But Google has instead chosen to reaffirm the freedom of expression foundation of Blogger that has helped make it so popular and useful for many years.

In so doing, they have made the correct decision for Google, for users, and for the principles of free speech and free expression that are currently under so much political and other duress.

Thanks Google.


Posted by Lauren at 12:51 PM | Permalink

February 24, 2015

With Sudden Blogger Change, Google Drags Their Trust Problem Back into the Spotlight

Blog Update (February 27, 2015): Google's Gutsy Reversal: Explicit Content Blogger Ban Rescinded

I'm not a big fan of porn. I'd be lying if I claimed to never glance at it -- hell, I'm a human male, no excuses about that -- but explicit materials tend not to be anywhere near the top of my personal Web browsing catalog.

It's undeniable though that due to its highly controversial and widely variable definition, restrictions on "explicit" imagery in particular have long been at the forefront of freedom of speech issues and concerns, even among individual free speech advocates who may personally detest such content.

The reason is pretty obvious -- how governments and corporations handle these "edge" materials (that may often be viewed as "low hanging fruit") can be harbingers of how they will deal with other sensitive and controversial matters that fall into free speech realms, including access to historical information already published (the target of the EU's nightmarish "Right To Be Forgotten"), political information and criticisms, and ... well, it's a long list.

Abrupt changes in such policies -- particularly when announced without explanations -- tend to be particularly eyebrow-raising and of special concern.

So it is with considerable puzzlement and consternation that I yesterday saw Google's quite surprising announcement that they were banning most explicit imagery from their very popular and long-standing Blogger platform, and indeed with only 30 days notice and without any explanation whatsoever for this dramatic reversal in policy.

There are some limited and rather nebulous exceptions ("educational value" and the like -- sure to be the subject of heated disagreement), and users can download their existing sites to try move elsewhere, but the overall sense of the change is clear enough. Google is trying to kick such sites -- many of them essentially personal, alternative lifestyle, non-commercial public "diaries" of long-standing and with vast numbers of incoming links built up over many years -- out the Google door as rapidly as possible.

And let there be no mistake about it -- this is a sudden, dramatic, and virtually 180 degree change. Blogger has long explicitly celebrated freedom of expression, with "adult content" sites including an access warning splash page so nobody would be exposed to such materials accidentally.

That Google is within its rights to change this policy in the manner they have announced is totally true and utterly unassailable.

But the manner of their doing this drags back into focus longstanding concerns about how Google treats its users in particular contexts, particularly those users who might be considered to fall outside of "mainstream" society in any number of ways.

Google has indeed made some very significant positive strides in this area. Account recovery systems have been improved so that innocent (but sometimes forgetful) users are less likely to be locked out of their accounts and associated Google services. Google Takeout permits users to download their data from a wide variety of Google services to save locally or store elsewhere -- if they do this before the associated Google account is closed. (However, the "who's data is this anyway?" question still looms large in cases of forcible account closures due to various kinds of Terms of Service violations, when users may not be able to further access their data, even to download it -- this is a very complex topic.)

Though this seems not to be widely realized, Google+ no longer enforces "real name" requirements on users (only some completely rational Terms of Service restrictions to avoid serious abuses), and is now profile-friendly to users' own sexual orientations in a manner that really should be emulated by firms across the Web.

But the old trust fears, some of them trumped up propaganda from Google adversaries, others having at least some basis in fact -- about Google making sudden, seemingly inexplicable changes in terms and policies, altering or even rapidly deprecating services on which significant non-majority user communities depend -- are being reenergized seemingly as a sort of unforced error on Google's part.

And such errors can do real damage, both to users and Google. For most of the public does not view Google as a set of disparate and compartmentalized services, but rather as more of a unified whole, and perceived negative experiences with one aspect of the firm can easily drag down views of the firm overall, much to the delight of hardcore Google haters, by the way. This is why even if you don't care one iota about porn or other materials considered to be explicit, you should still be concerned about this Google policy change.

I care about Google's users and Google itself -- a firm that has accomplished amazing feats toward the betterment of the Internet and larger world over the course of a handful of years. I don't want to see those Google haters handed a gift package that can't help but assist their cause and attacks.

We could get into a lengthy discussion comparing the Blogger policies of long standing with those of YouTube, Google Ads, and the like, but while interesting, such analysis here and now would not be particularly relevant to the immediate situation at hand.

The bottom line is that a dramatic change of policy that negatively affects users who have been following the rules to date, is deserving of significant warning notice (not merely a month -- many of these sites have been operating for many years, some perhaps even since before Google's acquisition of Blogger in 2003). I would have recommended (absent some difficult to postulate legal urgency forcing a faster timeline) at least 90 days as an absolute minimum, ideally far longer.

That would be putting your users first, especially when deploying a policy change that will disrupt them greatly. And please, no excuses that "only a small percentage" of users would be affected. At Google scale even tiny percentages can represent a whole bunch of live human beings, and how you treat users who are easily marginalized can be representative of broader attitudes in very significant ways.

And notably, I would have offered a simultaneous clear and honest public explanation of why this total about-face on such a matter of direct free expression concerns had been deemed necessary or otherwise desirable. That's just common courtesy.

The world won't come to an end with this Blogger policy change by Google. There will still be virtually limitless sources for porn and other explicit imagery elsewhere, and most affected personal bloggers will find other platforms and over time perhaps rebuild their communities.

But the real story here isn't about sex or images or blogging at all. It's about how to treat people with respect, even when a particular group represents a small minority of total users, and even when they express controversial views via explicit materials. It could be argued that it's in these more contentious areas that treating users right is especially important.

Given the information I have at hand right now regarding this abrupt Blogger policy change and the circumstances surrounding it, I am very disappointed in the way Google has handled the overall situation.

I say this because I feel that Google is a great company -- and I not only believe that Google can do better with such matters -- I know that they can.


Blog Update (February 27, 2015): Google's Gutsy Reversal: Explicit Content Blogger Ban Rescinded

Posted by Lauren at 09:44 AM | Permalink

February 22, 2015

Blaming the Internet for Terrorism: So Wrong and So Dangerous

You can almost physically hear the drumbeat getting louder. It's almost impossible to read a news site or watch cable news without seeing some political, religious, or "whomever we could get on the air just now" spokesperson bemoaning and/or expressing anger about free speech on the Internet.

Their claims are quite explicit. "Almost a hundred thousand social media messages sent by ISIL a day!" "Internet is the most powerful tool of extremists." On and on.

Now, most of these proponents of "controlling" free speech aren't dummies. They don't usually come right out and say they want censorship. In fact, they frequently claim to be big supporters of free speech on the Net -- they only want to shut down "extremist" speech, you see. And don't worry, they all seem to claim they're up to the task of defining which speech would be so classified as verboten. "Trust us," they plead with big puppy dog eyes.

But blaming the Net for terrorism -- which is the underlying story behind their arguments -- actually has all the logical and scientific rigor of blaming elemental uranium for atomic bombs.

Speaking of which, I'd personally be much more concerned about terrorist groups getting hold of loose fissile material than Facebook accounts. And I'm pretty curious about how that 100K a day social media messages stat is derived. Hell, if you multiply the number of social media messages I typically send per day times the number of ostensible followers I have, it would total in the millions -- every day. And you know what? That plus one dollar will buy you a cup of crummy coffee.

Proponents of controls on Internet speech are often pretty expert at conflating and confusing different aspects of speech, with a definite emphasis on expanding the already controversial meanings of "hate speech" and similar terms.

They also note -- accurately in this respect -- that social media firms aren't required to make publicly available all materials that are submitted to them. Yep, this is certainly true, and an important consideration. But what speech control advocates seem to conveniently downplay is that the major social media firms already have significant staffs devoted to removing materials from their sites that violate their associated Terms of Service related to hate speech and other content, and what's more this is an incredibly difficult and emotionally challenging task, calling on the Wisdom of Solomon as but one prerequisite.

The complexities in this area are many. The technology of the Net makes true elimination of any given material essentially impossible. Attempts to remove "terrorist-related" items from public view often draw more attention to them via the notorious "Streisand Effect" -- and/or push them into underground, so-called "darknets" where they are still available but harder to monitor towards public safety tracking of their activities.

"Out of sight, out of mind" might work for a cartoon ostrich with its head stuck into the ground, but it's a recipe for disaster in the real world of the Internet.

There are of course differences between "public" and "publicized." Sometimes it seems like cable news has become the paid publicity partner of ISIL and other terrorist groups, merrily spending hours promoting the latest videotaped missive from every wannabe terrorist criminal wearing a hood and standing in front of an ISIL flag fresh from their $50 inkjet printer.

But that sort of publicity in the name of ratings is very far indeed from attempting to control the dissemination of information on the Net, where information once disseminated can receive almost limitless signal boosts from every attempt made to remove it.

This is not to say that social media firms shouldn't enforce their own standards. But the subtext of information control proponents -- and their attempts to blame the Internet for terrorism -- is the implicit or explicit implication that ultimately governments will need to step in and enforce their own censorship regimes.

We're well down that path already in some ways, of course. Government-mandated ISP block lists replete with errors blocking innocent sites, yet still rapidly expanding beyond their sometimes relatively narrow original mandates.

And whether we're talking about massive, pervasive censorship systems like in China or Iran, or the immense censorship pressures applied in countries like Russia, or even the theoretically optional systems like in the U.K, the underlying mindsets are very much the same, and very much to the liking of political leaders who would censor the Internet not just on the basis of "stopping terrorism," but for their own political, financial, religious or other essentially power hungry reasons as well.

In this respect, it's almost as if terrorists were partnering with these political leaders, so convenient are the excuses for trying to crush free speech, to control that "damned Internet" -- provided to the latter by the former.

Which brings us to perhaps the ultimate irony in this spectacle, the sad truth that by trying to restrict information on the Internet in the name of limiting the dissemination of "terrorist" materials on the Net, even the honest advocates of this stance -- those devoid of ulterior motives for broader information control -- are actually advancing the cause of terrorism by drawing more attention to those very items they'd declare "forbidden," even while it will be technologically impossible to actually remove those materials from public view.

It's very much a lose-lose situation of the highest order, with potentially devastating consequences far beyond the realm of battling terrorists.

For if these proponents of Internet information control -- ultimately of Internet censorship -- are successful in their quest, they will have handed terrorists, totalitarian governments, and other evil forces a propaganda and operational prize more valuable to the cause of repression than all the ISIL social media postings and videos made to date or yet to be posted.

And then, dear friends, as the saying goes, the terrorists really would have won, after all.

Be seeing you.


Posted by Lauren at 05:17 PM | Permalink

February 19, 2015

Google Glass vs. The USA's R&D Toilet

If you're a regular consumer of the computer industry trade press -- a strong stomach strongly recommended -- you've probably seen a bit of gloating lately about Google pulling their Google Glass device from most consumer marketing.

Mainstream media has picked up the drumbeat too, with even major publications like The New York Times very recently running stories purporting to explain why Google Glass has "failed" or how this is emblematic of Google's supposedly imminent fall.

Those stories sound pretty scary. They're also utterly wrong. And they're wrong in a way that exemplifies why so much of U.S. industry is in a terrible research and development (R&D) slump, and why Google should be congratulated for their "moonshots" -- not ridiculed.

Once upon a time -- not so long ago relatively -- there was a reasonable understanding in this country that long-term R&D was crucial to our technological, financial, and personal futures. That's long-term as in spending money on projects that might take a long time to pay off -- or might never pay off for the firms making the investments -- but that still might play crucial roles in our future going forward.

When we think about the foundation of modern R&D, it's typical for AT&T's Bell Telephone Laboratories (Bell Labs) to spring immediately to mind. Not the Bell Labs of today -- an emaciated skeleton of its former greatness -- but of the years before AT&T's 1984 Bell system beak-up divestiture and shortly thereafter.

The list of developments that sprang forth from the Labs is mind-boggling. If Lucent Technologies did nothing else when they took over Bell Labs and hastened its decline, at least they produced in 2000 this great music video celebrating the Labs' innovations over the many decades. Mentally start subtracting out items from the list shown in that video and watch how our entire modern world would crumble away around us.

Yet -- and this is crucial -- most of those Bell Labs technologies that are so much a part of our lives today were anything but sure bets at the time they were being developed. Hell, who needs something better than trusty old vacuum tubes? What possible use is superconductivity? Why would anyone need flexible, easy to use computer operating systems?

It's only with the benefit of 20/20 hindsight that we can really appreciate the genius -- and critically the willingness to put sufficient R&D dollars behind such genius -- that allowed these technologies to flourish in the face of contemporaneous skepticism at the time.

Much of that kind of skepticism is driven by the twin prongs of people who basically don't understand technology deeply, and/or by investors who see any effort to be a waste if it isn't virtually guaranteed to bring in significant short-term profits.

But we see again and again what happens when technology companies fall prey to such short-term thinking. Magnificent firms like Digital Equipment Corporation (DEC) vanish with relative rapidity into the sunset to be largely forgotten. Household names like Kodak flicker and fade away into shadows. And as noted, even the great Bell Labs has become the "reality show" version of its former self.

Nor is it encouraging when we see other firms who have had robust R&D efforts now culling them in various ways, such as Microsoft's very recent closing of their Silicon Valley research arm.

It probably shouldn't be surprising that various researchers from Microsoft, Bell Labs, and DEC have ended up at ... you guessed it ... Google.

So it also shouldn't be surprising why it's difficult not look askance at claims that Google is on the wrong path investing in autonomous cars, or artificial intelligence, or balloon-based Internet access -- or Google Glass.

Because even if one chooses inappropriately and inaccurately -- but for the sake of the argument -- to expound pessimistic consumer futures for those techs as currently defined, they will still change the world in amazingly positive ways.

Internet access in the future inevitably will include high altitude distribution systems. AI will be solving problems the nature of which we can't even imagine today. Many thousands of lives will be saved by improved driver assist systems even if you sullenly choose to assume that autonomous cars don't become a mass consumer item in the near future. And medical, safety, and a range of industrial applications for Google Glass and similar devices are already rapidly deploying.

This is what serious R&D is really all about. Our collective and personal futures depend upon the willingness of firms to take these risks toward building tomorrow.

We need far more firms willing to follow Google's R&D model in these regards, rather than being utterly focused on projects that might suck some coins quickly into the hopper, but do little or nothing to help their countries, their peoples, and the world in the long run.

Here in the U.S. we've willingly and self-destructively permitted short-term Wall Street thinking to flush much of our best R&D talent down the proverbial toilet.

And unless we get our heads on straight about this immediately, we'll be sending our futures and our children's futures down the same dark sewer.

We are far better than that.

Take care, all.


Posted by Lauren at 03:12 PM | Permalink

February 07, 2015

Stop the Mass Hacks Attacks: Use Strong 2-Factor Authentication or Go to Jail!

I'm opposed to capital punishment for a whole slew of reasons, but every time I hear about a hack attack exposing masses of innocent persons' information, I find myself reconsidering that penalty -- not for the hackers, but for the irresponsible system administrators and their bosses who leave their operations so incredibly exposed when effective solutions are available -- and have been for quite some time.

OK, perhaps capital punishment for them would be going a bit too far, but I'll bet that spending a couple of years shackled in a cell with their new best friend "Bubba" would impress upon them the seriousness of the situation.

If we look at what is publicly known about the recent Sony hack, and the just announced and potentially much more devastating Anthem attack -- plus a whole list of other similar mass data thefts, a number of common threads quickly emerge.

First, these typically have nothing to do with failures of communications link security. They weren't attacks on SSL/TLS, they didn't involve thousands of supercomputer instances chomping on data for months to enable the exploits. Nor were they in any way the fault of weak customer passwords -- which are bad news for those customers of course, but shouldn't enable mass exploits.

By and large, what you keep hearing about these case is that they were based on the compromise of administrative credentials.

What this means in plain English is that an attacker managed to get hold of some inside administrator's login username and password, typically via email phishing or some other "social engineering" technique.

When these successful attacks are belatedly reported to the affected customers and the public, they're almost always framed as "incredibly sophisticated" in nature.

That's usually bull, a way to try convince people that "Golly, those hackers were just so incredibly smart that even our crack IT team didn't have a chance against them!"

Usually though, the attacks are incredibly unsophisticated -- they're simply relentless and keep pounding away until somebody with high level administrative access falls for them. Then, boom!

It's often argued that important financial and similar data should be kept encrypted -- and this is certainly true. But so long as system administrators have the need and ability to access data in the clear, encryption alone doesn't address these problems. Rigorous control and auditing systems to prevent unnecessary access to data en masse can also help ("Does Joe really need to copy 80 million customer records to a Dropbox account?") -- but this won't by itself solve the problem either.

The foundational enabling feature of so many successful mass attacks is failures of authentication protocols and processes in the broadest sense, and ironically, getting a handle on authentication is at least relatively straightforward.

Many firms aren't terribly interested in implementing even middling quality authentication, because they have faith in their firewalls to keep external attacks at bay.

This is an incredibly risky attitude. Over-reliance on firewalls -- that is, perimeter computer security -- is sucker bait, because once an intruder obtains high level administrative credentials, they can often plant software inside the firewall, and send data out in various ways with relative impunity. After all, most corporate firewalls are designed to keep outsiders out, not to wall insiders off from the public Internet.

To put this another way, a properly designed security system should in most instances be location agnostic -- employees should be able to work from home with the same (hopefully high) level of security they would have at the office. This isn't to say that secure deployment and administration of VPNs and associated systems are trivial, but they aren't rocket science, either.

Yet the real elephant in the room is at the basic authentication level, the usernames and passwords that most firms still rely upon as their only means of administrator authentication on their internal systems. And so long as this is the case, we're going to keep hearing about these mass attacks.

Yes, you can try force employees to choose better passwords. But passwords that are hard to remember get written down, and forcing them to be changed too often can make matters worse rather than better. The problem cannot be solved with passwords alone.

And -- "surprise, surprise, surprise" (as Gomer Pyle used to say -- go ahead, Google him) -- the technology to drastically improve the authentication environment not only exists, but is already in use in many applications that arguably are of a less critical nature in most cases than financial and insurance data.

I'm speaking of 2-factor or "multiple factor" authentication/verification systems, the requirement that system access is based on "something you know" and "something you have" -- not on just one or the other.

One of the best implementations of 2-factor is that deployed by Google, which offers a variety of means for fulfilling the "what you have" requirement -- text messages, phone calls, phone apps, and cryptographic security keys.

Different forms of multiple factor have varying relative levels of protection. For example, the use of "one time passwords" generated by apps or hardware tokens is not absolutely phishing-proof, but is a damned sight better than a conventional username and password pair alone. Security keys, which can interface with user systems via USB or in some cases NFC (Near Field Communications) technology, are the most secure method to date, and a single key can protect a whole variety of accounts -- even at different firms -- while still keeping the associated credentials isolated from one another.

And this brings us back to Bubba. While one never wants unnecessary mandates and legislation, sometimes you can't depend on industry to always "do the right thing" when it comes to security, when the intrinsic costs for the sloppy status quo are relatively low.

So while some countries and U.S. states do have laws about encryption of customer data, or notification of customers when breaches occur, there is little sense of closing the barn door before -- not after -- the cows have escaped.

After all, these careless firms usually have pretty easy outs when big breaches occur. They offer you free "credit monitoring" after the fact. Gee, thanks guys. They usually manage to pass along associated costs and fines to their customers. Another big thank you punch to the gut.

How to really get their attention?

Maybe they'd notice potential prison time for top executives of firms that deal primarily with sensitive consumer personal information (like banks, insurance companies, and so on) who voluntarily refuse to implement appropriate, modern internal security controls -- such as strong multiple factor logins -- and then suffer mass consumer data hacks as a result.

I'm not even arguing here and now that they must provide such systems to their individual customers -- though they really, seriously should. Nor am I suggesting such sanctions for failure of security systems that were deployed and operating competently and in good faith. After all, no security tech is perfect.

But I am putting forth the "modest proposal" that these types of firms be given some reasonable period of time to implement internal security systems including strong multiple factor verification, and if they refuse to do so and then suffer a mass data breach, the associated executives should be spending some time in the orange or striped jumpsuits.

Perhaps that prospect will light a fire under their you-know-whats.

Now, do I really believe it's likely that anything of this sort will actually come to pass? Hell no, after all, these are the kinds of firms that basically own our politicians.

But then again, if enough of these mass data thefts keep occurring, and enough people get seriously upset, the dynamic might change in ways that would have seemed fanciful only a few years earlier.

So despite the odds, my free advice to those execs would be to get moving on those internal multiple factor authentication systems now, even in the absence of legislative mandates requiring their use.

Because, ya' know, Bubba will be patiently waiting for you.


Posted by Lauren at 09:40 AM | Permalink

January 15, 2015

Why Western Governments Want to Destroy Computer Security -- and Your Security Along the Way

It's always illuminating when the longtime enemies of security and free speech come out from the shadows, making their intentions and sensibilities crystal clear for all to see and understand.

Nope, I'm not talking about terrorists of whatever stripes -- we've always known how criminal scum like that thinks and how they desire to remake the world in the image of their tiny minds and 13th century mindsets.

Nor am I speaking of Putin, Kim Jong-un, Ali Khamenei, Xi Jinping, or the like -- the iron fist with which these leaders desire to control speech and suppress domestic dissent is all too obvious even at a glance.

No. I'm painfully forced to note the new threat matrix aimed squarely at shedding our free speech and security rights that is spewing squarely from Western governments -- from the U.S., U.K, and across the length and breadth of Europe.

It's tempting to suggest that this renewed push to strip us of these fundamental rights was triggered by the recent devastating terrorist attack in Paris -- but that horrendous event serves only as an excuse for a long simmering, long sought crackdown on Internet speech and security that has been smoldering for ages.

Going all the way back to 1993 and the fiasco of the proposed U.S. "Clipper Chip" reveals the U.S. intelligence community's fear of strong cryptography. And today, the EU's enthusiastic embrace of the nightmarish "Right to Be Forgotten" concept, and their push to apply that EU censorship system across the entire world, gives us clues to European motives along these lines.

So for anyone really paying close attention to these matters, the dots were already pretty much in place, certainly sufficiently so that the latest proposals from Western leaders shouldn't come as any kind of significant surprise.

And those repulsive proposals have been arriving hot and heavy over the last few days.

President Obama is reportedly to offer a vast expansion of criminal penalties for "computer hacking" broadly defined, and as part of that legislative package also to vastly expand the definition of hacking in the process.

If you thought the late Aaron Swartz really had the book thrown at him by DOJ, the new proposals would likely make that look like a paperback novel compared with a wall of ancient encyclopedias dumped on the heads of future defendants.

The details we've heard so far reportedly suggest that at the discretion of prosecutors, merely clicking the wrong link on a public site, or conducting perfectly legitimate cybersecurity research, could net you being shackled in a federal cell for a decade or more.

But it gets worse.

Western leaders, led by David Cameron of the UK, appear poised to demand that all Internet communications be subject to data retention and monitoring by governments, and that no applications be permitted to deploy encryption that the government could not disable or defeat on demand. Prime Minister Cameron has said this explicitly of late, and is seeking support from other European leaders and President Obama for this disastrous concept.

Let's be crystal clear about this. While the initial discussion might revolve around instant messaging apps, it's obvious that the logical and inevitable extension of this concept is to require the undermining of all Internet encryption. Email. PGP. SSL/TLS. The works.

And what you can't backdoor or otherwise undermine you simply outlaw, with criminal penalties draconian enough to scare off all but the most dedicated or masochistic of free speech and security activists.

The word "security" is critical here, because while these leaders are claiming that such proposals would enhance security to "protect us from the terrorists" -- in reality the proposed decimation of the foundational structures of cryptographic systems would put all of us -- our personal information, our power systems, our industrial facilities, and so many other aspects of our lives -- at the mercy of cyberattacks newly enabled by such weakened and so inevitability exploitable encryption ecosystems.

Without any exaggeration, this may easily be the most serious threat to Internet security -- and so to the entire global community that now depends on the Internet for so many facets of our lives -- since the first ARPANET messages clattered over a teletype at UCLA decades ago.

Legitimate and measured means to fight against the scourge of terrorism are essential. But those do not include trying to convert the secure communications of law abiding citizens -- billions of them -- into "tap on demand" portals for government snoops, no matter how ostensibly laudable or graphically terrifying those officials attempt to frame their arguments.

We've all come to expect the "government owns your communications" propaganda from Putin and his ilk.

To hear the same sort of twisted reasoning -- no matter how candy coated or sprinkled with excuses -- flinging forth from our Western leaders is disheartening in the extreme, and must not be accepted without vigorous challenge, debate, and due consideration for the enormous damage such proposals could easily wreak on us all.

I am a consultant to Google -- I speak only for myself, not for them.

Posted by Lauren at 02:25 PM | Permalink

January 08, 2015

The Charlie Hebdo Assassinations, Free Speech, and The Right To Be Forgotten

You can watch and hear it spreading virally around the world -- a chant of defiance against evil: "Je Suis Charlie" - "I am Charlie" -- crowds, signs, hashtags -- it's everywhere, and it deserves to be.

And in the wake of the hideous mass assassinations at the offices of Charlie Hebdo in Paris, suddenly France, Europe, and the rest of the world are very suddenly very enthusiastic indeed about free speech.

Lest there be any confusion about the matter, free speech -- even obnoxious, ridiculing speech -- even speech that sometimes is immensely disturbing and painful to innocent parties, is a fundamental aspect of this phenomenon. For provocation via free speech was Charlie's stock in trade, and the proud avocation of its murdered staff.

They had been physically attacked before. At least one now senior staff member -- killed in this attack -- reportedly had continuous police protection. Recorded employee interviews display clearly not only that Charlie's writers and cartoonists understood how offensive and disturbing much of their publication was to many persons, but also that they were fully cognizant of how potentially dangerous to themselves this could be. They routinely rejected outside suggestions, even by world leaders such as President Obama, that in some cases they were exacerbating problems rather than helping to solve them. For indeed, the freedom to say something doesn't necessarily mean that it's always appropriate to actually say it.

But except in a relatively minuscule number of situations where immediate, direct physical risk to individuals or property are involved, we must hold the right to free speech as inviolate, as one of the most fundamental of human rights.

For when speech is censored or otherwise controlled by governments, we lose access to the fundamental raw material -- information -- by which we can determine what's really going on around us affecting the lives of ourselves, our colleagues, and our loved ones.

It is entirely appropriate in the wake of the Paris horror that we also now hear people around the world quoting Evelyn Beatrice Hall's famous illustrative line from her 1906 biography of French writer, historian, and philosopher François-Marie Arouet -- Voltaire -- "I disapprove of what you say, but I will defend to the death your right to say it."

So it is notably ironic indeed that it's from Europe itself that the single most dangerous and potentially damaging anti-free speech abomination has spewed forth -- the EU's notorious "Right To Be Forgotten" (RTBF), since the very concept of RTBF -- which the EU is now proposing be applied as a global censorship mechanism against Google and other websites -- is utterly and absolutely in conflict with the entire basis of free speech.

Even if for the sake of the argument we momentarily ignore the slippery slope nightmare of RTBF-type laws in the hands of evil leaders and others whose goals are to cleanse history of search results of which they don't approve or appreciate, the foundational idea of RTBF, the false belief that it is possible to slice and dice and micromanage free speech without destroying it, is utterly specious and immensely dangerous.

If we are to stand as a world in support of free speech in the vein of the murdered patriots of Charlie Hebdo, we must also stand united against the gross hypocrisies represented by The Right To Be Forgotten and similar concepts around the world.

To do less would be to dishonor the many brave persons who have died in the name of free speech -- not only in Paris this week, but throughout history.

We are all Charlie. And we are all the Internet.

And free speech must remain truly free.

Take care, all.

I am a consultant to Google. I speak only for myself, not for them.

Posted by Lauren at 09:15 AM | Permalink

December 24, 2014

To President Obama, Sony Pictures, and The World on this Christmas Eve

Once upon a time -- not so very long ago, because I can remember it quite clearly myself -- it was traditional to release films and shows for Christmas Day that celebrated the underlying message of peace and hope inherent in Christmas -- a message I believe we can all appreciate regardless of our religious affiliations, religious beliefs, or lack thereof. It's not often that I quote the New Testament or any religious works, but buried down in John 8:7 a key personage is quoted as making a rather profound statement about he who is without sin casting the first stone. And for Christmas, I would assert that this concept especially applies.

Anyone who truly believes that the celebration of a trash, adolescent "comedy" focused on assassinating the current (yes, dictatorial, murdering, evil, vile) leader of North Korea is likely to do anything other than make matters worse for the oppressed populations there -- well, you're living in the nightmare twin of Fantasyland.

And while none of us would celebrate the mess that the Sony hack has created for their innocent employees and ex-employees, it is also a fact that Sony's longstanding abysmal computer security practices left them wide open for such an attack -- regardless of whoever actually launched it (and a wide variety of technical observers, including myself, are highly skeptical that it was actually North Korea, despite convenient U.S. federal government claims).

So I for one am unwilling to reward Sony for an awful film concept -- I'd categorize any film that tried to make light of killing an actual, living human being that way (no matter how awful that person might be).

It is also the case that documents revealed in that hack -- there's no way to ignore them or get them back into the bottle -- have revealed Sony's complicity in an underground effort to effectively seize control of Internet freedom of communications, in furtherance of protecting their own perceived intellectual property rights -- collateral damage to everyone else be damned! Yet another reason not to reward or celebrate Sony.

So I have a modest suggestion. Instead of paying to see The Interview when Sony launches its limited debut on Christmas Day, head over to:


There you will find (at least for now) the entire, uncut, wonderful 1962 presentation of Mr. Magoo's Christmas Carol. I've discussed this marvel in other venues in the past, but for now I'll simply note that this adaptation of Charles Dickens' A Christmas Carol still rates among the most popular versions, all these decades later. The songs being written by the Broadway team of Jule Styne and Bob Merrill, who shortly thereafter collaborated on Funny Girl -- are no small part of its magic.

My original more extended comments about this program are at this 2011 G+ posting (the video clip linked to that posting appears to no longer be fully intact):


So please. We all know that North Korea is probably the most horrible place to live on Planet Earth. But don't reward Sony for this awful mess that they themselves enabled through their own unforced errors.

I fully support those theaters and online venues that have chosen to make this movie available in the interests of free speech. But that doesn't mean you're required to watch it. A film like this is unlikely in the extreme to bring about positive change in a horrible place like North Korea. If anything, it could drive their insane leadership to even further internal repression.

So my personal recommendation is to ignore this film. Instead, fire up the Chromecast, or the Google TV box, or the Roku, or the Amazon Fire, or the smart TV, and watch Mr. Magoo's Christmas Carol on the big screen, from a beautiful print that TV viewers couldn't imagine ever seeing back in 1962!

Peace to you all for Christmas and this holiday season.

Take care, everyone.

I am a consultant to Google. I speak only for myself, not for them.

Posted by Lauren at 08:51 AM | Permalink

December 18, 2014

How We're All Being Suckered Over the Sony Hack

By now you've heard that Sony has canceled (for the moment, anyway) the debut of a controversial "comedy" film concerning a plot to assassinate the current leader of North Korea. Given that North Korea indeed has an evil, vile government, Sony apparently thought that a vile, tasteless film was the appropriate response -- very 21st century Hollywood thinking, indeed.

Sony's suspension of "The Interview" -- ostensibly in response to the mass hacking of their corporate systems and associated threats -- has already become a new talking point among proponents of controversial legislation that would almost certainly ultimately give the government vast new abilities to monitor and control privately owned networks and computer systems -- "for those private firms' own good" of course.

Yeah. Of course. But who are we mere computer scientists and technologists to argue with the likes of world-renowned "cybersecurity expert" Newt Gingrich, who has already declared that the Sony hack and Sony's response means that the USA has "lost its first cyberwar." Wow, that sounds scary.

And hell, if Newt proclaims something, it must be true.

Or not.

The very nature of this situation suggests that we will never know the real truth of the matter.

But boys and girls, my gut feeling is that we're being seriously suckered.

First we're told that the Sony hack was incredibly sophisticated and brilliant, of the sort that (supposedly) only a well-funded nation-state could muster.

Then we start to hear from researchers who have looked at this in more detail, and we learn that the actual exploit was relatively simplistic and run-of-the-mill, rather sloppy in fact.

So how could such a crude exploit do so much damage to Sony?

Well, we've also now learned that -- reportedly -- Sony's computer security practices were well known within the company as being somewhere south of McMurdo Station -- that is, really abysmally sloppy and inept.

So you apparently didn't need a nation-state with vast cyberwar attack resources to pull this off. Perhaps a bored 18-year-old looking for "lulz" from his parents' basement would be more than adequate to the task.

Given all this, why are we seeing so much focus on North Korea? Why is the U.S. government saying that North Korea is "behind" the attacks -- or that at least some group "allied" with North Korea was responsible.

Or maybe just someone who has "heard" of North Korea?

Let's face it. Since this attack has been tied to a film that at the very least attempted to make sick "fun" of assassinating Kim Jong-un, one might say (if one was of a conspiratorial mindset about this) that it all almost seems "purpose built" as a mechanism to justify whatever new anti-North Korea sanctions have been simmering in the background.

And as I noted earlier, it also fits in very nicely with the "government needs to be in charge of private computer security" storyline as well.

However, we don't even need conspiracies to work this one out to a significant degree of confidence.

These kinds of cyberattacks are notoriously difficult to source. There are so many ways to confuse and obfuscate and false flag and misdirect -- that we're unlikely to ever know with certainty who was actually behind the Sony hack itself.

Yet we do know with certainty that there are commercial "cybersecurity" firms itching to leverage panic into sales, and government "cyberwar" divisions always on the prowl for excuses to further inflate their already obscenely bloated budgets.

So ... which is going to play more effectively into these narratives -- the 18-year-old in the basement lounge chair with a keyboard in their lap ... or a nightmarish cyberattack conveniently pinned on the megalomaniac leader of a pariah nation?

Yes, I could be wrong. Maybe we're actually getting the straight story on all this from our elected officials and their multitude of minions. Maybe this all really was a dastardly attack by North Korea on a mediocre Sony film.

Then again, there's a bridge over the East River connecting with New York City that you might want to buy as well.

Just sayin' ...

Be seeing you.

I am a consultant to Google. I speak only for myself, not for them.

Posted by Lauren at 01:16 PM | Permalink

October 24, 2014

Stop the Ebola Witch-Hunt!

There's a wonderful old 1963 episode of the classic original "The Outer Limits" series called "The Sixth Finger."

It stars David McCallum as a man who is artificially and rapidly evolved into the human of the far future, both in terms of physical appearance and vastly enhanced intellect.

At one critical juncture, as he surveys the pitiful confusion of the ordinary humans who want to destroy him for being different, he proclaims, "Your ignorance makes me ill and angry."

But you don't have to be a super-intellect to feel both ill and angry at the spectacle of the current Ebola witch-hunt, being largely orchestrated by so-called radio and television "journalists" and lowlife politicians, with masses of ordinary folks being whipped into a frenzy of hate and prejudice as a predictable (and we may reasonably assume, intentional) result.

The worst offenders are the usual sycophant suspects. Moronic right-wing talk show hosts like Rush Limbaugh, the FOX News clowns, and the rest of the theocratic, anti-science, anti-health care, racist boosters of the rich and haters of the poor. You can tune them in anytime, ranting that Ebola is all a plot by Obama, that we should ban anyone who has been in Africa, and that we're about to be destroyed by an Ebola mutated into an airborne horror.

Sad to say, CNN -- once a great news organization -- now spinning out of control into the pit of mediocrity under the reigns of Jeff Zucker, has been a particular offender, going wall to wall for ratings with breathless, panicked Ebola stories, only sidetracking into other items if they're bloody enough or feature globe-trotting chefs or the new retread of "Dirty Jobs." In fact, one of the few sane recent commentaries I've seen on cable news lately about Ebola actually was on FOX News -- proving once again the old adage about a stopped clock not being incorrect quite all of the time.

And the Internet is now playing a major role as well. Blogs and other social media are being used to spread completely false rumors about Ebola outbreaks and deaths in the U.S., or attempting to capitalize on fake Ebola cures. Facebook and Twitter are being used today to vilify a doctor back from treating Ebola patients who has now tested positive for the disease.

Naturally, these purposeful attempts at panicking the populace are having nightmarish, sickly effects. One of those effects is to terrify health care workers, who know all too well what the sorts of demands now coming from talk show hosts, politicians, and panicked citizens would mean in terms of making a horrible situation in Africa even worse.

Attempts to ban persons who have traveled or transited from Africa would decimate relief efforts, as would country-specific travel bans in general. Demanding that every symptom-free health care worker who has been trying to help Ebola patients be quarantined upon return is not only unnecessary but would vastly undermine the willingness of health care workers to volunteer for such efforts in the first place. Meanwhile, where Ebola really is endemic -- in Africa -- it would continue to spread in the horrendous living conditions and primitive health care environment there -- putting ever more people in Africa at genuine risk.

Now, get this through your thick skulls, you idiot Ebola panickers and profiteers ...

The only people who get Ebola are ones who are in direct, close contact with persons in the throws of major Ebola symptoms -- like vomiting, horrible coughing, and other symptoms you wouldn't want to be anywhere near even if all they represented was a case of the flu.

It is not an epidemic here. It is not going to be an epidemic here.

And speaking of the flu -- now that's something you should be worried about! Thousands die every year from the flu here in the U.S., many for lack of simple vaccinations (thank the anti-vaccine nutcases for contributing to that). Unlike Ebola, the flu is airborne and easily spread.

Oh yes -- and ironically, the same GOP fanatics so desperate to repeal the Affordable Care Act ("Obamacare") that has provided millions with insurance and preventative care against diseases such as the flu, are the same hateful creatures who are out there now seemingly demanding draconian restrictions against anyone who even utters the word "Ebola" in public.

And just to be clear, this isn't just a GOP-orchestrated witch-hunt -- though they're the masters of the method. There are also Democratic politicians who are playing the Ebola scare card for all it's worth.

Given the toxic political landscape, it's six of one and half a dozen of another (and I don't mean "Outer Limits" fingers in this case) when it comes to reigning in our politicians on this. Ebola is their natural element for exploitation. You might as well try keep a bear away from a beehive dripping with honey.

But there is one thing I believe we can do. As I noted earlier, social media is being widely abused to spread Ebola panic and prejudice. When you see this occur, I urge you to call out the perpetrators publicly for what they are. Don't sit silently and let them get away with their hateful garbage.

Yes, this means having a thick enough skin to deal with the inevitable trolls, but this is a situation where we're talking about real lives being ruined not only by Ebola itself, but by purposefully orchestrated false stories and resulting panic, often using the Web as its carrier.

Thankfully, the Internet is still one place where we individually and collectively still have some real control.

Take care.

I am a consultant to Google -- I speak only for myself, not for them.

Posted by Lauren at 05:43 PM | Permalink

August 13, 2014

In UK, Experimenting With Heart Attack Victims Without Consent

Direct from the UK comes word of one of the more dubious medical experiments I've heard of in some time, that should raise ethical red flags around the world.

If you live in the Welsh, West Midlands, North East, South Central and London Ambulance Service areas, and you take no action to opt-out from a planned new University of Warwick study -- and you're unfortunate enough to have a heart attack -- you may randomly find yourself treated with a placebo rather than the conventional treatment of adrenaline. If you die from your heart attack, researchers will not actively seek out your relatives to inform them of how you were treated.

Persons who happen to see advertisements about the study in those areas and so learn of its existence can in theory opt-out --otherwise, you're a lab rat whether you want to be or not.

Researchers have a legitimate question -- does adrenaline therapy in these situations do more harm than good? Unfortunately, in their attempt to avoid study bias, they have violated a basic informed consent principle of ethical experimentation.

I suspect that this study stands a good chance of collapsing in the light of publicity, and the litigation potential appears enormous even for the UK. If nothing else, I would expect to see campaigns urging UK residents in the affected areas to opt-out en masse.

I would opt-out if I lived there.

Sometimes ostensibly "good science" is unacceptably bad ethics.

I am a consultant to Google -- I speak only for myself, not for them.

Posted by Lauren at 11:19 AM | Permalink

     Privacy Policy