Greetings. According to the Wall Street Journal, U.S. Senate immigration reform advocates Chuck Schumer and Lindsey Graham are proposing a mandatory biometric (e.g. fingerprint-based) National ID Card system, and are attempting to brush away privacy concerns as trivial and irrelevant.

Touted as "merely" a "right-to-work" card aimed at addressing illegal immigration concerns, there's simply no fast-talking around the fact that this plan will set in motion a massive national ID infrastructure that will ultimately penetrate every aspect of our lives. Anyone who suggests otherwise is -- sorry to say -- either a liar or a fool.

I basically care not one whit what other countries have done in this regard. When it comes to civil liberties, each nation is in the end responsible for their own nirvanas -- or hells. So apparently we'll need to save ourselves from the seemingly well-meaning but clearly bullheaded and misguided efforts of these two usually relatively sensible Senators.

Frankly, I can't think of many more effective ways to trigger an outpouring of civil disobedience among otherwise law-abiding and patriotic Americans than trying to stuff biometric ID cards up our you-know-whats (where the new airport full-body scanners won't be able to see them, by the way).

"Your papers, please! NOW Comrade!"

--Lauren--

Greetings. In a move of potentially enormous positive importance to hearing-impaired Internet Users, Google's YouTube today announced the deployment of their "auto-captioning" capability across the entire universe of YouTube videos.

The rapid expansion on the Internet of uncaptioned video has been increasingly putting hearing-impaired users at a disadvantage, but the decidedly nontrivial work required to caption videos, especially for producers with limited resources, has until now greatly limited the numbers of YouTube vids that were available with full or even partial captioning.

I've captioned some of my own videos in the past, both with the help of rudimentary tools and completely manually, and I can definitely attest to the fact that it can be quite tedious indeed.

So given today's YouTube announcement (and the discovery that some of my YouTube videos were already enabled for auto-captioning), I decided to run a quickie experiment using one of my previously uncaptioned videos.

Automatic speech recognition is a very difficult task, especially in the presence of music or noise, and YouTube notes that auto-captioning must be expected to be imperfect. I was interested in seeing how well it would function to speed up the process of hand-tuning a completely accurate captioning transcription.

Executive summary: It helps a great deal, to say the least!

The video I used for this experiment was my Is Net Neutrality a Communist Plot? satire.

This video includes a number of aspects particularly useful for this test. While most of the voiceover is not accompanied by backing music, there are sections of narration that are layered on music beds. Also, the audio for almost the entire length of the production is mixed with a purpose-built "noise" track to simulate a rotting old reel of film, and there are various other audio timing artifacts that I had manually introduced as well.

You can inspect the results by watching the video and enabling captioning.

At the lower-right of the YouTube playback window is an upward pointing arrow. Hover over it (or click) and you'll see a "CC" option that you can click to enable (it will then turn red). Also, if you hover over the small left-pointing arrow on the left side of the CC option, you can choose between two captioning tracks.

"Hand-Tuned" is the default and is my final captioning track after I corrected and tuned the results of YouTube's automatically-transcribed captioning. "Machine Transcription" is the actual and original automatically-generated captioning track that YouTube generated on its own.

The automatic captioning track obviously contains many errors (and is rather humorous in places). But we definitely must keep in mind (a) that the presence of music and noise naturally degrades the machine-transcription process, and especially (b) the enormous time-saver that having this automatic track -- even with its errors -- represents when it comes to creating a hand-tuned and polished final captioning track.

I can't emphasize this latter point enough. Being able to use the automatically generated track as a foundation allowed me to create a finished captioning track in a fraction of the time that would have been required when working with a script from scratch.

Obviously, expected results will vary from video to video, but I would expect that many videos, particularly ones with quiet backgrounds, will yield rather spectacular results with a minimum of hand tuning, and in many cases will be highly useful to users without any tuning at all.

And of course, we can expect that over time the quality of the auto-captioning transcriptions will only improve.

This is a big day for Internet video accessibility in general, and for YouTube in particular. Kudos to the YouTube teams!

--Lauren--

Greetings. Microsoft has now admitted trying to influence EU regulators involved in anti-trust reviews of Google, and asserts that there's nothing wrong with their doing so.

But there are numerous flaws in attempting to equate Microsoft's anti-trust woes with Google's current situation.

Chief among them is that Microsoft used repressive and anticompetitive tactics in its march to PC and browser domination.

Google's rise in market share has been tied to a basic concept -- they've simply provided better products that more people want to use. Being big or even dominant when you've grown by playing fair and by the rules isn't a crime. It's when anticompetitive behavior is involved that the alarms go off. Microsoft attempted to effectively lock competitors out of the market through draconian licensing agreements and other means. On the other hand, Google's competitors have always been -- and still are -- only a mouse click away for virtually any user anywhere in the world.

And despite some critics' claims to the contrary, it's clear that Google goes to great lengths to try keep their organic search results as algorithmically "clean" and undistorted as possible. Is this process perfect? Of course not -- there's a continual stream of tweaks to the search rankings algorithms behind the scenes, but a laudable avoidance of modifying specific, individual search results rankings. As far as I can tell, the purported claims of unfair bias in Google natural search results are nothing but sour grapes.

--Lauren--

Update (February 28, 2010): This Wired article from a bit over a year ago -- "The Plot to Kill Google" -- is excellent related additional reading.

Greetings. Responses to The Google Buzz Launch -- and the Limits of Downing Dogfood have been numerous and varied. Obviously, these controversies aren't going to vanish anytime soon.

Over on an (up to now "invisible") Google account, I've been testing a variety of Buzz and associated (e.g. Google Reader, Twitter) interactions. I've now opened that account to public participation and related discussions.

The account can be accessed via this Google Profile and can also be "followed" (by logged-in users) via that same page.

--Lauren--

Greetings. There's an old Hollywood adage suggesting that most of the time, "any publicity is good publicity." When it comes to the launch of Google Buzz, there's definitely some truth to that saying -- the widely discussed privacy issues associated with the launch have yielded the product a significant global awareness far outside the world of current Gmail users. And reports are that usage of Buzz is (sorry, I can't resist) buzzin' along at a very significant clip.

Still, the very public privacy controversies regarding Buzz over the week since its debut (hard to believe it's only been a week) are both fascinating and instructive.

In "Google Buzz" -- and the Risks of "Automatic Friends" I noted my own concerns about specific features of the original Buzz start-up experience defaults, and expressed the hope that Google would reconsider those defaults.

I wrote that piece on launch day after my own initial experiments with the product. Between then and now Google has announced two sets of significant changes to Buzz that do a good job of addressing the issues that I noted.

But as seems to be the case with anything involving Google these days, one comments publicly at one's own risk. After I was widely quoted as praising the first round of Google's Buzz changes and noting that, "The thing hasn't been out a week, it's going to take some period to hash out." -- the volume of vitriolic "hate" e-mail that I received on the topic was both large and in some cases rather bizarre.

These missives fell into several categories. The "Google Conspiracy" set are always fun reading. In the case of Buzz, the theory seems to be that the initial default settings were part of a "secret plot" by Google to abuse users' e-mail contact lists and associated data. A glaring problem with that supposition is that there was nothing at all secret about the default followers policy that Buzz established. While many users may have not initially understood the full implications of the defaults, or alternatively (as in my case) may have felt that the defaults had some inherently risky characteristics or were problematic in other ways, the settings certainly weren't secret. It was clear from the onset what the model was for the "initial populating" of Buzz followers.

Another group of these correspondents complained that I shouldn't have praised Google for the changes they were making to Buzz, even though the changes were pretty much exactly what I had suggested would be useful. The implication of such "damned if you do and damned if you don't" logic is that unless a product is 100% correct right out of the starting gate, it deserves to be condemned to an inner circle of hell forever.

Frankly, I look at this from pretty much the opposite point of view. If you always play it totally safe in product design, for fear of making any mistakes, true innovation is slowed or in many cases even impossible. That Google erred in their initial design of the Buzz defaults is significant, but far more important to me is the extreme rapidity with which they publicly acknowledged these problems and have moved to fix them -- and word is that even more changes addressing various Buzz issues will be forthcoming very shortly.

But caustic communications within my inbox aside, one might still reasonably ask how Google apparently so significantly misread the likely reaction to the original Buzz defaults in the first place.

I don't have any inside information on this score, so like anyone else on the outside of Google I can only speculate. But it seems certain that Buzz was extensively tested within Google itself for a significant period before it was released to the public a week ago.

This sort of very wide (but still internal) testing of a product through actual use is commonly called "dogfooding" -- that is, "eating one's own dog food."

It's an excellent way to discover and hammer out technical deficiencies in a product, but can have significant limitations if the reaction of users within the "dogfooding" community leads to a less than fully accurate extrapolation to how the user population outside the confines of the firm itself will react.

The Google corporate culture is remarkably open on the inside, with a tremendous amount of information sharing among individuals and projects. It's easy to imagine how many enthusiastic, pre-public-launch Google users of Buzz might have inadvertently had something of a blind spot to the more "compartmented" nature of e-mail and "social messaging" communications that is much more the norm in the "outside world."

This highlights a key limitation of dogfooding, or even of testing involving non-corporate early adopters. If sample sets are not sufficiently large and especially broad in terms of different sorts of users in different kinds of situations, it's possible for internal enthusiasm to lead any engineering team to assumptions that may not necessarily be optimal for a released product facing a global user base.

Whether my speculation above does or doesn't resemble what actually occurred internally at Google related to Buzz, it is demonstrably true that to the extent we can formulate a product's design to anticipate and encompass the widest practicable range of user concerns and sensibilities, the lower the probability of launch missteps.

But even when such missteps do occur, the ability to react quickly, openly, decisively, and effectively to address resulting concerns is paramount, and Google's responses to the Buzz privacy controversies have been an excellent example of doing so in very much an exemplary fashion.

--Lauren--

Greetings. A bit over a year ago, I reported here about a commercial firm using JavaScript tricks to pry into the site browsing history of unsuspecting Web users, and I discussed the serious negative implications of such spying.

Now comes a handy "do it yourself" guide detailing the kinds of obnoxious techniques involved, under the name "Sniff browser history for improved user experience" -- a quintessential example of how to portray (that is, spin) an obvious privacy invasion as if it were a user-friendly value proposition.

It's not terribly surprising that the author of the piece devotes only a couple of words to even the possibility that such techniques could be used for "evil" purposes.

But what's perhaps even more nauseating is the pro-privacy-invasion fan-boy comments to his article, mostly drooling over the possibilities.

While the browser history voyeurism technique described is not without some inherent limitations, it is more than powerful enough to be abhorrent to almost anyone with even a modicum of ethical sensibilities.

Turning off JavaScript is simply not practical for most Web users these days, given the major dependence on JavaScript and AJAX technologies at the heart of so many major (and less than major) Web sites.

But I can't find any ethical loophole for the use of such browser history surveillance techniques in the absence of affirmative and fully-informed opt-in permission being given by users for such intrusions.

I have no gripes with systems that collect browsing history information when this behavior is appropriately disclosed and explicitly agreed to by users in a voluntary manner (e.g., as is the case with various special-purpose toolbar products).

However, when browser history collection isn't disclosed and permission for that collection is not voluntarily granted, "sniffing" of user browser histories is the textbook definition of spying -- plain and simple -- regardless of whether or not the Web site operator claims that they're using the information collected only for "good" purposes.

For some Web users, the information that could be revealed by the application of such techniques could have health, safety, and even perhaps national security implications (think about the browser histories of law enforcement personnel, for example).

I'm not a lawyer, but I would assert that such spying should be illegal -- if it isn't already a civil or criminal infraction in various locales.

At the very least, I'd welcome the readership's suggestions as to legal processes (notifications?) and/or technical methods to fight back against anyone attempting to deploy these browser history spying abominations. But please keep in mind the limitations of script blocking plugins (that I described in my earlier blog posting), and the impracticality of turning off all JavaScript for most users.

Any ideas?

--Lauren--

Update: I should note that the "Browser History Sniffing" article referred to above was originally published two years ago, but has been making the rounds again including on current syndication feeds. In any case, the issues discussed above are as valid now as they were one year or two years back. Most people need JavaScript and aren't going to hassle with JavaScript or CSS blocking plugins. Rapid browsing history deletion makes histories useless for most users -- I know that I don't want to give up the value I get from histories over significant periods of time. But ultimately, the big issue is why should people need to jump through hoops to protect themselves from such invasive practices that should not be acceptable or possible in the first place?

Greetings. Sometimes a seemingly small software update can usher in a whole new world. When Microsoft shortly pushes out a Windows 7 update with the reportedly innocuous title "Update for Microsoft Windows (KB971033)" -- it will be taking your Windows 7 system where it has never been before.

And it may not be a place where you want to go.

Imagine that you're sitting quietly in your living-room at your PC, perhaps watching YouTube. Suddenly, a pair of big, burly guys barge into your house and demand that you let them check your computer to make sure that it's "genuine" and not running pirated software. You protest that you bought it fair and square, but they're insistent -- so you give in and let them proceed.

Even though you insist that you bought your laptop from the retail computer store down the street many months ago, and didn't install any pirate software, the visitors declare that your computer "isn't genuine" according to their latest pirated systems lists, and they say that "while we'll let you keep using it, we're modified your system so that it will constantly nag in your face until you pay up for a legit system!" And they head out the door to drop in on the eBay-loving grandmother next door.

You then notice that the wallpaper on your PC has turned black, and these strange notifications keep popping up urging you to "come clean."

Ridiculous? Well, uh, actually no.

Microsoft most definitely has a valid interest in fighting the piracy of their products. It's a serious problem, with negative ramifications for Microsoft and its users.

But in my opinion, Microsoft is about to embark on a dramatic escalation of anti-piracy efforts that many consumers are likely to consider to be a serious and unwanted intrusion at the very least.

It's important for you to understand what Microsoft is going to do, what your options are, and why I am very concerned about their plans.

Back in June 2006, in a series of postings, I revealed how Microsoft was performing unannounced "phone home" operations over the Internet as part of their Windows Genuine Advantage authentication system for Windows XP. (The last in that series of postings describes Microsoft's reaction to the resulting controversy.) The surrounding circumstances even spawned a lawsuit against Microsoft, which coincidentally was recently dismissed by a judge.

But Microsoft has continued to push the anti-piracy envelope, now under the name Windows Activation Technologies (WAT).

This time around, to the company's credit (and many thanks to them for this!) Microsoft reached out to me starting several months ago for briefings and discussion about their plans for a major new WAT thrust -- on the basis, to which I agreed, that I not discuss it publicly until now.

The release of Windows 7 "Update for Microsoft Windows (KB971033)" will change the current activation and anti-piracy behavior of Windows 7 by triggering automatic "phone home" operations over the Internet to Microsoft servers, typically for now at intervals of around 90 days.

The purpose? To verify that you're not running a pirated copy of Windows, and to take various actions changing the behavior of your PC if the WAT system believes that you are not now properly authenticated and "genuine" -- even if up to that point in time it had been declaring you to be A-OK.

Note that I'm not talking about the one-time activation that you (or your PC manufacturer) performs on new Windows systems to authenticate them to Microsoft initially. I'm talking a procedure that would "check-in" your system with Microsoft at quarterly intervals, and that could take actions to significantly change your "user experience" whenever the authentication regime declares you to have fallen from grace.

These automatic queries will repeatedly -- apparently for as long as Windows is installed -- validate your Windows 7 system against Microsoft's latest database of pirated system signatures (currently including more than 70 activation exploits known to Microsoft).

If your system matches -- again even if up to that time (which could be months or even years since you obtained the system) it had been declared to be genuine -- then your system will be "downgraded" to "non-genuine" status until you take steps to obtain what Microsoft considers to be an authentic, validated, Windows 7 license. In some cases you might be able to get this for free if you can convince Microsoft that you were the victim of a scam -- but you'll have to show them proof. Otherwise, you'll need to pull out your wallet.

I'm told that the KB971033 update is scheduled to deploy to the manual downloading "Genuine Microsoft Software" site on February 16, and start pushing out automatically through the Windows Update environment on February 23. Blog Update 5:05 PM: This blog entry originally listed the KB number without the leading 9, since that was the way it was provided to me verbally and confirmed by Microsoft. They have now notified me that Update for Microsoft Windows (KB971033) is the actual designation, so I have made the appropriate change to the KB number throughout this posting.

The update will reportedly be tagged simply as an "Important" update. This means that if you use the Windows Update system, the update will be installed to your Windows 7 PC based on whatever settings you currently have engaged for that level of update -- it will not otherwise ask for specific permission to proceed with installation.

If your Windows Update settings are such that you manually install updates, you can choose to decline this particular update and you can also uninstall it later after installation -- without any negative effects per se. But don't assume that this will always "turn back the clock" in terms of the update's effects. More on this below.

Also, reportedly if the 90-day interval WAT piracy checking system "calls" are unable to connect to the Microsoft servers (or even if they are manually blocked from connecting, e.g. by firewall policies) there will reportedly be no ill effects.

However -- and this is very important -- if the update is installed and the authentication system then (after connecting with the associated Microsoft authentication servers at any point) decides that your system is not genuine, the "downgrading" that occurs will not be reversible by uninstalling the update afterward.

The WAT authentication system also includes various other features, such as the ability to automatically replace authentication/license related code on PCs if it decides that the official code has been tampered with (Microsoft rather euphemistically calls this procedure "self heal").

I've mentioned that Windows 7 systems will be "downgraded" to "non-genuine" status if they're flagged as suspected pirates. What does this mean?

Essentially, they'll behave the same way they would if they had failed to be authenticated and activated initially within the grace period after purchase.

Downgraded systems will still function much as usual fundamentally, but there will be some very significant (and very annoying) changes if your system has been designated non-genuine.

The background wallpaper will change to black. You can set it back to whatever you want, but once an hour or so it will reset again to black.

Various "nag" notifications will appear at intervals to "remind" you that your system has been tagged as a likely pirate and offering you the opportunity to "come clean" -- becoming authorized and legitimate by buying a new Windows 7 license. Some of these nags will be windows that appear at boot or login time, others will appear frequently (perhaps every 20 minutes or so) as main screen windows and taskbar popup notices.

Systems that are considered to be non-genuine also have only limited access to other Microsoft updates of any kind (e.g., access to high priority security updates, but not anything else, may be permitted).

And of course, under the new WAT regime you run the risk of being downgraded into this position at any time during the life of your PC.

In response to my specific queries about how downgraded systems (particularly unattended systems) would behave vis-a-vis existing application environments, Microsoft has said that they have taken considerable effort to avoid having the downgrade "nag system" interfere with the actual running of other applications, including stealing of windows' focus. It remains to be seen how well this aspect turns out in practice.

All of this brings us to a very basic question. Why would any PC owner -- honest or pirate -- voluntarily participate in such a continuing "phone home" authentication regime?

Obviously, knowledgeable pirates will avoid the whole thing like the plague any way that they can.

Microsoft's view, as explained to me and as primarily emphasized in their blog posting that will appear today announcing the WAT changes, is that honest Windows 7 users will want to know if their systems are running unauthentic copies of the operating system, since (Microsoft asserts and indeed is the case) those systems have a significant likelihood of also containing dangerous viruses or other potentially damaging illicit software that "ride" onto the PC along with the unauthentic copy of the OS.

But even if we assume that there's a noteworthy risk of infections on systems running pirated copies of Windows 7, the approach that Microsoft is now taking doesn't seem to make sense even for honest consumers.

If Microsoft's main concern were really just notifying users about "contaminated" systems, they could do so without triggering the non-genuine downgrading process and demands that the user purchase a new license (demands that will be extremely confusing to many users).

As I originally discussed in How Innocents Can Be Penalized by Windows Genuine Advantage, it's far more common than many people realize for completely innocent users to be running perfectly usable -- but not formally authenticated -- copies of Windows Operating Systems through no fault whatever of their own.

OK, let's review where we stand.

The new Microsoft WAT regime relies upon a series of autonomous "cradle to grave" authentication verification connections to a central and ever-expanding Microsoft piracy signature database, even in the absence of major hardware changes or other significant configuration alterations that might otherwise cause the OS or local applications to query the user for explicit permission to reauthenticate.

Microsoft will trigger forced downgrading to non-genuine status if they believe a Windows 7 system is potentially pirated based on their "phone home" checks that will occur at (for now) 90 day intervals during the entire life of Windows 7 on a given PC, even months or years after purchase.

That Microsoft has serious piracy problems, and has "limited" the PC downgrading process to black wallpaper, repeating nagging at users, and extremely constrained update access isn't the key point. Nor is the ostensibly "voluntary" nature of the update triggering these capabilities (I say ostensibly since almost certainly most users will have the update installed automatically and won't even realize what it means at the time).

The new Microsoft WAT update and its associated actions represent unacceptable intrusions into the usability of consumer products potentially long after the products have been purchased and have been previously declared to be genuine.

Microsoft is not entirely alone in such moves. For example, a major PC game manufacturer has apparently announced that their games will soon no longer run at all if you don't have an Internet connection to allow them to authenticate at each run.

Still, games and other applications are one thing, operating systems are something else altogether. And regardless of whether we're talking about games or Windows 7, it's unacceptable for consumers to be permanently shackled to manufacturers via lifetime authentication regimes -- particularly ones that can easily impact innocent parties -- that can degrade their ability to use the products that they've purchased in many cases months or even years earlier.

Fundamentally, for Microsoft to assert that they have the right to treat ordinary PC-using consumers in this manner -- declaring their systems to be non-genuine and downgrading them at any time -- is rather staggering.

Make no mistake about it, fighting software piracy is indeed important, but Microsoft seems to have lost touch with a vast swath of their loyal and honest users if the firm actually believes their new WAT anti-piracy monitoring system is an acceptable policy model.

My recommendations to persons who currently run or plan to run Windows 7 are simplicity themselves.

I recommend that you strongly consider rejecting the manual installation of the Windows Activation Technologies update KB971033, and do not permit Windows Update to install it (this will require that you not have your PC configured in update automatic installation mode, which has other ramifications -- so you may wish to consult a knowledgeable associate if you're not familiar with Windows Update configuration issues).

And if at some point in the future you find that the update has been installed and your PC is still running normally, remove the update as soon as possible.

While I certainly appreciate Microsoft's piracy problems, and the negative impact that these have both on the company and consumers, I believe that the approach represented by this kind of escalation on the part of Microsoft and others -- into what basically amounts to a perpetual anti-piracy surveillance regime embedded within already purchased consumer equipment -- is entirely unacceptable.

--Lauren--

Update (2/14/10): Google has already announced two sets of significant changes to Google Buzz in response to concerns such as those that I expressed in the posting below. I'm very pleased by the extremely rapid (all within less than a week) moves by Google to address these issues in a positive and direct manner. Since many readers have been asking me about this topic, I may have more to say on the subject in the near future.

Update (2/15/10): The Google Buzz Launch -- and the Limits of Downing Dogfood

Greetings. As you may have heard, Google has finally rolled out their integrated approach to social networking. Called Google Buzz (oddly, there's already a different sort of Yahoo! Buzz), this sort of service from Google was inevitable given the rise in social networking.

Whether or not the goal of Google Buzz (let's call it "Gbuzz" for now) is really to be a Twitter or Facebook "killer" as some observers have suggested, Google is doing a couple of key things very differently with Gbuzz -- one of them very positive, the other seemingly quite problematic.

First the good part. Following in Google's tradition of promoting open standards, Gbuzz has reportedly been created to be an open platform that will have API-based conduits for third-party apps. So all manner of interfaces can flower. Excellent.

Now for the not so excellent. Gbuzz, being tightly integrated with Gmail, apparently makes the implicit assumption that your frequent e-mail contacts should also automatically be declared as your "friends" for social update sharing purposes, and by default creates automatic "follow" lists on this basis.

Maybe this will work just fine for some people, but man, it might be just plain dangerous for others -- perhaps especially those persons who use a single Gmail account to communicate with both personal friends and business associates. Is routinely updating your business acquaintances with the same information as your personal contacts typically appropriate? Doubtful.

To be sure, you can manually drop specific Gbuzz "friends" from your list. Well, sort of. I didn't see obvious analogues in Gbuzz for Twitter's "block" or "lock" functions, and there are a number of mysterious "no profile" anonymous "followers" in Gbuzz that I seem to have on Day Zero -- and who I can't seem to identify or delete in any way. Who are they? I don't know! Hmm.

Of primary concern of course is the risk that users will inappropriately share specific information in compromising, embarrassing, or perhaps even hazardous ways, by not being fully cognizant of whom they're actually sharing with at any particular time. The Google Reader/Google Chat sharing assumptions have already been known to cause some users problems, and the Gbuzz tie-in to Gmail would appear to expand the universe of potential similar issues extensively.

There are counter-arguments. Google's sharing options are off unless you activate them, and you're under no obligation to actually use Gbuzz no matter how much you use Gmail. And it could be argued that people who want to share should be diligent about pruning their friend lists -- especially automatically created friend lists!

But overall, my gut feeling is that, however much Google wanted to encourage social networking within their product mix, the default algorithm for friends selection in Google Buzz is wrong.

There should be a much more aggressive procedure to ensure that users have vetted each "automatic friend" that Gbuzz adds to sharing lists. Without affirmative approval from users (unless they specifically choose to waive such confirmations) users' individual e-mail correspondents should probably not be added to friend lists without specific approval in each individual case.

As I've said many times before, defaults really do matter. I hope that Google will reconsider the defaults that apparently are currently implemented in Google Buzz.

--Lauren--

Greetings. For years I've talked about the bizarre conflict between calls to rapidly delete or anonymize data that could be used for abusive tracking of Internet users, vs. calls from other quarters -- mostly in law enforcement -- for extended retention of such data.

Sometimes different divisions of the same governments are pulling on opposite ends of this particular issue.

So at the same time that Google, for example, has made excellent strides in limiting the retention periods for non-anonymized tracking data (such as IP addresses), we see pressures rising from police agencies pushing in exactly the opposite direction.

Now this conflict has become even more explicit, with word that the FBI has been pressuring ISPs to maintain two years of user Web browsing data -- something that -- to the ISPs' credit -- no major U.S. ISP is thought to be currently doing.

Similar pressures -- including calls for explicit laws to require such retention -- have also been spewing forth from other law-enforcement-related organizations for quite some time, with the usual claim that c-porn investigations (somehow this usually seems to be listed ahead of terrorism concerns) justify the creation of a massive Internet activity records surveillance regime.

Right now the focus appears to be on origin and destination IP addresses, which ISPs can easily capture on any direct connection (including https: encrypted connections), to the extent that proxies are not in use.

But a bit of mental exploration illuminates why the proponents of mass Internet data retention will never be satisfied with IP addresses alone.

Let's think about why.

First, most Web sites are actually "virtual hosts" -- meaning that hundreds, thousands, or even more individual Web sites may be served on the same destination IP addresses.

For surveillance records to be useful, it is certain that authorities would want to know exactly which sites, and in many cases ideally which specific URLs, were being accessed.

Unless deep packet inspection (DPI) were employed to spy on unencrypted traffic (or sophisticated man-in-the-middle techniques were attempted against encrypted traffic when practicable) the obvious means to determine specific site and URL information would be from server-side logs.

That is, authorities would need to go to the operators of the Web servers in question and request or demand the logs that showed which sites had been accessed at particular times. These same logs would typically provide URL information as well.

Combine this with ISP-provided source and destination IP address data, and ISP mappings of which subscribers were assigned to particular dynamic IP addresses at any given point in time, and you have everything you need to reduce the privacy of typical Web browsing to the level of postcards on parade. So passing ISP data retention laws or otherwise strong-arming ISPs into maintaining the data of interest won't do the trick alone -- you need to force every public Web site to similarly maintain log data and make it available to authorities on demand.

But wait a minute. We know that simple IP addresses can't themselves be relied upon to pinpoint individuals, even in the same household. And wouldn't people who didn't want to be tracked learn to rely on proxies, public Internet access points in libraries and coffee shops and ...

Hmm. How to box in those freedom-loving would-be criminal types?

Perhaps that's where Microsoft's Craig Mundie, who as I noted a few days ago is pushing for an Internet "Driver's" License, can help achieve a totality of Internet surveillance nirvana.

Any sort of "Internet User License" concept would be fraught with many more technical and infrastructural complexities than the "simple" data retention requirements discussed above, and would also be subject to various workarounds by the savvy.

But some relatively definitive means to identify individuals as opposed to only identifying Internet connections themselves would seem to be an ultimate Internet surveillance requirement, as anonymous Internet usage would increasingly undermine the ability of retained Internet connection records to provide the necessary raw meat for the sorts of surveillance society activities that are being propagandized as necessary for society's survival.

Internet surveillance proponents will attempt to claim that -- at least for now -- all that they really want is the Internet equivalent of called telephone number records.

Don't you believe it. The Internet has become integral to virtually every aspect of our lives. The spread of Cloud Computing -- a technology with enormous positive potential if appropriately managed and protected -- will further wed us all to distant servers.

The Internet sites and URLs that we visit, and the associated data that we send and receive, can reveal everything from the day-to-day trivia of our lives to our deepest passions and fears. Our personal, economic, political, and virtually every other aspect of our existence can increasingly be directly or indirectly discerned from the pulsing of our broadband connections.

The ability of Internet users to confidently trust the organizations and instrumentation of the Internet, everything from ISPs to Web services themselves, is not only a matter of faith in those specific entities' own veracities, but also a question of knowing that those enterprises will not be corrupted, blackmailed, or otherwise forced into the role of surveillance operatives at the behest or demand of potentially well-meaning, but still overzealous law enforcement paradigms.

Crime, terrorism, and the other evils of society are dark enough specters without attempts to control them shunting us into a different sort of nightmare.

Benjamin Franklin's now oft-quoted admonition that, "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety" has never been more relevant.

In the calls for steps toward a Surveillance Internet, we can hear the echos of past governments who promised their citizens law and order, and in the process marched them down the path of good intentions directly into figurative Hells on Earth.

We won't be fooled again.

Will we?

--Lauren--

Greetings. I woke up this morning to find my inbox flooded with concerned notes regarding a reported agreement being negotiated between Google and NSA - the National Security Agency ( [1] and [2] ).

The general trend of the messages, mostly from the same people who routinely treat me to rather paranoid anti-Google tirades, was largely along the lines of, "Here's another reason not to trust big, bad Google with our data."

I have no information beyond what has been published publicly regarding either this reported agreement or the Chinese-based attacks that are apparently the direct catalyst for the exploration of such an arrangement.

But I can explain why I'm not particularly concerned about this "partnership," so long as Google is being sufficiently careful and compartmented -- which I strongly suspect they are.

Older generations of NSA operatives are no doubt somewhat bemused by the openness with which the agency is discussed these days. Years ago, the official existence of "No Such Agency" was purposely kept so publicly nebulous that conference attendees from the agency routinely wore name tags only identifying their organization as "Department of Defense."

My first direct contact with NSA occurred many moons ago. I was sitting at a rather rickety CRT display in the UCLA ARPANET computer room, hacking at Unix OS code. A coworker popped his head into the noisy room, and announced that "two guys from NSA have shown up and want to speak to you."

Hmm. A quick mental review didn't reveal any recent felonies that might be of particular interest to the pair, so I popped out into the quiet of the "Boelter Hall" basement hall.

And sure enough, there awaited a couple of polite young men in dark suits holding notepads. Fascinating.

As it turned out, they had come to ask for software advice. At that point in time, before the widespread availability of terminal independent programming libraries like "termcap" and "termlib," I was something of the point man for ports of a particular Unix application to different terminal environments.

The NSA team wanted to talk about that application and some of the related porting issues -- and we had a nice chat. I wondered at the time why they hadn't just called or sent an e-mail -- I was LAUREN@UCLA-SECURITY back then and easy enough to reach. But maybe it was like the "hovercraft" guy in the current Orbitz commercials, who flies around hand-delivering refund checks because, what the hell, "We have a hovercraft!"

Years later, I discovered that NSA had become interested in my experiments with Unix-based newswire data collection and indexing, but that's another story.

The above was a long way of saying that NSA is both a premiere R&D institution and a signals intelligence (SIGINT) data collection and analysis organization.

That various serious abuses both long past and quite recent (at least the ones we know about that have come to public light) have occurred in the latter aspect of NSA is well documented -- James Bamford is the recommended starting point for interested readers new to the NSA sagas.

Yet it's undeniable that NSA represents the nation's most concentrated resource relating to cryptography and what now seems to be popularly called anti-cyberterrorism.

Controversies associated with NSA's involvements even in these regards have certainly been recurring facts of life -- NSA roles in the development of cryptosystems such as DES and AES are well-known examples. Recent over-enthusiasm by some members of Congress for proposals to establish direct NSA involvement in the day to day aspects of Internet security have justifiably raised significant privacy and other concerns.

But the fact still remains that the expertise represented by NSA in the computer security field is unparalleled in key contexts, and it is utterly reasonable that Google (and other technology firms) would consider carefully structured associations with NSA in the existing environment.

The devil is in the details, naturally. But Google knows that the continued patronage of their users is integrally associated with those users feeling confident that their data is safe from abuse.

I cannot visualize a circumstance under which Google would voluntarily agree to any partnership with NSA that could possibly marginalize or jeopardize that confidence. Of course -- and speaking only theoretically -- if Google were forced by governments to involuntarily cooperate with privacy-invasive schemes, we'd be faced with a whole different class of serious problems way outside the scope of the current discussion, and with far-reaching consequences for our democracy. But (based on all available evidence, one hopes) that's not where we are today.

It would however be extremely useful for Google to make as much information as possible publicly available regarding any association with NSA. At least the outlines of any data sharing arrangements should be announceable without negatively impacting operational effectiveness. A sustained lack of information in this regard tends to fuel the kinds of conspiracy-focused rumors that just love a vacuum.

NSA is perhaps a quintessential example of a government agency that exists as a double-edged sword. Properly directly and harnessed, its resources for our positive protection are vast. But if "running amok," NSA possesses at least equal potential for civil liberties abuses on a massive scale.

It makes perfect sense for Google -- like various other firms -- to work with NSA towards a better understanding and preventing of cyberattacks, so long as sufficient NSA isolation from Google user data is guaranteed.

But to use the vernacular, when dancing with Godzilla, it's always a really good idea to plan out your steps very, very carefully in advance -- for you never, ever want to find yourself underfoot!

--Lauren--

Greetings. I'm about to pose some difficult questions. I won't assert that I know the answers to them all or even suggest that succinct answers are possible. But the questions themselves cut to the heart of some of the most contentious and emotional ethical issues of the Internet today.

A California appeals court has just unanimously ruled that a lawsuit may move forward against the California Highway Patrol, related to horrific imagery of an 18-year-old girl decapitated in a traffic accident. The photos were allegedly forwarded by one or more on-scene CHP officers to another party, and then spread widely across the Internet.

The victim's family has been trying for years to hold the CHP responsible for the dissemination of these images, and to somehow reduce the impact and exploitation of these nightmarish photos and the associated hateful abuse that has spread across the Net. Many of the sites exploiting these images attempt to portray themselves as "educational" in nature -- but in reality most are merely purveyors of what the film industry calls "torture porn" -- but in this case they're dealing with the horrific death of a real person, not fictional characters and special effects.

Regular readers know that I'm firmly opposed to censorship and have praised Google's recent commitment to cease censorship of Google search results in China.

I have also suggested in the past that some sort of "dispute resolution" mechanism -- to deal with unusual or exceptional situations triggered by search engine results -- would be worthy of both consideration and debate. If you have a few minutes to spare, here is a pointer to some discussion of this issue.

So it's with some consternation that I consider the easy availability of the accident photos in question being facilitated via Google Images.

A simple search on the victim's name in Google Images yields seemingly endless copies of the exceedingly gruesome photos, even when Google SafeSearch is set to its most strict setting.

Let's be very clear. I'm not suggesting that the photos be banned. And indeed, Google is merely indexing and archiving imagery that is by definition actually posted and hosted at external sites not under Google's control.

But even given these facts, would it be fair to say that Google has no role to play in the exploitation and monetization of these images, and in the continuing grief that they cause the victim's parents and other family members?

Again, Google isn't the creator or poster of the photos in question. But Google is almost certainly the primary mechanism through which the vast majority of persons discover and locate these images.

There are some relatively simple amelioratory steps that I'd suggest in this specific case.

Google could take a more proactive stance to avoid having such images being so openly displayed when not in completely unfiltered SafeSearch mode. My hunch is that flagging most of these specific accident photos as posted -- even on an ongoing basis (based on keywords and Google's advanced image analysis algorithms) -- would be relatively straightforward given Google's resources.

More broadly, this case brings into focus a class of issues representing extremely difficult ethical dilemmas that often aren't subject to improvement through engineering alone.

Censorship is not only dangerous but essentially impossible to completely enforce on the Internet. A single copy of a text or photo (or musical performance or feature film for that matter), posted on the Web is likely to publicly survive in some form into technological perpetuity. That's the reality, like it or not.

On the other hand, it can be argued that Google and other aggregators of indexing information and links do bear some ethical responsibility to try -- within the bounds of common sense, free speech, and technical practicality -- to help avoid the widespread dissemination of exceptionally hurtful and damaging materials in unfiltered search result contexts.

In other words, it really should not be so easy to stumble across photos of a decapitated 18-year-old girl when Google Image search results are in a strict filtering mode.

At the macro level, to say that dealing with such issues is a dilemma presenting major scaling challenges is a significant understatement. But as I've earlier noted, there are a wide variety of situations where the algorithmic precision of search engine rankings can do real and completely unwarranted harm to actual people.

Which brings us to perhaps the most important question associated with this entire topic. From both technical and ethical standpoints, can we honestly say that it's unreasonable or impossible to research and deploy steps that would help prevent thoughtless acts conducted over the course of a few minutes -- like the alleged sending of those accident photos by CHP officers -- from endlessly dragging other persons through a living hell?

Not censorship. Not a ban. Not new laws.

Rather, just doing a better job at further extending ethical considerations to search, in a fusion of software engineering and humanism.

If we instead choose to insist that this cannot be accomplished, we're eerily invoking the lyrics of Tom Lehrer's comedic critique of German/U.S. rocketry pioneer Wernher von Braun": " 'Once the rockets are up, who cares where they come down? That's not my department', says Wernher von Braun."

As Lehrer sang them, many years ago, the words were very funny indeed.

In the real world of the Internet, these ethical issues are both difficult and serious -- but I believe subject to reasonable and effective resolution, given the will to do so.

I can think of no organization better positioned and suited than Google to be in the vanguard of this important area. I trust that they are up to the challenge.

--Lauren--

Greetings. About a week ago, in Google and the Battle for the Soul of the Internet, I noted that:

Even here in the U.S., one of the most common Internet-related questions that I receive is also one of the most deeply disturbing: Why can't the U.S. require an Internet "driver's license" so that there would be no way (ostensibly) to do anything anonymously on the Net?

After I patiently explain why that would be a horrendous idea, based on basic principles of free speech as applied to the reality of the Internet -- most people who approached me with the "driver's license" concept seem satisfied with my take on the topic, but the fact that the question keeps coming up so frequently shows the depth of misplaced fears driven, ironically, by disinformation and the lack of accurate information.

So when someone who really should know better starts to push this sort of incredibly dangerous concept, it's time to bump up to orange alert at a minimum, and the trigger is no less than Craig Mundie, chief research and strategy officer for Microsoft.

At the World Economic Forum in Davos two days ago, Mundie explicitly called for an "Internet Driver's License": "If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance."

When applied to the Internet, this is the kind of logic that must gladden the heart of China's rulers, where Microsoft has already announced their continuing, happy compliance with the country's human-rights-abusive censorship regime.

Dictators present and past would all appreciate the value of such a license -- let's call it an "IDL" -- by its ability to potentially provide all manner of benefits to current or would-be police states.

After all, a license implies a goal of absolute identification and zero anonymity -- extremely valuable when trying to track down undesirable political and other free speech uttering undesirables. And while the reality of Internet technology suggests that such identity regimes would be vulnerable to technological bypass and fascinating "joe job" identity-diversion schemes, criminal penalties for their use could be kept sufficiently draconian to assure that most of the population will be kowtowing compliantly.

I used the term "police state" in the text and title above, and I don't throw this concept around loosely.

The Internet has become integral to the most private and personal aspects of our lives -- health, commerce, and entertainment to name just a few on an ever expanding list. While there are clearly situations on the Internet where we want and/or need to be appropriately identified, there are many more where identification is not only unnecessary but could be incredibly intrusive and subject to enormous abuse.

And I might add, it is also inevitable that serious crooks would find ways around any Internet identification systems -- one obvious technique would be to divert blame to innocent parties through manipulation and theft of associated IDL identification credentials.

It was perhaps inevitable that the same "Hide! Here come the terrorists!" scare tactics used to promote easily thwarted naked airport scanners and domestic wiretapping operations, not to mention other PATRIOT and Homeland Security abuses, are now being repurposed in furtherance of gaining an iron grip on the communications technology -- the Internet -- that enables the truly free speech so terrifying to various governments around the world.

It's true that some persons advocating police state IDL concepts are not themselves in any way inherently evil -- they can for example be well-meaning but incredibly short-sighted.

However, I would be less than candid if I didn't admit that I'm disappointed, though not terribly surprised -- especially in light of Microsoft's explicit continuing support of Chinese censorship against human rights -- to hear a top Microsoft executive pushing a concept that is basic to making the Internet Police State a reality.

In the final analysis, evil is as evil does.

--Lauren--

Greetings. Love it or hate it, we all know that Adobe Flash has become the de facto standard for Web video -- that is, it's now by far the most common mechanism for delivery of streaming (and "steaming") video on YouTube, news sites, and most everywhere else.

Without getting into the convoluted details of licensing, containers, and codecs, the bottom line is that Adobe effectively controls Flash, and reported disputes between Adobe and Apple have contributed to keeping Flash off the iPhone, and now, the iPad. During the big iPad unveiling a few days ago, many observers noted Web page "missing plugin" holes where Flash content would otherwise have appeared.

In fact, until last night, some of Apple's most prominent promotional materials for the iPad appeared to show Flash content being displayed -- triggering a complaint to the Federal Trade Commission, and very sudden changes in those promos.

By the way, released Android systems don't have full, recent Flash players either yet, but this functionality was demonstrated many months ago, and Flash for at least some Android versions reportedly will be released quite soon.

Back to Adobe vs. Apple. Apparently in an attempt to pressure Apple on this score, Adobe has now published a montage demonstrating what the absence of Flash means on various pages. What attracted particular attention and raised eyebrows was that one of Adobe's examples happened to be a hardcore porn site ("Bang Brothers").

With rapid adoption of HTML5, it may be possible to move Web video out from under Adobe's control by replacing Flash entirely. YouTube and Vimeo have just started beta testing HTML5 video players.

However, there's another issue. Right now those tests (as far as I know) are using HTML5 as a container for H.264 encoded video. H.264 itself (actually now part of the MPEG-4 standard) is also encumbered by various licensing issues.

To get fully out from under this licensing mess, one possibility would be to use HTML5 with an open codec such as Ogg Theora. Whether or not Ogg Theora in its current state of development is efficient enough to be used by high volume video sites like YouTube is currently a matter of some dispute.

Sometimes it feels like only Glinda the Good Witch could untangle all this. Unfortunately, the ruby slippers are not public domain.

--Lauren--

Greetings. Since Apple's unveiling yesterday of the iPad, one of the more vexing questions has been why such an advanced device lacks any sort of integral camera -- a small front-facing camera would seem a perfect match, and likely wouldn't increase the overall production costs dramatically vs. the significant additional appeal it would have given the iPad itself.

Was it really a matter of cost? Or perhaps a ploy to sell the next iPad version that actually might include a camera? Or maybe an unwieldy webcam hookup via the added cost dongles (needed for any USB attachments to the iPad) was considered to be good enough?

My curiosity finally got the better of me, so for the first time in years I called up my old friend Ersatz T. Compeer, who always seems to have the proverbial inside pulse of hi-tech. Ersatz is a nice enough guy, but rather disconcerting to be around. He'll never reveal where he gets his information, and the parade of black sedans with dark windows that seem to tail him everywhere makes a lunch meeting feel like a visit to Berlin's old Checkpoint Charlie during the Cold War.

"Thanks for taking the time to talk to me today Ernie!" I began.

"Always a hoot, Lauren," he replied. "So you wanna know about the mysterious missing iPad camera, huh?"

"Yeah. Like I mentioned in my e-mail, it just seems so weird that Steve left something so obvious out. Were any of my guesses correct? Cost? Positioning for the 2.0 version, or ..."

"No. No. No. Jeez Lauren. How many times do I have to say it? You have to look through a glass darkly to understand situations like this," he said.

"Oh boy. Are you about to feed me another one of your wacky conspiracy theories?" I asked.

"Wacky? When have I ever steered you wrong?"

"Well, there was that gunk you fed me about a Google Dyson Sphere project ..."

"Trust me! They're still working on that! They're just trying to scale up gradually before announcing the beta ..."

"OK, Ernie. Fine. Just relax. Now, what about an iPad camera?"

"Just think about it for a minute Lauren," said Ernie. "If there was a nice, front-facing camera on the iPad, what would be the first thing you'd want to do with it?"

"I know what you'd want to do with it Ernie, but I'm not a pervert," I said.

"C'mon Lauren, get real. Now, what's the obvious super-whiz-bang-deluxe application for an iPad with a front camera?"

"Well, uh, video calls I guess."

"Give the man a cigar!" said Ernie. "That's right, video calls. iPadders would want to Video Skype and Google Video Chat their little hearts out!"

"So what's wrong with that?" I asked.

"You're not thinking again, Lauren. What's unusual about video calls compared with other kinds of typical mobile data usage?"

"Well. Let's see. They're pretty data intensive, at least compared with audio-only VoIP ..."

"Right ..."

"And given that you usually want to see someone's face throughout a video call, you probably need a continuous, symmetric data stream," I said. "And since most mobile data networks are optimized more for downstream than upstream data ..."

"Keep going ..." said Ernie.

"But I don't see ... Oh no!" I exclaimed.

"Ah! It's sinking in, is it buddy boy? Which mobile carrier is the current iPad built for?"

"AT&T."

"Yeah. AT&T. The hardware won't even support T-Mobile's 3G frequencies, not to mention non-GSM systems like Verizon or Sprint ... correct?"

"Yes Ernie," I said. "And nobody's going to be making video calls at lower than 3G speeds. AT&T. It just didn't occur to me!"

"And that's the same AT&T that's been driving iPhone users crazy with mobile network congestion and other mobile problems for ages," said Ernie. "Not only that, they're pricing the iPad data plans below typical price points. Can you imagine what would happen if piles of iPad video calls started hitting their network? It's the obvious killer app! Everyone with an iPad would want to do it!"

"So you're suggesting that if the iPad had included a built-in camera usable for video calls, AT&T couldn't have handled the load?" I asked.

"Handle it? Can you imagine what it would look like -- hell, smell like -- to have AT&T cell sites across the country all melting down at once? I mean physically melt down. Bubbling copper. Molten slag. Liquefied ..."

"I get the idea, Ernie. But wait a minute. Why couldn't you include the camera on all of the iPads and then just restrict users to video calls over Wi-Fi? Or only include the camera on the iPad models that don't include the 3G radios?"

"Would you want to try explain that kind of restriction to users? And how long do you think it would hold up with half the universe trying to hack around it? You really believe it'll work to tell potential buyers that the cheaper Wi-Fi-only unit includes a camera but the more expensive model that also has 3G leaves the camera off? Hell, Apple is already being dragged over the coals for their anal app approval and acceptance apparatus -- how much worse would you have them make an already nasty situation?"

"All right Ernie. I'm convinced. So what's the solution?"

"Solution? I'm not offering solutions. You just asked me why there wasn't an iPad camera, and I'm just telling you what I know. Take it or leave it," said Ernie.

"This stuff sure gets complicated ..." I said.

"Yep. But that's half the fun. Look bro', gotta go. Nice talking at ya'. And remember! Google Dyson Sphere! You heard it here first! Was that just a click on the line?"

"You're always hearing clicks, Ernie. Thanks. Try to stay out of trouble," I said.

"Exit, stage right!" said Ernie.

--Lauren--

"This will destroy That. The Book will destroy the Edifice."
     -- The Archdeacon - Notre Dame de Paris - Victor Hugo (1831)

"Google's mission: to organize the world's information and make it universally accessible and useful."
     -- Google Company Overview (2010)

Greetings. Around seven years ago, in an article for Wired News, I invoked Victor Hugo's words that encapsulated a common view of the power elite when faced with the reality of a rapidly spreading printing press technology. The concept of information -- a commodity more valuable than any gem in the scheme of human affairs -- being openly available to the "unwashed masses" seemed terrifying.

Now fast-forward and it's easy to see why the words of Google's mission statement appear to be triggering similar fears, and backlash, among some governments around the world. Organized, universally accessible information is anathema to those who rule through carefully skewed information regimentation.

Of course, such fears regarding the Internet and its ability to encourage the free flow of information have been brewing for years, basically since the Internet's nose first began poking out from under the tents of DoD labs and the ivory halls of academia.

But Google's ongoing very visible dispute with China has brought these issues back front and center into the spotlight, and a number of rather idealistic notions often expressed by some in the Internet "intelligentsia" appear somewhat ragged under this new illumination.

It has been popular, for example, for some in the Internet community, including various of my contemporaries, to suggest that the Internet would trigger the blossoming of an international "Digital Democracy" that would sweep past domestic borders and somehow encompass most of mankind in a grand new age where old concepts of national identity and conflict would be swept aside.

Being something of a student of history, I was never able to enthusiastically buy-in to this particular optimistic vision. While I've long argued that attempts to censor or filter Internet information will virtually always fail in the long run, in the shorter run authoritarian information regimes can make ordinary citizens' lives extremely uncomfortable -- or even very short.

Yes, you can use a VPN or proxies to get around most Internet restrictions, but if the penalty for getting caught doing so is 20 years at hard labor, and the finest Deep Packet Inspection (DPI) hardware that money can buy is put to the task of pinpointing such violators -- well, it would be understandable if most persons decided not to take the risks in the first place.

Make no mistake about it, information is the part and parcel of authoritarian regimes' most expansive plans and also their greatest fears.

The control of information available to a population is foundational to most dictatorships, whether this means confiscating radios, banning newspapers, or limiting Internet access. Information -- that is, the information deemed suitable for distribution by the powers-that-be, is a powerful tool for furthering their desired goals.

But "unapproved" information carries the opposite status -- it's often viewed as dangerous and subversive, something to be tightly throttled and ideally stamped out completely.

It becomes clear why Google is so often in the cross-hairs these days. The Internet is so vast that without the kind of organized search access that Google provides, much of the Internet's data effectively might not exist at all, since the average user would have a difficult time finding it, assuming its existence was even known in the first place -- similar to (but much worse than) badly misfiled books in a very large library.

In a related vein, Google's YouTube provides the most egalitarian mechanism yet devised for ordinary people to share the most potent of video presentations, exposing to the entire world that which some governments would much prefer remain unspoken and unseen.

But disturbingly, the calls for Internet restrictions of many sorts, often including various demands being made of Google, aren't just coming from the usual authoritarian "suspects" -- but also from countries like Australia, Italy and more.

Even here in the U.S., one of the most common Internet-related questions that I receive is also one of the most deeply disturbing: Why can't the U.S. require an Internet "driver's license" so that there would be no way (ostensibly) to do anything anonymously on the Net?

After I patiently explain why that would be a horrendous idea, based on basic principles of free speech as applied to the reality of the Internet -- most people who approached me with the "driver's license" concept seem satisfied with my take on the topic, but the fact that the question keeps coming up so frequently shows the depth of misplaced fears driven, ironically, by disinformation and the lack of accurate information.

We've seen much the same happen with the politicalization of Internet Net Neutrality debates, with some mostly right-wing commentators aligned with anti-neutrality forces spreading the Orwellian "big lie" inanity that Net Neutrality is akin to a massive government takeover of the Internet, and applying classic "divide and conquer" techniques in an attempt to coopt natural allies of Net Neutrality over to the side of the equation dominated by the very large ISPs.

At the nexus of so many of these controversies stands Google. It would be difficult to argue that this doesn't seem like a highly unusual position -- a position of enormous responsibility and gravitas -- for a single commercial firm to occupy.

And yet, it seems likely that in the current environment perhaps only an international organization of Google's size, scope, and singularly atypical corporate culture has a realistic chance of systematically nudging events globally in a positive direction toward increased Internet freedoms.

As the China events show, this is a matter of continuing calibration and adjustment, and there are no guarantees regarding happy endings. Human history suggests that it would be foolhardy to assume that even the noblest of motives will always win out over domestically or internationally perpetuated fears and associated propaganda.

But in any battle over ideas, history also teaches that widespread access to information -- in "Google-Speak" that goal of "universal accessibility and usefulness" -- is always better for society in the long run than restrictive information and censorship policies aimed at "short leash" control of populations.

In the scheme of events, the Information Wars have really only just begun. The outcomes of these battles won't only determine the fate of the world population's access to information, but in many respects their ability to exercise a wide variety of other very basic human rights as well.

For all of these issues are linked in highly complex ways, and that's not just via Web sites, but throughout the very core of the human psyche.

Perhaps the historical path from Victor Hugo to Google isn't really all that surprising after all.

--Lauren--

Greetings. It didn't take very long for Microsoft's CEO Steve Ballmer to make crystal clear the philosophical differences between his firm and Google.

In a fascinating speech to an outstanding bastion of upstanding business practices that I'm sure we all know and and love -- a Houston gathering of oil company executives -- Ballmer made it clear that if you're a repressive government with a terrible and rapidly decaying human rights record, Microsoft has a censorship deal for you!

On the same day that Secretary of State Hillary Clinton presented a powerful speech supporting Internet freedom that by implication strongly backed Google's recently announced change in China policy and its refusal to continue censoring Google Search results in China, Ballmer was offering to censor Bing in any manner that Beijing requests. Just send him legal notice, and the offending results are Kaput -- Gone -- Vamonos!

Perhaps even more disturbing than Ballmer's "Come to Bing for Censorship!" promotion was his bizarre attempt to equate the rapidly declining human rights and civil rights environment in China with U.S. bans on pornography involving children, and the French ban on Nazi imagery. His presentation of these latter two examples as being morally equivalent to the kind of pervasive censorship, repression, and punishment that is increasingly taking place in China today is nothing short of ludicrous. It's more than a little frightening if he really doesn't see the differences that make China's censorship regime ever more nightmarish for those freedom-seeking citizens unwilling to toe the government's party line.

Ballmer has frequently demonstrated a number of rather clownish traits, but his offer of continuing practical support for China's pervasive information repression isn't funny -- it's boorish, shameful, and reprehensible. And those are just the "family-friendly" terms that come to mind.

For several years -- basically since soon after the start of the censored google.cn project -- Googlers at various levels within the company have expressed their discomfort to me regarding the arrangement, and their hope that the availability of Google Search even in censored form would perhaps help lead to an opening up of China with a blossoming of information, communications, and civil rights freedoms for its population.

It's now apparent that this didn't happen, and China took advantage of the situation to not only increase repression within its only country, but also to strike out at the rest of the world. Google's evolving new China policy is a logical and admirable response to this reality.

On the other hand, Steve Ballmer appears to be comfortably ensconced within a fantasy world -- where human rights matter not at all if they get in the way of business, and where attempting to expand Bing seems to take priority over all else.

Ballmer's attitude is a disgrace to Bing, Microsoft, and of course to himself as well.

Very sad, indeed.

--Lauren--

Greetings. In FiOS Scamming the Elderly a couple of days ago, I expressed my extreme displeasure at the horrendous (whether legal or not, yet to be determined) sales techniques used to pressure the elderly father of a friend of mine into signing up for FiOS services (on a long-term contract) that he didn't want or need.

Since that posting, I've discovered more subterfuge -- they even signed him for FiOS TV after he explicitly told them that he already had cable TV and wanted to stay with it.

Today I finally reached Verizon, and after fighting my way through the usual impediments and multiple transfers I successfully canceled the order. I hope.

Verizon won't provide written confirmation that the order has been killed, and simply tells you to use the original order number for reference. We'll see if his existing, non-FiOS Verizon phone service ends up being disrupted, and I've told him that if any Verizon crews show up at his house, just send them packing back to the depot.

I plan to pursue the issue of the tactics used by the Verizon door-to-door hit squad. Verizon reps I spoke to today refused to reveal whether or not such workers were Verizon employees or (more likely I'll bet) contract workers on commission.

There was an amusing aspect to canceling the order. I felt it appropriate to record the call, so that I'd have a proof of this order activity in case there was an "issue" regarding the order's status later on.

Complexities of individual state laws regarding notifications of recording aside (one-party vs. two-party states), my policy is to always notify the other party when I'm recording a call.

Imagine my surprise when I discovered that the Verizon reps I talked to absolutely and indignantly refused to continue the calls when I told them that I was recording. This despite the fact that virtually the first words out of the Verizon phone system are "call may be monitored or recorded."

So, being a law-abiding, ethical citizen, I stopped the recording and so informed the reps. Their hesitation to continue the calls was unmistakable. "Did he really stop recording?"

The technical term for this attitude on the part of Verizon is of course referenced by the acronym CYA. They want to record you for their protection, but heaven forbid if you desire to record them for the same reason.

But given Verizon's sleazy FiOS sales practices, the fact that they behave similarly disrespectful of their customers' concerns at the call center level shouldn't really surprise anyone.

It's almost as if the long gone but widely despised General Telephone sometimes still lives on as a ghostly spirit in aspects of its descendant Verizon.

Cue the theremin ...

--Lauren--

Greetings. We know that major telephone/cable/ISP companies have many great people managing them and working for them in various capacities.

But when it comes to sales tactics, sometimes it's difficult to come up with sufficiently descriptive terminology that doesn't involve hard-core expletives.

When sales techniques descend to the level of elder abuse, I'll admit I'm nothing short of livid. And that's how I feel right now.

I've just learned that earlier today, a pair of slick, fast-talking Verizon door-to-door FiOS representatives (I'm still trying to find out if they were Verizon employees or third-party sales reps) scammed the elderly father of a friend of mine here in L.A. into signing up for a one-year contracted bundle of expensive FiOS services that he didn't want or need.

Apparently by implying that a change to FiOS was already a fait accompli, they pressured him into immediately signing even though he was obviously confused.

I'll be working to untangle this starting on the first business day that I can reach Verizon.

But for now, the next time that someone questions the need for more regulation in this area, here's one more example to cite.

More later. Take care, all.

--Lauren--

Greetings.

This one's from the "Fun with Photoshop and Google Images Department":

There's a funky old 1972 movie called "Children Shouldn't Play with Dead Things" -- but we might want to headline a new embarrassment for the FBI by the somewhat similar title: "The FBI Shouldn't Play with Google Images!"

Actually, the situation would be even more funny if it weren't potentially so serious. On Friday, to considerable fanfare and media attention, the U.S. State Department released a "digitally enhanced and aged" image of Osama bin Laden, complete with a reminder of the $25-million reward for his capture or obliteration.

Just one problem. It didn't take long for a top Spanish lawyer and Member of Parliament to notice that the new image representing the world's most wanted man was ... uh ... strikingly similar to his own face. Cough, choke, spit out the coffee onto the newspaper! Ouch.

Now comes the really good part. The FBI originally had claimed that it aged terror suspect photos using "cutting edge" technology. But after Gaspar Llamazares (who turns out to be a critic of the U.S. "war on terror") expressed concerns about sharing much of his face with someone carrying such a massive bounty, the FBI admitted to using a somewhat different procedure in this case.

It turns out that they lifted a photo of Llamazares from an old campaign poster found on Google Images, then simply cut and pasted his hair, jaw line, and forehead onto bin Laden's face.

The State Department has now pulled that photo down from their wanted terrorists Web Site.

As you can imagine, Llamazares is most definitely not amused.

But it could have been worse. The FBI might have used images of Conan O'Brien and Jay Leno to update bin Laden's visage.

Now that's scary.

--Lauren--

Greetings. Some of the initial dust is starting to settle just a bit in the wake of Google's announced change in China-related operational policies, and it's fascinating to observe the range of reactions.

One almost immediate result of my posting that strongly supported Google's decision has been a number of people asking if I still stand by my previous statements of support for the concept of cloud computing. Don't the Chinese attacks on Google and other companies, that triggered Google's policy changes, demonstrate a weakness in cloud services?

I still am enthusiastic about cloud computing, and I still feel that there are some important areas of cloud services where more work needs to be done. But more on that in a moment.

While I believe it's fair to say that most reactions to Google's announced China-related changes have been extremely positive, there have been some negative voices.

China of course officially is far from thrilled. My favorite official statements from Chinese officials on the matter so far include: "Properly guiding internet opinion is a major measure for protecting internet information security" -- and a warning that Internet businesses must adhere to "propaganda discipline."

Propaganda Discipline. Now that's a nifty turn of phrase if ever I've heard one.

Well, it's pretty clear where official China stands on this, anyway.

An accusation has been floating around suggesting that Google's only real motivation for the China changes was to give Google cover to extract itself from its "underdog" search status vis-a-vis Baidu.

Fiduciary responsibility alone would suggest that Google considered the financial ramifications of actions with the potential of drastic effects on their China-based operations. But there's no rational reason why Google would want or need to "cover" a straightforward business decision in the manner some folks are suggesting -- that's nonsensical. And to argue that Google would purposely create an "international incident" of this sort on such a basis is assuming a degree of functional sociopathy around the level of Norman Bates. Sorry, I just don't buy the paranoid argument.

Another concern being bandied about relates to the (unconfirmed at this point) rumor that part of the attack on Google involved access to a couple of Gmail accounts via a Google "law enforcement compliance" system.

Some observers have expressed outrage that such a system would even exist -- but frankly I'd be surprised if something at least functionally equivalent was not in place. Given that Google must respond to legal demands for information from law enforcement, a system dedicated in some way to that end would seem at least logical. And the header-type data obtained by certain of the (apparently) Chinese attacks (as opposed to message contents that were reportedly not accessed in this context) are the sort of "pen register" type of data that is commonly associated with certain common types of law enforcement information demands.

Whether or not such a compliance system was in play in these attacks, we know that certain aspects of security at Google and elsewhere were compromised. And this brings us back to the question of cloud computing safety.

But to answer that question, we have to consider the security implications of non-cloud systems as well.

Both from security and privacy standpoints in a perfect world (including pretty much unlimited free Internet bandwidth and lots of otherwise free time on your hands as well), it could be argued that keeping all personal data, e-mail, etc. on your own local computers would be a nifty setup.

However, we of course don't live in a perfect world. Maintaining your own mail servers -- and the security of those systems -- in today's Internet environment can be tough work. I know -- I build and operate my own servers, and even on a relatively small scale it can be challenging to keep attacks and other problems at bay. And let's face it, most computer users have not one iota of interest in spending their days (and sometimes nights) maintaining such systems.

If you want to provide remote access to your own services or collaborative environments -- via ssh or other tools -- even more work is involved and additional security considerations come into play. And then there's the issue of system backups. Sad to say, vast numbers of computer users have no usable backups of their data of any kind!

One reason why Google applications like Gmail have become so popular is that they offload so many of these issues onto Google's shoulders (in fact, Gmail has now switched over to using https: by default -- a major and extremely worthwhile boost for what I call "opportunistic encryption.")

But yes, a cloud service can be an attractive target, by offering the potential attacker at least the theoretical possibility of breaching large numbers of accounts in one fell swoop.

So as with so many other aspects of technology, we see that there's little black or white to these situations, but lotsa shades of gray. To judge any given cloud computing or cloud data storage environment involves not only the capabilities of those services, but also by contrast your own capabilities and desires in terms of operating your own systems and associated infrastructure to perform those same services.

For many individuals, companies, organizations, and even cities or larger entities, moving some or all information technology functionality to the cloud may make good economic and security sense, especially compared with what they could do in these areas on their own locally.

This calculus should be conducted in each case with the understanding that no systems -- locally operated or in the cloud -- will have perfect security, and that security breaches of some sort can eventually occur. One advantage of the cloud is that in most cases it is usually much faster to effectively roll out security updates across the entire population of cloud users than when dealing with non-cloud, locally-operated computing environments.

We can certainly assume that Google and the other organizations impacted by these recent attacks will be taking due steps to further secure their systems based on what has been learned. Computer security improvements tend to be more evolutionary than revolutionary, but like in so much else of life we tend to learn the fastest when challenged the hardest, and ultimate perfection is a pipe dream, not a practicality.

The decision to use -- or not use -- cloud services is an individual one. But my stand on the topic hasn't changed at all as a result of these recent attacks. Cloud computing shows enormous promise and is extremely valuable for all sorts of applications today. But we're in the infancy of this technology, and there's a great deal of important and exciting work yet to be done as this area advances. That work will undoubtedly include security and privacy enhancements as key aspects, and much of what we learn from intrusions will often significantly impact these development efforts in positive and useful ways.

Perhaps we should be publicly thanking the Chinese attackers for their "contributions" to the evolution of our cloud computing projects?

Uh, no!

--Lauren--

Greetings. Almost exactly four years ago, when I first visited Google's Santa Monica offices and presented a talk on Internet issues, one of the topics that I discussed was Google's operations in China.

Google's presence in China has been controversial from the beginning, particularly to the extent that they involved the operation of a version of Google Search (google.cn) that presented censored search results as required by the Chinese government.

Some observers have characterized such an arrangement as a "deal with the devil" from day one, but I've preferred to view the situation in somewhat more nuanced terms. Google indicates to Chinese users when results have been censored, and Google has argued that it made sense to have a presence in China -- even on such terms -- to provide at least some access to Google resources for Chinese Internet users, rather than those users having no access at all.

I've found this argument to have considerable merit, but I've never been happy about this state of affairs. Google and China is probably the single most frequently mentioned Google-related policy area about which I've been asked my opinion over the years. And I've never been fully satisfied with my answers to such queries.

Chatting with Googlers after that talk I gave in Santa Monica, I remember expressing my specific concerns that the China arrangement appeared unstable in light of historical precedent in China -- particularly in regards to a very poor human rights record -- and that the probability of some sort of "trust" breakdown appeared rather high.

Now it appears that the solid excretory matter has hit the fan. You can read considerable details over on the Official Google Blog.

Briefly, after a series of data breaches and attacks related to the Gmail accounts of Chinese human rights activists (and attacks targeting other firms as well that Google discovered in the course of investigations), Google has announced that it will not be willing to continue censoring Google Search results for China going forward, even though this may result in Google having to shut down all Google operations in China.

I congratulate Google on this decision. They attempted over the years -- in what I believe to have been good faith -- to thread a very complex policy needle to avoid having a major proportion of the world's population ending up being cut off from services that most of us now take for granted in our everyday lives. Google's hope was that China would respond in a positive way with improved civil rights and less fettered access to information for China's citizens.

But China appears to have dropped the ball and has been moving backwards toward ever more restrictions. Google is responding to the current situation in a resolute and completely appropriate manner, even though the negative financial impact on the firm from this decision could be quite significant to say the least. I hope that Google detractors will remember the events today the next time that they're tempted to claim that Google only cares about money and nothing else.

Exactly how these events related to China will all play out in detail is unclear at this point, but Google's statement that they are unwilling to continue censoring Chinese search results seems completely unequivocal.

Once again, I applaud Google's decision to take a "new approach" toward dealing with China from this point forward. Three cheers and two thumbs up!

--Lauren--

Update: CNBC Interview with Google's David Drummond regarding this situation (New York Times Video -- ~11 minutes)

Greetings. With sales support and technical support issues surrounding Google's launch of their new Nexus One Android phone rather vividly in the spotlight right now, this seems like an appropriate time to revisit a recurring theme of significant interest to me, the topic of Google's customer support in general.

This is most assuredly not a simple matter, and any attempt to paint this subject as suitable for easy solutions or quickie analysis is doomed to be pretty much useless or even counterproductive. So this is going to be a rather long piece. Sorry about that, Chief.

Regular readers know that I've discussed this topic various times in the past in relation to different aspects of the perceived problems.

I'll try to avoid repeating at length here what I've previously said and recommended in those prior postings -- here are links to a couple of these for backstory reference:

Google's "Failure to Communicate" vs. User Support

"Google Ombudsman" (Part II)

An initially unexpected result of my various writings on Google support problems has been a continuing flow of Google-related issues being sent to me by frustrated Google users, including concerns ranging from trivial to serious.

A common thread is that most of these users claim to have been unable to obtain an adequate response (or in many cases, any non-automated response at all) from Google in reaction to their concerns. These users then start Google Searching on the topic of Google support problems, find my essays, and start forwarding their problems to me!

It's gotten to the point where it's rare for a day to go by without my receiving at least one such e-mail from an upset or concerned Google user. But this does provide me with some interesting insights.

Obviously, I'm not in a position to directly act on Google-related issues. But I do try to help when I can.

Sometimes it's just a matter of clearing up misinformation. Google conspiracy theories float around the Net like flotsam and jetsam, and concerned users often are all too willing to buy into "assume the worst" scenarios.

A common example of this is persons who feel that Google is purposely and unfairly censoring or otherwise damaging their sites' "search ranking reputation" on Google. But at least in my experience, every example of this brought to my attention by concerned site owners has had an innocent explanation.

Sites can be bumped or flagged when they become infected by malware that Google detects. Such infections can occur in ways that the site owner isn't even aware of, resulting in loud (but inaccurate) protests that "my site is clean!"

Another example is sites who have indulged -- sometimes at the urging of less than scrupulous "Search Engine Optimization" (SEO) firms -- in site design practices aimed at boosting their sites' Google search results rankings, but that violate Google's Webmaster guidelines (which are quite explicit and well documented).

In my experience, Google tries very hard to maintain the "purity" of natural search results and to avoid inappropriate bias in those results.

Anyway, you get the idea -- some of the Google problem queries that I receive are pretty easy to deal with via just a bit of relevant information, understanding, and the willingness to appreciate that people get upset about situations where they can't seem to get anyone to respond to their concerns in what they consider to be a useful manner.

Another class of users who come to me with Google issues have genuine operational problems. Perhaps they've been trying to get what they consider to be a specific, privacy-problematic photo removed from Google Street View. Or maybe they're having an issue with Google Voice that is causing them call problems, or perhaps merchant-related ad or Google Checkout issues.

In some cases I'll have information readily available that can help, but other times I go digging for it around the Net, and occasionally I'll need to make some direct queries via my own channels to try help these folks.

The bottom line is that the vast majority of them seem to be thrilled that someone is at least paying attention to their problems.

A key point -- nothing seems to irritate people with Google-related issues more than the perception that they are being ignored, and that their concerns are just falling into automated black holes when submitted to Google Help forms.

There are all sorts of official Google Help Forums of course, but these seem to frustrate many people rather than help them in even common situations. They often seem to run pretty much in an "automatic" mode, with user contributed suggestions (sometimes useful, sometimes just plain wrong) mixed in with everything else, and frequently no formal Google presence other than perhaps a Google employee who pops in occasionally with a comparatively isolated comment.

Again, the perception of a "black hole" related to posted or submitted Google-associated customer service problems runs rampant in the e-mail that I receive on Google topics, with users complaining that they have no confidence that concerns submitted to Google will receive any kind of useful and relevant response or resolution at all from Google in any given case.

There's another class of complaint that is perhaps the toughest to deal with, people who have policy-related concerns with Google (and often, with search engines in general). This can include (for example) persons or firms who feel that false information about them consistently ranks to the top of search results and that they have no way to correct or even respond to what they feel is damaging misinformation.

This is a very tough nut to crack -- particularly since search engines in general do not control the content of the external sites that they index. I've discussed this particular class of policy concerns previously (including in Search Engine Dispute Notifications: Request For Comments) and won't go into it more now, since in my opinion the topic resides at the outer edge of more conventional customer support issues, but that's not to diminish its importance in any way.

The folks over at Blendtec run a really fun site, with a vast collection of videos showing their "nuclear" blenders pulverizing an incredible range of objects. "Will it Blend?" is their very appropriate slogan. ("iPhone smoke. Don't breathe this!")

Over at Google, it could be argued that the slogan "Will it Scale?" is equally venerated -- and with good reason.

Google is dealing with unbelievably vast numbers of users, most of whom pay exactly zero to Google -- nuthin' -- to use Google services.

I have long sensed that Google is aware at various levels of their customer support problems, but has felt stymied about deploying solutions given perceived cost and scale issues, particularly when dealing with a mostly non-paying user base. That's just my opinion, of course, I'm certainly not speaking for Google.

The issue of paying vs. non-paying users is an interesting one. To be sure, most Google users don't pay Google in the same sense that they authorize a payment to their ISP every month. Yet Google's primary ad-supported business model is based on the concept that those non-paying users still represent a revenue stream via their ad clicks. And Google is now a central part of many millions of lives -- whether paying customers or not -- so simply because so many Google services are positioned as "free" to most users does not obviate Google of reasonable and effective support responsibilities.

Is it practical to offer the vast universe of "free" Google users the same level of support as received by, say, paying Google Apps users?

Perhaps not, but I would argue that the current state of Google customer service is increasingly unacceptable to Google's users in general, and damaging to Google as well.

The apparent lack of foresight in this sphere relating to the Nexus One launch seems surprising -- direct sales of a complex physical product can easily be predicted to need significant consumer hand-holding. But Google can fix the most obvious aspects of this particular issue pretty easily, even if they need to resort to contracting with outside customer service phone banks to help with pre- and post-sales Nexus One (and future direct sales devices) issues.

In contrast, the broader Google support issues beyond the immediate Nexus One story are likely not so easily solved. But I do feel that they are solvable in practical ways.

At the macro level, a "triaged" approach to user concerns is crucial. The "Ombudsman" concept that I have previously explored (as linked above) could be an important aspect of this.

Another critical element of a successful customer service structure is a formalized system for dealing with queries of all types that reduces, or ideally eliminates, the "black hole complaint form" effect that is so incredibly upsetting to users with Google-related issues.

This would require the allocation of significant manpower and the spending of not insignificant amounts of money. So be it. Trying to finesse around this matter indefinitely is likely leading to even more problems for everyone involved.

There are various ways to structure such an improved support environment to help keep the scaling issues under control. One possibility -- and I'm not necessarily recommending this, but only pointing it out as perhaps worthy of discussion -- would be to charge a small "per incident" fee (to otherwise non-paying Google users) for expedited responses to problem issues. This would encourage such users to use available self-help resources when possible, but still provide a practical path for more assistance as appropriate.

Google has attracted some of the best technical talent in the world. In many ways it's the new Bell Labs of its day, and I've long held Bell Labs in very high esteem indeed.

Google's employees include among the most intelligent and perceptive persons I know -- individuals who are also genuinely concerned about a broad range of issues and how Google impacts them. It's a popular misconception to assume that Google is all about money. They're a very powerful business to be sure, but the Google corporate ethos -- as I perceive it -- genuinely is concerned with a much broader range of humanistic concerns beyond the financial bottom line. Perceptions of Google skewed by negative customer service experiences is likely acting to obscure this fact -- and that's a genuine shame -- but not an intractable one.

If Google tasks its collective talent with the challenge of providing world-class customer service, I have absolutely no doubt that they can set an extremely positive example in this regard for the entire Internet.

No, it won't be easy. But it's very much worth doing, not just for the sake of Google's users, but for Google itself, and for the broader Internet community as well.

--Lauren--

Greetings. The body image scanner lobby is out in full force to convince governments around the world to buy their products, and to scare the flying public into sheepishly putting up with these invasive devices that will not even be effective in stopping dedicated terrorists.

But money talks -- as demonstrated by Bush-era Homeland Security secretary Michael Chertoff making the TV rounds promoting these scanners. Oh, by the way, he now works for one of the companies that manufacturers the scanners. Surprise!

There's lots of false or misleading information floating around regarding the scanners themselves.

First is the claim that there's nothing to worry about related to the radiation from these devices. There are two types of units -- millimeter wave and backscatter x-ray. The former do not produce ionizing radiation, but recent research suggests that they still carry risks of cellular changes. X-rays we know far better, and the proponents of this technology make various claims about how little dosage is involved in each scan.

These dosage numbers seem to vary all over the place, even changing dramatically from day to day on Web sites that purport to be giving accurate information. Comparisons with background radiation at altitude and time spent in the sunshine is fine, but the bottom line is that statistics clearly indicate that subjecting mass populations (including frequent flyers) to even small amounts of additional radiation will result in additional cancer deaths. Many deaths? Probably not that can be proven, anyway. But if your "lucky" number comes up, too bad for you.

Another issue -- the claims of safety regarding these scanners all assume accurate calibration. Yet we've recently seen that major hospitals -- including right here in L.A. -- have been found to have medical CAT x-ray scanners that in some cases massively overdosed patients (not just on one bad day, but over long periods of time) with radiation, enough to cause burns and hair loss, not to mention other potential problems down the line. That's in relatively calm and clean hospital environments. If airport body scanners end up badly calibrated -- as is typical for baggage x-ray units that vary widely in intensity -- the risks are obvious.

The many detailed naked images floating around the media and Net from various scanners are widely known. The level of detail can be astonishing. A recent YouTube video purported to show how easy it was to digitally reverse such images to show a naked positive (I noted this video earlier today in another venue.)

That video turns out to have been doctored but was convincing. Why? Because my own experiments have shown that reversing such images does indeed yield almost identical effects. Here's my reversal [Adults Only] of an image provided by TSA as part of a widely seen demo.

Pro-scanner propaganda screams that new scanners don't show this level of detail.

That's only partly true. There are newer systems that display more "symbolic" imagery (e.g. "chalk line" body images). But the fact is that many of the units in use today do display full detail.

Perhaps of even more concern, my sources that have been involved in the evaluation of body image scanners in security contexts tell me that the ability of such scanners to actually find contraband on body areas where it can theoretically be detected (e.g. not in body orifices, etc.) varies directly with the level of detail shown. The less detailed the image, the more likely bad stuff will slip through. Also, I'm told that in practice it's often necessary to have two-way communication between the security personnel at the scanner and the remote scanner viewer, in order to instruct the scanning target to reposition themselves in various ways to get a full scan. And of course, the full detailed scan is the initial result internally in all cases, whether or not a simplified image is actually displayed to the operator.

The irony of all this is that the use of a "booty bomb" -- explosives inserted into the body in various ways, is an effective mechanism to evade all of these body imagery systems that don't use body-penetrating x-rays.

Unfortunately, the more clearly one looks at the reality of these scanners and how they're being promoted, the murkier the image actually becomes.

--Lauren--

Greetings. Various media points are reporting fairly widespread complaints about customer support and technical problems related to Google's new Nexus One Android phone. The volume of postings appears to have been sufficient to trigger Google's "real time search" mode for the search term "nexus one complaints" at this time.

The customer support complaints seem to involve both pre- and post-sale issues, tales of finger-pointing between T-Mobile, HTC, and Google -- and a reported lack of other than (currently slow) e-mail support from Google related to the phone.

I do not know at this point the extent to which these complaints are or are not representative of the overall Nexus One user population. In these kinds of situations, you usually hear from the people with problems, not the folks who are satisfied. Of course, it's the former group who most need an effective support structure in such environments.

I did receive an unsolicited message from a reader (possibly reacting to my The Google "Nexus One" Saga Turns Ugly blog posting from yesterday) expressing incredulity that his Nexus One arrived with voluminous legal disclosure documentation but (he reported) no manual of any kind.

Concerns over the Nexus One's 3G performance appear to be piling up. Again, it is impossible to estimate at this time how representative these are, and of course any associated real problems (if actually related to the phone itself) could be caused by anything from hardware issues (usually a hassle to fix) to firmware issues (typically much easier to deal with).

Since my longstanding concerns and recommendations regarding Google's support structure in general are already quite well known, I won't go farther into that aspect here for now.

--Lauren--

Blog Update (January 11, 2010): Google's Customer Support Dilemma Intensifies