June 22, 2015

DOJ vs. Google: How Google Fights on Behalf of Its Users

One of the oft-repeated Big Lies -- still bandied about by Google haters today -- is the false claim that Google enthusiastically turns over user data to government agencies. This fallacy perhaps reached its zenith a few years ago, when misleading PowerPoint slides from Edward Snowden's stolen NSA documents cache were touted by various commercial parties (with whom he had entrusted the data), in a misleading, out-of-context manner, designed for maximum clickbait potential. The slides were publicized by these parties with glaring headlines suggesting that Google permitted NSA to freely rummage around through Google data centers, grabbing goodies like a kid set loose in a candy store.

Google immediately and forcefully denied these claims, and for anyone familiar with the internal structure and dialogues inside Google, these allegations were ludicrous on their face. (Full disclosure: While I have consulted to Google in the relatively recent past, I am not currently doing so.)

Even an attempt to enable such access for NSA or any other outside party would have by necessity involved so many engineers and other Google employees as to make impossible any ability to keep such an effort secret. And once known, there would have been very public, mass resignations of Googlers -- for such an intrusion would strike directly at the heart of Google philosophy, and the mere suggestion of such a travesty would be utter anathema to Google engineers, policy directors, lawyers, and pretty much everyone else at the firm.

Obviously, Google must obey valid laws, but that doesn't mean they're a pushover -- exactly the opposite.

While some companies have long had a "nod and wink" relationship with law enforcement and other parts of government -- willingly turning over user data at mere requests without even attempting to require warrants or subpoenas, it's widely known that Google has long pushed back -- sometimes though multiple layers of courts and legal processes -- against data requests from government that are not accompanied by valid court orders or that Google views as being overly broad, intrusive, or otherwise inappropriate.

Over the last few days the public has gained an unusually detailed insight into how hard Google will fight to protect its users against government overreaching, even when this involves only a single user's data.

The case reaches back to the beginning of 2011, when the U.S. Department of Justice tried to force Google to turn over more than a year's worth of metadata for a user affiliated with WikiLeaks. While these demands did not include the content of emails, they did include records of this party's email correspondents, and IP addresses he had used to login to his Gmail account.

Notably, DOJ didn't even seek a search warrant. They wanted Google to turn over the data based on the lesser "reasonable grounds" standard rather than the "probable cause" standard of a search warrant itself. And most ominously, DOJ wanted a gag order to prevent Google from informing this party that any of this was going on, which would make it impossible for him to muster any kind of legal defense.

I'm no fan of WikiLeaks. While they've done some public good, they also behave as mass data dumpers, making public various gigantic troves of usually stolen data, without even taking basic steps to protect innocent persons who through no fault of their own are put at risk via these raw data dumps. WikiLeaks' irresponsible behavior in this regard cannot be justified.

But that lack of responsibility doesn't affect the analysis of the Gmail case under discussion here. That user deserved the same protection from DOJ overreaching as would any other user.

The battle between Google and DOJ waged for several months, generating a relatively enormous pile of associated filings from both sides. Ultimately, Google lost the case and their appeal.

This was still back in 2011. The gag order continued and outside knowledge of the case was buried by government orders until April of 2015 -- this year! -- when DOJ agreed to unseal some of the court records -- though haphazardly (and in some cases rather hilariously) redacted. These were finally turned over to the targeted Gmail user in mid-May -- triggering his public amazement at the depth and likely expense of Google fighting so voraciously on his behalf.

Why did DOJ play such hardball in this case, particularly involving the gag order? There's evidence in the (now public) documents that the government wanted to avoid negative publicity of the sort they assert occurred with an earlier case involving Twitter, and DOJ was willing to pull out all the stops to prevent Google from even notifying the user of the government's actions.

You don't need to take my word on any of this. If you have some time on your hands, the over 300 pages of related filings are now available for your direct inspection.

So the next time someone tries to make the false claim that Google doesn't fight for its users, you can print out that pile of pages and plop it down right in front of them. Or save the trees and just send them the URL.

Either way, the truth is in the reading.

Be seeing you.


Posted by Lauren at 02:19 PM | Permalink

June 19, 2015

Why Google Must Stand Firm: Putin Pushes the Dangerous "Right To Be Forgotten" Further Into Lunatic Land

A week ago, in my latest discussion of the nightmarish EU "Right To Be Forgotten" (RTBF), titled Just Say "NON!" - France Demands Right of Global Google Censorship, I once again emphasized the "camel's nose under the tent" aspect of RTBF, and how we should have every expectation that Russia, China, and other repressive regimes would make similar demands and attempt to have them implemented as global censorship by Google.

Well, that didn't take very long at all.

Indeed, Russia (and that means Czar Putin) is on the cusp of a vast RTBF law of their own, that makes the awful EU version look like a picnic by comparison.

In the proposed "Soviet" version of RTBF, complainants wouldn't even have to specify links of concern, just vague topic areas. And unlike in Europe, even public figures could demand that Google and other search engine results be whitewashed to remove unflattering or revealing references.

Meanwhile, word comes from France that they might want Google to individually track French users wherever they go in the world so that they can be specifically subjected to EU RTBF censorship anywhere and everywhere. "Liberty, Equality, Fraternity?" Hogwash.

If this wasn't obvious before, it should be obvious to everyone with half a brain by now -- the power to censor Google and other search engines placed into the hands of governments -- any governments regardless of political orientations -- is the freedom of speech destroying equivalent of handing nuclear weapons to terrorists.

Throughout recorded history, governments have wanted to control information, and the technology at hand provides them with a relatively easy means of finally fulfilling that frightful fetish.

No matter how much Google and others might try negotiate or compromise in good faith with governments on this topic, the latter will ultimately demand ever more censorship and ever more direct control over search results. There will simply be no end to it.

It is absolutely crucial to the future of free speech and broader civil liberties around the world that Google stand firm against the encroachment of ever more damaging and berserk RTBF laws and demands. This is true even if it requires significant changes in some underlying business models. Because ultimately if RTBF is permitted to continue on its current course of escalating censorship, those business models are going to be significantly decimated in much more damaging ways -- damaging to Google itself and incredibly destructive to the global community that depends on Google to do the right thing in difficult situations. Google must obey the law, but it also has considerable latitude in how and where it chooses to operate -- latitude that can be very relevant to the RTBF and other censorship issues now at hand.

We're depending on Google to set an example against the pages of useless, lowest common denominator search results that will be the inevitable result of RTBF laws continuing on their present course -- like a tidal wave leaving nothing but rubble in its wake.

We're standing at the crossroads of perhaps the most critical information freedom juncture in history since the invention and spread of the printing press.

There is no room for error.

Do this right, Google. I know you can.


Posted by Lauren at 09:42 AM | Permalink

June 17, 2015

Falling Into the Encryption Trap

This is a difficult discussion for me. It borders on embarrassing, because I'm forced to admit that I was unable to foresee some of the ramifications of encryption-related polices I've been promoting for many years.

I could make the excuse that I did not anticipate an onrush of largely hyperbolic paranoia as has been triggered post-Snowden, but I should have realized that some sort of similar event would be adequate to trigger similar issues.

My concern started taking shape about a month and a half ago when discussions were bouncing around the Net regarding Mozilla's supposed intention to (at some point in the future) refuse to allow Firefox browser connections to sites not running SSL/TLS, or at least restricting "features" available to them. Mozilla's actual stance on this is currently not entirely clear, but it appears that their longer-term plans at least are moving in this direction.

Two days ago when I posted When Google Thinks They're Your Mommy, regarding the Chrome browser's refusal to connect to a major corporate site that other browsers would connect to, I triggered a mass of users sending me similar stories about "encryption enforcement" complications -- and not just about Chrome.

There were people complaining about Chrome blocking sites, Firefox blocking sites, new versions of browsers preventing users from accessing network-connected home devices -- that were difficult or impossible to replace and only ran on local networks. On and on. I had let loose an unexpected avalanche, about an issue I incorrectly thought was only now beginning to gradually affect larger numbers of users.

And last night I had a nightmare.

I saw two parents desperately trying to access a misconfigured medical-related site for their sick child, being blocked by Chrome "for their own protection" -- and then trying to install another browser in panic after being informed by a Google help page that Chrome wouldn't help them, and that using another browser was their only alternative.

This is what comes of reading my own blog posts sometimes -- waking up in cold sweat from a very dark dream.

What's happened of course is that post-Snowden there's been a mantra that we're all being spied on all the time, and not only should all Internet connections be encrypted, but users should not be permitted -- no matter what the situation -- to access sites that are not encrypted to the standard that the crypto-gurus feel is adequate, even when the situation is triggered by temporary misconfiguration rather than purposeful configuration decisions at a site.

The argument is that man-in-the-middle attacks are so powerful and so pervasive (the former can certainly be true, the latter is definitely arguable) that even someone viewing kitten videos must use encryption -- if for no other reason than to protect them from some evil entity injecting an exploit into their weak connection.

Obviously if you're Google and continuously transferring gazookabytes of user data between datacenters, you're a big target and you want those circuits to be as rigorously encrypted as is practicable.

The reality though is that the overwhelmingly vast majority of user system exploits aren't based on subversion of the connections at all, but rather on endpoint attacks -- usually tied to phishing and other "social engineering" techniques when available multiple factor authentication systems have not been deployed.

Like I said, I've spent many years promoting the concept of universal, opportunistic Internet encryption.

But in some of the attitudes I see being expressed now about "forced" encryption regimes -- even browsers blocking out fully-informed users who would choose to forgo secure connections in critical situations -- there's a sense of what I might call "crypto-fascism" of a kind.

And that worries me. That's the stuff of nightmares.

It's one thing for a site to specifically and clearly indicate that it will only accept secure connections of a particular class and quality, proclaiming that it feels such restrictions are absolutely necessary in their context.

It's something else entirely though for a browser to unilaterally declare a site's security to be unacceptably weak (perhaps by choice or often by misconfiguration -- both of which we can agree need to be fixed) to the extent that the browser absolutely refuses to allow the user to connect, regardless of how crucial the situation and irrespective of the fully-informed expressed will of the user to connect in any case.

Some encryption and Web standards experts might assert that this is simply a situation where a rather technically fascistic attitude is necessary to protect users overall, even if individual users in some circumstances might be horribly injured in the process. I've already had someone quote Spock to me on this one ("The needs of the many outweigh the needs of the few.")

Leaving aside for the moment that "the few" at Internet scale could easily still be many millions of warm bodies, I don't buy Spock's supposed logic in the context under discussion here.

Yes, we want to encourage encryption -- strong encryption -- on the Net whenever possible and practicable. Yes, we want to pressure sites to fix misconfigured servers and not purposely use weak crypto.

But NO, we must not permit technologists (including me) to deploy Web browsers (that together represent a primary means of accessing the Internet), that on a "security policy" basis alone prevent users from accessing legal sites that are not specifically configured to always require strongly encrypted connections, when those users are informed of the risks and have specifically chosen to proceed.

Anything less is arrogantly treating all users like children incapable of taking the responsibility for their own decisions.

And that would be a terrible precedent indeed for the future of the Internet.


Posted by Lauren at 12:08 PM | Permalink

June 15, 2015

When Google Thinks They're Your Mommy

Major tech companies are in an interesting position these days. They provide and (one way or another) control most of our communications pipelines, and (quite reasonably) usually wish to encourage maximally effective security and privacy regimes.

Certainly Google falls into this category, with world-class privacy and security teams that have been my privilege to work with in the past.

But what happens when a firm decides that no matter what the user wants to do, the company will simply not permit it, because they feel so strongly that they know better than the user in a given circumstance?

That's what happened to me this morning, and it's a matter of growing concern.

I had an important transaction that I needed to conduct quickly on a major corporate website. I access this site several times a week, and I always use the excellent Google Chrome browser.

But this time, I couldn't log in. Google refused to permit me to log in to this third-party site, which I needed to access immediately.

What was going on?

Google was suddenly unhappy about the strength of the SSL/TLS connection being used by this site, and refused to permit access.

Presumably there's a configuration issue at that site that really should be fixed, but going down the rathole of trying to explain that to their customer support agents would likely be a twisted exercise that would take hours, with no guarantee that a change would be quickly forthcoming in any case.

Yep, that site needs repair, but I needed to access it irrespective of that.

Unlike most security certificate warnings from Chrome (and other web browsers) this one had no apparent means of user bypass.

This does not appear to be a bug in Chrome, because the associated "Learn more" page essentially said, "We won't help you. Go try another browser if you want. Good luck, guy!"

If there was any way to change the browser configuration or otherwise bypass this apparently absolute block, I couldn't quickly find it, and I know my way around Chrome pretty damned well.

Because I keep multiple browsers on-hand and current, and have my login credentials always available (not tied to a single browser), I was able to move to another browser and complete the important transaction.

However, if this had happened on a smartphone behaving this way with only one browser, or I was using a desktop system that only ran that one browser, I would have been up the creek without significant work to try get another browser going -- assuming I was in a position to do so and that other browsers didn't ultimately move toward exhibiting this same policy.

We can certainly agree that weak (or even entirely absent) SSL/TLS connections are to be avoided. In combination with an active "man-in-the-middle attack" or other spying, login or other important credentials and data could be vulnerable.

Of course the reality for most of us is that the risks to our important data (financial and otherwise) come from a wide variety of online and offline sources, with SSL/TLS connection compromise being pretty much down near the bottom of the probability list in most cases.

But for the sake of the argument, let's assume that a given connection is using weak or even completely broken crypto, and that there is an evil figure monitoring that particular connection at that particular time.

Even then, there will be situations where getting through to a particular site can be crucial -- more important even than compromised login credentials that can be later updated, more important even than compromised financial data.

Nowadays there are situations where immediate access to a site for information or transactions can be absolutely life critical, overriding individual security concerns.

And that is a decision for the individual user. It's not a decision for Google or any other firm to make for a user.

Google is not my Mommy.

By all means, sternly and clearly warn users of the risks involved in proceeding. Show photos of vampires about to strike, angry-looking kittens, and animations of Godzilla blocking my path.

Feel free to force the user to jump through multiple acknowledgment hoops (clear ones, not in fine print or otherwise hidden or obscure) before letting them complete the connection -- sternly emphasize how much you recommend against this course of action!

But in the final analysis, get the blazes out of the way and let a consenting adult make their own fully-informed choice about the sites they need to access, without Google (or other firms) treating them like a child or imbecile to be locked in their bedroom without supper.

Open means open, and it is not the appropriate role of Google or any other enterprise to impose its view of security to the extent of blocking a user from accessing a legal site when that user feels that they absolutely must do so.

If you've informed users of the risks, and they've acknowledged these and choose to proceed despite your sage advice, then that's their decision and responsibility, not yours.

And that's the truth.


Posted by Lauren at 01:14 PM | Permalink

June 12, 2015

Just Say "NON!" - France Demands Right of Global Google Censorship

I've been waiting for this, much the way one waits for a violent case of food poisoning.

France is now officially demanding that Google expand the hideous EU "Right To Be Forgotten" (RTBF) to Google.com worldwide, instead of just applying it to the appropriate localized (e.g. France) version of Google.

And here's my official response as a concerned individual:

To hell with this.

That's nowhere near as strong a comment as I'd really like to make, but this is a general readership blog and I choose to avoid the use of the really appropriate invectives here. But man, I could justifiably pile on enough epithets here to melt your screens before your eyes.

A key reason why I've been warning all along about the disastrous nature of RTBF is precisely this "camel's nose under the tent" situation. Giving in to localized censorship demands from the EU and/or member countries was bound to have this result.

What's worse, if France or other EU countries get away with this attempt to impose their own censorship standards onto the entire planet, we can be sure that government leaders around the world will quickly follow suit, demanding that Google globally remove search results that are politically "inconvenient" -- or religiously "blasphemous" -- or, well, you get the idea. It's a virtually bottomless cesspool of evil censorship opportunities.

It's bad enough when the ever more censorship and surveillance loving Western leaders have this kind of power. But how about Vladimir Putin, or China's rulers, or Iran's Supreme Leader as GLOBAL censors?

It wouldn't be long before it would seem that every search on any controversial topic might as well be replaced with a "404 Not found" page -- a rush to lowest common denominator mediocrity, purged of any and all information that government leaders, politicians, or bureaucrats would prefer people not be able to find and see.

I've written and said so much about RTBF for years that it feels like an endless case of "Groundhog Day" at this point -- e.g. early on in The "Right to Be Forgotten": A Threat We Dare Not Forget (2/2012), and most recently in a one hour live RTBF hangout video discussion (about a month ago).

And I'm certainly not alone in these concerns. Yet we continue to be sucked down this rathole, now with governments using overblown security concerns as an excuse to try justify even broader search engine censorship across a vast range of topics.

So far, Google has resisted the concept of RTBF being applied globally. I not only applaud their stance on this, but I strongly urge them to stand utterly firm on this issue.

RTBF even in localized forms is bad, but if countries had the ability to impose their individual censorship regimes onto the entire globe's population, we'd be -- with absolutely no exaggeration -- talking about an existential threat not just to "free speech" but to fundamental communications and information rights as well.

This cannot be tolerated.

Non! Nein! Nahin! Nyet!

Just say NO!


Posted by Lauren at 09:02 AM | Permalink

June 08, 2015

Cops Still Don't Realize That YouTube Has Changed Their World Forever

Sometimes the world changes around us so rapidly that there's a sense of chaos, until understanding and what passes for equilibrium have been reestablished.

Such is the case with videos of law enforcement's interactions with the public, especially videos captured by members of the public and then subsequently made available publicly on YouTube and via other Internet platforms.

One thing is abundantly obvious -- many police departments and individual police officers still do not understand that the rules of the "game" under which they operate have been irrevocably altered.

Police videos generally fall into two broad categories -- videos shot by police themselves, and videos shot by members of the public.

The former include dashcams and increasingly body cameras. The latter is potentially the domain of pretty much everyone with a smartphone these days.

Generally speaking, police officers have been warming up to video that they themselves photograph -- especially when they can control when the cameras are running -- which opens up a rather significant can of worms indeed.

And while police departments would love to hold onto body camera footage (often taken inside people's homes at times of their greatest distress) for future investigative purposes, they must also face the complexities and expense of redacting videos for public record requests, to quite appropriately protect innocent parties from public abuse and exploitation.

Overall though, police are typically pretty eager to trot out the videos when they appear to support officers' accounts of events -- just today a video was released that appears to show that a police shooting of a terrorism-related suspect was seemingly much more aligned with officer statements than with some completely contradictory "witness" statements being promulgated by cable news.

The situation tends to be very different with videos of police confrontations photographed by the public, often rapidly posted to YouTube.

We seem to be bombarded with an almost daily menu of "cops behaving badly" videos that cover the entire range from somewhat comical, through utterly bizarre, to downright horrifying.

To be sure, these videos are self-selected by their uploaders, and there isn't much attention paid to the majority of cops who are well behaved -- and so aren't the subject of many videos overall. Naturally enough, it's the bad eggs and nasty confrontations that are going to get the attention when it comes to videos.

But much of what we see in these negative cases is indeed utterly chilling. Cops shooting down unarmed persons, groups of officers beating already compliant suspects to a pulp -- all manner of situations that previously would have had no visual or audio record for review.

A new example currently receiving a lot of attention over this last weekend is of a Texas cop running around like a crazed dog, pointing his gun at half-naked teenagers from a pool party, and even tackling an obviously unarmed girl in a bikini to the ground. He appeared to be utterly out of control and his fellow officers seemed to just stand there watching in amusement. The racial aspects of the situation -- the cop was white, most of his targets black -- are difficult to ignore.

While apparently nobody was seriously hurt in this case, it's all the more upsetting for what could easily have happened if that gun had fired or that girl's neck had been broken.

None of these videos, whether photographed by police or the public, ever tell the whole story. Many police departments allow officers to control when their cameras are running. Videos photographed by the public typically don't show events leading up to a confrontation that attracted attention. Individual cameras only show one point of view. And so on. Such videos are clearly not definitive.

It's also clear that many cops still haven't gotten the message made explicit by numerous courts, that the public has the right to capture such videos. We're still seeing officers snatching phones and cameras from people's hands, sometimes smashing the devices, sometimes smashing the face of the photographer, arresting them, pepper spraying them and the like, even though no interference with the police action was occurring. (In an attempt to keep the public's cameras away, some police departments are trying to establish likely illegal "exclusionary zones" around their officers, to discourage public photography of those officers in action).

We're also seeing attempts to remove many of these videos from public view -- though tracing who was responsible for such actions can be very difficult. For example, I shared a copy of the "pool party cop" YouTube video link yesterday on Google+. By this morning the video was gone, marked as spam, most likely through a malicious false takedown submission.

Of course, this was a failed attempt at information control -- many other copies of that video are now widely available on YouTube and other venues.

Perhaps what might seem most odd of all is how we see cops behave so badly even when they're aware that they're being photographed.

This makes sense though when you consider that officers are used to having their accounts of events being rarely questioned and almost always accepted.

It just hasn't fully penetrated yet that there are now recording eyes on the scene, and that an officer's own rendition of events is but one of the variables of the equation, and often by no means the most reliable of these.

Ubiquitous video cameras, smartphones, and YouTube have together fundamentally changed key aspects of law enforcement operations, and the ways in which both courts and the public will view them going forward.

There is no turning back. There is no possible return to the previous era of officer reports being accepted with nary a question or concern.

Police departments will ultimately learn to live with this.

And for the public at large, this is very good news indeed.


Posted by Lauren at 11:46 AM | Permalink

June 04, 2015

Governments of the World Agree: Encryption Must Die!

Finally! There's something that apparently virtually all governments around the world can actually agree upon. Unfortunately, it's on par conceptually with handing out hydrogen bombs as lottery prizes.

If the drumbeat isn't actually coordinated, it might as well be. Around the world, in testimony before national legislatures and in countless interviews with media, government officials and their surrogates are proclaiming the immediate need to "do something" about encryption that law enforcement and other government agencies can't read on demand.

Here in the U.S., it's a nearly constant harangue over on FOX News (nightmarishly, where most Americans apparently get their "news" these days). On CNN, it's almost as pervasive (though anti-crypto tirades on CNN must share space with primetime reruns of a globetrotting celebrity chef and crime "reality" shows).

It's much the same if you survey media around the world. The names and officials vary, but the message is the same -- it's not just terrorism that's the enemy, it's encryption itself.

That argument is a direct corollary to governments' decidedly mixed feelings about social media on the Internet. On one hand, they're ecstatic over the ability to monitor the public postings of criminal organizations like ISIL (or ISIS, or Islamic State, or Daesh -- just different labels for the same fanatical lunatics) that sprung forth from the disastrously misguided policies of Bush 1 and Bush 2 era right-wing neocons -- who not only set the stage for the resurrection of long-suppressed religious rivalries, but ultimately provided them with billions of dollars worth of U.S. weaponry as well. Great job there, guys.

Since it's also the typical role of governments to conflate and confuse issues whenever possible for political advantage, when we dig deeper into their views on social media and encryption we really go down the rabbit hole.

While governments love their theoretical ability to track pretty much every looney who posts publicly on Twitter or Facebook or Google+, governments simultaneously bemoan the fact that it's possible for uncontrolled communications -- especially international communications -- to take place at all in these contexts.

In particular, it's the ability of radical nutcases overseas to recruit ignorant (especially so-called "lone wolf") nutcases in other countries that is said to be of especial concern, notably when these communications suddenly "go dark" off the public threads and into private, securely encrypted channels.

"Go dark" -- by the way -- is now the government code phrase for crypto they can't read on demand. Dark threads, dark sites, dark links. You get the idea.

One would be remiss to not admit that these radical recruiting efforts are of significant concern.

But where governments' analysis breaks down massively is with the direction of their proposed solutions, which aren't aimed at addressing the root causes of fanatical religious terrorism, but rather appear almost entirely based on preventing secure communications -- for anybody! -- in the first place.

Naturally they don't phrase this goal in quite those words. Rather, they continue to push (to blankly nodding politicians, journalists, and cable anchors) the tired and utterly discredited concept of "key escrow" cryptography, where governments would have "backdoor" keys to unlock encrypted communications, supposedly only when absolutely necessary and with due legal process.

Rewind 20 years or so and it's like "Groundhog Day" all over again, back in the early to mid 90s when NSA was pushing their "Clipper Chip" hardware concept for key escrowed encryption, an idea that was mercilessly buried in relatively short order.

But like a vampire entombed without appropriate rituals, the old key escrow concepts have returned to the land of the living, all the uglier and more dangerous after their decades festering in the backrooms of governments.

The hardware Clipper concept dates to a time well before the founding of Twitter or Facebook, and a few years before Google's arrival. Apple existed back then, but centralized social media as we know it today wasn't yet even really a glimmer in anyone's eye.

While governments generally seem to realize that stopping all crypto that they can't access on demand is not practical, they also realize that the big social media platforms (of which I've named only a few) -- where most users do most of their social communicating -- are the obvious targets for legislative, political, and other pressures.

And this is why we see governments subtly (and often, not so subtly) demonizing these firms as being uncooperative or somehow uncaring about fighting evil, about fighting crime, about fighting terrorism. How dare they -- authorities repeat as a mantra -- implement encryption systems that governments cannot access at the click of a mouse, or sometimes access at all under any conditions.

Well, welcome to the 21st century, because the encryption genie isn't going back into his bottle, no matter how hard you push.

Strong crypto is critical to our communications, to our infrastructures, to our economies, and increasingly to many other aspects of our lives.

Strong crypto is simply not possible -- let's say that once more with feeling -- not possible, given key escrow or other government backdoors designed into these systems. There is no practical or even theoretically accepted means for including such mechanisms without fatally weakening the entire associated encryption ecosystem, and opening it up to all manner of unauthorized access via hacking and various subversions of the key escrow process.

But governments just don't seem willing to accept the science and reality of this, and keep pushing the key escrow meme. It's like the old joke about the would-be astronaut who wanted to travel to the sun, and when reminded that he'd burn up, replied that it wasn't a problem, because he'd go at night. Right.

Notably, just as we had governments who ignored realistic advice and unleashed the monsters of religious fanatical terrorism, we now have many of the same governments on the cusp of trying to hobble, undermine, and decimate the strong encryption systems that are so very vital.

There's every reason to believe that we'd experience a similarly disastrous outcome in the encryption context as well, especially if social media firms were required to deploy only weak crypto -- putting the vast populations of innocent users at risk -- while driving the bad guys even further underground and out of view.

If we don't vigorously fight back against government efforts to weaken encryption, we're all going to be badly burned.


Posted by Lauren at 02:07 PM | Permalink

May 25, 2015

Seeking Anecdotes Regarding "Older" Persons' Use of Web Services

Greetings. I'm seeking anecdotes regarding the use of Web services (e.g. as provided by Google, Facebook, Twitter, etc.) by "older" users. Keeping in mind that our memories, vision, and other key attributes typically begin to degrade by the time we reach our 20s, I'm not specifying any particular age ranges here.

Please email whatever you can to:


I'm especially interested in any frustrations related to Web services that you might feel -- or have noted with relatives, friends, co-workers, or any other persons -- as you and/or they have inevitably aged.

Particularly relevant stories include age-related experiences regarding what seems to work well and what causes the most problems when you're using these systems, or when you're trying to help others use these systems (either in-person, over the phone, or via various remote desktop environments), and so on.

Experiences of the "elderly" in any aspect and how ever you wish to define this would be especially appreciated. I believe this category to be of critical importance. This rapidly growing group increasingly must deal with Web services to conduct routine affairs (for example, email or other Web-based contacts with relatives or businesses, government communications, and so on.) This is also a group that could benefit greatly from calendar systems, person-to-person chat and video systems, search services as memory aids, and social networking environments (particularly given the social isolation that is so typically part and parcel of advancing age) -- if and only if these persons are able to use these services effectively.

I will treat all details you send as confidential unless you indicate otherwise, but the more details you can provide the more useful your information will be. Ages, background information about physical and mental states, and level of technical familiarity are some of the particularly relevant factors.

Also, information regarding the particular aspects of these services that you or those you assist find particularly problematic, would be very much in focus -- issues with fonts, backgrounds, user interface designs, stability vs. changes in interface and operational models -- and how these users are affected by these and similar issues.

Anyway, you get the idea. Again, please send whatever you feel comfortable with to:


Thanks very much. Take care, all.


Posted by Lauren at 02:52 PM | Permalink

May 21, 2015

Google+ Drops "Ripples" -- Thumbing Nose at G+'s Most Loyal Users

As much as I admire Google (full disclosure, while I have consulted to them, I'm not currently doing so), for the life of me I cannot understand their fetish not only for killing features that are much loved by significant numbers of users, but so often doing this with little or no warning at all.

So here we go again. In a terse post on G+ today, Google announced that they had immediately dropped support for the Google+ "Ripples" feature. Zero warning. Just POOF.

Granted, if you're not a heavy user of G+ and don't have a lot of followers, you may not have ever even bothered playing with Ripples at all or even known of it. Ripples was always relatively hidden, suggesting the amount of non-love Google felt it deserved.

But for folks like me (I have nearly 400K G+ followers), Ripples was incredibly useful, providing me with a graphical representation of sharing patterns related to my posts -- it was an extremely valuable engagement visualization tool.

So, why did Google kill it now?

Oh, I can wager some guesses. Maybe nobody wanted to devote the fraction of time necessary to maintain it, or perhaps a broader G+ backend redesign made it difficult or impossible to reasonably continue for technical reasons.

Nothing lasts forever.

But in the name of bits, bytes, and Beelzebub, I simply cannot fathom why Google cannot provide some degree of advance warning before disabling features like this. A month? A week? 48 hours? Something?

Even if we grant that Ripples wasn't widely used and large numbers of users won't be affected at Google scale -- these aren't valid excuses for essentially thumbing your nose at some of your most devoted users as if they just don't matter at all.

It's almost as if Google just doesn't want to be bothered unless millions or billions of users are directly impacted.

I've been pushing back against folks claiming that Google is planning to ramp down Google+ -- but Google's attitude toward the services' most devoted evangelists seems downright bizarre, and indeed causes one to ponder this question more deeply.

More than bizarre -- it's simple disrespect. And unfortunately, it's the kind of communications failure that has become all too common with Google.

We'll all live without G+ Ripples. In the relative scheme of things, it's not a big deal.

But its very triviality has the ironic effect of causing one to wonder how users will be treated when the really important issues roll around again.

And at least for someone like me who has enormous admiration and respect for what Google has accomplished, I'm left with a very sour taste in mouth, that I really wish wasn't there.


Posted by Lauren at 01:12 PM | Permalink

May 16, 2015

European Union (EU) "Right To Be Forgotten" (RTBF) Discussion Video

Greetings. Yesterday (15 May 2015) I hosted a Google+ Hangout discussion regarding the EU's horrendous "Right To Be Forgotten" concept and its ramifications. Video of that discussion is now available.

Special thanks to the participants for an extremely thoughtful hour!


Posted by Lauren at 12:30 PM | Permalink

May 12, 2015

Why Consumers Hate Us

It's not usually an all-encompassing kind of hate. Nor is it typically some form of "I hate you so much I won't have anything to do with you!" category of hate. And rarely is it really a "fear of evil" model of hate.

No, it's much more of a simmering, situationally specific kind of anger. It's mostly (but by no means exclusively) directed at large Internet technology firms, and by proxy at the technologists (like many of you, and certainly me) who either directly or indirectly create, deploy, influence, or otherwise impact the Web and its services as experienced by ordinary, mostly non-techie consumers -- who increasingly must use our products whether they really want to or not, at the risk of being left far behind.

Perhaps part of the problem is that most technologists -- coders, SREs, managers, and onward along the long tail of associated job descriptions -- often don't need to deal with users' complaints directly. They may see studies and distilled reports, the most common user comments and questions, and other relevant data, but mostly they never interact with ordinary consumers -- ordinary users -- on a one to one basis, except perhaps when trying to assist a concerned friend or relative (which indeed, can be an eye-opening experience as far as that goes).

For better or worse I receive unsolicited queries looking for help every day. Typically these users have tried the formal support channels and forums -- and have either been unsuccessful at finding answers in the former or ridiculed by other persons in the latter. They start searching around and find my name in association with various articles I've written, or my frequent discussion of technical issues on radio and other venues. In desperation they send me emails -- or often they call me directly on the phone.

Often these queries relate one way or another to Google, simply because I've written so much on that topic over the years (and, full disclosure, until quite recently I was consulting to them as well), but Google is by no means the only firm for which these questions pour in.

Obviously, I'm under no obligation to respond to any of these. But it is my pleasure to do so on a gratis basis, because so many of these persons -- yes, actual living human beings every one -- are so desperate for someone to talk to them about the technical issues that we -- the aforementioned technologists -- tend to assume are so obvious, but that seem so utterly impenetrable to so many users.

"Losers." That's the corruption of the word "users" that you hear all too frequently from technical folks when referring to the persons who actually depend on their products and services. It's usually bantered about in half-joking way, but the essential arrogance that it reveals is often all too real.

Sometimes it's just overall disdain for users in general. Sometimes it's disdain for the minority of users (who can still be enormous in absolute numbers at scale) who are deemed not worth bothering with if they can't "keep up" with the designated pace of change, or who have particular special concerns or needs that just seem like too much bother to address, even at the group rather than individual level.

To be sure, supporting millions or even billions of users is no small or inexpensive feat. And the inclination can be strong to treat non-paying users as a "lower class" for support -- even though they may be responsible for bringing in very significant revenue through ads and other mechanisms.

I won't try to catalogue here the long list of insights I've gained from the many discussions I've had with users -- not losers! -- over recent years. But just a few points may give some sense of the overall picture in key respects.

First, much of what we assume is obvious to all users actually is not. There's the old joke about the tech support guy who told a caller they could press any key on their keyboard to proceed. "I can't find the 'any' key!" comes the presumably hilarious reply.

This isn't as far from the truth as one might think. We've been so successful at "hiding" the workings of our applications that many users are completely lost when something goes wrong. You might be surprised how often I've told users to "start their Web browser" and they tell me they don't know what a browser is.

How can this be? Most people care about information and services at sites and pages, not so much the software that display them. They may have shortcuts that bring these sites up directly from their desktops, or they may use app launchers that even further obscure the process. So it shouldn't come as any additional surprise that many users have no clue as to which browser they're running, don't notice if their search bar or omnibox has been hijacked by an "intruding" service without informed permission, and so on.

We forget that most people aren't clairvoyant and may not have 20/20 vision. We pour endless energy into user interface design. But we still end up deploying obscure icons and "hidden" menus, both often as mysterious as the Sphinx, unless one thinks to mouse over the icon (in which case you might get a useful "tooltip" -- or not) or hover over the appropriate secret symbol (or perhaps empty space!) to make an otherwise hidden menu visible.

In the interests of "pretty" interface design and text display, it's become the fashion to render often important text in low contrast fonts that are pretty much a slap in the face of anyone with aging or otherwise declining or limited vision -- and that decline often starts by the time we reach our 20s. Sometimes it seems like UI designers are getting kickbacks from ophthalmologists and aspirin manufacturers.

And when it comes to hardware, users are even more confused and peeved. These are often not inexpensive devices, but forced obsolescence and feature "hobbling" cycles are growing ever shorter.

Smartphone buyers find themselves stuck in short order with devices that can't or don't receive updates, even for important security-related bugs -- often involving security issues that nobody responsible is even willing to proactively and directly inform users about, even when simple precautions and workarounds are actually available.

Consumers buy set-top boxes or expensive "smart" TVs only to find that support for key features is withdrawn within a couple of years because nobody wants to update them anymore, or necessary APIs have been summarily terminated.

The fact that many of these users could (given the money) buy new expensive smartphones or relatively inexpensive "plug in stick" set-top replacements isn't the point.

The point is that people hate being "bullied" -- and "technological bullying" is a very real phenomenon indeed.

It's utterly unreasonable to expect that consumers will possess understanding of these complicated technical ecosystems. "Who is responsible for updating the phone? The service provider? The manufacturer? The carrier?" "Why can't I view videos anymore on a TV only a few years old, when most people keep TVs in use for around 10 years?" "How come nobody told me that an API ("Hey, Lauren, what the hell is an API?") would be so quickly cut off?

Perhaps the most important point of all is that the effect of all this is much like the proverbial death of a thousand cuts. No single item alone is likely to be a death blow, but by so often essentially treating many of our users like jerks, we are gradually poisoning a well of goodwill that will be very difficult to ever cleanse, and in the process we hand ammunition to our adversaries, many of whom would very much like to bring us down or otherwise control the "eggheads" in their midsts.

We don't need nor expect every user to love us and our technologies. But at a minimum we can strive for them not to hate us -- and perhaps to even respect us a bit.

Ultimately, it's our choice.

Be seeing you.


Posted by Lauren at 12:35 PM | Permalink

May 01, 2015

When Mozilla's Fanatics Make Us All Look Bad

One of the recurring problems we face as technologists is accusations that we are out of touch with the sorts of issues and problems that affect most people. We're accused of pushing through changes without taking into account the reality of the costs and collateral damage that will be triggered, and basically of being downright arrogant toward the world at large.

Unfortunately, such complaints are not wholly without merit, and one need look no further than current discussions on a major Mozilla development mailing list to understand why.

You know Mozilla, of course -- the custodians of the Firefox browser. The same firm that stole a bundle of perfectly happy Google Search users to hand over to Yahoo under the terms of a lucrative new business deal.

Right, that Mozilla.

Well, if you run an older, legacy website that hasn't had the money, time, technical ability, or other resources necessary to convert over to encrypted https connections, it appears that Mozilla is talking about a little surprise for you.

Looks like they may want to shut you down.

Now, one would be hard-pressed to find a more outspoken proponent of opportunistic encryption than I am -- I've been boosting the concept for ages. In fact, years ago I wrote a piece entitled "http: Must Die!"

However, in the time since then, it's become ever more clear that trying to force sites into the increasingly corrupt and dysfunctional existing SSL/TLS certificate infrastructure would grossly disserve many legacy sites, especially smaller ones with extremely limited resources available.

I have long been an advocate of leveraging self-signed certificates -- yes, despite their known limitations -- as an interim step toward a new, more practical opportunistic crypto infrastructure -- but this obviously takes significant time even in the best of circumstances.

But whatever specific technological path is taken, a foundational requirement should be using the carrot and not the stick to help encourage these transitions.

And while Mozilla is by no means the only firm that can be accurately accused of using rather hard-edged "we know better so just shut up or get left behind, losers!" approaches, the folks over at Mozilla are really sharpening up the javelins and charging up the cattle prods.

What they're discussing for Firefox is turning off unencrypted http support. You're not able to run encrypted https? Too bad, Firefox users won't be able to access your sites. Or perhaps for a while they'll just get a big red warning telling would-be visitors that you're subhuman slime who just doesn't care about security.

Plus -- you guessed it -- it seems that they'd like to make this an Internet standard so you'd effectively have no escape regardless of which browser was in use.

As someone who has long advocated the righteousness of fully-encrypted Internet communications, I find the attitude being expressed over at Mozilla to be infuriating, because while the end goal is laudable, the approach is indeed arrogant and almost religious in its fervor, and in its refusal to acknowledge the problems with which the "little guys" on the Net have to deal with every day.

For all the talk of supposedly "automatic" ways to convert sites to https, and the availability of so-called "free" security certificates, the bottom line is that many legacy sites are simply unable to devote the resources necessary to undergo such conversions and maintain them. Many of these sites have been providing reference materials for many years that -- frankly -- are not of the sort where communications security can realistically be seen as a priority matter.

Now, if Mozilla is willing to establish a cadre of bonded and insured site design experts willing to perform https conversions for such sites without charge, and help maintain them forevermore, well, I'd certainly be interested in having that conversation. That's using the carrot approach I mentioned earlier.

On the other hand, plans to try use those sharp sticks and prods to try bully these sites into the https camp like cattle -- well, if you think the world has a mixed view of technologists now, if Mozilla gets its way we'll end up with a positive rating on par with politicians -- if we're lucky.

I very much want to see an Internet where all communications are securely encrypted, but only if it's done the right way, with sites and users treated as valued partners with a full understanding of their resource constraints and sensibilities -- and not as "losers" to be treated with what amounts fundamentally to arrogant contempt.

Be seeing you.


Posted by Lauren at 11:34 AM | Permalink

April 26, 2015

While the World Burns, the Washington and Media Elite Party Through the Night

In Nepal, thousands lay dead and dying in a horrendous earthquake and its aftermath. In Baltimore, righteous anger over the crushed spine and death of a young black man in police custody was triggering violence and arrests.

And last night while those events raged, the Washington political and media elite were hypocritically and drunkenly joking and partying in their formal finery, a mere 40 miles from Baltimore itself, at the White House Correspondents' dinner.

For CNN and its fearless leader Jeff Zucker, it wasn't even a close call as to how best to handle this confluence of simultaneous events.

They simply provided hours of wall-to-wall coverage of the partying elite, while reassuring everyone that they'd catch up with the deaths and arrests later, after their crucial coverage of boozing and backslapping at the big party was over and done.

Oh yes, and they suggested that if for some perverse reason you cared less about the 1% yukking it up than mass deaths and protest arrests, you could just go searching around online and maybe you could dig up something -- assuming you had a decent Internet connection and a means to access it, of course.

Well, to paraphrase "Major Kong" from "Dr. Strangelove" -- I've been to one world's fair, a picnic, and a rodeo -- and this is one of the most egregious examples of the "Nero fiddling while Rome burned" syndrome I can recall in my entire lifetime to date.

"Obscene" and "perverse" are the only "polite" terms I can think of to describe this situation. The invectives that more properly illustrate the depths of this depravity and what they tell us about income and social disparity here in the USA, are unfortunately not words suitable for family audiences.

The big party could have been turned into a big opportunity, of course. The "good old boys" jokes could have been set aside and the focus turned to earthquake relief and even (horrors!) serious discussion by the powerful individuals present. It appears that the number of persons killed in the Nepal quake is similar to the numbers killed in the 9/11 attacks. But apparently when victims are overwhelmingly not Americans, it just doesn't count.

We all deserve one hell of a big apology from the political and media snobs who are responsible for this sickening display of hypocrisy and elitism run wild.

But don't hold your breath for that apology. 'Cause they got the big bucks and the big power -- and we don't.

We ordinary people one and all must say polite goodnights to our masters, for when you're hot you're hot. And when you're not -- you're not.

And we're most definitely not.


Posted by Lauren at 11:06 AM | Permalink

April 22, 2015

When Google Leaves Users Behind

I was just now reading over the publicity materials related to Google's newly announced (but long rumored) "Project Fi" wireless plan/experiment today, and found myself pondering a question. To wit: If I had the currently required Nexus 6 smartphone, would I be applying to be included in this new mobile offering?

And I realized the answer was no. Not so much because my current phone and plan are completely adequate to my needs, but rather for a couple of more depressing reasons.

One of these is the painful realization that I wouldn't necessarily have confidence that Google won't be abandoning this effort in relatively short order, triggering possible hassles at the egress end of the offer. Perhaps Project Fi signals the birth of a wonderful, consumer friendly, disruptive change to mobile that is long overdue. Or, Google might decide in a year or two just to pull the plug on it with short notice -- there are certainly well remembered precedents for the latter outcome from Google.

Another reason for my own current lack of enthusiasm for Project Fi is my personal embarrassment (I've consulted to Google) at the shabby way Google has treated -- and continues to treat -- many of their existing Android users.

I'm an enormous fan of Android, and totally committed to the Android ecosystem. But for the life of me I can't find valid justifications for Google's abandonment of literally vast numbers of Android users currently using older devices. Not everyone can afford to treat smartphones and tablets as easily disposable, especially when they seem to functioning perfectly well from the users' perspective.

Yet so many of these users are actually vulnerable to serious security flaws because Google refuses to patch the versions of Android still being run by large numbers of persons.

Google has a range of explanations/excuses for this. Technical difficulty with backports. Uncooperative carriers. Concentrating efforts on the latest and greatest (more on that in a moment).

It's notable how quickly Google abandoned users even of their own flagship phones like the Galaxy Nexus when purchased directly from Google, where carrier cooperation wasn't even an issue (Google's excuse in this case was lack of driver support from a chip vendor, but somehow third-party hackers found a way around that problem.)

Given, no phone or other device lasts forever. Yet Google has (to my knowledge) not even directly, proactively informed users of these older devices about the security issues associated with these units, nor informed them regarding the useful workarounds that actually do exist in many of these cases. Is it better for users to proceed using their devices in blitheful ignorance of these issues? I don't think so, anyway.

Again, I'm not suggesting that Google be required to update these older units forever. But why isn't there at least an official, well known Google page that directly and specifically explains the security status of these devices and the aforementioned workaround procedures? Why must users depend on (not always trustworthy) outside articles (or blogs!) to learn about these matters? Google should take ownership of these important issues, rather than depending on others to dribble out such crucial information.

Google's seemingly endless juggernaut of great products belies problems that are not by any means unique to Google, but can ensnare large firms of any stripe, especially if they're engineering oriented.

It's all too easy to focus on the latest and greatest, while too quickly de-emphasizing serious consideration and maintenance of older products used by fewer users. Yet at the scale of many such firms, even relatively small percentages of users can represent very large numbers of actual human beings, many of whom are particularly in need of continuing attention, by virtue of their inability to buy into those wondrous new devices at the rate common for the early adopters.

And let's face it, engineering-oriented firms are often structured in a manner where career advancement is largely predicated on working in the bleeding edge of development -- there's little incentive for employees to seek roles maintaining older systems, backporting security patches, or refactoring code.

But these are all crucial roles, for the ways in which a firm supports all users, including those not in the new products adoption forefront, directly impacts public perception of how a firm's newer offerings will be perceived, and how that firm's treatment of users overall will be judged.

Something to think about perhaps, the next time you hear of a possibly great new product being announced. For one of the ways through which we can most clearly anticipate the future -- even our technological futures -- is to understand how we've been treated in the past.

Be seeing you -- in the future.


Posted by Lauren at 02:19 PM | Permalink

April 10, 2015

Why YouTube Issues Are So Very Important

I view YouTube issues as a kind of proxy for the kinds of issues the broader Net increasingly faces in the technical, policy, and political arenas. Full disclosure: YouTube is certainly one of my top favorite sites on the Net. So I have a vested interest in trying to help it stay healthy and prosperous.

Given that YT is currently ranked the second most popular site on the Web (after Google itself -- so Google effectively holds both the #1 and #2 slots) its particular mix of services presents some fascinating challenges.

Many of these are obvious at least in their outlines. Massive amounts of storage space for all that video. Tremendous amounts of bandwidth necessary to distribute the video. The complicated nature of YouTube's interactions with ISPs, the intricacies of content delivery networks, and so on. And it's impossible to consider peering disputes, ISP bandwidth caps, and an array of other fundamental Internet concerns without considering their interplay with and implications for YouTube.

To be sure, many of these matters also apply to any other large-scale video oriented Net services, such as Netflix.

But where YouTube in particular diverges from Netflix is in YT's deep commitment to user uploaded videos, and it's that aspect that brings into play perhaps the most complex, and certainly the most controversial issues.

Virtually every day, my inbox receives queries related to YouTube. The lion's share of these are from persons who feel that YT has wronged them in some way. Perhaps they're concerned about a video of them that someone else posted. Or a video they posted that was tagged, demonetized, and/or removed via a Content ID hit or copyright strike -- or that their account was forcibly closed entirely.

Sometimes their concerns are valid, more often they're not. I know one classical music pianist who has been through the YT wringer with many repeated false positive YT problems related to his self-played works (classical music, and public domain materials in general, present rather fascinating technical challenges to abuse detection, especially at Google/YT scale).

But while it's easy to throw around the hyperbole about the DMCA's "guilty until proven innocent" model (which, obviously, Google/YT must abide by -- keeping in mind that the DMCA in key respects has made YT possible at all), and the definitely improving but still somewhat opaque nature of the YT appeals process, the reality is that systematic, intentional abuse of YT by bad players is very real.

How bad is it? Just for jollies, toss this URL into your browser when you have a few minutes to spare.

This will display the uploads with full movie in their title over the last hour. Skip the ads at the top and explore the organic listings. I'll bet you find that every single one is a "come on" spam -- the movie isn't actually there at all, they're rather trying to get you to click through to another site (the specific ways they do this will vary -- don't even get me started about the obnoxious and notorious girl in red).

Most of these spam videos seem to be from a relatively small set of uploaders, despite the vast number of throwaway accounts they're creating. Interestingly, they appear to target not only current release films, but often old classics as well.

An hour doesn't seem like too long for these to be around, but many persist for weeks and much longer -- and many of those add insult to injury by monetizing the spam video with ads! That's right, the spam uploader crooks are attempting to steal money with content to which they have no rights at all.

This also applies to the content uploaders who aren't spamming, but "merely" monetizing other parties' content, like many years' worth of classic television programs. Keep in mind that these aren't people making available long lost programs based on some radical all information should be free! philosophy. Since they're monetizing these uploads they're just simple crooks, trying to make money off someone else's work. This really disturbs me. It's the kind of abuse that is damaging to the broader YouTube and Internet video ecosystem in very significant ways, and provides ammunition to forces who push for draconian legislation that would make the DMCA look like a walk in the park by comparison.

Google works diligently to kill this crud, but at scale -- especially considering the desire to minimize false positives as much as possible -- it's a real game of Whac-A-Mole. The evasion techniques in use are certainly imaginative: Static inset box videos, moving inset boxes, mirror images, translucent backgrounds, and much more. Not only are these crooks stealing content, they're presenting it in horrendously substandard ways as well.

I think it's important that YT users at large understand that this sort of monetized abuse is not at all benign, and makes everything harder for Google/YT and honest users of the ecosystem. I always urge users to report these spams and monetized ripoffs when they find them. (Sidenote: Many users don't realize they can report them. The reporting link is currently hidden under the YT player UI More link. While one doesn't want to encourage frivolous reporting, having the reporting/flagging function being more visible in the interface strikes me as a proposition worth considering).

And perhaps most importantly of all, we have the entire array of free speech, government censorship, and related issues that focus on the ability of ordinary users to upload materials that might reveal horrific police abuse -- or attempt to ruin an innocent person's reputation. And everything in-between. We have governments attempting to takedown (or block) videos that they consider sacrilegious or simply politically inconvenient. The complex dilemmas related to Terms of Service and appropriate content rules -- issues of adult materials, horrific materials, hate speech, viewers who are children, religious intolerance, racism, on and on. How to set these standards, how to evaluate them, the gray areas, evaluations, and the emotional realities and emotional costs of balancing such complicated concerns and interests -- I won't even try to scratch the surface of those issues right now.

So again and again, we see that YouTube issues are a representation of the broader issues facing not only the Internet, but the entire global community as well.

That makes them important. Seriously important.


Posted by Lauren at 10:34 AM | Permalink

March 28, 2015

For the Anti-Gay Indiana GOP, the Web Is a Harsh Mistress

It was with obvious glee two days ago that GOP Governor Mike Pence signed Indiana's new "Religious Freedom Restoration Act" -- in reality a law created to gladden the political voting hearts of closeted and outed racists, not to mention other right-wing lowlifes throughout the Hoosier State.

While written so broadly that it conveniently could be used to discriminate against any "minority" religious group, the true purpose of the legislation was never in question -- it was designed to provide a mechanism for treating LGBT persons as second-class citizens -- for example, to be denied entry to establishments at the whim of prejudiced prune heads.

Pence and his GOP minions apparently figured they had a real winner with the RFRA -- "Hell, our base racist voters will flock to us in droves," they must have thought.

But it's a funny thing about politicians these days. They usually like to make a lot of noise about being "Internet-savvy" -- but in reality their understanding of the Web and the two-edged sword of social media can be unimpressive in the extreme.

So seemingly just a few heartbeats after the RFRA was signed into law, we have the sickly amusing spectacle of its supporters expressing surprise that pretty much the entire world -- including major tech firms, sports leagues, and the vast power of social media -- has turned against them, with enormously expensive boycotts of Indiana rapidly being announced, and vastly more under consideration.

While the law's supporters hem and haw claiming that discrimination was not the purpose of the legislation, everyone knows that's a lie -- legalizing discrimination was precisely the reason for the law's enactment. Nor will Indiana politicians' protests that other states have seemingly similar laws on the books make a difference -- if anything those states may now come to regret the fuse that the Indiana GOP lit under this issue.

For as much as many politicians don't really understand the Internet at all, there's one thing they all certainly understand -- money. And the financial loss that can be foreseen from announced and future boycotts related to this issue could be staggering -- something to chill the hearts of politicians everywhere.

Particularly fascinating is the sense that Indiana's governor and cohorts in the abomination of RFRA appear to be genuinely surprised by the massive and rapid backlash.

Perhaps this is the result of spending so much time in racially and religiously intolerant "echo chambers" of Indiana state government.

But it's also likely to be an artifact of their inability to understand the power of the Web -- and of social media in particular -- to mobilize concerned persons around the country and the globe in ways that were unimaginable even a relatively few years ago.

Well, they're learning that lesson now.

Welcome to the 21st century, boys. We still may be waiting for those flying cars, but we've already got the Internet -- and the Net is far more powerful than a fleet of flying Ferraris.

You can take that to the bank -- whatever you have left after the boycotts, that is.


Posted by Lauren at 12:43 PM | Permalink

     Privacy Policy