April 29, 2006

Sounding the Alarm on Government-Mandated Data Retention

Greetings.

A few days ago in this message, I commented on Attorney General Gonzales' recent statement regarding data retention, and the alarming slippery slope that I feel this represented.

Now, this article reports that a Democratic Congresswoman is proposing to fast-track a bill or amendment to require essentially permanent retention of users' Internet activity data (until at least one year after the user closes their account). For long-term users, this means effectively permanent retention.

Again, I must note the supreme ironies. It was only a few months ago that people were screaming bloody murder about DoJ demanding Search Engine records -- a demand that apparently only Google had the backbone to appropriately resist, noting the sensitivity of the data involved. This controversy triggered calls (including in some legislative quarters) for a law mandating the destruction of much related data after some reasonable, relatively short interval, with appropriate designated exceptions for R&D, business development, and the like.

Now, by waving the red flag of fighting child pornography, seemingly intelligent and usually well-meaning legislators appear ready to create the mother of all big-brother database laws, a treasure trove of personal data that will ultimately be available for every fishing expedition under the sun.

For those persons who trust the government not to abuse such data, I hasten to note that these kinds of infrastructures, once in place, tend to be self-perpetuating, and will be available to future governments as well, including administrations who might not be as "benign" as the current one.

The article referenced above correctly notes the comparison with the McMartin Preschool child abuse witch-hunts of years ago. Hysteria over the abhorrent and real problem of child porn is being used to potentially decimate broad and critical privacy rights -- with the high probability of negative effects and consequences that are almost impossible to overstate.

If we do not maintain a balance between law enforcement goals (including but not limited to child abuse issues), and privacy rights, we will be flushing those rights we've had as law-abiding citizens down the toilet -- all in the name of seemingly laudable goals.

The Internet is rapidly becoming involved in most technology-based human communications. The sensitivity of Internet user activity data can be enormous. Broadly mandated data retention would move us drastically toward the realm of previously unimaginable "nightmare" scenarios (such as requiring the recording of all telephone calls, or the installation of government cameras in bedrooms -- both actions that could indeed be useful for law enforcement purposes).

Without wishing to sound melodramatic, I strongly assert that if we don't take a stand now, we are likely to see the wonders of the Net repurposed into shackles that have the potential to undermine the very basis of our fundamental freedoms.

--Lauren--

Posted by Lauren at 12:04 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein


April 16, 2006

Warning: New Microsoft Patch Breaks Web Pages -- On Purpose!

Greetings. OK, let's be fair about this, the underlying purpose of the Microsoft patch isn't to break Web pages, though this result was understood and expected.

Some venues are calling the issue a "mini-Y2K" -- which is a bit overdramatic -- but it is important and could have significant effects around the world.

As of a few days ago, vast numbers of Internet Explorer (IE) users are experiencing Web pages all over the Net which simply don't work as expected any more.

Simplified backstory first. A couple of years ago, Microsoft lost a patent fight over commonly used techniques to embed "active" content into Web pages. While "ActiveX" operations are usually cited in this regard, in reality all manner of embedded active player objects are apparently involved, including Flash, QuickTime, RealPlayer, Java, etc.

We can argue about whether or not such techniques should be patentable in the first place. A lot of us believe that such patents have gone way overboard and that the USPTO is far out of its depth.

In any case, MS decided that they didn't want to pay the associated license fees for the patented techniques (so far, the holders of the patent have seemingly not gone after open source browsers in non-commercial contexts -- such as Firefox -- which is why Firefox is not currently affected by this issue).

Several months ago, MS issued a patch to change IE behavior to what they believe is a non-infringing operation. This requires that users explicitly click embedded objects first (theoretically guided by a small hint message that appears if they happen to mouse over the objects, which will supposedly be visually boxed as a cue), before the objects will become active. In the case of active objects that already require a click to start, this means that two clicks will now be needed.

There are variations on this theme. For example, in some cases, playback of video may commence automatically, but the video control buttons reportedly won't be active unless the user clicks them first. Confusing? Yep.

There are ways to redesign Web pages to restore the original behaviors, more or less. But these typically require the use of embedded javascript, which introduces its own complexity and security issues, especially on large sites.

If MS originally issued the patch that changed IE behavior months ago, why is this a big deal today? Because only now is Microsoft pushing out that patch as part of the standard automatic "Windows Update" mechanisms. Previously, you would have had to manually download the patch yourself. Millions of people are currently receiving the patch, and seeing the associated effects.

Now for an even more bizarre twist. Microsoft, realizing the sudden negative impact that this patch could have on many users, has just issued yet another patch (which as far as I know must be downloaded manually) that specifically disables the "offending" patch until the next planned IE update in a couple of months or so, restoring the original IE behavior until then on a temporary basis. Got that? You can't make this stuff up.

Perhaps the biggest problem with this situation is that many Web sites don't realize that they can be affected even if they don't use ActiveX. In fact, I wasn't aware of this until a few days ago, when I started having problems with a relatively simple embedded Flash video. You can see the effects and side-effects, plus the explanations I've now placed on the related page, at this blog entry.

Since the embedded video area is itself black, the new IE behavior of "boxing" the object as a cue to an additional click turned out to be essentially invisible. Surprise!

Note that the underlying display code is unchanged. I have not at this time added the javascript "container" code that would be necessary to "fully" workaround this silly situation.

Are we all bozos on this bus, or what?

--Lauren--

Posted by Lauren at 05:40 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein


April 14, 2006

Video of My "Internet and Empires" Talk at Google (From 1/24/06)

Greetings. In late January, I was invited to Google's Los Angeles (Santa Monica) facilities to give an informal talk (titled Internet and Empires) on a range of Internet-related topics. Video of that presentation is now available, and since it touches on a number of familiar issues, I thought that it might be of some interest.

The topics naturally included a number of the controversial issues related to Google, but also more generally privacy, free speech, ISPs, data retention, government and legal issues, censorship, DOJ, network neutrality, China, and more.

The talk ran about an hour and the video will reportedly be available as one of Google's Tech Talks.

Update (1/16/11): Original downloadable video versions of this talk from 2006 have been replaced by a higher quality YouTube version as listed below (my thanks again to Google for providing me with the original video master for processing).

Please note that all of the opinions expressed in this talk of course are mine, and should naturally not be construed to represent the views of Google, Inc.

Thanks.

"Internet and Empires" (YouTube Video)

--Lauren--


Posted by Lauren at 02:34 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein