November 15, 2012

Android 4.2's Super Vision Boost (and a Note for Developers)

Google is now rolling out the Android "Jelly Bean" version 4.2 system to capable devices, and there's a new feature included that is not particularly obvious, but is potentially so important to so many people that it deserves a special mention.

As most of us learn sooner or later, using smartphones and other portable devices becomes increasingly challenging as we age, given that most people's vision starts to degrade beginning as early as their 20s. Small fonts maximize information density if you have the visual acuity to resolve them. Otherwise, they can be rather frustrating.

While Android apps and the Android system itself have been getting consistently better about providing font and other sizing controls, there have still been various situations where ease of viewing has been suboptimal on small displays.

That's why I've been very pleased by the new deeply integrated zoom/pan magnification function included with JB 4.2. After being enabled, which you can do via Settings->Accessibility->Magnification gestures -- you can triple-tap virtually anywhere in the Android environment (except the keyboard and notification panel, I believe) and instantly magnify the current screen. You can then pan around and change the zoom level by touch, and drop back to normal view with another triple-tap. It's extremely well implemented -- kudos to the team responsible! [Addendum (11/16/12): If you triple-tap and hold down on the third tap, you enter a "temporary zoom" mode where you can pan around with that single finger. When you release, you'll pop back to normal view mode automatically. Very convenient for quick magnification of text, etc.]

While I'm talking about settings, regular Android users may notice that 4.2 seems to have eliminated the traditional "Developer options" such as "USB Debugging" and others. They're still available, but since a relatively small proportion of users ever need them, Google has sort of turned them into an "Easter egg" function of sorts.

To enable "Developer options" go to Settings->About phone, then scroll down to "Build number." Tap on Build number. Do it again. Keep going! After a number of taps, you'll be informed that you're getting close, then you'll be anointed with Developer status. Take another look at the main Settings menu -- the Developer options will now be permanently available.

There are other very useful advances in 4.2 as well -- more powerful camera app, gesture keyboard, and much more. Great work!


Posted by Lauren at 04:10 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 13, 2012

Petraeus -- And the Bottom Line on Email Privacy

In some respects, the saga of now former CIA director David Petraeus and Paula Broadwell does not make for the best possible example for analysis of email privacy issues.

In their case, a citizen complaint about harassing emails reportedly triggered an FBI investigation, not some sort of internally generated FBI action. And once the director of CIA's emails were found to be in the mix, the triggering of security concerns (whether ultimately proved out or not) does not seem particularly surprising. That's one of the most sensitive intelligence positions on the planet.

It probably didn't help matters that Petraeus and Broadwell were apparently using Gmail message drafts in a shared access account, as a form of the classic intelligence operative "dead drop" -- likely in an effort to avoid sending messages between accounts. Such behavior in this case was bound to trigger even more security concerns, including of possible account hacking and other issues.

Also, it appears likely that most or all of the emails involved in this case were relatively recent, which is an important point -- as we'll revisit in a moment.

But none of us are director of CIA, and it's reasonable to wonder how well our own email is protected from unreasonable and inappropriate government snooping.

First, a fact. If the government, really, seriously, wants access to your email, no matter where it is stored, they are likely to find a way to do this in most cases. Even advanced encryption systems can often be subverted through keyloggers, screen grabbers, and other mechanisms that "work around" encryption, rather than break it per se.

That said, in the U.S., the primary driver of these issues today is a nearly three decade old federal law, 1986's Electronic Communications Privacy Act (ECPA). By modern standards, this law has actually become a dangerous anachronism.

For example, it assumes that email left on service provider's system has been "abandoned" and permits law enforcement access without a judge issuing a warrant showing probable cause to suspect a crime had been committed.

This was a nonsensical approach even in 1986. It is ridiculous to assert that there should be less privacy protection for email more than six months old that happens not to be on a system under your immediate personal control.

And it simply isn't practical for everyone to deal with email locally anymore. The ability to keep systems up to date, properly backed up, and flexibly accessible to the email's owner, has given rise to cloud-based systems that can reliably provide these functions far more effectively than is possible on most persons' home systems, and in many cases office systems as well.

The problem isn't with remotely hosted email systems per se, the issue is the failure of the ECPA to keep up with technological change, as cloud systems and various hybrid email access environments like POP and IMAP became commonplace.

The intolerable dichotomy created by the obsolete ECPA must be eliminated. All of an entity's email, whether hosted and/or accessed locally or remotely, no matter its age, should have the same requirement that it can only be accessed by authorities (without the permission of the email's owner) upon issuing of a valid probable cause warrant by a judge.

A very long list of firms and other organizations, including Google, Twitter, Microsoft, Facebook, Apple, AT&T, the ACLU, and many others, have joined forces to push for changes in the law along these lines, as the Digital Due Process coalition. I urge you to visit their site and support their effort.

Also, nascent Congressional legislative attempts to implement such changes have been appearing -- so far without gaining much traction. These should also be supported as appropriate.

Google and other firms have reported that government demands for user emails and other data have been rising rapidly. The failure of the ECPA to keep pace with our modern Internet environment sets the stage for abuses in this sphere that should be deemed absolutely unacceptable.

This should hold true for all of us -- even if our email is as pure as the driven snow.

Even for directors of CIA.


Posted by Lauren at 01:54 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 12, 2012

The Nuclear Option: Ending Copyright and Patent Lawsuit Abuse

I don't need to detail here the putrid state of lawsuit abuse related to intellectual property enforcement, especially here in the U.S. No matter where we turn, we see that so-called "rights holders" have turned the courts into what often amount to extortionist profit centers, with innocent victims steamrolled into oblivion.

Organizations like the MPAA and RIAA use what amount to shakedown tactics to intimidate their targets with threats of enormous fines, often over accused transgressions that by any rational measure were minor -- if existing at all.

Frequently people who are utterly blameless and have been so threatened nonetheless -- elderly women in nursing homes, young children, and so on -- have been coerced into paying off these and other organizations via an enforcement regime that seems to share most of its sensibilities with the master/serf legal constructs of the dark ages.

Patent trolls wield patents collected like commodities in a manner reminiscent of Chicago gangsters of old, demanding payments "if ya' know what's good for ya'!" -- costing consumers billions of dollars in the process, and suppressing the creation of untold innovations.

These reprehensible behaviors contaminate our lives even more broadly, even when lawsuits are not directly (at least immediately) involved.

For example, they are a prime driver behind situations such as those I described recently in It's Time to Fix YouTube's Biased Copyright System!

And while I do feel that there are steps Google could take unilaterally to improve this situation, I also am very cognizant of the fact that Google's legal range of action is restricted by rampant DMCA takedown filing abuses, and that their current methodology is an attempt to walk the resulting tightrope. After all, Google must indeed obey the laws, just like the rest of us.

But the damage being done by abusers of patent and copyright law goes far deeper.

We're now seeing vastly increased intellectual property demands for search engines' results to be removed, websites shuttered, and all manner of other "information censorship" schemes being deployed -- and even beyond IP issues per se, we have the nightmarish EU "right to be forgotten" and its ilk.

We've previously talked about all these problems.

Now, it's time to discuss solutions.

And frankly, "little stick solutions" aren't going to fly.

The level of abuse is now so awful, that we're going to have to bring out the really big guns. In fact, we need to go way beyond artillery.

We need to consider the nuclear option.

When we look across the universe of the problems noted above, there is an obvious and dramatic common thread that runs through them all.

The costs -- in time, money, and other resources -- required to file takedowns, lawsuits, and other intellectual property "enforcement" actions is usually relatively minimal. In some cases, it is zero.

And in most cases, the penalty for mistargeting, for harassing and terrorizing innocent parties with protection racket tactics, is similarly tiny, often nil.

So the incentive exists to spray out patent and copyright attacks in all directions, machine-gunning pretty much everyone and everything (especially parties you suspect would rather pay up than fight, whether innocent or not).

It's time to add some serious fissionable friction to this process.

The concept is simple enough. We need to make abuse of the patent and copyright enforcement system so painful that even the most dedicated corporate executive masochist will think twice before pulling the trigger on their attacks.

Threats and the filing of takedowns, lawsuits, and other actions in the absence of strong and verifiable evidence of significant wrongdoing, not just haphazard shotgun barrages based on mere suspicion and wishful thinking, must trigger significant financial penalties and perhaps other serious sanctions as well.

How about a fine of a million dollars per false attack? Or 1% of gross earnings? And perhaps a five year prohibition against more filings?

If these sound draconian, or unrealistic, that's OK -- consider these to be the outer bounds starting points for discussion.

The bottom line is that we need to make it seriously expensive for firms or other parties to falsely or inappropriately sue, threaten, or otherwise harass over perceived intellectual property violations. If these entities make an honest mistake as determined by third parties (such as the courts), that can be a valid excuse in those specific cases.

But no more aerial bombing of the Internet community on a "shoot first and don't even bother to ask questions later" basis.

A similar solution could be applicable to patent abuse. Make it incredibly expensive to knowingly obtain patents or file lawsuits (or engage in "pay me off" shakedowns) when prior art exists and the purpose of the patent is to suppress innovation, as demonstrated by how the holder of the patent actually behaves.

Patent trolls, this means you.

And again, once the appropriate laws are in place, courts or other designated third parties can make the specific determinations on a case by case basis.

Details of these and alternative approaches aside, the key takeaway from this discussion should be that we need to restore a sense of balance to the entire intellectual property arena.

It must be sufficiently expensive to abuse the system through careless, poorly researched, rogue, or simply false accusations, to seriously get the attention not only of associated corporate executives, but of their shareholders as well.

We need to get started on this right now.

The time for torches and pitchforks is already past.

The nukes await.



Posted by Lauren at 11:10 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 10, 2012

General Petraeus, CIA, and Gmail

Update (November 12, 2012): It is now confirmed that the FBI accessed Broadwell's Gmail account. It is not currently public information as to whether or not they also accessed Petraeus' Gmail account, which was apparently under a pseudonym.

How the blazes did Gmail get dragged into this story?

That's the question I was asking myself when I awoke today and saw my inbox loaded with queries about the ramifications of a reported connection between the resignation in disgrace of CIA Director General David Petraeus, and an FBI email investigation.

I've been piecing this saga together from available public sources, and here's what I suspect may have been going on, subject to change as more data hits the fan.

First, we can quickly devalue the various conspiracy theories that are floating around. Even with the worst possible interpretation of the events at Benghazi, there's nothing in this situation that would have driven a man of Petraeus' stature to resign in such an ignoble manner, humiliating himself, his wife, his family, and various third parties. Plus, we now know that the FBI investigation that led to his resignation stretches back for a significant span before the recent attack in Libya even occurred.

It's also a fact that anything Petraeus might have testified about to Congress regarding this event can be equally well presented by the acting CIA director, who would have had access to the same reports -- neither of them was present in theater when the attack occurred. And if necessary, Petraeus could likely be called to testify even after resigning.

Sorry, conspiracy fans.

So what actually led to the resignation, and how is Gmail apparently involved?

For obvious reasons, government officials dealing with classified information are routinely prohibited from using their official computers for personal matters. But of course everyone has a personal computer and personal accounts, and Petraeus reportedly used Google's Gmail for this latter purpose.

Nothing wrong so far. So long as data that should be restricted to official systems isn't communicated using a personal system, all's pretty much right with the world.

But there are always concerns about possible leakage of inappropriate data to a personal account through user error or carelessness, and for some officials, even unclassified personal data may potentially have some degree of intelligence value (e.g., calendars, contact lists, etc.)

Reports are now suggesting that the sequence of events leading to Petraeus' resignation began months ago, when third parties (apparently a female acquaintance of Petraeus) received "anonymous" harassing email, which was reportedly traced back to Petraeus' biographer Paula Broadwell.

The FBI became involved when it became apparent that the target's email addresses might have been obtained from Petraeus' personal Gmail account, opening up questions as to who else might have had access to that account and whether or not it had been compromised in some manner -- a potentially significant national security concern.

The FBI reportedly gained access to Petraeus' personal emails, apparently on Gmail -- presumably through legal process served on Google requiring them to make this information available. (Please note that you should only consider this to be speculation on my part at this time, based on public statements to date. I will update as additional relevant information becomes available.)

When the FBI inspected those emails, they reportedly found "hundreds or thousands" of communications between Petraeus and Broadwell, indicating in
no uncertain terms that an affair was involved. This is a big deal especially at this level of the intelligence community, given the sordid history of "honey traps" in the espionage world.

No criminal activity was reportedly alleged, but there are indications that the story was beginning to leak out. The FBI ultimately notified Petraeus about what they had found, and he chose to get "ahead of the story" and resign.

There are several questions left unanswered but they all point to weaknesses on the part of Petraeus, likely not of Gmail.

If the allegations are correct that Broadwell (or some associate of Broadwell) gained access to Petraeus' Gmail account, was that access given freely, or was the access clandestine? Given Google's extensive support of two-factor authentication, illicit access would suggest at least sloppiness on Petraeus' part regarding available Google security regimes.

It may seem inconceivable that the man in charge of CIA could make such errors regarding his own personal email. But again and again we see that high officials live in a kind of "bubble" that they believe anoints them with a certain entitlement, insulating their private lives from the sorts of constraints that apply to "ordinary" folks like us.

Based on what we know right now, it appears that General David Petraeus -- in league with Paula Broadwell -- fell into this trap of self-assumed superiority, and has now indelibly tarnished not only his long and previously distinguished career, but also the lives of people around him who deserved far better.

I don't quote the Old Testament very often (to say the least!) -- but in this case I'll paraphrase a bit: Don't blame the computers for your misfortune, for pride goes before destruction, and a haughty spirit before a fall.

True enough. Online, offline, at CIA Langley, and in the bedroom.

Take care, all.


Update (November 12, 2012): It is now confirmed that the FBI accessed Broadwell's Gmail account. It is not currently public information as to whether or not they also accessed Petraeus' Gmail account, which was apparently under a pseudonym.

Posted by Lauren at 02:17 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein