May 28, 2010

"Highly Illogical": The Hysteria Over Google's Wi-Fi Scanning

Greetings. I don't find many opportunities (nor do I have much inclination) to channel characters from Star Trek, but I can only imagine Mr. Spock's likely bemusement related to the shrill and illogical brouhaha over Google's Street View Wi-Fi scanning.

To quote the ungrammatical Mr. Bumble, a reprehensible yet occasionally insightful character in Charles Dicken's Oliver Twist, sometimes "the law is a ass--a idiot."

Such is the case -- as far as I'm concerned -- when it comes to laws and controversies regarding the scanning of open Wi-Fi networks.

Let's start with a basic truth -- an open Wi-Fi network is, duh ... open!

While the number of open Wi-Fi networks has been falling relative to nets secured at least with weak WEP crypto, or much better with WPA (or better yet, WPA2), there are still vast numbers of open Wi-Fi networks that pop up without prompting all over the world.

Raise your hand if you've never seen an open Wi-Fi net when attempting to connect your laptop to the Internet. Very few hands raised out there, I'll wager.

Now raise your hand if you've ever opportunistically connected to an open Wi-Fi net, without permission. Lots of hands raised now.

And have you ever driven around your neighborhood with wardriving software enabled on your laptop or phone, listening to the "pings" as Wi-Fi sites registered at nearly every home or business you passed -- and perhaps you saved the data and created Wi-Fi maps to use and share?

This is not just a hobbyist activity. Companies like Skyhook Wireless have built entire businesses around geolocation systems that involve the scanning of Wi-Fi signals.

And why not? Wi-Fi networks are essentially as obvious to outside observers, walking down the sidewalk or driving up the street, as are porch lights, or the flickering TV screens visible through curtains after dark.

Even when Wi-Fi access points are configured with their "SSID" beacons disabled -- which tends to cause various user complications -- Wi-Fi routers and hotspots are about as secret as a full moon on a cloudless night, and pretty much just as impossible to actually hide.

You can still pass laws to ban Wi-Fi scanning of course -- just as the order can be given to ignore the fact that the emperor actually is parading down the central square stark naked. But reality generally triumphs over nonsensical laws in the long run.

Laws related to Wi-Fi scanning don't exist in a vacuum, and seem to often be related to laws that attempt to ban photography of imagery that can be easily seen by observers from public places. Such illogic has been used to attack Google's Street View photos, in much the same way that Google is now being chastised for Wi-Fi scanning associated with Street View vehicles.

Amusingly -- in a sick kind of way -- the fact is that the same government entities who tend to push forth a dramatic show of disdain for Street View -- and now Google's Wi-Fi scanning -- are often the same ones rapidly deploying massive real-time CCTV (closed circuit TV) surveillance systems, with vast amounts of real-time imagery data pouring into government servers to be used in often unspecified ways for indefinite periods of time. Some of these entities have also conducted mass and sometimes illegal surveillance of their telephone and Internet networks.

Their complaining about Street View and Wi-Fi therefore seems highly disingenuous -- but obviously politically expedient.

Google did made mistakes -- they've publicly taken responsibility for these -- related to the Wi-Fi Street View controversy. It probably would have been wise to publicly announce their Wi-Fi scanning capabilities before beginning the project, so that various governmental entities could register any concerns based on their associated national laws -- however ridiculous those laws might be in this sphere, given the ease with which anyone with simple tools can scan Wi-Fi anywhere.

But since Google's "adversaries" now "pile on" at every opportunity, proactive discussion of the Wi-Fi aspects of Street View might have avoided a fair amount of the current controversy.

The ostensibly more dramatic aspect of Google's Wi-Fi situation relates to their revelation that their Wi-Fi scanning systems were unintentionally collecting highly fragmentary "payload" data from open Wi-Fi nets, in addition to locationally-related (e.g., SSID) data.

Google critics have been screaming -- how could this possibly happen by accident? "What kind of nightmarish, nefarious plot is in play?" -- they demand to know.

First, contrary to some of the accusatory claims being made, it's extremely unlikely that any banking or similarly sensitive data was exposed even in fragmentary form, for the simple reason that virtually all sites dealing with such data use SSL/TLS security systems (https:) that would provide typical encryption protections regardless of the open, unencrypted nature of (extremely unwisely configured) underlying Wi-Fi systems.

And while clearly the collection of Wi-Fi payload data by Google was a significant oversight, it's the kind of mistake that is actually very easy to make.

It's completely ordinary for network diagnostic tools and related software to include mechanisms for the viewing and collection not only of "envelope" data but also of test data "payload" traffic flows. Virtually every Linux user has a tool available for this purpose that can provide these functions -- the ubiquitous "tcpdump" command.

In Google's case, it seems highly likely that a procedural breakdown -- not criminal intent of any kind -- led to the payload data capture portion of the Wi-Fi scanning tools not being appropriately disabled. Such procedural problems are naturally to be avoided, but for critics to try balloon such an issue into fear mongering and conspiracy theories just doesn't make sense.

And given the very high capacity of inexpensive disk drives today, it's simple to see how even relatively large amounts of data -- like accidentally collected payload data -- could collect unnoticed in an obscure directory somewhere deep in a file system over long periods of time.

Like I say, I'm not a lawyer. Other heads will thrash out the legal aspects of this situation.

In my own view, the entire saga has been blown out of proportion, largely by forces primarily interested in unfairly and inappropriately scoring points against Google, rather than treating the situation -- both as relates to Google's Wi-Fi scanning and more broadly to Street View itself -- in a logical and evenhanded manner.

But then, that's pretty much what we've come to expect from you humans.


Posted by Lauren at 12:20 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

May 12, 2010

ACTA Discussion Show Audio from "Coast to Coast AM" Radio Now Online

Greetings. A number of persons have requested the show audio from my extensive discussion of the many risks inherent in the process and particulars of ACTA (the Anti-Counterfeiting Trade Agreement) from "Coast to Coast AM" radio last Sunday night.

I was just informed this morning that it is now online -- all 2.5 hours including listener calls. Who says there's no in-depth discussion of important issues on national radio anymore?

Anyway, for your possible enjoyment and edification, or perhaps simply as a sleep aid, the show is available at this YouTube playlist. (I have no affiliation with this poster of the show.)


Posted by Lauren at 04:12 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

May 11, 2010

Strangling the Net: Stripping DMCA Protections from YouTube

Greetings. An amicus curiae brief was filed a few days ago by the Washington Legal Foundation in the ongoing Viacom vs. YouTube/Google lawsuit.

Even by the normal standards of our adversarial legal system, this brief is startling not only in the depth of its misleading and just plain inaccurate arguments, but also in the implications that its "logic" would have for the Internet at large.

Despite Google's implementation of a comprehensive "video fingerprinting" system to aid in the identification of copyrighted materials that rights holders wish to remove from the YouTube environment, the brief's arguments that services such as YouTube are not deserving of DMCA protections are clearly disingenuous.

This is especially true when viewed in light of the abusive behavior that has been revealed on the part of Viacom in their attempt to "game" YouTube for their own purposes, even while Viacom was simultaneously complaining about YouTube operations -- the textbook definition of hypocrisy.

It's crucial to understand that such arguments are part of an increasingly shrill campaign being promulgated by powerful interests who desperately wish to "reimagine" the Internet as primarily an entertainment industry conduit, where ISPs and Web sites -- even search engines -- would be forced into the role of Content Cops, potentially required to "approve" every posting by every user, at the risk of massive financial liabilities.

The ACTA (Anti-Counterfeiting Trade Agreement) is largely oriented toward creating this sort of requirement at the international level, as are many of the dangerous calls to eliminate all forms of anonymous Internet usage.

The negative implications of such a regime -- which would turn the entire concepts of free speech and the existing DMCA "safe harbor" on their heads, extend vastly beyond the scope of YouTube.

As I've noted before, I have many friends in the music and film industries here in L.A., and I certainly appreciate their intellecutal property concerns.

But while it's reasonable for intellectual property to be protected in appropriately measured ways, it is unacceptable to turn the Internet into a surveillance monster where every Web site is required to proactively and continually monitor and censor the postings of every user -- largely to meet the goals of a few massive entertainment industry conglomerates.

Basic principles of fair use, free speech, privacy, and civil liberties more broadly, require that we resist attempts to remake the Internet into a permission-based liability leviathan, strangling users in a suffocating maze of restrictions that benefit the few while penalizing, intimidating, and muzzling the many.


Posted by Lauren at 12:31 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

May 10, 2010

Summary of ACTA Discussion from "Coast to Coast AM" Last Night

Greetings. Coast to Coast AM has already posted their summary of my ACTA discussion from last night's show (which turned out to be a 2.5 hour segment including listener questions).

[Update (May 12, 2010): Complete show audio is online here. I have no affiliation with this poster of the show.]

Reaction during the show and afterwards has been quite positive ("How come I've never heard about this before?" e-mail has been rolling in), so as usual it was time well spent with C2C. And as always, my thanks to the entire C2C gang for the opportunity to discuss these important issues.

Excerpt from C2C summary:

Weinstein pointed out that another danger of ACTA is its potential effect on search engines and Internet service providers. Based on his research, he surmised that the goal of the plan is to put an overwhelming amount of liability on the "Internet intermediaries," who will be responsible for the actions of their users. In turn, they would be required to police their users' actions as well as provide that information if a user is declared to be in violation of ACTA standards. This forced responsibility would have a "suffocating impact" on the Internet, Weinstein observed. Ultimately, he said, it is important to weigh the true cost of fighting Internet piracy, declaring, "you really don't want to create a police state to protect Iron Man 2."


Posted by Lauren at 11:52 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

May 09, 2010

ACTA Treaty Abominations on "Coast to Coast AM" Radio Tonight (Sunday)

Greetings. This is just a quick heads-up that I've been booked tonight (Sunday, 9 May) onto Coast to Coast AM -- the nationwide/global late night radio program -- for what will probably be a rather extensive discussion of the international ACTA (Anti-Counterfeiting Trade Agreement) and the various abominations in its ongoing (mostly secret) negotiations and currently known provisions.

My segment is currently scheduled to run through most of the first hour of the show at least (after the top of the hour news and show intro), which begins at 10 PM PDT. The show is available on a vast number of Coast to Coast AM local radio station affiliates, plus satellite radio and other distribution venues.

I've guested on the show many times previously, discussing a range of topics from security and privacy to other technology-related issues -- and have always been made to feel very welcome.

While Coast to Coast AM is widely known for its focus on "speculative" topics that various observers quite reasonably consider to be rather outside the "mainstream," the show also features many "hard science" guests and topics of more conventionally serious interest. Some of the best questions I've received on technology topics have come from listeners of Coast to Coast AM.

The Wired article Coast to Coast AM Is No Wack Job is a useful backgrounder if you're not already familiar with the show.

The ACTA in its current form is potentially a disaster headed straight for us all, and represents an enormous threat not only to the Internet as we know it but even to civil liberties more broadly as well. Tonight's discussion on Coast to Coast AM hopefully will help to alert a broad audience -- many members of which may likely have never heard of this treaty before -- to the threats posed by the process and particulars of the ACTA.

Hope to "see you" on the radio tonight.


Blog Update (May 10, 2010): Summary of ACTA Discussion from "Coast to Coast AM" Last Night

Posted by Lauren at 01:25 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

May 08, 2010

New York Times Joins the Obnoxious "Autoplay Audio" Ad Club

Greetings. Last November in How to Sink a Major Web Site with a Single Ad, I noted how ABC News had begun using an autoplay ad format that starts blasting audio from an accompanying video advertisement as soon as an ordinary page is loaded. I explained there why I considered this to be the most obnoxious, distracting, and unacceptable online ad format. It's one thing to autoplay video and audio when you navigate to a page where you expect a multimedia presentation of some sort -- but when you click on a news link and end up with a lipstick commercial blasting from your speakers, forcing you to quickly hunt for volume or playback controls, it's way beyond the pale.

I'm sorry to report that the venerable New York Times is now engaging in this intrusive behavior, for example currently at this page.

I am a strong supporter of ad-based Internet business models as an alternative to "pay through the nose" models, as I've discussed in Blocking Web Ads -- And Paying the Piper. I am not a fan of "broad spectrum" ad blocking by folks who seem to somehow believe that Web services can simply run on air and love.

But the continuing rise of opportunistic autoplay ads with audio that immediately blares forth without user intervention risks a major ad-blocking backlash that will be difficult to argue against forcefully.

Sites that use these ads in the hopes of perceived short-term gains are taking a very significant longer-term risk that they may come to seriously regret.


Posted by Lauren at 11:38 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein