Liminal states

The Department of Homeland Security has released revised “Real ID” regulations — 284 pages long. While according to government jargon these are the “final” regulations, the first deadline for compliance has now been pushed back to December 31, 2009, so there’s still plenty of opportunity for Congress to act and change things.

Their press release now spins the system as “preventing document fraud”, and talks more about the costs of identity theft than it does about terrorism — pretty amusing in light of Privacy Rights Clearinghouse’s Real ID Act will increase exposure to identity theft. It also trumpets substantial cost savings, which it attributes primarily to revisions giving the states “greater flexibility in issuing licenses to older Americans”. Flexibility is a good thing, but it’ll be interesting to see what new holes they’ve introduced for terrorists and identity thieves to exploit.

I’ve blogged in the past on this issue on the Stop “Real ID” Now! blog, and will be updating it with links to analyses from the press and civil liberties organizations as they come out.

Catherine Holahan reports in BusinessWeek.com that

In a move that would mark the end of a digital music era, Sony BMG Music Entertainment is finalizing plans to sell songs without the copyright protection software that has long restricted the use of music downloaded from the Internet, BusinessWeek.com has learned. Sony BMG, a joint venture of Sony (SNE) and Bertelsmann, will make at least part of its collection available without so-called digital rights management, or DRM, software some time in the first quarter, according to people familiar with the matter.

Well, okay, it’s not quite abandoning DRM, but it’s a big step — and aligns Sony with Warner, EMI, and Vivendi, who all moved in this direction in 2007. The article’s got some good quotes by the usual suspects, including Edward Bronfam Jr. of Warner admitting that many people have said they could and should have done this long ago, and Rob Enderle highlighting how the labels attachment to DRM inadvertantly handed their power over to Apple.

Sony has been experimenting with DRM-free songs for about six months. The company began giving away DRM-free promotional downloads for recording artists that sell less than 100,000 units, and at least one artist gained mainstream exposure through the effort. “A lot of these tests have led people to believe that maybe this works,” says a Sony BMG executive who asked not to be identified.

No … ya think?????

As somebody who lobbied Microsoft for years to shift their DRM stance (I wrote a “BillG ThinkWeek paper” a few years ago called Why Microsoft should abandon consumer DRM) it’s great to see this shift — and it’s exciting to see companies like Amazon and eMusic take advantage of the opportunities, although of course Microsoft has so many natural advantages in this area that it’s not too late for them.

And as a consumer who doesn’t buy any DRM’ed music, all I can say is “yay”. No word yet on whether this means the RIAA will stop suing their customers, but it’s definite progress.

Update on January 11: Sony’s gotten more specific about their plans; David Kravetz has an update on Wired’s Threat level blog.

Tales from the Net.

Stay tuned!

The group blog THREAT LEVEL is one of my favorite things about wired, and Kevin Poulsen’s year-end roundup is a great example of why:

It was a year of soul searching at THREAT LEVEL, every day a fresh challenge to our fundamental beliefs and convictions: Alberto Gonzales made us pine for John Ashcroft; Google made us love roving surveillance cams; and Jammie Thomas’ internet spoofing defense was enough to make us secretly root for the RIAA.

As if that’s not enough, Kim Zetter’s combo of World’s Top Surveillance Societies (covering PrivacyInternational’s report) and FBI Building Vast Database of Iris, Face and Fingerprint Scans highlights why the US is classified as an “endemic surveillance” society along with China, Russia, the U.K. and others.   And Sarah Lai Stirland’s Will push polling become a factor in the early states? rounds up a bunch of stories on a popular social-engineering approach to electoral fraud.

Talk about an end-of-year bonanza!

Other than the title, which doesn’t do it for me, Caroline McCarthy’s Social networking gets its geek on is an excellent short roundup of the activity in 2007 in the social networking space, with great links both in the story and the “2007 highlights” sidebar.

One thing that popped out at me: legal and political issues crop up in five of the ten paragraphs (the lawsuit related to Facebook’s origins, Digg and the DMCA takedown notice, the state attorneys general pressuring MySpace on sex offenders, MySpace and MTV’s “presidential dialogs”, and of course the Beacon brouhaha).  OK, the first one is fairly standard startup stuff, but the others clearly illustrate social networks’ increasingly important role in society.  So I though Caroline’s closing paragraph was particularly insightful, and applies much more broadly than the specific sites and issue:

Not surprisingly, privacy and safety issues remained on the horizon. Both Facebook and MySpace grappled with demands from state attorneys general who were concerned that young people could be exposing themselves to online threats through social networks. Their efforts didn’t do much to stall either site, but served as a continual reminder that even though Silicon Valley might tout a company as the future of communication, legal authorities might beg to differ.

Indeed.  With the McCain bill still lurking out there (it didn’t make it out of committee in 2007, but 2008’s an election year) and the Mcarthyesque “Violent radicalization and homegrown terrorism prevention act of 2007” having already passed the House, it’s clear that at least in the US,  the potential democratizing and empowering effects of social networks are leading to predictable backlash from entrenched interests.  The good news is that people are rapidly learning how to use social networks for activism, so any crackdown is likely to meet with a lot more resistance than expected.  I hope.

With a cover story in by Paul Clarke in Imbibe magazine (not available online, alas) following Jacob Sullum’s The Green Fairy gets a Green Card in reason online last month, it’s absinthe-mania! The legal issues are complex and relate to the levels of thujone, the ingredient that may or may not be psychoactive.

To me drinking absinthe feels roughly like being hit on the side of a head with a sledgehammer (60% alcohol content will do that to you) and a steel wire brush scouring my brain from the inside. I remember saying “wow, I can really see why the whole fin-de-siecle crowd went nuts drinking this”. There is a very distinctive warm and langourous feel along with it which is quite interesting; hard to know how much is the set and setting — morphogenic fields in the cultural sense. People have told me that drinking three or four sometimes leads to hallucinations, but as a notorious lightweight I suspect I’d be passed out from the alcohol long before that, so I’ll have to take their word for it.

Still, even though it’s not my drug of choice, it’s got lots of adherents, and a rich tradition; so it’s great to see this semi-legalization. Kudos to the Ted Breaux for the historical and chemical research, and to Swiss distillery Kubler which supported the legal battle.

With a two-part series on TPM Cafe’s Table for One, an article in the Mercury News on Christmas Day, and the recent settlement of a suit on text messaging, Facebook continues to become a focus for discussion of privacy issues. To some extent this is a consequence of their size and success: they’re a high-profile target. Behind this, though, lurks a pattern of Facebook unilaterally making decisions that compromise user privacy, apologizing, addressing the most egregious aspects while leaving the rest in place — and then repeating.

The TPM Cafe piece is by Ari Melber of The Nation, and starts out

When one of America’s largest electronic surveillance systems was launched in Palo Alto a year ago, it sparked an immediate national uproar. The new system tracked roughly 9 million Americans, broadcasting their photographs and personal information on the Internet; 700,000 web-savvy young people organized online protests in just days. Time declared it “Gen Y’s first official revolution,” while a Nation blogger lauded students for taking privacy activism to “a mass scale.” Yet today, the activism has waned, and the surveillance continues largely unabated.

He goes on to discuss the Beacon fiasco in terms of Facebook’s past behavior, quotes some of my faves (danah boyd and a CMU study that I believe is by Alessandro Acquisti), and in his follow-on post ties Facebook — and web services more generally — to a national surveillance state. People familiar with the privacy space won’t see anything new here; what’s significant is that this is another example of Facebook privacy making the jump out of the tech ghetto to the national political scene: TPMCafe’s the extension of Joshua Micah Marshall’s Talking Points Memo, a DC-based progressive political blog that sees itself as a muckraker in the positive sense of the word and has been very active in helping uncover and publicize recent political scandals.

The lawsuit settlement specifically relates to Facebook continuing to send text messages to cellphone numbers after they had been recycled. Facebook didn’t admit any wrongdoing, but did agree to “make it easier for recipients of text messages to block future messages originating from the social network” and “work more closely with mobile phone carriers to monitor the lists of recycled numbers and reduce the frequency of unwanted text messages.” The fact that people had to resort to a lawsuit to get action on these basic business practices paints a rather unflattering picture of the company’s arrogant attitude towards its users — and to the non-users who got the recycled numbers and then were billed for the messages.

Elise Ackerman’s Facebook alarms privacy advocates again talks about a Facebook signup icon showing up on smartphones without the owners permission. This is privacy in the classic sense of “the right to be left alone”, not being tracked; and of course this is something that phone companies do routinely, viewing phones’ “screen real estate” as a spot for advertising and product placement … so “alarm” seems somewhat overstated. Still, given the pattern above, Jeffrey Chester (of the Center for Digital Democracy) sounds on-target to me when he says “It illustrates a basic problem over at Facebook, which is their need to fatten their bank account is confounding their need to protect the privacy of their members.”

And not to sound like a broken record or anything: this kind of attention augurs well for proposals like the national “do-not-track” mechanism — and increases the probabilities that populist-oriented politicians in any party will seize on privacy as a chance to differentiate themselves this upcoming election year.

Queen Elizabeth’s annual Christmas broadcast, along with about 20 other clips, are up on YouTube as the inital offerings of The Royal Channel.  George V started the tradition with a radio broadcast in 1932, and the queen took it to television in her 1957 broadcast, hoping that the new medium would give a more personal and direct connection.   Fifty years later, she’s making the jump to social networks.

The New York Times reports that the 1957 video’s the most popular so far, with 400,000 downloads; the current rating’s 4 1/2 stars.  Prince Charles visiting a school trails with 3,000 downloads (3 1/2 stars).   Sam Wollaston in the Guardian has some good advice for the royals:

You need to make it more fun, for the internet generation. Less stuffy guff from Palace press office, more jokes. Get Philip on there, going off about something that irritates him. And Harry killing something. And the dogs. That’s what the Royal Channel needs. Corgis. Making love.

Indeed.

… at least according to Canadian Prime Minister Stephen Harper, who was responding to Chinese criticism for meeting the Dalai Lama in his office as opposed to a hotel.

Just thought you’d want to know.

Slashdot’s linked to a bunch of good stories on computer security recently. Squirrelmail repository poisoned has the catchiest title, and plus it’s about squirrels, so it goes first.

What happened was that an intruder got into the site where you download Squirrelmail, and introduced a very subtle change in the code that would allow somebody who know about it (the intruder or anybody he/she told or sold the secret to) to “an arbitrary code execution risk” aka “pwning” both of which are security speak for “doing whatever you want to on the system”.

YOW! Dreamhost, my ISP, provides a nice one-click install for Squirrelmail (“webmail for nuts!”) and I use it on a couple of my domains. Maybe somebody’s used this to hack in — and that’s why my colors keep intermittently changing from pink to blue! Hmm, well, probably not … although other than the unsatisfyingly generic “intermittent software bug” it’s the best explanation so far.

Imagine, though, that this was a political candidate’s blog; and that the hack gets exploited to delete a random 10% of mail from potential supporters and voters. This might not get noticed for a while … and if it went on long enough, it could easily lead to enough impact to swing a close election. Or suppose there’s a mass-mailing from the account to everybody in the district the day before the election: “This account has been hacked, can you really trust this bozo?” Hmm. Talk about your social engineering attacks.

It’s also another interesting example of the “security as a social science ” theme — and more specifically, the process issues for web services that came up in How’d that get through QA? Something that’s really encouraging here is that in both cases the software providers did exactly the right thing here, including being transparent about what had happened — Squirrelmail’s blog shows how quickly they reacted, announcing immediately and getting the fix out within a day.

When Kevin Logan went to his high school prom in 2006, he was hoping it would be a night to remember. What he’ll remember, though, will be standing outside in the parking lot while his classmates danced inside.

As Logan walked up to the prom, clad in a pink prom dress, West Side High School Principal Diana Rouse blocked the doorway and refused to let him inside….

Logan claims Rouse ordered him to leave and called security. Humiliated, Logan claims, he walked to the parking lot to take pictures with his friends while everyone else danced inside. As they snapped photos, word spread inside that Logan was not being allowed into the prom. According to the suit, students and teachers came outside to voice their support, with some asking Rouse to change her mind. She refused

Mallory Simpson’s excellent article on CourtTVNews has more details, including the encouraging news that a woman student was allowed into the prom dressed in a tux.  It also illustrates the routine humiliations that people in high school for people face if they fall outside societal gender norms:

During the first week of Logan’s senior year in high school in Gary, Ind., he was taken to Rouse’s office by security guards, where he was questioned about the purse he was wearing.  But, he was sent back to class without being disciplined, according to the suit.

How generous: they merely dragged him to the principal’s office, but didn’t actually discipline him, for expressing his gender identity.

jon

PS: A May 2006 article from the Advocate gives some additional background.

A kerfuffle that recently went on in one of the online communities I hang out in is a nice illustration of some of the complex interaction between moderator privilege in discussion forums, power vectors and bullying.

Briefly, a poster engaged in a bunch of techniques such as using loaded and admittedly-pejorative terms in a theoretically-neutral discussion, lashing out at critics while claiming victim status, ignoring constructive suggestions, and trotting out the hoary “I’m privileged” chestnut of disclaiming responsibility while attempting to put the burden of making up for his ignorance on others (“I’m looking for some specific suggestions here” aka “I don’t think my mistakes is important enough to feel like doing the work myself”). While I don’t see the guy as a bully in general, this is classic bullying behavior.

What made this case particularly interesting is that the moderator took the bully’s side. As moderator, he could edit the discussions after the fact to rewrite history — and he did. For example, he deleted a post as “an off-topic flame” (later reposting it on his private friends-only blog). He deleted a thread of mine and then posted his response (quoting my original words, but now in a way that marginalizes them) in a thread he had started. And so on.

(The really funny thing is that my thread that he deleted specifically called him out for abusing his moderator privilege by deleting threads. I tell ya … you can’t make this stuff up.)

Those who have spent a lot of time online will recognize the dynamic. In this particular case the forum’s very new, and so it’s not a big deal: at some point soon, the moderator will either realize that if he wants people to work together he’ll have to stop bullying and start listening and learning … or everybody will get bored and drift away. Regardless of what happens here, the bully will either change his ways, leave the community, or become another “self-exile”, feeling excluded from the power structure and unable to understand why.

Still, it gives a very interesting and unusually clean snapshot into the kinds of power vectors that moderation — or other control over the discourse — inherently introduces.

Thoughts, similar experiences, discussions of how this plays out in other discussion media (wiks, email lists), etc.?

jon