March 28, 2024

Archives for 2010

Cyber Détente Part I: A Security Dilemma?

Late last year the Obama administration reopened talks with Russia over the militarization of cyberspace and assented to cybersecurity discussion in the United Nations First Committee (Disarmament and National Security). My intention in this three-part series is to probe Russian and American foreign policy on cyberwarfare and advance the thesis that the Russians are negotiating for specific strategic or diplomatic gains, while the Americans are primarily procedurally invested owing to the “reset” in Russian relations and changing perceptions of cyberwarfare.

This first post rebuts the Russians’ purported rationale for talks: avoiding a security dilemma.

——————————

The Russians seek a cyberwarfare arms control instrument ostensibly to avoid a security dilemma and arms race, in the vein of past arrangements for nuclear weapons (i.e. SALT I/II, START I/II, and SORT) and anti-ballistic missile technology (ABM), among others. This basis for negotiations does not withstand scrutiny.

A security dilemma may arise where a state has the opportunity to develop a game-changing new weapons system, even if for purely defensive purposes. For fear of strategic disadvantage other powers may elect to develop the weapon – an arms race – resulting in none gaining a strategic advantage and all bearing a significant cost. Alternatively, technologically incapable of matching or unable to afford the development, other states may take destabilizing offensive steps. Arms control treaties resolve this form of security dilemma by committing states to not developing certain weapons.

Cyberwarfare lacks necessary elements of a security dilemma. First and foremost, cyberwarfare capabilities defy quantifiability. Consider the Cold War nuclear arms race, for example, and the strategic fixation on differences in the number and type of nuclear warheads and delivery systems (the “missile gap”). In the absence of such a metric the two powers have no means of calibrating their activities, and there is no persistent pressure to match or surpass some specific capability the other side maintains.

Intelligence might give each power a rough indication of the other’s cyberwarfare capabilities, but it will be harder to come by than for other military operations. Unlike with other weapons systems, cyberwarfare does not require special installations or resources. There are no centrifuge sites to inspect or uranium shipments to track – just talented programmers and generic computer hardware.

A related issue is that a successful arms control agreement on cyberwarfare would require monitoring and enforcement provisions (“trust but verify”). But as discussed above intelligence on cyberwar capabilities will be harder to come by than for other weapons systems. The Biological Weapons Convention is illustrative of how ineffective an arms control treaty may be without effective monitoring: until a 1989 defection the West was unaware of the scope of Russia’s secret biological weapons program.

Supposing, arguendo, that cyberwarfare capabilities did form an avoidable security dilemma, the negative results that make a security dilemma worth avoiding – excessive expenditures and destabilization – do not arise.

Cyberwarfare is cheap. Developing the F-22 aircraft, for example, cost roughly $65 billion; the annual Air Force cyberspace budget, on the other hand, appears in the low billions and consists primarily of personnel and basing expenditures (Strategic Command Press Release; FY2010 budget).

As for destabilization, there is minimal marginal strategic gain from cyberwarfare capabilities. In the Cold War nuclear arms race there was a perception that if the other side achieved even a slight advantage the bipolar strategic equilibrium would collapse. Cyberwarfare is neither perceived to be – nor is it, in actuality – so effective on the margin. While specific capabilities are not public, it is difficult to imagine cyberattacks will be consistently more effective than conventional strikes. Moreover, given the United States’ enormous strategic advantages in the whole, even significant marginal strategic gains would do little to tip the balance of power to Russia.

Having deconstructed the alleged Russian rationale for talks, the next post in this series will explore alternate viable Russian rationales.

TV Everywhere: Collusion Anywhere?

FreePress and the National Cable and Telecom Association (NCTA) are talking past each other about TV Everywhere, a new initiative from the cable TV industry. FreePress says TV Everywhere is the cable industry’s collusive attempt to limit competition; the NCTA says it’s an exciting new product opportunity for consumers. Let’s unpack this issue and see who might have a point, and who is blowing smoke.

We’re at a critical point in the history of television. In recent years, most people have gotten TV shows from a traditional cable or satellite service. Now more and more people are getting shows on the Internet. Cable companies need to adapt, somehow, or become dinosaurs.

Which brings us to TV Everywhere. The idea, according to the NCTA, is for cable companies to offer their residential subscribers online access to the same shows they get at home. Existing consumers get more, at no extra charge — who would complain about that? — but only if they keep buying traditional cable service.

FreePress tells a different story, in which cable industry companies have agreed among themselves that this is their sole Internet distribution strategy. If such an agreement exists, it is problematic — it looks like a classic market division agreement, which is bad for consumers and (as I understand it) presumptively illegal.

To understand why this would be bad, consider an analogy. Suppose there are only two pizza restaurants in Princeton, Alice’s Pizza and Bob’s Pizza, and neither one offers home delivery. Customers want delivery, so both restaurants are considering how to provide it. Alice and Bob meet, and they agree that Alice’s will only deliver to customers east of Nassau Street, and Bob’s will only deliver to customers west of Nassau Street. Alice and Bob have divided the market. Customers suffer because of the lack of competition.

Now obviously Alice and Bob are free to set reasonable limits on where they will deliver. Some customers may be too far away, or too difficult to deliver to for some reason. But customers would rightly complain if Alice and Bob agreed to divide the market. Even if we didn’t have smoking-gun evidence of an agreement, there might be very strong circumstantial evidence, for example if Alice offered to deliver to places five miles away while refusing to deliver to homes directly across the street from her Nassau Street restaurant, or if Alice and Bob’s restaurants were right next to each other but had totally disjoint delivery areas.

Notice too that Alice and Bob can’t get off the hook by pointing out that they are offering a new service — delivery — that they had never offered before. The problem is not that they are offering a new service, but that they have agreed not to offer certain other services.

How does this analogy apply to cable TV? Alice and Bob are like the cable companies, which are considering expanding beyond their traditional service. Home delivery of pizza is like Internet delivery of TV shows. As the cable industry expands to offer TV shows on the Internet, are they open to competing against each other, or have they agreed not to do so? If the cable companies have made an agreement to offer online TV shows only to their own residential customers, that looks like an agreement to divide the market — each company will be offering its product only in the limited geographic areas where it has a cable TV license.

So the key question — really the only one that matters, as far as I can see — is whether the cable companies have agreed not to compete. FreePress says, or strongly implies, that there is such an agreement. NCTA says there is not.

Who is right? Unfortunately the publicly available facts are consistent with either theory. Maybe TV Everywhere is just the first step and the cable companies will soon enough be competing with each other to distribute shows to Internet customers wherever they may be. Or maybe the companies have decided as a group to restrict themselves to TV Everywhere style services within geographic limits (or to otherwise restrict business models or prices).

At this point we can’t tell who is right. FreePress offers indirect but suggestive circumstantial evidence that questionable discussions might have occurred within the cable industry. The NCTA mostly just changes the subject, talking about the complexity of their industry and praising cable companies for offering shows on the Internet at all.

Unfortunately, public discourse about industry structure often confuses issues like this. We often say things like “the cable industry is worried about X” or “the cable industry wants Y”. That could be a kind of shorthand, meaning that the individual companies in the industry, facing competitive pressures, generally tend to worry about X or to want Y — perfectly reasonable market behavior. Or it could reflect an assumption that the industry acts as a unit, which of course is problematic. This ambiguity is especially common in political/policy debates, to our detriment. We’d be better off talking saying things like “cable companies worry about X” or “cable companies want Y”, just to remind ourselves that these are supposed to be independent actors who decide independently what they want.

For now, I’d say the cable companies bear watching. As the companies lay out their Internet strategies and products, I hope the antitrust authorities are watching closely. If the cable companies are really acting as competing companies, this will be obvious from their actions.

Predictions for 2010

Here are our predictions for 2010. These are based on input from Ari Feldman, Ed Felten, Alex Halderman, Joseph Lorenzo Hall, Tim Lee, Paul Ohm, David Robinson, Dan Wallach, Harlan Yu, and Bill Zeller. Please note that individual contributors (including me) don’t necessarily agree with all of these predictions.

(1) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.

(2) Federated DRM systems, such as DECE and KeyChest, will not catch on.

(3) Content providers will crack down on online sites that host unlicensed re-streaming of live sports programming. DMCA takedown notices will be followed by a lawsuit claiming actual knowledge of infringing materials and direct financial benefits.

(4) Major newspaper content will continue to be available online for free (with ads) despite cheerleading for paywalls by Rupert Murdoch and others.

(5) The Supreme Court will strike down pure business model patents in its Bilski opinion. The Court will establish a new test for patentability, rather than accepting the Federal Circuit’s test. The Court won’t go so far as to ban software patents, but the implications of the ruling for software patents will be unclear and will generate much debate.

(6) Patent reform legislation won’t pass in 2010. Calls for Congress to resolve the post-Bilski uncertainty will contribute to the delay.

(7) After the upcoming rulings in Quon (Supreme Court), Comprehensive Drug Testing (Ninth Circuit or Supreme Court) and Warshak (Sixth Circuit), 2010 will be remembered as the year the courts finally extended the full protection of the Fourth Amendment to the Internet.

(8) Fresh evidence will come to light of the extent of law enforcement access to mobile phone location-data, intensifying the debate about the status of mobile location data under the Fourth Amendment and electronic surveillance statutes. Civil libertarians will call for stronger oversight, but nothing will come of it by year’s end.

(9) The FTC will continue to threaten to do much more to punish online privacy violations, but it won’t do much to make good on the threats.

(10) The new Apple tablet will be gorgeous but expensive. It will be a huge hit only if it offers some kind of advance in the basic human interface, such as a really effective full-sized on-screen keyboard.

(11) The disadvantages of iTunes-style walled garden app stores will become increasingly evident. Apple will consider relaxing its restrictions on iPhone apps, but in the end will offer only rhetoric, not real change.

(12) Internet Explorer’s usage share will fall below 50 percent for the first time in a decade, spurred by continued growth of Firefox, Chrome, and Safari.

(13) Amazon and other online retailers will be forced to collect state sales tax in all 50 states. This will have little impact on the growth of their business, as they will continue to undercut local bricks-and-mortar stores on prices, but it will remove their incentive to build warehouses in odd places just to avoid having to collect sales tax.

(14) Mobile carriers will continue locking consumers in to long-term service contracts despite the best efforts of Google and the handset manufacturers to sell unlocked phones.

(15) Palm will die, or be absorbed by Research In Motion or Microsoft.

(16) In July, when all the iPhone 3G early adopters are coming off their two-year lock-in with AT&T, there will be a frenzy of Android and other smartphone devices competing for AT&T’s customers. Apple, no doubt offering yet another version of the iPhone at the time, will be forced to cut its prices, but will hang onto its centralized app store. Android will be the big winner in this battle, in terms of gained market share, but there will be all kinds of fragmentation, with different carriers offering slightly different and incompatible variants on Android.

(17) Hackers will quickly sort out how to install their own Android builds on locked-down Android phones from all the major vendors, leading to threatened or actual lawsuits but no successful legal action taken.

(18) Twitter will peak and begin its decline as a human-to-human communication medium.

(19) A politican or a candidate will commit a high-profile “macaca”-like moment via Twitter.

(20) Facebook customers will become increasingly disenchanted with the company, but won’t leave in large numbers because they’ll have too much information locked up in the site.

(21) The fashionable anti-Internet argument of 2010 will be that the Net has passed its prime, supplanting the (equally bogus) 2009 fad argument that the Internet is bad for literacy.

(22) One year after the release of the Obama Administration’s Open Government Directive, the effort will be seen as a measured success. Agencies will show eagerness to embrace data transparency but will find the mechanics of releasing datasets to be long and difficult. Privacy– how to deal with personal information available in public data– will be one major hurdle.

(23) The Open Government agenda will be the bright spot in the Administration’s tech policy, which will otherwise be seen as a business-as-usual continuation of past policies.

Will they ever learn? Hollywood still pursuing DRM

In today’s New York Times, we read that Hollywood is working on a grand unified video DRM scheme intended to allow for video portability, such as, for example, when you visit a hotel room, you’d like to have your videos with you.

What’s sad, of course, is that you can have all of this today with very little fuss. I use iTiVo to extract videos from my TiVo, transcoding them to an iPhone-compatible format. I similarly use Fairmount to rip DVDs to my hard drive, making them easy to play later without worrying about the physical media getting damaged or lost. But if I want to download video, I have no easy mechanism to download non-DRM content. BitTorrent gives access to many things, including my favorite Top Gear, which I cannot get through any other channel, but many things I’d like aren’t available, and of course, there’s the whole legality issue.

I recently bought a copy of Disney/Pixar’s Up (Blu-ray), which includes a “Digital Copy” of some sort that’s rippable, but the other ones are rippable as well (even the Bluray), so I haven’t bothered to sort out how the “Digital Copy” works.

(UPDATE: the disc contains Windows and Mac executables which will ask the user for an “activation code” which is then sent to a Disney server which responds with some sort of decryption key. The resulting file is then installed in iTunes or Windows Media Player with their native DRM restrictions. The Disney server, of course, wants you to set up an account, and they’re working up some sort of YouTube-ish streaming experiences for movies where you’ve entered an activation code.)

So what exactly are the Hollywood types cooking up? There are no technical details in the article, but the broad idea seems to be that you authenticate as yourself from any device, anywhere, and then the central server will let you at “your” content. It’s unclear the extent to which they have an offline viewing story, such as you might want to do on your computer on an airplane. One would imagine they would download an encrypted file, perhaps customized for you, along with a dedicated video player that keeps the key material hidden away through easily broken, poorly conceived mechanisms.

It’s not like we haven’t been here before. I just wonder if we’ll have a repeat of the ill-fated SDMI challenge.

2009 Predictions Scorecard

As usual, we’ll kick off the new year by reviewing the predictions we made for the previous year. Here now, our 2009 predictions, in italics, with hindsight in ordinary type.

(1) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.

By tradition this is our first prediction, and it has always been accurate. Guess what our first 2010 prediction will be? Verdict: right.

(2) Patent reform legislation will come closer to passage in this Congress, but will ultimately fail as policymakers wait to determine the impact of the Bilski case’s apparent narrowing of business model patentability.

Everyone agrees that patent reform is needed, but no specific bill is close to passage, and everyone is waiting for the Supreme Court’s Bilski decision. Verdict: right.

(3) As lawful downloading of music and movies continues to grow, consumer satisfaction with lossy formats will decline, and higher-priced options that offer higher fidelity will begin to predominate. At least one major online music service will begin to offer music in a lossless format.

People seem to accept lossy formats. Verdict: wrong.

(4) The RIAA’s “graduated response” initiative will sputter and die because ISPs are unwilling to cut off users based on unrebutted accusations. Lawsuits against individual end-user infringers will quietly continue.

“Graduated response” has gotten lots of talk but hasn’t had much of a practical impact yet. Verdict: mostly right.

(5) The DOJ will bring criminal actions against big-time individual copyright infringers based on data culled from the server logs of a large “private” BitTorrent community.

I don’t think this happened. Verdict: wrong.

(6) Questions over the enforceability of free / open source software licenses will move closer to resolution.

Debate continued, but I don’t recall any major legal rulings on this issue. Verdict: mostly wrong.

(7) NebuAd and the regional ISPs recently sued for deploying NebuAd’s advertising system will settle with the class action plantiffs for an undisclosed sum. At least in part because of the lawsuit and settlement, no U.S. ISP will deploy a new NebuAd/Phorm-like system in 2009. Meanwhile, Phorm will continue to be successful with privacy regulators in the UK and will sign up reluctant ISPs there who are facing competitive pressure. Activists will raise strong objections to no avail.

NebuAd is now dead and Phorm appears to be in trouble. US ISPs steered clear of them after strong pushback from consumers and legislators. Phorm seemed to have some preliminary deals with ISPs in the UK, but it appears that they have not yet had a wide deployment there (since an early pilot program in 2007). Verdict: mostly right.

(8) The federal Court of Appeals for the Ninth Circuit will hear oral argument in the case of U.S. v. Lori Drew, the Megan Meier/MySpace prosecution. By year’s end, the Ninth Circuit panel still will not have issued a decision, although after oral argument, the pundits will predict a 3-0 or 2-1 reversal of the conviction.

The Drew case did not reach the Ninth Circuit, because the original trial judge set aside the jury’s guilty verdict. Verdict: wrong.

(9) As a result of the jury’s guilty verdict in U.S. v. Lori Drew, dozens of plaintiffs will file civil lawsuits in 2009 alleging violations of the federal Computer Fraud and Abuse Act premised on the theory that one can “exceed authorized access” or act “in excess of authorization” by violating Terms of Service. Thankfully, the Department of Justice won’t bring any other criminal cases premised on this theory, at least not until it sees how the Ninth Circuit rules.

Despite worries, we didn’t see many such lawsuits. The DoJ did not bring criminal cases. Verdict: mostly wrong.

(10) The Computer Fraud and Abuse Act (CFAA) will be the new DMCA. Many will argue that the law needs to be reformed, but this argument will struggle to gain traction with the lay public, notwithstanding the fact that lay users face potential liability for routine behaviors due to CFAA overbreadth.

This hasn’t happened, at least not yet. There are concerns about the CFAA, but the issue hasn’t gotten tracttion. Verdict: mostly wrong.

(11) An academic security researcher will face prosecution under the CFAA, anti wire tapping laws, or other computer intrusion statutes for violations that occurred in the process of research.

Thankfully, this didn’t happen. Verdict: wrong.

(12) An affirmative action lawsuit will be filed against a university, challenging the use of a software algorithm used in evaluating applicants.

Verdict: wrong.

(13) There will be lots of talk about net neutrality but no new legislation, as everyone waits to see how the Comcast/BitTorrent issue plays out in the courts.

There has been lots of talk but no legislation passed. The main action on net neutrality seems to be in the FCC. Verdict: right.

(14) The Obama administration will bring an atmosphere of antitrust enforcement to the IT industry, but no major cases will be brought in 2009.

The atmosphere is indeed more pro-enforcement. We almost made it to the end of the year without a major case being filed, but then the FTC brought a case against Intel in mid-December. Verdict: mostly right.

(15) The new administration will be seen as trying to “reboot” the FCC.

There are certainly changes at the FCC, but not a full-on reboot. Verdict: mostly wrong.

(16) One of the major American voting system manufacturers (Diebold/Premier, Sequoia, ES&S, or Hart InterCivic) will go out of business or be absorbed into one of its rivals.

ES&S bought Premier. This was one of our best calls. Verdict: correct.

(17) The federal voting machine certification regime will increasingly be seen as a failure. States will strengthen their own certification processes, and at least one major state will stop requiring federal certification. The failure of the federal process to certify systems or software patches in a timely fashion will be cited as a reason for this move.

Consensus is growing that the certification regime is expensive and ineffective. But not much has changed on the state level. Verdict: mostly wrong.

(18) Estonia and other countries will continue experimenting in real elections with online or mobile phone voting. They will claim that these trials are successful because “nothing went wrong.” Security analysts will continue to claim that these systems are fundamentally flawed and will continue to be ignored. Exactly the same thing will continue to happen with U.S. overseas and military voters.

Verdict: right.

(19) We’ll see the first clear-cut evidence of a malicious attack on a voting system fielded in a state or local election. This attack will exploit known flaws in a “toe in the water” test and vendors will say they fixed the flaw years ago and the new version is in the certification pipeline.

Thankfully, this didn’t happen. Verdict: wrong.

(20) U.S. federal government computers will suffer from at least one high-profile compromise by a foreign entity, leaking a substantial amount of classified or highly sensitive information abroad.

Such a breach probably happened — what are the odds that such a large number of computers could be secured continuously for a year — but I don’t recall a “high-profile” compromise. Verdict: mostly wrong.

(21) There will be one or more major Internet outages attributed to attacks on DNS, BGP, or other Internet plumbing that is immediately labeled an act of “cyber-warfare” or “cyber-terrorism.” The actual cause will be found to be the action of spammers or other professional Internet miscreants.

Thankfully, such attacks did not happen. Verdict: wrong.

(22) Present flaws in the web’s Certification Authority process, such as the MD5 issue or the leniency of some CAs in issuing certificates, will lead to regulation of the CA process. Among other things, there will be calls for restrictions on which CAs can issue certs for which Top Level Domains.

The CA process does have serious problems, but regulators have not stepped in. Verdict: mostly wrong.

(23) One or more major Internet services or top-tier network providers will experience prolonged failures and/or unrecoverable data severe enough that the company’s president ends up testifying before Congress about it.

The closest thing to this kind of failure was Danger’s loss of customer data. In the end, most of the data was recoverable; and no Congressional testimony occurred. Verdict: mostly wrong.

(24) Shortly after the start of the new administration, the TSA will quietly phase out the ban on flying with liquids or stop enforcing it in practice. The color-coded national caution levels (which have remained at “orange” forever) will be phased out.

Practical enforcement of the liquid ban became spotty. We still had to separate our liqud-baggie at the checkpoint, but in practice the TSA almost never complained about larger containers left in carry-ons. Of course, all this may have changed due to the attempted attack last week. The color-coded caution levels remained in place. Verdict: mostly wrong.

(25) All 20 of the top 20 U.S. newspapers by circulation will experience net reductions in their newsroom headcounts in 2009. At least 15 of the 20 will see weekday circulation decline by 15% or more over the course of the year. By the end of the year, at least one major U.S. city will lack a daily newspaper.

This one is tough to check exhaustively. Preliminary research shows headcount reductions at all major papers. Circulation fell at all of the top-20 papers that reported figures, but not by as much as we predicted. Half saw a 10% drop but only about a quarter saw a drop of 15% or more. We’re not sure if there’s a major U.S. city without a daily — it probably depends on what counts as “major”. On the whole, things were bad but not quite as bad as we predicted. Verdict: mostly right.

(26) Advertising spending in older media will plummet, but online ad spending will be roughly level, as advertisers warm to online ads whose performance is more easily measured. Traditional media will be forced to offer advertisers fire sale prices, and the ratio of content to advertising in many traditional media outlets will increase.

This one is hard to evaluate but is consistent with anecdotal reports. Verdict: mostly right.

(27) An embarrassing leak of personal data will emerge from one or more of the social networking firms (e.g., Facebook), leading Congress to consider legislation that probably won’t solve the problem and will never actually reach the floor for a vote.

We didn’t see an accidental leak, but Facebook’s privacy changes late in the year are a lesser version of what we predicted. It’s not clear yet what if anything Congress will do. Verdict: mostly wrong.

(28) Facebook will be sold for $4 billion and Mark Zuckerberg will step down as CEO.

Verdict: wrong.

(29) Web 2.0 startups will not be hammered by the economic downtown. In fact, web 2.0 innovation may prove to be countercyclical. Costs are controllable: today’s workstyles don’t require lavish office space, marketing can be viral, and pay-as-you-go computing services eliminate the need for big upfront investments in infrastructure. Laid off big-company workers and refugees from the financial world will keep skilled wages low. The surge in innovation will be real, but its effects will mostly be felt in future years.

It’s hard to judge this, but I think it was right. Innovation continued to be robust, even though investment capital was (relatively) scarce. Verdict: right.

(30) The Blu-ray format will increasingly be seen as a failure as customers rely more on online streaming.

Blu-ray growth has been disappointing, but streaming of movies has not shown as much growth as we predicted. Verdict: mostly right.

(31) Emboldened by Viacom’s example against Time Warner, TV network owners will increasingly demand higher payments from cable companies with the threat of moving content online instead. Cable companies will attempt to more heavily limit the content that network owners can host on Hulu and other sites.

Verdict: right.

(32) The present proliferation of incompatible set-top boxes that aim to connect your TV to the Internet will lead to the establishment of a huge industry consortium with players from three major interest groups (box builders, content providers, software providers), reminiscent of the now-defunct SDMI consortium, and with many of the same members. In 2009, they will generate a variety of press releases but will accomplish nothing.

An initiative called DECE tried to do exactly this, with the predicted results. Verdict: right.

(33) A hot Christmas item will be a cheap set-top box that allows normal people to download, organize, and view video and audio podcasts in their own living rooms. This product will work with all of the major free online sources of audio and video, and a few of the paid sources.

This prediction made a certain amount of market sense but, realistically, there would have been no way to negotiate the necessary permissions. Verdict: wrong.

(34) Internet Explorer’s usage share will fall below 50 percent for the first time in a decade, spurred by continued growth of Firefox and Safari and deals with OEMs to pre-load Google Chrome.

IE’s share is falling but is still above 60%. Chrome didn’t get many (any?) OEM deals. Verdict: mostly wrong.

(35) Somebody besides Apple will sell an iPod clone that’s a drop-in replacement for a real iPod, complete with support for iTunes DRM, video playback, and so forth. Apple will sue (or threaten to sue), but won’t be able to stop distribution of this product.

Verdict: wrong.

(36) Apple will release a netbook, which will be a souped-up iPhone with an 8″ screen and folding keyboard. It will sell for $899.

This didn’t happen. Instead, we will apparently get the long-rumored Apple tablet computer, a souped-up iPhone with a 8-10″ screen, selling for $800 or so. Verdict: wrong.

(37) No white space devices will be approved for use by the FCC. Submitted spectrum sensing devices will fare well in both laboratory and field tests, but approval will be delayed politically by the anti-white space lobby.

Verdict: right.

(38) More and more Internet traffic will encrypted, as concern grows about eavesdropping, content modification, filtering, and security attacks.

Concern about traffic modification is growing, but we haven’t seen much growth in encryption. Verdict: mostly wrong.

The bottom line: 9 right, 6 mostly right, 12 mostly wrong, 11 wrong. Our goal was to make bolder predictions than in previous years, and we did succeed in that respect. Our accuracy suffered accordingly. Interesting, provocative predictions are rarely safe, but still I would have preferred a higher success rate.

Stay tuned for our 2010 predictions.