August 30, 2016

Archives for June 2007


Behind the iPhone Frenzy

Let me say right up front that I have not accepted the Jesus Phone as my personal Lord and Savior. The iPhone might turn out to be insanely great. It might become the best-selling mobile phone ever. Or it might not.

Either way, the iPhone’s arrival and the attendant frenzy mark the beginning of a new phase in the mobile phone world – a phase based on the radical notion that it’s possible to make a pocket-sized device that is a pretty good phone and a pretty good networked computer at the same time.

From a purely technical standpoint, this isn’t surprising at all. Phones are basically computers, and we know how to cram a decent computer into a small, low-power package. The engineering isn’t trivial but we know it can be done. Apple might have modestly better engineering, and significantly better human-factors design, but what they’re doing has been technically possible all along.

Yet somehow it hasn’t happened, because the mobile carriers don’t want it to happen. They have clung to their walled garden models, offering limited, captive services rather than allowing easy development of Internet applications for mobile devices. An open system would provide more benefit overall, but most of that benefit would accrue to consumers. The carriers would rather get a big share of a small pie, than a small share of a big pie.

In most markets, competition keeps this kind of thing from happening, by forcing producers to account for consumer preferences. You would expect competition to have forced the mobile networks open by now, whether the carriers liked it or not. But this hasn’t happened yet. The carriers have managed to keep control by locking customers in to long contracts and erecting barriers to the entry of new devices and applications. The system seemed to be stuck in an unstable equilibrium. All we needed was some kind of shock, to get the ball rolling downhill.

Only a company with marketing muscle, design mojo, and a world-historic Reality Distortion Field could provide the needed bump. Apple decided to try, in the hope of selling zillions of the new, more capable devices. The real significance of the iPhone, whether it succeeds or fails in the market, is that it will trigger the transition to more open networks. Once people see that a pretty good phone can be a pretty good mobile computer, they won’t settle for less anymore; and mobile networks will be pried open.

Whether or not the Jesus Phone achieves worldly success, it will succeed in its own way by convincing people that the world can be different.


Why CEOs and Companies Break the Law

Ben Horowitz, CEO of Opsware, offers an interesting essay on why so many bigshot CEOs seem to be in legal trouble. Why, he asks, would a rich and powerful executive risk going to prison? The easy answer, greed, is too simple because many of these guys were already tremendously rich and stood to gain little or nothing personally from the illegal acts. There must have been something else driving them.

One answer is pride. Exhibit A is WorldCom CEO Bernie Ebbers (now doing 25 years for fraud and conspiracy).

As WorldCom grew at a rapid pace, Bernie set expectations high. This led investors to give him advance credit, thus boosting his stock, which was the currency he used to build his company. When Bernie saw that WorldCom wasn’t going to meet those high expectations, and that thousands of shareholders to whom he had promised great performance would lose their money, and thousands of employees who he had hired would lose their jobs, he was willing to do anything to make things right. Even if it meant doing things that were wrong.

Like a killer committing his second murder, the decisions to commit fraud must have come easier as Bernie gained experience. In addition, the stakes continued to get higher. He continued to commit fraud, because if he hadn’t, there was a 100% chance that he would let everyone down who mattered to him and he would no longer be the person that he had worked so hard to become. He wouldn’t be Bernie Ebbers #11 in Time Magazine’s Cyber Elite; he’d be Bernie Ebbers, former milkman, bouncer, and disgraced CEO.

If this is right, Ebbers defined himself by the success of WorldCom. If the company failed, then his work – his contribution to society – would evaporate.

Even beyond pride, some executives see themselves as great benefactors, bringing happiness to employees, wealth to investors, and great products at low low prices to customers. If WorldCom’s growth was good for humanity, then it was worth taking risks to defend. And when the time came to take risks, the Great Man stepped forward.

While working on the Microsoft antitrust trial, I read Titan, Ron Chernow’s biography of John D. Rockefeller. Rockefeller saw most things clearly, but he had one blind spot: he honestly saw little distinction between the growth of Standard Oil and the advancement of humanity. Cheap, high quality oil would transform American life, and Standard Oil would be the agent of that transformation. America needed Standard Oil. Rockefeller had an uncommonly strong drive to do good in the world, a drive that was channeled into an intense need to win every business skirmish. His opponents, who were only trying to make money or run a business, were no match for a guy trying to save the world.

One gets the sense that WorldCom grew as big as it did, and the house of cards stood up for as long as it did, because Bernie Ebbers had a Rockefeller-like drive to make it so. He would do almost anything to keep WorldCom afloat, which is what made him dangerous to his employees and investors.

He was a danger, too, to his competitors.

Once WorldCom started committing accounting fraud to prop up their numbers, all of the other telecoms had to either (a) commit accounting fraud to keep pace with WorldCom’s blistering growth rate, or (b) be viewed as losers with severe consequences.

How severe were the consequences for not breaking the law? Well, like a baseball player who refuses to take steroids, CEO Mike Armstrong of AT&T did not keep pace with the cheaters. As a reward for his honesty and integrity, he was widely ridiculed in the press prior to being fired and AT&T, perhaps America’s most valuable brand, was acquired for cheap. Now you see why Barry Bonds needed something to help him keep pace with Mark McGwire.

The steroids analogy helps explain why corporate criminals must face serious punishment. It’s not enough for the average performer to know that the leaders probably aren’t cheating. Given the choice between believing that the other guy is cheating, and believing that he is honestly outperforming you, most people will go for the cheating theory. People need to know that nobody in their right mind would cheat – a lesson that Bernie Ebbers will be teaching us for the next twenty years or so.


Woman Registers Dog to Vote, Demonstrates Ease of Fraud

A woman in Seattle registered her dog to vote, and submitted absentee ballots in three elections on the dog’s behalf, according to an AP story.

The woman, Jane Balogh, said she did this to demonstrate how easy it would be for a noncitizen to vote. She put her phone bill in her dog’s name (“Duncan M. MacDonald”) and then used the phone bill as evidence of residency. She submitted absentee ballots in Duncan’s name three times, each ballot “signed” with a paw print. She says the ballots did not designate any candidates and only had “void” written on them, so the elections were not affected.

Nevertheless, she broke the law and now faces charges.

This relates to an issue every applied security researcher has faced: how to demonstrate a security problem is real. People take a problem more seriously when they have seen a real, working demonstration of the problem – otherwise the problem will be dismissed as theoretical. Often there is a lawful way to demonstrate a problem, for example by “breaking in” to your own computer. But sometimes there is no way to demonstrate a problem without breaking the law. Careful researchers will stop and assess the legality of what they’re planning to do, and will hold back if the demo they’re considering breaks the law.

Ms. Balogh went ahead and broke the law. Beyond that (serious) misstep, she did everything right: admitting what she did, avoiding any side-effect on the elections by filing blank ballots, and leaving obvious clues like the paw prints.

Fortunately for her, the prosecutor decided not to charge her with a felony but instead offered to let her plead guilty to a misdemeanor, pay a $250 fine, and do ten hours of community service. She was lucky to get this and will apparently accept the deal.

Any readers considering such a stunt should think again. The next prosecutor may not be so forgiving.


Inside Clouseau's Brain: Dissecting SafeMedia's Outlandish Technical Claims

I wrote in April about the over-the-top marketing claims of the “anti-piracy” company SafeMedia. (See Is SafeMedia a Parody?) The company’s marketing materials claim that its comically named product, “Clouseau,” can do what is provably impossible. Having both a professional and personal interest in how such claims come to be made, I wanted to learn more about how Clouseau actually worked. But the company, unsurprisingly, did not provide that information.

Now we have two more clues. First, SafeMedia founder Safwat Fahmy was actually invited to testify before a congressional hearing, where he provided written testimony. Second, I got hold of a white paper that SafeMedia salespeople are giving to prospective customers. Both documents give some technical information about Clouseau.

[CORRECTION (June 26): Mr. Fahmy was not actually invited to testify, and he did not appear before the committee, according to the committee’s own web site about the hearing. All he did was submit written testimony, which absolutely anyone is allowed to do. I was misled by a SafeMedia press release. I should have known better than to rely on those guys.]

The documents contradict each other in several ways. For example, Mr. Fahmy’s testimony says that Clouseau “detects and prohibits illegal P2P traffic while allowing the passage of legal P2P such as BitTorrent” (page 5). But the white paper says that BitTorrent is illegal and was blocked every time by Clouseau in their tests (page 6 and Appendix A).

Similarly, the white paper says, “In a series of tests conducted by us, Clouseau did not block any normal packets including web HTTP(S) and VPN (ipSec and PPTP).” (page 5) (HTTPS and VPN protocols are standard ways of using encryption to hide the content of communications.) But Mr. Fahmy’s congressional testimony says that “Clouseau is fully effective at forensically discriminating between legal and illegal P2P traffic with no false positives … whether encrypted or not” (page 7) which implies that it must block some HTTPS and VPN traffic.

One thing the documents seem to agree on is that Clouseau operates by trying to detect and block certain protocols, rather than looking at the material being transmitted. That is, it doesn’t look for infringing content but instead declares certain protocols to be illegitimate and then tries to block them. Which is a problematic design because many protocols are used for both infringing and noninfringing purposes. Some protocols, like BitTorrent see lots of noninfringing use and lots of infringing use. So Clouseau will get many cases wrong, whether it blocks BitTorrent or not – a problem the company apparently gets around by claiming to block BitTorrent and claiming not to block it.

How does the company square its protocol-blocking design with its claim to block illegal content with complete accuracy? Apparently they just redefine the term “illegal” to be co-extensive with the set of things their product blocks. In other words, the company’s legal claims seem to be just as implausible as its technical claims.

[UPDATE (Oct. 5, 2007): I hear rumors that SafeMedia is telling people that they offered me or my group access to a Clouseau device to study, but we refused. For the record, this is false.]


Email Protected by 4th Amendment, Court Says

The Sixth Circuit Court of Appeals ruled yesterday, in Warshak v. U.S., that people have a reasonable expectation of privacy in their email, so that the government needs a search warrant or similar process to access it. The Court’s decision was swayed by amicus briefs submitted by EFF and a group of law professors.

When Alice sends an email to Bob, the email will be stored, for a while at least, on an email server run by Bob’s email provider. Depending on how Bob uses email, the message may sit on the server just until Bob’s computer picks up mail (which happens every few minutes when Bob is online), or Bob may store his long-term email archive on the server. Either way the server, which is typically run by Bob’s ISP, will have a copy of the email and will have the ability to access its contents.

The key question in Warshak was whether, notwithstanding the ISP’s ability to read his mail, Bob still has a reasonable expectation of privacy in the email. This matters because certain Fourth Amendment protections apply where there is a reasonable expectation of privacy. The government had used a certain kind of order authorized by the Stored Communications Act to compel Warshak’s ISP to turn over Warshak’s email without notifying Warshak. Warshak argued that that was improper and the government should have been required to get a search warrant.

The key to the Court’s ruling is an analogy, offered by the amici, between email and phone calls. The phone company has the ability to listen to your calls, but courts ruled long ago that there is a reasonable expectation of privacy in the content of phone calls, so that the government cannot eavesdrop on the content of calls without a warrant. The Court accepted that email is like a phone call, for privacy purposes at least, and the ruling essentially followed from this analogy.

This is not a general ruling that warrants are required to access electronic records held by third parties. The Court’s reasoning depended on the particular attributes of email, and even on the way these particular ISPs handled email. If the ISP’s employees regularly looked at customer email in the ordinary course of business, or if there was a written agreement giving the ISP broad latitude to look at email, the Court might have found differently. Warshak had a reasonable expectation of privacy in his email, but you might not. (Randy Picker has an interesting commentary on Warshak in relation to online records held by third parties.)

Interestingly, the Court drew a line between inspection of email by computer programs, such as virus or spam checkers, versus inspection by a person. The Court found that automated analysis of email did not erode the reasonable expectation of privacy, but routine manual inspection of email would erode it.

Pragmatically, a ruling like this is only possible because email has become a routine part of life for so many people. The analogy to phone calls, and the unquestioned assumption that people value the privacy of email, are both easy for judges who have gotten used to the idea of email. Ten years ago this could not have happened. Ten years from now it will seem obvious.

Orin Kerr, who is expert in this area of the law, thinks this ruling is at higher than usual risk of being invalidated on appeal. That may be the case. But it seems to me that the long-term trend is toward treating email like phone calls, because that is how people think of it. The government may win this battle on appeal, but they’re likely to lose this point in the long run.


Chinese Gold Farmers: Work or Fun?

Julian Dibbell had an interesting article in yesterday’s NYT, profiling several Chinese gold farmers, who make their living playing the massive multiplayer game World of Warcraft (WoW) and accumulating virtual loot that is ultimately sold for real money. If you’re not familiar with gold farming, or virtual-world economies in general, it’s a nice introduction.

Even if you’ve heard it all before, the article is still worthwhile as a meditation on the porous boundary between work and fun online. These guys make their living playing a game, in seven twelve-hour shifts a week. It’s highly repetitive work – they follow the loot-maximizing strategy which involves hanging around the same little area and whacking the same monsters over and over. WoW players even call this kind of play “the grind”.

Yet somehow the guys enjoy it, not all the time but often enough to find a work rewarding in an odd way. One guy, Wang Huachen, has a law degree but chooses to play/work WoW instead, at least for a while.

“I will miss this job,” [Wang] said. “It can be boring, but I still have sometimes a playful attitude. So I think I will miss this feeling.”

I turned to Wang Huachen, who remained intent on manipulating an arsenal of combat spells, and asked again how it was possible that in these circumstances anybody could, as he put it, “have sometimes a playful attitude”?

He didn’t even look up from his screen. “I cannot explain,” he said. “It just feels that way.”

Amazingly, after finishing a twelve-hour shift, some of these guys spend their long-awaited free time … playing WoW.

But all that changed when the boss of one gold farm got a new business idea: rather than grinding out more loot, his employees would instead build up a 40-man team of uber-characters who would serve as mercenaries, for hire by players who wanted reliable, non-greedy companions in attacking the toughest areas of WoW. Suddenly these gold farmers could really use their skills, and have more fun – for a while.

The end arrived without warning. One day word came down from the bosses that the 40-man raids were suspended indefinitely for lack of customers. In the meantime, team members would go back to gold farming, gathering loot in five-man dungeons that once might have thrilled Min but now presented no challenge whatsoever. “We no longer went to fight the big boss monsters,” Min said. “We were ordered to stay in one place doing the same thing again and again. Everyday I was looking at the same thing. I could not stand it.”

What’s most interesting about this, to me at least, is the relationship between the gold farmers and the players they serve. It’s not a personal relationship, only an economic one, in which the gold farmers play the boring part of the game in exchange for a cash payment from a richer customers.

This relationship is an amazing tangle of play and work. The gold farmer works playing a game, so he can earn money which he spends playing the same game. The customer finds part of the game too much like work, so he works at another job to earn money to pay a gold farmer to play for him, so the customer can have more fun when he plays. Got it?


All the Interested Parties? Not Quite.

Here’s a quick quiz to detect whether you’re stuck in Washington groupthink.

There’s a patent reform bill under consideration in Congress. According to a blog entry by Andrew Noyes at the National Journal, a group of Republican senators sent a letter to Rep. Howard Berman, the chair of the relevant House subcommittee, asking that the patent bill be given more consideration before the committee votes on it. Senator Berman responded:

“There have been a number of hearings, briefings, and meetings about these issues over the past four years,” said Berman, who introduced a companion bill, H.R.1908. “We’ve heard from representatives of all the interested parties – from independent inventors, universities, bio-technology, pharmaceutical, software and financial services industries.”

Here’s the quiz: who did Rep. Berman leave off his list of “all the interested parties”?

Rep. Berman’s omission is a common one in Washington. Start listening for this omission, and you’ll be surprised how often you hear it.

I don’t mean to pick on Rep. Berman personally. Okay, maybe I do, just a tiny bit, given some of his past actions such as co-sponsoring the ill-advised Berman-Coble bill that would have legalized denial-of-service attacks against people suspected of sharing infringing content. If this was just one congressman, once, it wouldn’t be worth noting. But given the frequency of this mistake, I think it does reveal something about the standard Washington mindset.

In the case of patent reform, there are complex issues at stake. Changes to patent law can affect innovation and competition in subtle ways. That affects all of the parties Rep. Berman mentioned, as well as the one notable group he left out. Which is …

Ordinary citizens.


Staying Off the Regulatory Radar

I just returned from a tech policy conference. It was off the record so I can’t tell you about what was said. But I can tell you that it got me thinking about what happens when a tech startup appears on policymakers’ radar screens.

Policymakers respond to what they see. Generally they don’t see startups, so startup products can do whatever makes sense from a technical and customer relations standpoint. Startups talk to lawyers, they try to avoid doing anything too risky, but they don’t spend their time trying to please policymakers.

But if a startup has enough success and attracts enough users, policymakers suddenly notice it and everything changes. To give just one example, YouTube is now on the radar screen and is facing takedown requests from national authorites in places like Thailand. (Thai authorities demanded takedown of an unflattering video about their king.) The cost of being on the policy radar screen can be high for online companies that have inherently global reach.

Some companies respond by changing their product strategy or by trying to outsource certain functions to other companies. We might even see the emergence of companies that specialize in coping with policymakers, making money by charging other tech-focused companies for managing certain parts of their technology.

Perhaps this is just another cost of scaling up a service that works well at smaller scale. But I can’t help wondering whether companies will change their behavior to try to stay off the radar screen longer. There’s an old strategy called “stealth mode” where a startup tries to avoid the attention of potential competitors by keeping secret its technology or even its very existence, to emerge in public at a strategically chosen time. I can think of several companies that wish for a new kind of stealth mode, where customers notice a company but policymakers don’t.


Apple's File Labeling: An Effective Anticopying Tool?

Recently it was revealed that Apple’s new DRM-free iTunes tracks come with the buyer’s name encoded in their headers. Randy Picker suggested that this might be designed to deter copying – if you redistribute a file you bought, your name would be all over it. It would be easy for Apple, or a copyright owner, to identify the culprit. Or so the theory goes.

Fred von Lohmann responded, suggesting that Apple should have encrypted the information, to protect privacy while still allowing Apple to identify the original buyer if necessary. Randy responded that there was a benefit to letting third parties do enforcement.

More interesting than the lack of encryption is the apparent lack of integrity checks on the data. This makes it pretty easy to change the name in a file. Fred predicts that somebody will make a tool for changing the name to “Steve Jobs” or something. Worse yet, it would be easy to change the data in a file to frame an innocent person – which makes the name information pretty much useless for enforcement.

If you’re not a crypto person, you may not realize that there are different tools for keeping information secret than for detecting tampering – in the lingo, different tools for ensuring confidentiality than for ensuring integrity.

[UPDATE (June 7): I originally wrote that Apple had apparently not put integrity checks in the files. That now appears to be wrong, so I have rewritten this post a bit.]

Apple apparently used crypto to protect the integrity of the data. Done right, this would let Apple detect whether the name information in a file was accurate. (You might worry that somebody could transplant the name header from one file to another, but proper crypto will detect that.) Whether to use this kind of integrity check is a separate question from whether to encrypt the information – you can do either, or both, or neither.

From a security standpoint, the best way to do guarantee integrity in this case is to digitally sign the name data, using a key known only to Apple. There’s a separate key used for verifying that the data hasn’t been modified. Apple could choose to publish this verification key if they wanted to let third parties verify the name information in files.

But there’s another problem – and a pretty big one. All a digital signature can do is verify that a file is the same one that was sold to a particular customer. If a file is swiped from a customer’s machine and then distributed, you’ll know where the file came from but you won’t know who is at fault. This scenario is very plausible, given that as many as 10% of the machines on the Net contain bot software that could easily be directed to swipe iTunes files.

Which brings us to the usual problem with systems that try to label files and punish people whose labels appear on infringing files. If these people are punished severely, the result will be unfair and no prudent person will buy and keep the labeled files. If punishments are mild, then users might be willing to distribute their own files and claim innocence if they’re caught. It’s unlikely that we could reliably tell the difference between a scofflaw user and one victimized by malware, so there seems to be no escape from this problem.


Why So Much Attention to "What's a Website?" Judge?

One of the benefits of talking to the press is that reporters often ask thought-provoking questions. Recently Noam Cohen, a New York Times columnist, called and asked me why the Net community gets so excited when a public figure professes ignorance about the Net. It’s natural for people to chuckle at Ted “Tubes” Stevens or George “Internets” Bush; but why devote so much e-ink to them? This was the topic of Mr. Cohen’s latest column, which quotes part of our conversation.

The latest victim of Net outrage was a British high court judge, Peter Openshaw, who reportedly said during a trial, “The trouble is, I don’t understand the language. I don’t really understand what a web site is.” Predictably, the Net responded with derision.

Like most folk tales, the Technologically Ignorant Policymaker story has legs because it connects to a deeply felt concern of the community. In this case, it’s the worry of Net folk that policymakers will cluelessly cripple the Net. One ill-considered comment is not by itself a big deal, but it becomes a symbol of a broader problem.

It’s worth noting, too, that in the case of Stevens and Bush the storyline resonates with the speaker’s reputations – fairly or not, neither Stevens nor Bush is thought to be particularly curious or well-informed as policymakers go. Fewer people know about Judge Openshaw, but his comment must have resonated with concerns about judges in general.

Though cathartic for Net folk, these incidents do have a down side. The next time a judge or policymaker hears technical jargon he doesn’t understand, he’ll be a bit less likely to ask for a clarification. And it’s better to ask a question and learn the answer than to stay in the dark.