Thursday, February 26, 2015

Blogger Will No Longer Allow Sexually Explicit Content. Here's Why This Is So Problematic...

Blogger - Google's blogging web service - just posted a message to all its users that on March 23rd it will "no longer allow certain sexually explicit content".  When you read the details, they state that if a blog does have sexually explicit material, then on March 23rd the entire blog will be made private, only visible to individuals who have accepted an invitation from the administrator.  It further states that, "We'll still allow nudity if the content offers a substantial public benefit".

There are several reasons why this is so problematic.

First of all, the new Adult content policy is unbelievably vague.  What is their definition of "sexually explicit"?  There was one case where Facebook deemed informative content about breast cancer whose purpose was to encourage mammograms as "sexually explicit".  There was another famous case where they banned images of breast-feeding mothers.  Once they protested, that group ultimately became known as "The Lacktivists", which may just be the greatest moniker for a group ever.  But I think you get the point.  There's not always a strong consensus over what is "sexually explicit", and websites have a history of frequently getting it completely wrong.

Second, in a similar vein, how will they determine what "offers a substantial public benefit"?  It's a definitional problem once again.  And it's worth pointing out that the new policy doesn't indicate whether it will be human beings or an algorithm making the final judgment.  Both methodologies have their flaws, so how comfortable should we be with either of them?

Third, the practical question for millions of Blogger users with a long posting history is:  How will I know ahead of time if my entire blog will suddenly be taken offline?  For example, The Nerfherder has been using Blogger since its inception in 2006.  This is clearly not a blog dealing in sexually explicit content, however occasionally this blog has reported on news events related to the regulation of such material.  For instance, we once wrote a post about the outing of a troll on Reddit named "Violentacrez".  In our post, we reported on how he had created forums titled "Jailbait" and "Rapebait", to name only a few.  PLEASE, read the post for yourself and decide whether, in any way, shape, or form, you believe this should be considered "sexually explicit content".  Should The Nerfherder now fear that this entire blog is about to be taken offline by Blogger because an algorithm might discover those phrases located in a post?  It would at least be helpful to know if it was going to be taken offline ahead of time.

Private companies certainly have the right to remove sexually explicit content from their service.  There's no problem there.  The problem is that Blogger should have 1) provided more detailed criteria for what would be deemed "sexually explicit", 2) offered additional criteria for what would be considered as having "substantial public benefit", 3) been transparent in whether this new policy was being implemented by algorithm or by human beings (in order to know who should be held accountable for egregious overreaches), and finally, 4) informed its users ahead of time if their blog was about to be taken offline so that they could take preemptive steps in order to avoid the takedown, as Blogger itself suggests.

Wordpress, anyone?


  

Monday, February 23, 2015

Internet Governance and the New HTTP2 Protocol...

Proof that the Internet is, in fact, governed can most easily be found in the adoption of its technical standards and protocols.  Think about it:  despite the Internet's decentralization, certain protocols have to be designed and adopted by nearly everyone just to ensure that the Internet remains interoperable and functional.  Not only does virtually everyone need to agree on these protocols, but clearly identifiable institutions have to make decisions, resolve conflicts, and maintain control over them.  This authority is the very definition of governance.

Which brings us to last week's big news that the HTTP2 protocol has officially been completed.  There is a single institution known as the Internet Engineering Task Force (IETF) - an international and non-profit organization - which is single-handedly responsible for making decisions over the Internet's standards and protocols.  HTTP2, as its name suggests, is the next evolutionary leap forward for the classic HTTP protocol which has been the Web's main standard for data communication since at least 1999, and a previous version since 1996.

So let's all celebrate!  After all, this is the Web's open democratic process in action, right?  Without the intervention of any national government, the Web has once again initiated an open participatory process, issued a Request for Comments (RFC), and ultimately built a rough consensus upon which it made a binding decision about its own future development.  Is this not the self-governance and autonomy that early Internet evangelists predicted?

Well...  There is one notable observation weakening the utopian self-governance argument.  HTTP2 is based on SPDY, which was invented by Google, and later supported by Apple, Microsoft, Amazon, Facebook, and others.  In fact, those companies pushed hard in order to get the IETF to formally adopt it.  Some may argue that corporate influence has decreased the level of democratization in the process, rendering the IETF as a mere agent of such corporations and institutionalizing their self-interested preferences.  However, others will correctly point out that such corporate involvement has been a part of the IETF's standards-setting processes from the beginning, so it's really nothing new, and may even be considered crucial to a new protocol's widespread adoption.

Regardless of the power relationships involved in this aspect of Internet governance, the question many of you will undoubtedly have relates to relevancy.  How will this momentous development of the HTTP2 protocol affect your life?  Mainly by speeding up your web browsing.  And there's certainly not going to be a grassroots movement protesting that.


  

Wednesday, February 18, 2015

Why Google's Research Study on Data Localization and Cybersecurity Shouldn't Be Taken Seriously...

Earlier this week, Google announced the release of a research study - conducted by Leviathan Systems, but commissioned by Google - which sought to compare the security of cloud-based versus localized systems.

Many countries around the world have recently proposed laws that would require companies to keep the data about that country's users within national borders.  For example, if a website in France was saving the personal data of French citizens, then the law would require the website to save that data somewhere within France's borders, as opposed to, say, California.  The logic is two-fold: first, information about a country's citizens would stay out of the hands of spying foreign governments and, second, it would better enable countries to design and implement their own privacy laws (to that point, privacy laws are much stronger in the European Union than in the United States).

Predictably, Google and many other high-tech firms have come out against such laws requiring data localization.  For them, it's an added expense.  Google would need to backup and store user data within each such country in which it operates, rather than using Silicon Valley as its central hub for everything.

Because of this opposition, one has to be somewhat skeptical of a research study paid for by Google concluding that data localization is so clearly negative.  Their argument is that cloud-based systems are more secure than localized ones, and that there would be a shortage of expertise within many countries to put stronger cybersecurity measures into effect.

It's not that there's no truth in that claim, it's just that we can be forgiven for being a little skeptical.  This has become the modus operandi within the tech industry: lobby elected representatives, lobby regulatory agencies within the Executive Branch, and pay for-profit think-tanks to conduct research studies which, often, lead to predetermined results favorable to its sponsor.

From a purely economic point of view, of course Google wants to avoid data localization requirements.  But there are non-economic arguments for why localization might be considered a positive - namely, the better protection of privacy rights.  Google can hardly be considered unbiased, and thus, this study's conclusions shouldn't be considered authoritative, by any stretch.


  

Tuesday, February 10, 2015

Creating a Constitution with Open Data...

Most national or state constitutions aren't written from scratch, but rather are derivative works based off of other national and state constitutions. For example, the constitution of Japan looks remarkably similar to that of the U.S. (largely because it was written in 1946 when the U.S. occupied Japan after World War II). In fact, on average, 5 new constitutions are written every year, and even more are amended.

Could modern data-driven technologies help in the constitution-drafting process? Furthermore, could any individual potentially create a constitution that would govern some type of entity using such tools as well? What would be the consequences of this?

Google Ideas launched a website called Constitute in 2013 which allows people to not only view and download every national constitution in the world, but also has a feature that enables easy comparisons between them. Furthermore, Constitute let you mashup different excerpts from different sources so that, in effect, you can embed your own constitutional ideas in a single document and share it on social media. Going yet another step further, Constitute also makes all of their underlying data freely available through an open data portal, complete with its own API for programmers and research developers.

It's an interesting exercise to think about what type of constitution would you create for governing Internet use in the United States. What ideas would it embody? What values and/or rights and liberties would it be designed to protect? This is not as hypothetical as you might imagine. Brazil actually passed such an Internet Constitution last year. How might an open data approach affect outcomes?

  

Wednesday, January 21, 2015

"The Permanent Professor": How the Long-Term Use of Social Media Transforms the Professor-Student Relationship

The presentation I recently gave at the American Political Science Association Teaching and Learning Conference...




Or...

http://prezi.com/_4kxi0lq4n15/?utm_campaign=share&utm_medium=copy


  

Saturday, January 03, 2015

What Do They Teach in a Hacking Class?

Non-Computer Science laymen always seem shocked to hear that undergraduate courses are offered in hacking.  Why?  It's really just a sexy way to market a course in cybersecurity.  Or so we tell everyone.  If you've ever been curious as to what they teach in a hacking class, here's a general outline (since I'm prepping for next semester anyway):

  • Penetration Testing

  • The instructor typically sets up a "hacking lab" where one machine or small network is set up with different types of security solutions installed.  The object for the semester will be for students to hack the instructor's machine and setup.  These days, security testing in the classroom is easily accomplished using Backtrack Linux and Kali Linux.

  • Reconnaissance

  • The idea is to gather as much information about a target as possible to increase your chances of success later.  This is done through a combination of Google directives, The Harvester Python script, the WhoIs database, NetCraft, Fierce, MetaGooFil, the ThreatAgent Drone, and other tools.  The goal by the end of the Reconnaissance stage is to have a list of IP addresses that belong to the target.

  • Scanning

  • Once we have a list of IP addresses, the next step is to map those addresses to open ports and services  Students need to determine if a system is alive with ping packets, port scan the system with Nmap and use the Nmap scripting engine (NSE) to gather further information about the target, and scan the system for vulnerabilities with Nessus.


  • Exploitation

  • This is the process of actually gaining control over a system.  Students explore online password cracking tools like Medusa and Hydra, as well as learn how to use tools like the full MetaSploit framework, Wireshark, Macof, and Armitage.  This is really the stage most people think of when they think of computer hacking, but the point to stress to students is that only by engaging in the first wo preliminary steps will you get the most out of Exploitation.


  • Social Engineering

  • Making your attack vectors believable.  After all, the best hacks are those which go undetected.  Use of the social-engineer toolkit (SET), website-attack vectors, credential harvesters, and more are explored.


  • Web-based Exploitation

  • For when websites themselves (not only local networks connected to the Internet) are the target.  This stage incudes intercepting requests as they leave the browser, discovering all files and directories that make up the target web application, and analyzing responses from the web application to find vulnerabilities.  Frameworks to use include W3af, the Burp Suite, the Zed Attack Proxy (ZAP), Websecurify, and Paros, and other role-specific tools.


  • Post-Exploitation: Maintaining Access

  • Using backdoors, rootkits and meterpreters that allow the attacker to return at will.  Tools include Netcat, Cryptcat, and really just a comprehensive explanation about how rootkits operate.


    Still find this interesting or did these details deflate your excitement about learning "how to hack"?  Remember, the real challenge for us non-criminal types is to prevent these tools and methods from working.  It is an arms race, and we're in it to win it.


  

Monday, December 08, 2014

Tweeting Alone: Slacktivism and the Decline of Civic Engagement...

Dave Karpf of Rutgers University wrote a clarifying piece recently entitled, "Slacktivism as Optical Illusion", in which he describes how online activities labeled (with a negative connotation) as slacktivism can either be a waste of time or may actually serve a larger purpose.  It depends on how the activity is carried out.

He makes three points for explaining how slacktivist activities can be meaningful:  First, they should strategically be used to attract mainstream media attention.  It's pointed out that, today, journalists and editors actually turn to social media in order to pick out potential stories worth covering.  Second, they should have a specific target in mind.  For example, a general online petition to "stop animal cruelty" is guaranteed to make no difference, whereas the type expressing displeasure with specific corporations has a history of leading to successful policy change.  And third, organizations should develop relationships with people who've engaged in simple acts of digital engagement over time in order to "ladder" them up to larger-scale activism.

Great points all, and it's refreshing to read something of a how-to guide for constructive slacktivism rather than just yet another venting of frustration about it.

Something else that may be added to the conversation is how slacktivism is related to the decline of civic engagement in America more generally.   Robert Putnam described in his classic book, Bowling Alone: The Collapse and Revival of American Community, how social structures, or community-building organizations, from bowling leagues to weekly poker games to church-going Sundays, have been experiencing a major decline in participation for decades.  This decline in community-related activities has led to a decline in civic engagement and political participation as well, as more individuals engage in solitary activities disconnected from others.

Online social networking has raised the question since its inception of whether it fosters the concepts of "networking", community-building, and civic engagement, or whether it works against it.  And slacktivism is a strong component of this question.  If you tweet expressing support for a cause, does that make you more likely or less likely to engage in different forms of activism on the cause's behalf in the future?

Karpf is on the right track.  More ideas need to be generated in order to make "more likely" the more frequent answer.


  

Tuesday, November 18, 2014

CyberWar: Anonymous vs. the Ku Klux Klan

Over the weekend, a cyberwar ensued between two highly controversial groups - Anonymous and the Ku Klux Klan.  As ZDNet reports, at issue was the upcoming grand jury verdict in the Michael Brown case in Ferguson, MO.  Here is the sequence of what went down...

A Klan group named the Traditionalist American Knights of the KKK distributed flyers last week threatening the use of "lethal force" against the protesters in Ferguson.  In response, members of the hacktivist group Anonymous "skirmished" with the KKK on Twitter, at which point, after being "mocked and threatened", Anonymous launched a full-blown cyberwar campaign called #OpKKK and ultimately seized control of the Klan's main Twitter account, @KuKluxKlanUSA.

Anonymous then issued this statement explaining how the Klan is a terrorist group with blood on their hands and, as a result, the Klan "no longer has the right to express their racist, bigoted opinions".

But the story's not finished.  The Klan responded by using their other primary Twitter account, @KLANonymous, to post this message...


Anonymous then quickly seized control of that account as well.

Meanwhile, Anonymous has also been launching Distributed Denial of Service (DDoS) attacks on much of the Klan's online presence.  They've shut down websites like IKKK.com and TraditionalistAmericanKnights.com as well as the Klan's largest discussion board, Stormfront.

Now Anonymous has turned its focus towards identifying Klan members with its #HoodsOff campaign.  They are doing this by looking at the Direct Messages sent over time to the Klan's seized Twitter accounts, although Anonymous explicitly acknowledges that they are still debating to what extent people's identities should be made public, considering that they "are not completely sure how much of a connection many of the people actually have to the KKK" and want to make sure they are outing the right people.

That about sums it up.  For now.

First of all, is it somewhat surprising to anyone else that officially recognized active hate groups and domestic terrorist organizations have non-secretive Twitter accounts?  Call me naive, but wouldn't a Twitter account called @AlQaeda or a website named "www.alqaeda.com" be shut down by homeland security or law enforcement officials immediately?  How does Twitter even allow something called @KuKluxKlanUSA to exist?  There's no technical reason which would make removal difficult; it's just a policy decision.

Second, let us also not forget that Anonymous is considered by many to be a criminal, even cyberterrorist, organization as well, having previously launched attacks against U.S. government agencies, police departments, and even launched anti-Israel cyberattacks on Holocaust Remembrance Day.  So before Anonymous is applauded too strongly for their efforts against the KKK, let's just keep in mind that they're not exactly heroes by any stretch of the imagination.

Third, it should be observed that Anonymous is getting better at what they do.  The speed at which they managed to seize control of the Klan's Twitter accounts and launch effective DDoS attacks that shut down numerous websites and discussion boards was impressive, even by their own standards.  It makes their calling card, "You should have expected us", even that much more frightening.

No one's going to have, nor should have, any sympathy for the Ku Klux Klan, and in that sense this is a story with a positive outcome.  With that said, in the larger scheme of things, it remains difficult for other hacktivists to sympathize with Anonymous either because their problem is that they pursue their stated goal of freedom basically through intimidation.  If you cross them, they will attack you.  This blog has been flamed by Anonymous before, and to be honest, it does indeed make one hesitate from writing about them further.  And that's the problem.  Anonymous creates a very real chilling effect on the very speech they claim to protect.



  

Wednesday, November 12, 2014

Big Data and Municipal Governments...

Data analytics, or "Big Data", is already widely used by businesses to find correlations that help to make predictions - predictions about consumer behavior, predictions about value-chains and supply-chains, etc.  By doing so, Big Data greatly improves organizational efficiency and forecasting, spotting trends as they emerge or even before they emerge.

So why not put Big Data to use in order to improve the workings of government?

In their book titled, "The Responsive City: Engaging Communities Through Data-Smart Governance", Stephen Goldsmith and Susan Crawford explore how municipal governments, in particular, can use Big Data effectively to radically transform how local governments serve its citizens.  As summarized by the Harvard Gazette:

A “responsive” city is one that doesn’t just make ordinary transactions like paying a parking ticket easier, but that uses the information generated by its interactions with residents to better understand and predict the needs of neighborhoods, to measure the effectiveness of city agencies and workers, to identify waste and fraud, to increase transparency, and, most importantly, to solve problems.

The requirements for municipal governments wanting to adopt a Big Data strategy include, first, building a high-speed fiber network, and second, that they should publish their collected data sets publicly and with full transparency. The idea, says Goldsmith, is to allow employees to see other agencies, allow residents to hold their city hall responsible, but also to provide data that can lead to breakthroughs and solutions from both inside and outside government.

Surely, this is, indeed, a potential boon for municipal governments.  However, the potential downside to governments relying on Big Data, it must be reiterated, is that Big Data has often been criticized for enabling discrimination on the basis of race, religion, gender, sexual orientation, etc.  Alistair Croll famously declared it this generation's Civil Rights issue.

In fact, a recent report by The Leadership Conference on Civil and Human Rights highlighted this danger of institutionalizing discrimination, and even endorsed a document titled, "Civil Rights Principles for the Era of Big Data".  However, the group's recommendations include such lofty goals as "an end to high-tech profiling" and "greater individual control over personal information", both of which seem unlikely.  And by "unlikely", we mean there's no chance it's ever going to happen.

The take here is that the era of Big Data for governments is coming, like it or not.


  

Thursday, October 30, 2014

The Value of Online Confessionals: Evaluating the Secret & Whisper Apps...

As addictive as Facebook has become for some people as a means of feeling validated or popular - writing posts specifically to garner "likes", and experiencing disappointment when there's not a large response - there remains a hesitation by most Facebook users to post brutally honest thoughts or confessions for fear of backlash amongst those they know, not to mention that what they post may be archived and associated with themselves forever.

Two apps address this dilemma of public confessions:  Secret and Whisper.  Secret enables you to write posts anonymously and links to your Facebook account so that only your friends can see it, even though your friends won't know it was specifically you who posted.  Meanwhile, Whisper lets you do the same thing, but the anonymous posts are visible to the general online public. 

The allure of both services is to be able to write posts without personally identifiable consequences and also, as a reader of others' posts, it is tantalizing to read brutally honest and revealing confessionals written by people you actually know in your social network.

The fact that these apps are being so widely applauded is more a sign of great P.R. departments than anything else.  Rachel Metz writes for the MIT Technology Review that people do indeed say some nasty things on these anonymous apps, but that the good far outweighs the bad.  And one can go as far back as to the founder of analytical psychology, Carl Jung, to read about the value of confession as a positive force.

However, while online confessionals may serve a positive psychological purpose, there are some inherent dangers related to the fact that they are online forums.  For instance, to what extent will even private confessions be archived considering that other "private" social apps like SnapChat have recently been hacked and users' private content was then made publicly available?  What other privacy concerns should individuals consider before posting intimate details about themselves to the Internet (because, ultimately, that's what they're still doing)?  What restrictions should there be on children or teenagers both writing posts and reading/commenting on others'?

Secret and Whisper can have a positive value, and they're certainly addictive to read because you're just dying to know who could have written such a thing.  But as far as using them to write your own confessional posts... maybe a healthy dose of skepticism ought to be in order.



  

Wednesday, October 01, 2014

Using Proxy Servers to Help the Hong Kong Protesters...

The Chinese government is cracking down on the pro-democracy demonstrations in Hong Kong using tear gas and other heavy-handed methods, and have also begun censoring Internet content and online social media.  Hong Kong, being a semi-autonomous region, typically experiences less of the Great Firewall than does most of China proper, however due to fears of the demonstrations spreading further, Instagram, YouTube, Twitter, Facebook, numerous blogs and wikis, search engine results, and more are all being blocked for residents of the island to varying degrees.

As reported by CNN, users cannot view images on Instagram and are instead directed to a message that reads, "Can't refresh feed".  Meanwhile...

Searches on China's top search engine sites such as Baidu and Sogou for the terms "Hong Kong protest" or even "Hong Kong students" yielded irrelevant results such as stories showing a a blissful image of Hong Kong residents picnicking on the grass or how Hong Kong is welcoming tourists from the mainland during the national holiday week.

When relevant results appeared on the Chinese search engines, the articles contained a distinctively pro-China slant and even surfaced a month-old article about a small pro-Beijing counter-protest in Hong Kong.


This can hardly be considered a surprising development, and if there is a positive consequence of the Chinese government's pattern of censorship over time it is that there is an entire infrastructure already in place to help users circumvent the Great Firewall and access the sites that are being censored.

Basically, protesters and residents of Hong Kong need to use a proxy server.  Proxy servers will tunnel users' Internet traffic through to their destination sites, while masking that destination to the filters.  Users can find available proxy servers pretty easily on constantly updated public lists.

Meanwhile, for anyone observing the events in Hong Kong from afar who would like to help, setting up a proxy server for others to use is fairly simple and free.  As with many hacktivist tools these days, no programming expertise is required.




  

Wednesday, September 24, 2014

Internet Governance and Whether Terror Victims Can (or Should) Be Able to Seize Domain Names...

In June, a U.S. District Court issued a judgment in the case of Ben Haim et al. v Islamic Republic of Iran et al. ruling that victims of terrorist attacks could, in fact, seize the assets of the governments which sponsored them - specifically, Iran, Syria, and North Korea.  On its own, this may not seem very noteworthy.  Such money judgments are actually made quite often.  However, what sets this case apart is that the assets in question are the Internet domain name suffixes (what are officially called the ccTLDs) of those countries.

Specifically, the U.S. District Court issued "writs of attachment" against ICANN - the single institution responsible for managing the Internet's domain name system - ordering it to "hold" as property the .IR (Iran), .SY (Syria), and .KP (North Korea) ccTLDs until the final terms of compensating the plaintiffs were adjudicated.

This case raises a few interesting questions.  First of all, is a country's domain name suffix "property"?  As David Post has written, it is actually a public trust.  But even if it is to be considered property, is it really an asset controlled by national governments?  Post answers in the negative here as well:
A ccTLD, like other top-level domains, is a very strange beast; it consists of a name, a line in the Root Zone database associating that name with a specific server which offers registration services for the TLD, and all the associated services. It’s not a thing – it’s a label we give to a series of interlocking relationships and contractual and other understandings that enable the global resolution and the proper direction of messages to and from particular named entities (XYZ.IR, ABC.SY, etc.). Nor is it located “in” the United States; it is located on the global network, in the thousands of interlocking databases that allow the domain name system to function.
Second, is it desirable that one district court located within one country (in this case, the U.S.) should have the authority to seize and redistribute parts of the Internet's global domain name system?  Clearly, this is a pandora's box of problems waiting to open.  Wouldn't that grant other national governments' courts at least a similar legal ability?  Some would certainly try to claim that authority, thus leading to an unmanageable system that granted conflicting ownership rights between territorial jurisdictions - on an Internet that, in terms of technical functionality, does not recognize territorial borders.

Third, as pointed out by Farzaneh Badii, most owners of .IR domain names are actually in the private sector and have no ties to the government at all.  Badii makes the additional argument that if the Court hands over the .IR domain name to the plaintiffs, "it would be likely that neither the Iranian community nor the government would buy domain names from this non-Iranian entity which may lead to the collapse of .IR.  Consequently, the Court’s action might very well destroy the value of .IR, the capture of which was the purpose of the suit in the first place".

Badii addresses the question of whether this issue would even be raised if ICANN were an intergovernmental organization (IGO) or if "private ordering" - allowing for a consensus-based, multistakeholder approach - might be a better fit.  Good theoretical questions, both.  However, from a practical perspective, it would be a whole lot easier to simply argue that the U.S. District Court probably overstepped its bounds in asserting its jurisdiction over the entire Internet domain name space which, whether lawyers and judges believe there is a legal justification for doing so or not, is probably not the wisest or smartest political move.



  

Monday, September 22, 2014

Might Twitter Have Helped the Polling for the Scottish Independence Vote?

So Scotland is remaining part of the U.K.  At least for now.  A momentous event in history almost happened.  Yet didn't.

In retrospect, lots of questions deserve to be asked regarding all those public opinion polls that seemed to indicate the vote was going to be a "Yes" for independence.  Where did they go wrong, and for that matter, was social media a better predictor of the outcome?

Justin Wolfers over at the University of Michigan noted how polling got it wrong, however the betting markets got it right.  In other words, asking people how they intended to vote turned out to be a pretty bad predictor, but asking people which side they thought would win was actually far better.  As a result, all of the pollsters calling the election close were basically "looking at the wrong data to make that conclusion".

The Monkey Cage is right to point out, however, that if you only look at the polling in the final few days, the "No" movement actually came out ahead each time, albeit often within the margin of error.  Thus - since the closer you get to the day of an election, the better polls are at predicting the outcome - the polls actually didn't "get it wrong" at all.  They correctly predicted the ultimate outcome of the referendum, even though their numbers turned out to be off by a few percentage points.

Let the political scientists sort this out.  In the meantime, the Monkey Cage raises a more intriguing question: Should online social media activity inform such polling, and if so, how?  Consider:

What strikes me as potentially useful about the Twitter data is if we view it in combination with the polling data. Suppose someone had told you before the election that the final polls (Now at 52 percent) was likely to be off by 3 percent, but they didn’t know in which direction. At that point, figuring out that direction would be crucially important, and could at least in part hinge on knowing which survey response (i.e., “Yes” or “No”) could be most likely to trigger a “Bradley Effect,” that is, an overestimating of support for one side because people didn’t want to admit they were voting the other way because they thought others (including here the pollster) might think badly of them. From this perspective, the Twitter data might prove useful, as it could show us which side had the popular enthusiasm, thus making it harder for people to admit to pollsters that they might not vote in that way, which in this case would be the “Yes” vote.

Using Twitter to measure "popular enthusiasm" might be a worthy supplement.  At least for determining the youth vote.  But that selection bias might negate the benefit in the first place.  Besides, after watching Trendwatch display the frequency of "Yes" and "No" tweets the day of the referendum in real-time, which heavily favored the "Yes" movement most of the day, one has to remain skeptical about its trustworthiness in predicting voting outcomes.


  

Friday, September 12, 2014

Internet Slowdown Day...

Yesterday was Internet Slowdown Day, essentially a mass online protest against proposed Net Neutrality regulations.  The typical Internet user doesn't pay much attention to F.C.C. rule changes, thus Internet Slowdown Day was designed to raise awareness among the general population about such rule changes in a comprehensible way.

And the protest is being launched by large and small websites alike.  Net Neutrality rules have always protected websites in the sense that they have guaranteed that all data traveling over the Internet is treated equally.  However, the F.C.C. recently announced its intention to remove Net Neutrality rules so that ISPs could start charging websites (what are assumed to be) pretty large sums of money in order for users to reach some websites - those who would pay - faster than others.  The fear is that this would create a "two-tiered Internet" where the most well-capitalized corporate websites would operate within a faster "EZ Pass" lane of data traffic while smaller websites would have to slog along through the muck.

Readers of this blog are aware that we strongly support the principle of Net Neutrality, even despite its often inaccurate portrayal by other supporters.  That's why it's somewhat surprising to think that the best we can do is create an Internet Slowdown Day where the protest methodology being employed is simply to ask people to sign a petition and email their Congressmen.  How unimaginative.  As a result, late-night comedians like John Oliver have arguably been more productive for the cause.

In the end, Internet Slowdown Day can only be considered a success if it demonstrably raises awareness of the Net Neutrality issue in the general population's consciousness.  Will anyone remember it by this time next week?  Unfortunately, the protest participants still haven't succeeded in defining Net Neutrality and explaining why it's important to the daily lives of most individuals, and thus it remains the venue of a niche group of devotees.  As Jon Stewart put it:  "Today is 'Internet Slowdown Day' protesting changes to net neutrality rules. Or as Time Warner calls it, Wednesday."


  

Tuesday, April 29, 2014

Should Anonymous Reviews Online Be Banned?

Small businesses today are discovered and marketed very differently than they were a generation ago.  Reputation - especially online reputation - can make or break a budding enterprise.

The problem is what happens when people express extremely harsh critiques of your business in a public forum, and do so anonymously?  Are such anonymous reviews a protected form of free speech?  Or, because their authenticity cannot be ascertained, do businesses have a right to "unmask" the website's users - especially in cases of defamation?

The Virginia Supreme Court is about to answer these questions.  A case has arisen where a business named Hadeed Carpet Cleaning, Inc. filed a lawsuit against seven individual Yelp users claiming defamation, and demanded that Yelp turn over their true identities.  According to the Wall Street Journal, "So far, both the Alexandria Circuit Court and the Virginia Court of Appeals have sided with Hadeed, holding Yelp in contempt for not turning over the names.  Yelp in January appealed to the state Supreme Court, arguing that the reviews are protected under the First Amendment and that Mr. Hadeed offered scant evidence that they were fakes".

There are two real issues here.  First, how important is anonymity in posting reviews?  Second, what are a website's responsibilities as a third-party facilitator of the forum?

Anonymous speech is a monstrously large topic with an established legal tradition that goes back to America's founding.  Let's just say that it has been recognized in the American political tradition as being both valuable and vital to the spirit of the First Amendment.

That's legally-speaking.  However, in reality, online anonymity is regulated or outright banned more often than most people realize.  Whether it's your ISP or network administrator banning the masking of your IP address, or Facebook prohibiting anonymous accounts that don't clearly identify you as the person you are in real-life (remember when MySpace was rampant with such anonymous accounts?), the fact is that more and more online forums not only aren't valuing user-anonymity very much, they're outright viewing such anonymity as negative.

As for the website's responsibilities, it seems pretty clear that Yelp has little to worry about thanks to the most underrated federal policy of our time - Section 230 of the Communications Decency Act of 1996.  This Act provides immunity from liability for websites based on what its users publish.  In other words, Yelp cannot be held liable for a scathing review left by some individual anymore than Facebook can for a slanderous status message or Twitter can for a personally embarrassing tweet.  Web 2.0 sites based on user-generated content are shielded from such liability by Section 230.

Ironically, despite businesses like Hadeed increasingly objecting to Section 230 protections, the Act was originally devised as a boon to help support businesses and nascent industries.

Here's some food for thought.  All these same issues arise in an individual context, just as they do in a business context.  In other words, for years, people have complained about how helpless they are in the face of critical or embarrassing material being posted about them online, and how there was little recourse available to them.  Businesses are increasingly in that same boat.  Stinks, doesn't it?  But that's the trade-off with protecting privacy and anonymity, for better or worse.

The best advice going forward for businesses like Hadeed is the same as that for individuals...  Don't try to exert outright control over your online presence; it's futile, and the law may not even support you in your quest.  Instead, take steps to manage your resulting online reputation.  For example, one prudent way for Hadeed to realistically fight negative reviews would be to create incentives for its customers to go on Yelp and flood its listing with positive reviews.  No law-breaking; no subversion; just being more proactive in the marketplace of speech.
  

Tuesday, March 25, 2014

Timelessness vs. Timeliness: The Debate Among Scholar-Bloggers

To what extent should academics be active in social media? Also, to what extent should their social media presence and the content they share be considered towards career advancement and tenure? The bottom line: Is blogging legitimate political science?

These aren't exactly new questions, but most scholars who are active in cyberspace usually stick to writing data- or theory-driven posts, basically replicating the same style of wonkish writing found in academic journals. There remains a widespread fear, or at least strong hesitation, of writing subjective, opinion-based posts lest their "amateurism" be used against them professionally. Thus, this "shut-the-blinds and delve-into-the-data posture" remains the norm, where timelessness rather than timeliness is valued.

Mira Sucharov and Brent E. Sasley address this dilemma in the most recent issue of PS: Political Science and Politics (47,1). In their article, "Blogging Identities on Israel/Palestine: Public Intellectuals and Their Audiences", they argue very much in favor of scholar-bloggers writing subjectively and make the case for why it should be considered "an asset to be embraced rather than a hazard to be avoided".

They make three points. First, that the kinds of subjectivity and personal attachments that guide one's endeavors will actually lead to more deeply resonating critiques, thus enhancing scholarship and teaching; Second, that through the melding of scholarly arguments with popular writing forms, scholar-bloggers can become leaders of the discourse on important issues through public engagement and political literacy; And third, that despite the "subjectivity hazard", being aware of one's social media audience can help maximize scholars' potential to serve the public interest in all its manifestations.

While these are agreeable points, doesn't it raise the idea of "activist scholars"? And doesn't that notion make us instinctively recoil and pose an uncomfortable challenge to our conceptions of what a scholar is supposed to be, particularly in their roles as teachers?

Robert Farley has also argued another important counterpoint: While there is a growing acceptance of blogging as legitimate political science, and that the discipline should even provide incentives for faculty members who blog, he warns that trying to bring blogging too much into the fold of the discipline's existing structures "runs the risk of imposing rigid conditions and qualifications on bloggers that undermine the very benefits inherent in the nature of blogging".

What this question ultimately boils down to is credibility. Blogging and other forms of social media can be used to either enhance a scholar's credibility or to damage it. Thus, there is no single "correct" answer to the question of whether or not social media has intrinsic scholarly value. The question isn't a binary one, but rather is dependent on each individual's use of the medium.

  

Tuesday, March 18, 2014

Big Data as a Civil Rights Issue...

In classes on Information Systems, we talk about the rising use of "Big Data" - enormous collections of data sets that are difficult to process using traditional database management tools or data processing applications, and which are increasingly used to find correlations that, for instance, spot business trends, personalize advertisements for individual Web users, combat crime, or determine real-time roadway traffic conditions.

But is "personalization" just a guise for discrimination?

That's the argument put forth in Alistair Croll's 2012 instant-classic post titled, "Big data is our generation's civil rights issue, and we don't know it". He goes on to argue that, although corporations market the practice of digital personalization as "better service", in practice this personalization allows for discrimination based on race, religion, gender, sexual orientation, and more.

The way this works is that, by mining Big Data, a list of "trigger words" emerges that help identify people's race, gender, religion, sexual orientation, etc. From a marketing company's point of view, they then "personalize" their marketing efforts towards someone based on such characteristics. And that makes it a civil rights issue.

For example, American Express uses customer purchase histories to adjust credit limits based on where a customer shops - and as a result there have been cases reported of individuals having their credit limits lowered because they live and shop in less-affluent neighborhoods, despite having excellent credit histories.

In another example, Chicago uses Big Data to create its "heat map". According to TechPresident, the heat map is "a list of more than 400 Chicago residents identified, through computer analysis, as being most likely to be involved in a shooting. The algorithm used by the police department, in an initiative funded by the National Institute of Justice, takes criminal offenses into account, as well as known acquaintances and their arrest histories. A 17-year-old girl made the list, as well as Robert McDaniel, a 22-year-old with only one misdemeanor conviction on his record."

In yet another example, a Wall Street Journal investigation in 2012 revealed that Staples displays different product prices to online consumers based on their location. Consumers living near another major office supply store like OfficeMax or Office Depot would usually see a lower price than those not near a direct competitor...

 

One consequence of this practice is that areas that saw the discounted price generally had a higher average income than in the areas that saw the higher prices...

Price discrimination (what economists call differential pricing) is only illegal when based on race, sex, national origin or religion. Price discrimination based on ownership — for example, Orbitz showing more expensive hotel options to Mac users—or on place of residence, as in the Staples example, is technically okay in the eyes of the law...

However, when you consider that black Americans with incomes of more than $75,000 usually live in poorer areas than white Americans with incomes of only $40,000 a year, it is hard not to find Staples' price discrimination, well, discriminatory.

 

And in an especially frightening read earlier this month, The Atlantic published an article outlining how companies are using Big Data not only to exploit consumers, but also to exclude and alienate especially "undesirable" consumers.

The idea behind civil rights is that we should all be considered on an individual basis.  People should not be treated differently solely due to their race, religion, gender, or sexual orientation.  The Civil Rights Act of 1964 explicitly banned such differential treatment in the private sector.  That is why there are no longer separate drinking fountains on the basis of race.

So as Big Data permeates society, and as algorithms and various modelling techniques try to find patterns that seek to predict individual behavior, if those algorithms are indeed "personalizing" content on the basis of race, religion, gender, or sexual orientation, then how is it NOT discriminatory?

Just because it's the result of an algorithm doesn't make it OK.  Algorithms are programmed by people, after all.


  

Why Good Hackers Make Good Citizens...

By request, here is a TED Talks video on why hackers make good citizens, presented by Catherine Bracy from Code for America.






  

Thursday, March 13, 2014

What Would an Internet Bill of Rights Look Like?

To little fanfare, yesterday marked the 25th birthday for the Internet's most successful "killer app" - the World Wide Web.  Its creator, Tim Berners-Lee, marked the day by releasing a statement and arguing for the urgent need to create an Internet Bill of Rights.

What would such an Internet Bill of Rights look like?  Berners-Lee believes it should be focused on the Web's original founding constitutional principles of open access and open architecture and, additionally, the protection of privacy rights.

These principles may seem on the surface to be apple-pie statements - meaning that nobody really opposes them in their simply-stated form.  However, very serious political debates have arisen demonstrating just how much the devil is in the details.  For instance, open access sounds great, but how does it play out in the F.C.C.'s rulings on Net Neutrality?  Likewise, everyone will publicly support the notion of individual privacy rights but, in actual practice, determining to what extent government regulations are desirable in order to set the rules for what type of data gets stored, and by whom, is certainly a bit more controversial.

The idea of an Internet Bill of Rights is not new, and should one emerge it will likely be more of an expression of constitutional principles (that's constitution with a lowercase "c"), and not a document with any sort of legal bearing.  That said, it can still be immensely valuable and important.

In typical "open" fashion, Berners-Lee is encouraging any and all Web users to head over to the Web We Want campaign and submit their own proposals.  So, armchair-pundits, here's your chance to help draft the legislation that you want to see.  It's a massive crowdsourced effort, like the Web itself.



  

Thursday, March 06, 2014

The Problem with Facebook and Gun Sales...

Here's a case where we can see the "code is law" principle play out right before our eyes.  After coming under scrutiny in recent weeks by a variety of pro-gun-control advocacy groups, Facebook decided yesterday to voluntarily place new restrictions on the selling of guns through its website.

To understand the scrutiny, consider that last week VentureBeat reported that it arranged to buy a gun illegally on Facebook in 15 minutes.  Also, the Wall Street Journal reported that both assault-weapons parts and concealed-carry weapon holsters have been advertised to teenagers on the site.  Additionally, Facebook "community" pages such as one called Guns for Sale with over 213,000 "likes", have been freely available to minors of all ages as well.

Specifically, Facebook has announced that they will begin to...

  1. Remove offers to sell guns without background checks or across state lines illegally.
  2. Restrict minors from viewing pages that sell guns.
  3. Delete any posts that seek to circumvent gun laws.
  4. Inform potential sellers that private sales could be regulated or prohibited where they live.
All of which seems well and good.  Even gun rights advocates shouldn't have too much of a problem with these measures considering that their intent is not ban gun sales on Facebook but rather to better enforce existing laws (which is an argument they commonly make themselves).

But here's the rub.  There's the little detail in the Facebook press release about how the company will rely on users to report posts and pages offering to sell guns.  

So let's be clear.  With the announcement of these measures, Facebook is pursuing a policy of reacting to illegal gun sales on its site, but will not be proactive in preventing them.

The reason has to do with, what The Nerfherder has previously dubbed, The Politics of the Algorithm.  Any advertisements Facebook displays on an individual's feed is not decided upon by human decision-makers, but by a mathematical algorithm.  As a result, a 15 year old from Kentucky might be shown an advertisement selling guns from someone in Ohio based on whether or not the algorithm determines he might be interested in it - regardless of the fact that it is illegal according to federal law to 1) sell guns to a minor, and 2) sell guns across state lines without a dealer license.

This actually happened last month.  The 15-year-old was later caught with the loaded handgun at his high school football game, and the seller has since been charged.

Facebook wants to address such safety concerns and, of course, limit its legal liability.  And (not to pick on them too harshly) these measures are at least a step in the right direction.  The problem is that it's practically impossible to truly regulate online content in accordance with the law when humans have been removed from the equation.  Such concerns are an inevitable consequence of social media's dependence upon algorithms - all of which, as this case illustrates, are both flawed and modifiable.