Monday, November 28, 2011

The 'Occupy Flash' Campaign...

Looking for some nonsensical news today? Try the emergence of an "Occupy Flash" movement. Adobe Flash, that is. The group's goal is to get the software firm to abandon Flash altogether - not just for the mobile web, as Adobe already did two weeks ago - and instead push Web developers to HTML5.

To most readers, this needs a bit of explanatory context. See, critics have knocked Flash for several years now as making the Web less functional. Sites that use it as a design tool, while very nice-looking with all the bells-and-whistles, then cannot be properly displayed on computers or devices without the magical Flash plugin. It created a situation where much of the Web was basically inaccessible for people who didn't want to download the sometimes-buggy software. And to cyber-ideologues, that flies in the face of the "Open Web" concept.

But what's really behind the "Occupy Flash" campaign is a nerd-based devotion to promoting HTML5 - an open language developed by the World Wide Web Consortium (W3C). HTML5 handles multimedia in some similar ways as Flash, but because it's not a proprietary corporate-owned software product, the push is on for its widespread adoption.

Ummmm... some problems with the "Occupy Flash" movement...

First of all, there are still some things that Flash can do that HTML5 cannot, and as long as this is the case, Web developers will probably still want to occasionally make use of it. And if they want to, they should be able to.

Second, why is there a need for Adobe to suddenly just stop distributing Flash altogether? If what critics say is true, then why not just let Flash die off gradually on its own? It's happened before. Remember "RealPlayer"? There's no need to be so heavy-handed.

Third, users also have a capability to "flashblock-by-default". As long as that's the case, it seems like a decent compromise solution.

In the end, the massive push by HTML5 supporters (of which I actually consider myself one) comes across here as rather maniacal and definitely unnecessary. "Occupy Flash", really? Just let better open technology run its course. The writing's on the wall anyway.

Monday, November 21, 2011

Dot-BIT and Alternative Domain Name Systems...

There is only one scarce commodity on the Internet - domain names. The one-and-only official Domain Name (DNS) System is run by an organization called ICANN and they are responsible for maintaining the Internet's basic functionality. After all, imagine the chaos that would ensue if there were a thousand different websites that all used the domain name "". ICANN makes sure that doesn't happen.

The ways in which ICANN makes decisions about the DNS system are very political and creates winners and losers. But the losers never had any recourse. There is only one DNS system run by ICANN and the buck stops with them.

But does it have to be that way? Can new top-level domains (TLDs) be created outside of ICANN's control?

Why not?

The prevailing wisdom for years has been that opening up domain name adminstration to mutiple organizations would lead to that aforementioned chaos. However, there is a growing hacktivist trend to circumvent the existing DNS system.

On a technical level, this is accomplished through the use of proxies. The most well-known example is Tor, a software suite that creates a virtual anonymizing network, also called a "DarkNet". As this Ars Technica article explains, there is now another...

Called Dot-BIT, the effort currently uses proxies, cryptography, and a small collection of DNS servers to create a section of the Internet's domain address space where domains can be provisioned, moved, and traded anonymously.

So far, over 4,000 domains have been registered within Dot-BIT's .bit virtual top level domain (TLD). Those domains are visible only to people who use a proxy service that draws address information from the project's distributed database, or to those using one of the project's two public DNS servers...

Dot-BIT is derived from a peer-to-peer network technology called Namecoin, derived from the Bitcoin digital currency technology. Just as with Bitcoin, the system is driven by cryptographic tokens, called namecoins. To buy an address in that space, you either have to "mine" namecoins by providing compute time (running client software that uses the computer's CPU or graphics processing unit) to handle the processing of transactions within the network, or buy them through an exchange with cash or Bitcoins. All of those approaches essentially provide support to the Namecoin distributed name system's infrastructure.

You can also get an initial payout of free namecoins from a "faucet" site designed to help bootstrap the network. The cost of entry is pretty low: currently, registering a new domain costs about 1.6 namecoins, which can be had for about five cents.

Your registration isn't associated with your name, address, and phone number—instead, it's linked to your cryptographic identity, preserving anonymity. Once you've registered a domain, you can assign it by sending out a JSON-formatted update request, mapping the domain to a DNS or providing IP addresses and host names to be distributed through Dot-BIT's proxies and public DNS servers. That information is then spread across all of the network's peer systems.

Simple, right?

Personally, I don't see Dot-BIT as being a meaningful tool for evading censorship. The existing DNS system remains, what Marcus Franda has called, a "single controlling point" on the Internet, and as such, websites with Dot-BIT domains can still be shut down from the primary root servers.

But what's really interesting is the mere possibility of an alternative domain name system. It seems so absurd, and such an anomaly, that the democratizing force of the global Internet is still controlled, essentially, by one organization with monopoly power and no public oversight. Eventually, as hacktivist groups keep trying to develop alternative domain name systems, ICANN will inevitably be faced with a choice - to reform their processes or be circumvented.

Wednesday, November 16, 2011

Can the Police Install GPS Tracking Devices on People's Cars Without a Warrant?

A case was argued before the Supreme Court last week - U.S. v. Antoine Jones - which strikes at the heart of the Fourth Amendment right to privacy, specifically the prohibition of unreasonable searches and seizures.

In 2005, D.C. police, working with the FBI, installed a GPS tracking device on Jones' car without a warrant. Eventually, acting on information they had gathered, the police then did obtain a search warrant and found a huge stash of cocaine, firearms and cash.

Jones' lawyers argue that, under the Fourth Amendment, a warrant is necessary before installing GPS tracking devices on citizens' cars.

On the other side, the police argue that it's not necessary because the authorities could have tracked the suspect's car under existing law simply by assigning enough police officers to follow him. Justice Kennedy told the defendant's lawyer: "What you're saying is that the police have to use the most inefficient methods." As L. Gordon Crovitz of the Wall Street Journal points out, to put it another way, "wouldn't most Americans think it unreasonable to lock law enforcement into earlier generations of technology when criminals use the latest technology?"

This case highlights the evolving nature of privacy rights in the context of rapidly changing technology. Most of us instinctively cringe at the thought of GPS devices being installed on our cars whenever authorities might feel like it, but then again most of us already opt for GPS tracking devices in our cars voluntarily. And the police make a good point: How different is it, really, than just having a squad car follow a suspect around?

They're both reasonable arguments, which is why, in the end, it all comes down to defining social norms. It's those norms that the justices must ultimately ascertain in order to define what constitutes "reasonable".

Crovitz is right that, culturally, Americans are more and more frequently choosing to give up their privacy in exhange for technological benefits - whether it be Facebook, Foursquare, always-on smartphones, etc. - and to a large extent this is, indeed, the norm these days.

However, I'd like to make a counterpoint... the social norm here is more nuanced than simply, "people don't care about privacy". I would argue that there is still a cultural expectation against technology in many cases. For example, this is why in baseball there remains no instant replay for calling balls and strikes, or why many municipalities still don't issue traffic tickets completely based on cameras. Somehow, even though it's technologically possible, people nevertheless don't quite think it "seems fair". The public finds it undesirable. There is a social norm that electronic surveillance can still go too far, and that's particularly true when it comes to the authorities as opposed to private websites that allow you to opt-out. Of course, there is no opt-out from the police.

This isn't to argue that GPS tracking devices shouldn't be used at all on suspects; only that public law enforcement, in order to avoid a dangerous slippery-slope, ought to still get a warrant first.

Wednesday, November 09, 2011

When Hackers Battle Mexican Drug Cartels...

The hacker group Anonymous is highly controversial. At times they have been a force for good - for instance, when they assisted Iranians protesting their authoritarian government. Other times they've been a force for the not-so-good - like when they launched cyberattacks against a wide array of legitimate businesses that opposed Wikileaks last year.

Suddenly, the cyber-world of hackers is clashing head-on with its real-world counterpart. According to InfoWorld, the Zeta Mexican Drug Cartel recently kidnapped a member of Anonymous for making critical statements about them. The Zeta Cartel is known to have murdered and dumped the bodies of dozens of people on the side of one Veracruz highway.

Members of Anonymous responded by posting this YouTube video threatening to publicize the names of all Zeta collaborators unless the Anonymous member was freed - claiming they could identify journalists, police officers, and even taxi drivers.

What happened then?

Zeta has not shied away from targeting its online critics. In September the crime group hung two people from an overpass with a nearby sign warning bloggers and "online snitches" to beware, according to Wired. Later the same month, the decapitated body of another social media reporter was found with a similar warning.

Worried about the impact on both misidentified people and Anonymous followers, other supporters of the Anonymous movement worked to dismantle the operation over the weekend. In effect, the group canceled the attack, according to online news site Milenio.

So Anonymous is retreating. Wow. The hacker group that has reveled in its anarchic role in cyberspace has apparently met its match... that match being "reality". Keyboards versus shotguns is quite the wake-up call.

It's one thing for indivuals to try and wreak digital havoc from the safety of their living rooms, anonymously, with little concern for the consequences. Usually there are none. However, take those same individuals, remove them from their safe confines, and make them accountable for their actions, and it's a whole different ballgame.

To be clear, in no way, shape, or form should the Zeta cartel's actions be even remotely condoned or justified. They are, in fact, despicable, and downright frightening. It's just interesting to observe - as someone who's been following the misadventures of Anonymous for several years - how these folks aren't nearly as brazen when their actions might reap consequences back upon themselves.

Wednesday, November 02, 2011

The PROTECT IP Act: Why Can't They Get Copyright Right?

The history of the copyright issue on the Internet basically boils down to the music and movie industries trying to permanently shut down any website that contributes to copyright infringement, while the courts have repeatedly held them in check saying that doing so would be a violation of the First Amendment and, in effect, an institutional form of censorship.

And here we go again...

The PROTECT-IP Act (also known as the E-PARASITES Act) is the latest bill that lobbyists for the music and movie industries are pushing through Congress. The bill seeks to protect the interests of copyright holders by forcing ISPs to block access to any site deemed by those industries to be "contributing towards infringement". No one quite knows what this means, and it can be interpreted quite broadly. The icing on the cake... such sites can be shut down with no adversarial hearing. That's right; if this bill passes, websites can now be shut down without any involvement or ruling from the courts.

The problems are the usual suspects. First, the vague language used to define "contributing towards copyright infringement" is overly broad and can be applied to almost any website. Google, Facebook, Yahoo, and YouTube could all theoretically be shut down based on this language if, even once, someone posts anything deemed by the industries to be "contributory".

Second, the prescribed solution of forcing ISPs to prohibit access to such websites preemptively without going through the courts amounts to censorship without due process, and has to make any American who supports free speech and free press recoil. Could you imagine if the same standard was held to newspapers? Where the New York Times could be shut down - the entire newspaper SHUT DOWN(!!!) - because Hollywood claimed it once - once(!!!) - violated copyright with a specific movie review? And where it would be shut down without a court reviewing the case?

Mike Masnick from Techdirt offers a scathing critique of the bill where he points out...

And while defenders of this bill will insist it's only designed to target truly infringing sites, let's just recall a small list of sites and technologies the industry has insisted were all about infringement in the past: the player piano, the radio, the television, the photocopier, the phonograph, cable tv, the vcr, the mp3 player, the DVR, online video hosting sites like YouTube and more.

Here's the thing. The problem of online copyright infringment is real and many people are at least somewhat sympathetic. However, by the music and movie industries reacting, over and over again, with such ridiculous Draconian solutions, they lose any credibility - and that filters in to the public's perception of the problem as well. If, for once, these industries would stop trying to create an Internet blacklist and censor half the Web, and instead formulate something - anything - even slightly reasonable, people might not be so quick to brush them off as out-of-touch lunatics.

The PROTECT-IP Act is a travesty.