Friday, October 23, 2009

A Counter-Argument to Lessig and the 'Commons' Model...

In the debate over copyright reform, Lawrence Lessig has been at the forefront of the movement. It is he who has argued that the open internet is being closed off into protected private spaces, and he's become something of a folk hero in the Digital Age for his stance on preserving the public domain. But while netizens remain consumed in their hero worship, some, even within the movement, who are almost universally overlooked, have put forth a counterargument. And it deserves a little bit of attention.

To set the context, Lessig and his followers believe that, when it comes to downloading copyrighted content like music or movies, the issue is far more complex than simply labeling it as between the copyright owners (the good guys) and internet pirates (the bad guys), as the corporate labels and studios would have us believe. History is ripe with a tradition of a public domain, and a balance, still, must be struck between it and the interests of content creators.

From Open Code and Open Societies:

The streets, or sidewalks, or parks; Romeo and Juliet after the copyright passes; all of these things exist in a place modern political culture has forgotten. All of these things exist in the commons - in a public domain, rom which anyone can draw. Anyone can draw from the commons - and here is the crucial idea - without the permission of anyone else. These resources exist in a place where anyone in society is free to draw upon them, where anyone can take and use without the permission of anyone else.

Now of course, strictly speaking, stuff in the commons is not necessarily free. The streets can be closed; or you might be required to get a permit to hold a protest before city hall. The parks might ban people in the evening. Public beaches get full.

But the critical feature of a resource in the commons is not that the resource is free, as Richard Stallman describes it, in the sense of free beer. There may well be restrictions on access to a resource in the commons. But whatever restrictions there are, these restrictions are, as we lawyers say, content-neutral. A park might be closed in the evening, but it is not closed to liberals and open to conservatives. The restrictions that are imposed on a resource in the commons are restrictions that are neutral and general.

The crucial element is that Lessig has attempted to strike a better balance between the ideas of "copyright" and "copyleft" through new legal licensing schemes. He pro-actively established the Creative Commons - a nonprofit organization that seeks to facilitate online sharing and collaboration by creating new types of licenses as an alternative to traditional copyright mechanisms. This blog, for example, uses a Creative Commons license which can be found on the sidebar.

But are new licenses really a resolution to all of the copyright chaos the internet has wrought? Not everyone thinks so.

In an article titled "A Letter to the Commons", Heather Ford challenges this model:

We find the paradox of a space that is called a commons and yet so fenced in, and in so many ways, somewhat intriguing. The number of times we had to ask for permission, and the number of security check posts we had to negotiate to enter even a corner of your commons was impressive...

We were amazed by the ingenuity (and diligence) you display in upholding the norm that mandates that unless something had been named explicitly as part of the 'commons' by its rightful owner, it is somehow out of bounds to everyone else...

You see, we undertook our education in the public library of the street, in the archive of the sidewalk. Here, our culture, came to us in the form of faded and distressed copies, not all wrapped and ribboned with licenses. We took what we could, when we could, where we could...

If we had to listen to your stipulation to share only that which we own, hardly anything would have been passed around...

You call this piracy. Perhaps it is piracy. But we have to think of consequences... When you do not have a public library, you have to invent one on the street, with all the books you can muster, with everything you can beg, or borrow. Or steal...

A world without our secret public libraries would be a poorer world. It would be a world in which very few people read very few books... It would also mean a world in which, eventually, very few people write books. So instead of more, there would be in the end less culture to go around.

This letter is signed, "Denizens of Non Legal Commons".

What fantastic stuff! The letter is written in the same provocative style as classics like the Declaration of the Independence of Cyberspace. It also makes some sense - particularly in its critique of commons licensing which, I have to admit, does often create more barriers to content-sharing than it removes, and also somewhat helps legitimize the existing copyright system.

What we are witnessing is the copyright reform movement's maturation. It's next phase. Almost since its inception, reform advocates have had to cling to Lessig's commons model because, although people believed in it to varying extents, the truth is that there really wasn't any alternative framework out there to choose from. If you believed the copyright system was obsolete, your only constructive legal argument to rely upon, without sounding like a lunatic, was the commons and commons licensing. However, if the reform movement can begin formulating new critiques and new alternative frameworks for understanding the issue, perhaps the movement itself will become what its advocates so fiercely espouse... a marketplace of ideas.

Tuesday, October 20, 2009

Defending Against a Keylogger Phishing Scam...

Still reeling off my email account getting hacked last month, another cyberattack has been brought to my attention. An IT manager and friend of mine describes how his office was attacked last week by a keylogger phishing scam.

Keyloggers are programs that record every keystroke you make and send that information back to malicious users over the internet. A keylogger phishing scam is when a keylogger program is installed on one's machine after clicking through a link in an email or visiting a website that falsely claims to be an established enterprise, but who's real purpose is just to acquire your passwords, account numbers, and other personal info.

My IT manager friend had the necessary precautions in place. Anti-virus software was installed, his users knew not to download and install things off the internet, and Web of Trust was installed on all of their PCs. In the end, none of it mattered. All it took was one person receiving a seemingly innocent email which, when clicked on, installed the keylogger program and, shortly thereafter, his office passwords had become compromised.

What's to be done in this situation? It's the same thing I had to grapple with myself a few weeks ago. First, immediately change all of your passwords, but make sure to do so on a separate computer. Otherwise, the keylogger will still record your new info. Second, re-format the hard drive by re-installing the operating system (which is a major pain in the rear-end, but necessary). Finally, make sure to keep your users regularly informed of best practices and what to look out for - whether that's your wife and kids at home, or members of your department at work.

A strong example can be found in the email following the attack on my friend's department...

Fishing scams and targeted attacks like the one this morning are almost impossible to avoid without knowing what to look for. As a general rule, never follow a email link without double and triple checking the URL in the browser (It will be disguised in the email). Also never download and install software via a email link, no matter how convincing. Your virus software will not always protect you!

Keep in mind Virus software is marginally effective and will not always find a virus, especially new ones. So keep vigilant and install Web of trust.

My guess is that the scammers of this morning were looking for email account passwords or bank passwords via key logging software (which you would have to download and install yourself). Once installed they can see anything you type.

I've said it before. Ultimately, we're all vulnerable and relatively helpless against such attacks, even when all of the usual precautions are taken. The best we can do is educate ourselves and remain vigilant so that when bad things inevitably occur, we can react swiftly and effectively, and minimize the damage wrought.

Monday, October 19, 2009

Is Software Code a Type of Free Speech?

As protest movements migrate into cyberspace, there is a growing legal debate over to what extent the programmers who write its source code are actually expressing themselves. In other words, is code only functional, or is it also expressive? And more importantly, should source code be Constitutionally-protected as a type of free speech?

In an article written last month in Cultural Anthropology, NYU's Gabriella Coleman comes down on the side of "code is speech". She cites examples of how programmers have used their source code as a means of political expression, and, particularly, as protest actions.

For example, one software developer, Seth Schoen, published a haiku in 2001 that was actually a transcoding of a free piece of software called DeCSS, which could be used to decrypt access controls on copyrighted DVDs. Schoen wrote his haiku (spreading DeCSS's source code) as part of a wave of protests following the arrest of DeCSS's co-author, Jon Lech Johansen.

Typically, written forms of expressions - haikus, poems, essays, etc. - are protected as free speech by the First Amendment. However, should they still be considered as such when their true intent, critics argue, is simply to facilitate illegal acts of DVD piracy? On the other hand, isn't the source code the haiku is openly trying to mask a form of civil disobedience, nonetheless? Isn't it ultimately still an idea that people are trying to express?

Coleman pushes the argument that "code is speech" further. She argues that there is an emerging trend of programmers and technologists gaining a facility for the law and, consequently, tinkering with it to suit their needs. This informal legal expertise is being acquired, then shared, as a means of challenging regimes that obstruct them. Once empowered, these techie-turned-amateur-legal-experts engage in "contentious politics" to advocate for their causes.

Ultimately, programmers are collectively attempting to construct new legal definitions and artifacts - a process that theorist Robert Cover calls "jurisgenesis". Developers are challenging the idea of software as property "by crafting new free speech theories to defend the idea of software as speech".

It's a fascinating development that's occurring right before our eyes, and it's pretty evident once we take a step back and look at it. I, myself, am apparently an unwitting part of this movement, being a programmer-turned-academic who has "infiltrated" the ivory towers to redefine the meanings of internet technologies for the intellectual establishment.

Either that or I just have too much time on my hands :-)

The fact is that, more and more frequently, source code really is being written as a form of expression, and when that's the case, it ought to be considered a type of speech. That doesn't mean it's suddenly legal to pirate DVDs; only that the sharing of ideas shouldn't so haphazardly be censored in the name of copyright infringement. After all, if the courts have ruled that the Anarchist Cookbook is legally able to publish tutorials on how to make bombs, as a protected form of free speech, then a haiku masking some C++ code doesn't seem nearly as destructive.

But, I guess that depends on who you ask.

Friday, October 16, 2009

Venture Capital Funding On The Rise...

Software engineers and programming students take notice. Even in the current economic climate, there is a bright ray of sunlight... venture capital funding is on the rise, particularly in technology.

According to, venture capital activity hit $6.1B in the third quarter of 2009, a healthy 14% increase over Q2 2009 when venture capital investment stood at $5.3B. The investments were spread across 678 deals (up from 613 in the prior quarter).

Of course, this amount still doesn't compare favorably to the doldrums of the recession in the third quarter of 2008 when ChubbyBrain data shows venture investing stood at $7.2B. But it's nevertheless a significant upward trend and "there is room for cautious optimism".

The Chubbybrain report also shows that the top five states for receiving venture funding are 1) California, 2) Massachusetts, 3) Texas, 4) New York, and 5) Georgia. The month of September, in particular, saw a huge influx of funding, as did the state of California.

What does all of this mean? How about that, even in these trying economic times, there is still a market for entrepreneurs and business innovation. Funding remains out there for startups in need of seed money, and those who let the newspaper headlines discourage them face the very real prospect of missing out.

Thursday, October 15, 2009

Blog Action Day 2009: Climate Change Links...

Each year, Blog Action Day is held to focus the attention of bloggers on a specific cause. It is cyberactivism come to reality, and this year's cause is climate change. As usual, however, there are more blog posts being written about the Blog Action Day event and its statistics than there are about climate change itself.

So what to share? The event's organizers suggest a list of interesting climate change topics for bloggers to write about. These were so diverse, I figured I would just share the list itself...

  1. Google has built a site where you “explore the potential impacts of climate change on our planet Earth and find out about possible solutions for adaptation and mitigation, ahead of the UN’s climate conference in Copenhagen in December.” They’ve got a Google Earth mashup, a introductory video featuring Al Gore, and more. Visit: Climate change in Google Earth.

  2. Climate change is a human issue. It isn’t just about saving the planet and communities around the world face serious threats from the climate crisis. The TckTckTck campaign has created a great tool for learning the stories behind the human face of climate change. It’s called the Climate Orb and it is an animated interactive tool housing first-hand stories searchable by country, keyword and timeframe. Explore the Climate Orb.

  3. There’s a lot more to solving the climate crisis than just sitting back and leaving it to world leaders and policy wonks to figure everything out. Need inspiration? Meet Alec Loorz, the creator of Kids vs. Global Warming. He describes it as “group of kids that educate other kids about the science of global warming and empower them to take action.” The site shows that everyone really can play a role in tackling climate change.

  4. Just the facts, that’s what some people want—as long as there are lots of cool charts, graphs and clear explanations of course. That’s what’s great about the Pew Center for Global Climate Change’s “Facts and Figures” site, it is filled with all the charts and graphs you need to get a much clearer picture of what causes climate change and what effects it has. If you want even more information you can also check out their entire Climate Change 101 series.

  5. At this point you’ve probably heard of “carbon footprints” and you might have even used an online calculator to figure out what yours is (and thus what your impact is on climate change). The problem is that there are just so many calculators out there now it can be hard to figure out which one to use. Thankfully you can learn about your options from MNN’s 15 Best Carbon Calulators survey.

  6. OK, but how will climate change affect you? What are the consquences that are mostly likely to impact your day-to-day life? Take a look at this list of The Top 100 Effects of Climate Change. From “Say Goodbye to Pinot Noir” to “More Bear Attacks” to “Malaria Spreading in South America” to “More Stray Kitties” it seems like climate change is going to have a lot of consequences, some big, some not so big.

  7. On the other side of the coin, you might want to be a little more optimistic and review the science behind “10 Solutions for Climate Change” which details what we can actually do to solve these problems personally and as a larger society.

  8. Finally, don’t forget that people all around the world are getting involved and taking action. Next week, on October 24, is organizing the International Day of Climate Action. You can visit their site and see what people all around the world are planning to do next week to demonstrate their commitment to stopping climate change.


Wednesday, October 14, 2009

The Myth of Computers in the Classroom...

Reading an older article by Yale professor David Gelernter (from 1994), he puts forth the argument that, while teachers and school administrators tout their merits, computers in the classroom are highly overrated and actually have the potential to do far more harm than good.

As both computers and internet access have become integral parts of the nation's classrooms in the 15 years since the article was written, the question still applies... Do computers and the internet do more to help or hurt students' educations?

To be fair, Gelernter does explicitly recognize the value of computers and states that they definitely should be in schools. However, he writes,

In practice, computers make our worst educational nightmares come true. While we bemoan the decline of literacy, computers discount words in favor of pictures and pictures in favor of video. While we fret about the decreasing cogency of public debate, computers dismiss linear argument and promote fast, shallow romps across the information landscape. While we worry about basic skills, we allow into the classroom software that will do a student's arithmetic or correct his spelling.

In a fantastic line, he admits that, "On the other hand, I ran this article through a spell-checker, so how can I ban the use of such programs in schools? Because to misspell is human; to have no idea of correct spelling is to be semiliterate".

The onus certainly is on the teachers. A recent 2009 study by the National Center for Education Statistics (NCES) found that:

  • 66% of teachers reported using computers or the Internet for instruction during class time.

  • 41% reported assigning students work that involved computer applications such as word processing or spreadsheets to a moderate or large extent.

  • 31% reported assigning practice drills.

  • 30% reported assigning research using the Internet to a moderate or large extent.

So how can we strike a balance between empowering students with computer skills that are vital in the modern workplace while still ensuring that basic academic skills do not suffer in the process?

Gelernter offers three suggestions. First, children's software that is used in the classroom should be more substantive and not only demonstrate the glitzy technical capacities of new media. Second, computers should be used only during recess or relaxation periods because they are not "surrogate teachers". Third, educators and parents should remember that "you cannot teach a child anything unless you look him in the face".

Computers, indeed, are no panacea. They cannot form an effective substitute for good teachers, and education policies should not conceive of them as such. However, the truth is that failing to include computer training and basic internet awareness in curriculums does our kids a great disservice. Make no mistake, everyone fundamentally needs these skills to function in the modern workplace and simply to participate, to a large degree, in contemporary culture. Again, it is a balance that is needed.

This blog post was written by a PhD candidate who uses spell-check religiously :-)

Friday, October 09, 2009

Hackers and Democratic Liberalism: Notes on a Seminar...

Last night, I attended a seminar by Gabriella Coleman, Assistant Professor of Media Culture and Communication at NYU and author of the forthcoming book, Coding Freedom: Hacker Pleasure and the Ethics of Free and Open Source Software.

The topic was how ideas of democratic liberalism get marshaled in a technological context. Coleman discussed as her main example the case of Anonymous versus the Church of Scientology. She highlighted the history of the cyber-conflict, tracing its roots back to USENET in the early 90s.

The Q&A following the seminar was fascinating. Among the issues raised that piqued my interest:

  • "The Politics of Spectacle"

  • "The tyranny of expertise"

  • A question as to why hackers often appear so "anti-religion"

  • A question as to whether members of Anonymous are only "role-playing as activists"

  • A striking consensus among the audience that such hackers "seem like they are all between 12 and 20 years old" (not based on any data), and subsequent theories based on that assumption.

  • As far as political causes go, audience members generally seemed united in bewilderment that opposing Scientology was so high a priority for these hackers.

My two points of constructive criticism would be that, first, there needs to be more mediation of audience commentary. As often happens at many lectures on digital media topics, academics tend to marginalize hackers as almost other-worldly alien beings. Most members of Anonymous and other internet trolls are, in fact, NOT between 12 and 20 years old, and to conceive of them in such homogeneous terms - trying to squeeze a round peg into a square categorical box - does a great disservice to the intellectual debate. Anonymous members and other hackers don't even need above-average technical skills. Many of their tactics are as simple as launching an "edit war" on Wikipedia and book reviews. In short, reign in the audience to prevent them from trivializing what Coleman herself described as a fairly complex "political phenomenon".

Second, a lot of the language used to describe the cyber-conflict threw around terms like "geeks", "hackers", "tricksters", "yippies", and the like. There are notable distinctions between them. I perceived Coleman's main point, centered on the ideals of democratic liberalism, in the specific context of hacktivism, which was a helpful framework for understanding the issues discussed. There is a growing body of literature on hacktivism for those interested in the political movement angle of this story.

Overall, the seminar proved to be excellent brain-fodder :-)

Wednesday, October 07, 2009

Govt Calls for Full Disclosure Among Bloggers...

In case you missed it, the Federal Trade Commission announced on Monday that, from now on, amateur bloggers must publicly disclose freebies and financial interests or else face fines of up to $11,000.

The problem the FTC is trying to address is that many bloggers and reviewers on sites like occasionally get free samples from, and sometimes even get paid by, the companies they're reviewing. The FTC sees this practice as deceptive and wants to ensure that "word-of-mouth endorsements on the net are easier to believe".

This is a noble goal, perhaps, but deeply misguided. One major problem with the plan is that it only applies to amateur bloggers and reviewers; NOT to professional established sites. As Wired reports, a wine hobbyist or an avid reader who simply wants to post a review about their favorite book on Amazon would have to disclose any freebies he received or face a hefty fine, however Consumer Reports or Wired's Gadget Lab would not face the same requirement. "The FTC's logic is that people trust established sites".

There are other issues that make the new rules impractical.

  1. Is it enough to disclose on an “About Me” page that one accepts samples or does each review need to have that disclosure?

  2. Do the rules apply to blog posts only, or other online mechanisms as well? For example, what about short 140-character reviews on Twitter (where there isn't necessarily room for a disclosure statement)?

  3. What are the responsibilities of aggregation sites like Google and Microsoft that might display posts that are "sponsored"? Likewise, what about affiliate links that profit the blogger even if no freebie was given?

  4. Fundamentally, what is the distinction between a professional site and an amateur one?

These are all excellent questions that the FTC has failed to address. There is no clarity in the new rules, thus creating mass confusion that will lead to either 1) a chilling effect on speech, or 2) people completely ignoring the rules.

The FTC's attempt to regulate "amateur" content online is a bad idea almost any way you look at it. Let websites work it out on their own - most will find that reliable and honest reviews will bring return traffic while hucksters will be weeded out and gain a reputation for being exactly that. Full disclosure is in reviewers' best self-interest anyway, and that applies to all websites, amateur and professional alike. The government need not get involved in such regulation at all.

Monday, October 05, 2009

My Email Account Was Hacked!

A horror story for the books...

About two weeks ago, my PC was infected with a virus. Norton discovered it, but wasn't able to quarantine or remove it. Apparently, the virus' purpose was to log my keystrokes to phish for passwords.

As a result, once I logged into my Hotmail account, the virus recorded my password and sent it back to the scammers using my active internet connection.

The next morning, while I was working outdoors in Central Park, nowhere near a computer screen, a friend called me to say that he just received the following email from what appeared to be me. Worse, this email was apparently sent out to every single person in my Address Book...

Wish you enjoy a great day!
This is an electronic company . We are now launching a new marketing campaign, some of our products are special offer. What's more, we can give you the best price for the products that you are seeking for.
We mainly sell electrical products,such as laptop, lcd tv, camera
,mobile,Mp4, GPS,and so on.What you need to do is just sending us your detailed inquire or order. We can offer the high quality and competitive price, and all the products come with international warranty.
It will be a great start , and we Sincerely hope we can build friendship of trade relation in the future!
It's our pleasure to hear from you.
Best regards,
please visit our website:

It's interesting how even with all the technological tools we rely on in our digital worlds everyday, the most effective security warning systems are still our real-life social networks made up of human beings. Within an hour I received about two dozen phone calls and emails from friends and family making sure I knew about this and asking if they could possibly help. Some example comments...

  • "Why are you sending this spam, man?"

  • "I think your account was hijacked."

  • "Want to know the truth? If I'm correct, I think this company comes up first every time on google shopping (with good prices and customer ratings) every time I look for a camera or headphones or something..."

  • "Yo what is this, do you know them and can they deal with schools, purchase orders? I spent $8500 last year on supplies."

  • "Thats very considerate of you to offer me such a good deal. Dude, your computer seems to have an STD!"

  • "Did you send this out to demonstrate the hilarious butchering of the English language?"

My first response upon finding out my email account was hacked was to call my wife and immediately have her change all of my passwords on any accounts that might have recently been used. Second, once I went home, I unplugged the infected PC from the router, thus severing its connection with the internet (so even if the virus was still collecting my data, it couldn't send it out). Finally, I spent the better part of two weeks trying to clean up the PC and quarantine any infected files, ultimately deciding to reformat the entire C: drive by reinstalling the operating system.

It's unfortunate that there's no real remedy for this since the perpetrators are likely located overseas and that, even if found, it's extremely difficult to legally prove that they were indeed the culprits. But so it goes. Even the best anti-virus software is flawed and it's inevitable that at some point everyone will share in this experience. The best thing we can do is simply be each other's best early detection systems.