Technology, Thoughts, and Trinkets

(Source)

In this post I’m going to briefly note just how bad an idea it is, for citizens, that ISPs and content providers are working together to resolve ‘copyright infringement’ without having a substantial degree of government involvement.

Rules of the game

Perhaps you’re familiar with baseball (or California penal rules). In either case, you’ll have heard of the ‘three strikes and you’re out’ rule. In baseball, this would mean that a batter returns to the dugout, and another person attempts to swat a ball and race towards first base. In the penal system, it indicates that you’ve committed enough criminal offenses that you’re going to have the book thrown at you . . . the next person behind you in court can then try to argue why they’re innocent, and go free (first base?).

Viva la France!

France has recently set in place a three-strikes rule - if you are caught infringing on copyright three times, then you will have your Internet access terminated for a year. The question that arises is this: what happens if someone uses your computer without permission? How can you appeal any incorrect or unjust decision? What does this have the effect of doing to a member of a rural community, where the ‘net has become a core way of communicating with the world at large and their government representatives? What role do citizens play in how a core system of communications, that they have come to rely on, is being affected by corporate interests?

Hello world!

With governments around the world demanding that copyright groups and ISPs find a workable solution to infringement that doesn’t tie up court systems, the three-strikes model is gaining ground. This is significant, as it would shift the role of ISPs from passively watching content as it streams across and out of their network, to a more active analysis of what individuals are doing on their networks. This shift in activity corresponds with the increasingly common deployment of Deep Packet Inspection technologies throughout ISP networks, technologies that shift through each piece of data that a person transmits to, and receives from, the ‘net. With these technologies, along with digital ‘fingerprints’ to look for, ISPs will be able to either prevent their users from infringing on most copyright (should the system be designed with a user-designated ‘censoring’ mode), as well as more effectively identify when they might be in the midst of, or preparing to, infringe.

Goodbye World

What happens when a six-year old child is ‘caught’ downloading something to the family computer a few times? Should the parents lose all access to the ‘net for a year, or should they return to disciplining the child? What happens when someone files a copyright infringement notice, but it turns out that a person’s computer had been taken over by spyware? What systems are in place to address these issues?

An ISP isn’t the police, nor is it a part of the judiciary. Given this, why shouldn’t the courts be the solution to copyright infringement? The response is often that it would clog up the courts, but this presumes that the laws that are being applied to individuals, but were prepared to account for businesses infringing, are the ‘right’ kinds of laws for individual citizens. Should a person really be charged the same amount for showing their friends a copy of a hallowed Simpsons clip as a corporation that is using it for corporate promotion? There seems to be an analytic difference between these two groups, and this is a difference that needs more attention before these kinds of ‘three-strike’ rules are set into place.

Technorati Tags: copyright, DPI, IFPI, Internet, Infringement, Surveillance

(Source)

A few years ago Computer World ran a particularly good piece on Radio-frequency identification )RFID entitled ‘Opinion: RFID security worries need a reality check‘. I’d highly recommend taking a look at it, for a pair of reasons:

1. It identifies that hackers will only look at RFID tags once the data they transmit is easy to send along electronic mediums, with the data being transmitted itself valuable (i.e. not simply the location of valuable goods, but the information must be a valuable good in itself);
2. It blindingly misses the point that RFID opens a new avenue of attack that could seriously contribute to an e-warfare application.

RFI-What?
You might have heard about RFID in the news over the past few years. In case you need a quick primer/update, here’s the basics on RFID:

• It’s not new - RFID has been in use since WWII to organize valuable assets and more effectively track them;
• RFID can either actively broadcast information, or have the chip activated when placed within ‘hot’ zones - an RFID device does not necessarily always broadcast information;
• There are different ISO standards for various RFID types - some support encryption, some do not, some support active transmission of data (i.e. they are always broadcasting information), and some do not (these are termed passive RFID devices);
• RFID Tag are often confused with Contactless SmartCars (CSCs) on the basis that they mutually use radio transceivers to broadcast information. Different ISO standards are used for these two types of devices, with CSCs having been developed with encryption and privacy issues in mind;
• On the topic of read ranges - RFID tags can be read up to 10 meters or so away, whereas CSCs are usually read from a maximum of about 5cm away from a reader;
• RFID Tags are to be placed in many of the Enhanced Drivers Licenses (EDLs) in Canada, whereas CSCs are being insert into the e-passports that are being deployed in Britain and the US.

RFID - It’s worth some e-money now
In the article by Computer World, it was noted that:

Information criminals steal information that’s readily convertible to cash, not meaningless EPC RFID inventory data. The people who design EPC standards know far more about the risk to supply chains than cloistered academics engineering these meaningless proof-of-concept exploits.

The EPC initiative is backed by companies that suffer billions of dollars in global supply chain losses every year. They have performed a rigorous risk analysis and concluded that the effect of a supply chain exploit targeting EPC chips is relatively low. They also have determined that the probability of seeing a wave of hacks on EPC chips is similarly low. (Source)

What does this say? It says that billions were already being lost to supply chain losses - this isn’t necessarily the case when it comes to shunting people across borders, save through some reasonably abstract understandings of what it means to lose money as people cross the border (this would be where efficiently metrics as they relate to human actions would come in). It also says that from a supply chain analysis, it’s unlikely that there would be any kind of attack/hack on EPC chips.

Supply chain analyses are (presumably) different from border crossing analyses - the former relates to product as they move around the world, where there are known losses, whereas the former relates to the movement of citizens between different legal jurisdictions. Unless we’re talking about independent organizations being able to track the number of people that disappear as they hit various borders as they are ‘redistributed’ to Gitmo or similar detention areas, I fail to see how ‘known losses’ fit with a situation where citizens are crossing a border.

Moreover, whereas a supply chain is only likely to hold value to rival retailers (knowing how Wal-Mart moves all of its supplies internationally might provide a competitive advantage), knowing how and where citizens are traveling, as well as gaining access to a wide population’s biometric information, is of value to most bureaucratic bodies in public and private settings (imagine travel insurance companies learning just how much you travel!). The opportunities to be gained from this kind of information are high, which translates into the possibility of monetizing RFID hacks. When you’re dealing with sensitive information that can be communicated along the ‘net, with that information being valuable in and of itself, then it’s likely that those ‘cloistered academic’ engineering exploits will quickly become meaningful.

To encrypt, or not encrypt - that is the question
When it comes to your driver’s license, health card, or any other piece of government- issued ID you can visually confirm that the information displayed on the ID-piece is accurate. Given that the cards have the information placed on them after it is harvested from the appropriate databases, it is easy to determine whether or not the printed information is accurate or not and, correspondingly, whether the databases that were drawn on hold accurate personal information. When if comes to RFID Tags, however, you can never be entirely certain what is being broadcast, unless you have a way of reading the information. This would mean that, to ensure that accuracy of broadcast information, that you would need to be able to read it. This suggests one of two things:

1. Information from RFID Tags is broadcast ‘in the clear’, that is, the information broadcast is not encrypted, enabling citizens to determine if the broadcast information is accurate;
2. Information is encrypted, but there are many public readers where you can confirm the accuracy of the information being broadcast.

There are obvious problems with the first choice - it would mean that very personal/private information was being broadcast to the wider world. There are clear security problems with this possibility. The second choice - encrypted but lots of public access points - is good, but only if the access points are relatively ‘hardened’, if they are easy to find and access, and if the RFID Tags are set to a passive, rather than active, broadcast.

The problem with most encryption schemes, as they’re proposed at the moment, is that citizens would be unable to access the information that was being broadcast. This is intended to assuage citizens that their personal information is secure, but fails to provide them with the ability to confirm the accuracy of their personal information that is either being transmitted using RFID on CSCs or called up in databases associated with RFID Tags. For a democracy to thrive a government must be transparent, and citizens need to be able to perceive themselves as the legislators and subjects of any law. How can one legislate a law, when the consequences of that law are subsequently hidden? When it comes to identity programs, citizens must be able to understand precisely what they are giving up to authorities when challenged for ID.

Catch-22 and beyond
The current EDL proposals in Canada call for unencrypted transmissions of identifier numbers that than ‘hook’ into a government database. Unlike the government of Canada, most RFID venders recommend that data that is transmitted be encrypted. Unfortunately, the choice between encryption or not leads to a catch-22 situation; they either lack transparency, or they risk putting citizens’ biometric information in the public eye. This isn’t to say that there aren’t technical solutions to this issue - solutions can be implemented - but pursuing a technical solution fails to recognize that we, as citizens, really need to determine whether or not RFID-enabled identity cards are really needed!

In Canada, EDLs are being created in order to satisfy the American securitization of their borders. Putting aside whether or not that securitization is real security, or merely security theater, we as Canadians need to ask whether or not we want to open ourselves to a heightened risk of biometric theft (an upgrade of mere ‘identity’ theft), or simply pony-up for passports. Canadian passports are valid pieces of international ID, and can be used to cross the Canada-US border (as well as the other borders of the world). Instead of investing in EDLs and the massive infrastructure that will accompany them, why not simply divert that money to subsidize the cost of passports?

Technorati Tags: Canada, CSC, EDL, IT, RFID, Security

(Source)

This is just a really quick thought that I wanted to toss out.

I perceive a problem associated with the digitization of public records: such digitization allows business interests to gather aggregate data on large collections of people while retaining identifiable characteristics. This allows for a phenomenal sorting potential. At the same time, we might ask, “is there anything we can, or really want to, do about this?”

Paradigm Shift
I hear this a lot - ‘Chris, you have to understand that things are different now. The paradigm is shifting towards transparency, and there’s nothing wrong with that, and you’re being a pain in the ass suggesting that there is anything wrong with transparency. Do you have something to hide, or something like that?’ This particular line bothers the hell out of me, because I shouldn’t have to expose myself without giving my consent, especially when I previously enjoyed a greater degree of privacy as a consequence of obscurity and/or the costs involved with copying, sorting, and analyzing analogue records. I fail to see why I have to give up past nascent rights and expectations just because we can mine data more effectively (hell, that would have been a meaningless statement around the time that I was born…). Efficiency is not the same as superior, better, or (necessarily) wanted.

Solution One: Creative Commons
I (generally) don’t mind people reading about what I’ve written, or about various facets of my life. Were I in court for some reason, a part of the justice system really does entail other people being able to read court records so that they can identify with the law as it was dispensed by and for the people (this is one of the areas where Hegel certainly puts an explanation of the legal system far more eloquently than Kant ever did, though both argue this point along dramatically different avenues). Perhaps some version of the Creative Commons could be developed so that designated uses can automatically search public databases, whereas other uses (such as corporate interests in some cases) would be restricted in the information they could collect per day/have access to in aggregate. Using a spider-like text file, and legislating that business is required to abide by these files, might be one way of dealing with this.

Solution Two: Limited Access Points
This won’t win me friends with advocates of ‘openness’, so get ready. Hell, I don’t know that *I* like this idea, and think that it sacrifices a bit much on the alter of the past. Be that as it may …

What if, to access public databases, you had to have an IP that located you within a particular geographic range? Say you had to be within 50 km of the hosting location/location you presume it should be hosted at to get full access (i.e. if you are accessing information that the Ontario government holds onto, you need to be within 50 km of the parliament, even though the databases might actually be housed in Yellowknife). Perhaps, instead of this location based access, documents should have to be manually saved somehow, with the method used for displaying and saving documents intentionally randomized to prevent mass-saving and aggregation. In essence, why not implement some kind of technology that either correlates geographic location with the ease or difficulty of accessing documents, or implementing quasi-DRM solutions (that felt dirty to suggest…) to limit the easy aggregation of public records.

Thoughts?

Technorati Tags: creative commons, DRM, privacy

(Source)

A little while ago, the New York Times ran a piece where they discussed the ‘Sticky-factor’ of Facebook. Effectively the article boiled down to the fact that it’s a nightmare to exit the Facebook ecosystem - actually removing your data from their ecosystem borders on being a Sisyphysian task. The most poignant part of the article reads:

It’s like the Hotel California,” said Nipon Das, 34, a director at a biotechnology consulting firm in Manhattan, who tried unsuccessfully to delete his account this fall. “You can check out any time you like, but you can never leave.

The Obligations of Social Networking

Imagine this: you adopt some service or another and it doesn’t require you to exchange the popular unit measurement for access to that service (i.e. you don’t shell out cash for access). That said, you do provide an alternate form of capital - one that tends to elude a clear monetary value - your personal information. You give information concerning your religious orientation, your gender, relationship status, etc. Now, you’re not required to put all of that information into a public space, but what you do provide should be accurate to improve the service for both yourself and - this is the catchy part - the other people who are using the service. The system is more valuable both to others, and to yourself, by providing as much accurate information as possible.

In order to receive the service, a condition is that you avoid corrupting the service through the insertion of inaccurate information. Your obligation is limited to be truthful, but not just for your sake, but for the sake of other users as well.

Stickiness

When I provide information to Facebook, it tends to be done in good-faith; sure, I might goof off and identify a carrot or something in a picture, but by and large the information that I provide is relatively accurate. Why shouldn’t it be? It’s a ‘fair trade’ for the environment that I get to operate in. This accuracy both assists me (because developers can comb data to improve various services), but it also creates more and more ways to monetize the system - a large quantity of inaccurate data would hinder its marketability. Similarly, when I agree to the End User License Agreement (EULA) that accompanies my Facebook account, I’m consenting to their terms surrounding the retention of data. Of course, Facebook is particularly nebulous when it comes to defining their data retention periods, but aren’t you signifiying that their defined (or, as it may be, more or less undefined) retention periods are acceptable?

Effectively: Haven’t you already consented to the ’stickiness’ of a Facebook profile? Don’t you want the benefits of complex data analysis that accompanies the insertion of past and present data if such an analysis improves the service for you? Don’t you owe it to others to leave your data for this analysis, just as others did prior to your arrival?

I Choose Gatekeeper Number Two

There are various companies (Microsoft, Yahoo!, Google) that are striving to become more effective digital gatekeepers. Effectively, they want to absorb all of your data traffic, giving them large quantities of data that will allow them to present services, goods, and other consumables that you will be likely to purchase, either because you are looking for the consumable in question, or because you are susceptible to buying that consumable even when you don’t really want/need it. In other words, they want to take data and translate it to marketable information. However, because of the inefficiencies in data collection by the aforementioned Big Three, social networking services such as Facebook, Bebo, and MySpace are seen as particularly valuable. Imagine: the ability to have a more or less accurate portfolio of millions of customers! Rather than fighting to understand data, everything that’s provided is immediately useful information.

The problem, of course, is that to develop increasingly valuable portfolios, new data-consumption programs and applications have to be developed. In Facebook, this has meant that there are more immediate ways of informing users about changes in their Friend-based ecosystem, and now you can even communicate in real time to other members of the environment. This has the end of drawing users into the environment for longer periods of time and, since Facebook is predicated on the sharing of personal information and content, the more time that you spend in the Facebook environment, the more pressure there is to add more content. This is experienced in a series of different ways, such as:

• Changing one’s status;
• Importing new blog posts;
• Adding pictures;
• Commenting on other people’s posted items;
• Collaboratively creating content;
• Collaboratively or independently critiquing content.

These divergent modes of content-interaction amount to participating in info-ecosystem that is provided to you for ‘free’ by social networking companies and subsequently increasing the value of the environment for for yourself, your Friends, and the corporation. Critiques are observed whenever an individual posts false information - there are even processes in place to cut down on ‘fake’ and ‘false’ content. These processes, in turn, reinforce the notion that a person as a duty to be truthful, or at least they are not expected to deceive others. You are obliged to be honest and, if you are found to be contributing content that deviates from truth, it can be removed/deleted and/or your account can be closed. Additionally, critique can simply be a refusal to engage with a particular facet of content - the refusal to speak about something that is created to be spoken about is as psychologically harmful (perhaps more harmful), than the active negative engaging of that content. Thus, content provided must be simultaneously truthful and appealing - normatively ‘good’ content has these two nebulous social tags.

Who Performs as the Gatekeeper?

Social networking services, in their attempts to act as gatekeepers, rely on the members of the community to actually be the gatekeepers - the administrators of the service are members and gatekeepers with considerable power, but that power is divested amongst all members, rather than being persistently held by the admins alike. Much like in Discipline and Punish, the inmates of the Facebook discipline one another through their collective gazes upon one another - that gaze normalizes behavior, detecting and reproaching deviate behavior.

What is perhaps most significant is that these gazes penetrate beyond the prison itself; whereas the inmates in Discipline and Punish stare at one another and (presumably) cannot see beyond the prison walls, in social networking services the inmates necessarily see past its walls and militantly observe what transpires in the areas where content for inmates’ consumption originates. This occurs by virtue of the contents’ importation into the social networking service. By consenting to have their content drawn from sources outside of Facebook’s maw-like walls, content creators are forced to be aware that their external content repositories will be examined; while one’s ‘Friends’ may never visit your Livejournal blog, their gaze is directly experienced in the process of content creation on that blog. This works to normalize content creation that is external to Facebook itself insofar as what is being created is expected to be consumable by other inmates. Cases of deviance will have your account removed from the prison, leaving you unable to inspect others and unable to be inspected and valued by other inmates of the Facebook ecosystem. Indeed, the pleasure of content aggregation in Facebook is that there is (hopefully) a pleasurable experience when you, through the content you contribute, are positively valued. Diametrically, there is a terrifying despondency when your creation is rejected by your peers. It is of incredible importance that the morsels provided to social networking sites are palatable because their palatability indicates your own degree of integration with your peers, it provides a metric that evaluates whether you are ‘normal’ and thus like your peers, or whether you are abnormal and potentially in need of normalizing assistance as a diseased body or mind requires professional medical assistance. Moreover, as you refine you content and improve its palatability for the content-consuming masses your behavior is further normalized, that normalization is internalized, and you are consequently able to provide ever-more-appropriate content feasts.

A good meal is essential for healthy growth. What does it mean when your good meal is simply what others expect you to prepare, and ‘good’ has transformed to meeting the expectations of normal?

Can content begin to ‘taste’ like chicken? Has that already occurred?

Technorati Tags: Commons, facebook, Surveillance, Technology

Your browser doesn’t support JavaScript or you have disabled JavaScript.

The Parsons: together in celebration

One of the memorable things about my Grandfather was his workshop. There were tools absolutely everywhere (perfectly organized - he just had a lot of them!). As someone who’s never really enjoyed using power tools, his workshop was a pure expression of bored terror for me - they didn’t hold any appeal, but i was always worried that I’d come out with one arm less than when I walked in. I don’t know if it was something someone told me (”Power tools can hurt/maim/kill you - don’t touch your Grandfather’s!”) or the commercial in the 80s where a robot had its various limbs cut off with the rejoinder at the end “I can replace my limbs. You can’t.”

Maybe it’s just a genetic deficiency of some sort.

The Mediation of Digital Content

Regardless of any genetic aberrations, I’ve always been drawn to reading/writing/producing literary content. I’ve developed incredibly crude websites (this one included) that are functional without being ‘cool’. My digital creations and content spaces have never paralleled the plaque that was created for my Nanny and her cat, Puss, for example. There is something that has (and seems to continue to) alway impressed me about physical creation; its very tangibility and physical being-in-the-world, where it becomes clearly ready-at-hand is impressive. That’s not to say that a digital creation can’t operate on the same metaphysical levels - I’d argue until I was blue in the face that there were clear ontological similarities - but it doesn’t strike as direct, perhaps because accessing digital creations seems somehow further removed/mediated by technologies. This mediation, in turn, prevents the subject from fully comprehending what they are creating if they are using ’short-hand’ (i.e. programs that automate a significant element of the more challenging aspects of content generation, such as the code that this blog sits upon) and enslaves them to their technology.

Technology as a Defining Element of Metabolism

I’m certain that at least one of my colleagues would suggest that that last comment surrounding the enslavement to technology would demonstrate an ontological-illness/blockage that has to be overcome prior to realizing the full ethical and ontological significance of technology itself. To suggest that technology, as a facet of our metabolic processes, can enslave us is as absurd as claiming that my hand, foot, or eye can enslave me. While true that any of these limbs is capable of momentarily diverting my attention as it comes into contact with the world, that diversion should likely be considered a regulatory biological process. Technology, once understood as an element of our metabolic existence, thrusts us before our traditionally understood selves, both in material and metaphysical senses. This said, understanding technology as an element of ourselves, just as our epidermis is an element of what composes us, involves claiming that technology (and as a result ourselves) are drawn forward before ourselves, only to be recognized for what we are and have been. We create and cannot comprehend its implications until it operates in the world - our comprehension of metabolism is predicated on our recognition of what has become, and less upon what will become. Our metabolism structures our very Being-in-the-world, and we can only understand it after being thrown into it; it is impossible to perfectly comprehend how we will be pitched.

Metabolism’s Digitization

So what does this mean for my digital creations? To return to my Grandfather’s creations, in the process of creating a facet of himself was necessarily injected into the project and then released into the environment. Retaining core facets of his project, just as a fragment of hair holds a person’s DNA, his technological creations blended with others’ metabolic projects. In doing so, a commons was created, one where technology served to bind those who necessarily participate(d) in the narrative of the self-that-has-been-projected. In other words, a facet of my Grandfather was in the sign he created for my Nanny, and that her usage and integration of that metabolic process into her own inextricably bound the two through a common expression of metabolism.

In my case, a digital creation functions in a similar manner, though seemingly with a significant difference. In the creation of the flash banner at the top of this post, a series of technological artifacts we taken, molded, and reshaped - I absorbed material from my environment and, through a metabolic process, those materials were fundamentally transformed. This transformation, however, was and remains predicated on the technological constructs of others - much as a tree’s limb requires the soil, water, sun, and other common environmental stimuli, my construct is predicated on the social, technological, and biological environment(s) that I exist in. Moreover, the extension of social and technological from biological, while significant insofar as it provides an analytic differentiation of terms and metabolic zones, is just that: it functions dominantly as an analytic differentiation. With an understanding of technology as a metabolic, and thus biological, process, we cannot differentiate the social, environmental, technological, biological, etc in a fashion that we would understand according to common parlance.

Is Digital Ontologically Similar to Analogy Metabolic Processes?

I did note that there was a difference between my creation of a flash banner and of my Grandfather’s plaque, though I’m uncertain precisely how to understand it. My creation is digital - it is a perfect logical sequencing of 1s and 0s, a creation that is analytically perfect. My Grandfather’s creation, however, is an analogue process that is riddled with the intricacies and uncertainties of life itself. Of course one could return by claiming that my process is as biologically ‘imperfect’ as my Grandfather’s process by the very fact that I am here, as a biological being, working within a metabolic structure to generate this life-embued artifact. I would have to question how strongly that ontological similarity can be carried, however - I don’t want to commit myself to either an affirmation or rejection of the metabolic similarity at an ontological level, but I do have my doubts that the digital and analogue creation retain an identical ontological form.

Whereas normally I’d like to end with a clear ‘aha!’ moment, where I reveal a clear solution/logical avenue that is compelling, I’m still left without a clear stance. Are my digital tools as ubiquitous as my Grandfather’s drill presses and saws? Is there genuinely an ontological difference between the cold math of 1s and 0s and the impact of a hammer slamming upon a nail if we understand technology as a core facet of our metabolic structures?

Technorati Tags: Commons, Grandpa, Metabolism, Technology