Nick Bilton over at the NYT Bits Blog has the story of Internet security consultant Ronald Bowes’s recent Facebook caper.  Ron noticed that Facebook has a directory of its users, just like the old Bell Telephone White Pages.  I agree with Ron’s assessment that this is a very little-noticed feature: normally one searches on Facebook not by looking at a directory, but rather by typing a name into a search box.  It’s in plain sight, though, at http://www.facebook.com/directory:

There are two differences that jump out between this awe-inspiring alphabetical listing of all Facebook users and a dog-eared telephone directory.  First, Facebook’s directory has a staggering 171 million names in it.  Second, in good news for paper prices everywhere given the first difference, the directory is digital — it’s right there, online.  And if it’s online, it’s scrapable.  Ron, being of the inquisitive engineering sort who can’t help but push a button if he sees one, figured that supply creates demand, and went ahead and scraped the directory.

That means he produced a file on his own hard drive containing more or less the directory’s main contents: for each person listed, a name, the person’s Facebook URL (what one types in to go directly to his or her entry), and unique Facebook ID (not a secret; this is part of a person’s Facebook url).  The resulting file is only a few gigs — amazing how cheap storage has become that so much can be roughly the side of an episode of House.  Ron then placed it online as a torrent — which means anyone can download the file, and voila, a snapshot of Facebook’s membership as of July 2010.

So, is this a problem?  As I’m writing, news is only just breaking, so it’s like that moment when a toddler trips, falls, and then has to think about whether to cry or not.  “You’re OK!” is usually what the alert parent encouragingly says — and if the toddler buys it, it’s usually true.  In fact, even if the toddler doesn’t buy it, it’s still usually true.  In this case, I think I’m with the metaphorical parent.  The data that Ron grabbed is precisely what Facebook users have chosen (or perhaps more accurately, passively acquiesced) to share.  For those who lock their privacy settings to avoid having a public listing in a Facebook search, they’re not present here.  For those who have, they are — along with a click through to their respective Facebook pages however they’ve chosen to share them.

Ron appears a little disquieted by it because of the prospect that the snapshot can live forever more.  If you remove your Facebook account or up your privacy settings, that will be reflected in real time in the Facebook directory and search (or at least it should be!).  But the torrent file exists forever — so one’s privacy choices are locked into that moment.  This is an artifact of having a service — Facebook — converted into a product — a Facebook database — the way that universities used to not just maintain online directories, but also publish bound volumes of their alumni with addresses, for those who opted in.  (In fact, many universities still do this; someone should tell them about saving the trees.)

There’s some privacy hit there, but there are also benefits.  By making a public directory — and a scrapable one, no less — Facebook gets more inbound links and attention as its members become easier to find.  And we benefit by having Facebook’s subscribers’ public pages indexed by the likes of Google and Yahoo! search.  In fact, when searching on a person’s name in a regular search engine, quite commonly a Facebook entry is one of the top hits.  That seems to me a good thing, and once Google, Yahoo!, and Bing have it, why shouldn’t Ron and anyone else who wants it have it too?  Indeed, Ron already did some cool stuff with the data.  For example, he crunched it all and came up with a list of Facebook’s most commonly used first and last names, discovering “Michael” and “Smith” coming in at number 1 for each.  Congratulations, Michael Smith, you are hidden in plain sight, since a search for you turns up so many others at the same time!  (Not so much with “Jonathan Zittrain”…)

Anyway, that’s generativity at work: Facebook makes available a directory on free and open terms, and people do stuff with it, some of which can surprise us.  There could be bad surprises, too — Ron and others hint at undesirable data mining — but I’m glad that the gates of Facebook’s gated community have some slats in them, rather than being a solid wall.  At most, it seems to highlight the desirability of getting the defaults right: Facebook shouldn’t have people automatically publicly sharing stuff they’d not normally share, without clear markers on what’s about to happen.  As Google would say, “Please read this carefully.   It’s not the usual yada yada.”

Indeed.  There have been so many Facebook privacy mini-scandals that we’re primed for the next, and the involvement of a torrent file adds an element of seeming subversiveness to the mix, given the association of p2p with contraband material.  But sometimes when the boy cries wolf it’s just a shadow.  I count 8 Yadas in the Facebook directory.  And I, along with my cool musician brother Jeff Zittrain, fall in between Aron Zittra and Austin Zittrauer.  Until now, who knew?  Interesting — but not pitchfork worthy.  …JZ

Control over tethered appliances basically comes in two forms: pre-approval of apps and kill switches. As this blog has documented, Apple has had a very heavy hand in screening apps, but — as far as we know — they haven’t ever used the iPhone kill switch. I was a little surprised to find that out, and I wonder why they haven’t used it. Maybe the screening process is keeping out malicious apps, and they’re content to let users keep apps that are merely in bad taste (although they remove them from the app store). Maybe the bad publicity from past kill switch uses — see Amazon and 1984 — has stayed their hand. Or maybe they have removed apps and it just hasn’t been publicized.

Google has taken a different tack with Android: they’ve largely surrendered the power to pre-approve apps, because Android users can always download apps from third-party sources. But they too have a kill switch, and according to the Android developers’ blog post, they decided to use it a few weeks ago. (It’s not totally clear from the blog post, but it sounds like they’ve also used it before on clearly malicious apps.) An app that claimed to offer Twilight photos turned out to be a demonstration, done by researchers, of how easy it would be to create an app that would turn phones into a botnet. The app didn’t actually create the botnet (and it didn’t show Twilight photos, either, so most disappointed downloaders deleted it), and the researchers presented their work at the conference. Nonetheless, after they heard about it, the Android team decided to remotely delete remaining copies of the app as part of a “cleanup” process. Affected users received notifications.

I can see why they wanted to do that. A report documenting Android vulnerabilities was recently released, and it’s caused some hand-wringing over Android’s security. There’s also no sense in leaving a loaded weapon laying around. And I’m glad they told both customers and everyone else that they’d deleted the apps. Still, I do worry about the removal of an app that isn’t actually harming any machines. More generally, I think that if Android is going to stick to the plan to not pre-screen apps and have an open system, they and we are going to have to think seriously — more seriously than Apple has had to — about the ethics of the kill switch. Questions like whether there should there ever be an opt-out, whether users should get refunds, and whether it should be used in cases other than damaging viruses are all still wide open.

And a few quick links:

Leaked MS Presentation Shows App Store Plans For Windows 8. Why all this thinking about app stores and kill switches matters: there are already plans to transfer the app store model from phones to PCs, where the arguments about the virtues and harms of contingent generativity have even more salience.

Google’s mismanagement of the Android Market. Jon Lech Johansen thinks the lack of pre-screening is hurting Google and Android.

Did Apple Flip the iOS Kill Switch on NDrive? Wait, has Apple already used the kill switch?

New zombie code in effect by December. Here’s a totally different option for improving security: let users keep open PCs, but if they become infected, have their ISPs quarantine them or reduce their internet speed to a crawl. That way, users will have to get their computers fixed and can’t keep infecting others. Internet Industry Association CEO Peter Coroneos said of the plan: “I’m sure there are people around that resent having to put new tyres on their car when they’re unroadworthy, or have their breaks done . . . But the reality is that we have argued that internet users have a responsibility not only to themselves, but also to other users on the internet.” The code will be made available to Australian ISPs soon.

One Brown Package: From Seattle to Norway. Why we love the internet in the first place: unexpected avenues for fun, creativity and kindness (here, in the form of people working to get a package from Seattle to Norway). They claim inspiration from JZ’s TED talk on the web on random acts of kindness.  The package is currently reported as missing.

—By Elisabeth Oppenheimer

iPad security breach. Even closed systems can be vulnerable to exploitation.  A group of high-profile iPad owners, including President Obama’s Chief of Staff among 114,000 others, had their email addresses exposed by a web security group.  Although it was AT&T’s network that was compromised, Apple is shouldering much of the blame, since it denies iPad customers a choice of carriers and also requires an email address to activate the device.  AT&T patched the security hole, but not until after the script used to exploit it was shared with third parties.  The FBI is investigating.

Facial recognition and next generation privacy. David Thompson gives an update on the progress of facial recognition software and its implications for privacy 2.0.  In addition to describing the revolution in surveillance capabilities that occurs when a person can be identified on any security camera feed or in any of the more than three billion photos on Flickr, he notes that Face.com released an API last month, allowing developers free access to its facial recognition technology and the green light to adapt it for new uses.  Here’s hoping the appropriate norms evolve in tandem.

Defamation liability: please fwd. A bankruptcy court in Texas has ruled that forwarding an email link can be considered defamation.  The defendant in the case didn’t send a copy of the actual content, just a link to a website.  Neither had he written any of the defamatory content on the website.  It’s unlikely that the ruling will survive an appeal, since forwarding a link probably doesn’t amount to the required element of “publication” under a traditional interpretation of defamation law.  Still, it’s something to think about the next time there’s a link to a juicy tabloid story in your inbox.

Shifting foundations of the App Store. Apple continues to indulge its discretion when it comes to approving iOS apps.  This time it pulled an app for being “widget-like,” despite approving three previous versions.  The frustrated developer asks “How can a company be prepared to invest into a platform that can change at any time?“

It Gets Worse: Apple Censors a Gay Kiss in Oscar Wilde Comic. In another Apple censorship story, the company appeared to block out a kiss in a comic book because two men were doing the kissing. To be fair, it’s not entirely clear to me from the pictures in the article whether the same-sex kiss was the cause of the blackout, but the author claims that similar opposite-sex scenes have gone unchanged in other comic books. As he says, “the more examples I see of Apple’s capricious censoring, the less funny it is.”

Steve Jobs at D8: Post-PC era is nigh. In the introduction of the book, JZ predicted that Steve Jobs, having launched the PC era, was about to usher it out. Now, Jobs says the same thing. According to him, “PCs are going to be like trucks … they are still going to be around,” but “one out of x people will need them.”

TiVo’s ‘Big Win’ Over Dish On Patents Looking Less And Less Solid, As Patent Office Rejects Patent Claims. Update in the TiVo-EchoStar battle: we may never find out if EchoStar will actually have to remotely kill already-purchased DVRs, because the Federal Circuit is rehearing the original patent claims en banc.

—By Jennifer Halbleib and Elisabeth Oppenheimer

A few weeks ago Internet security firm McAfee released an update to its Windows PC customers designed to protect them against a newly detected virus threat.  Instead, for some, the update destroyed a legitimate, and crucial, system file.  Uncountable numbers of PCs – likely hundreds of thousands, even millions – were rendered unusable.  The University of Michigan medical school lost the use of 8,000 of 25,000 PCs.  State troopers in Kentucky abandoned their cruisers’ mobile PCs and resorted to writing reports by hand.  Some hospitals in Rhode Island turned away non-trauma patients from their ERs.

The issue is larger than one firm’s unfortunate misstep.  It echoes across the entire Internet.  Call it the Fort Knox problem.

Fort Knox represents the ideal of security through centralization: gunships, tanks, and 30,000 soldiers surround a vault containing over $700 billion in American government gold.  It’s not a crazy idea for a nation’s bullion; after all, the sole goal is to convincingly hoard it.  But Fort Knox is an awful model for Internet security.

Our IT environment has traditionally been immune from many Fort Knox issues, because its architecture has encouraged decentralization.  One PC might be compromised, or Web site might fall, but others stand.  Bad guys on one side of the spectrum, and well-intentioned regulators on the other, each had to sweat to have an impact on Internet activities.

But the bad guys were clever and industrious.  Their digital robots came to costlessly crawl the Web looking for computers and sites to compromise, leveraging their reach.  Operators of well-financed Web sites have dealt with rising anxieties about security by spending enormous amounts of money on digital bunkers and backups for their data, while littler ones have hunkered down and simply hoped they wouldn’t be hit.

The public sector has been confused about how to help.  Governments know how to maintain and defend their roads and waterways, but have been stymied in cyberspace: so much of it is rightly privatized that there’s no obvious place to station a guard and no way to fill a digital pothole.  Worse, since identifying those behind intentional attacks online is exquisitely difficult, the traditional state tools of deterrence and punishment are ineffective.

That’s why we now see centralization under a few major corporate umbrellas under which disparate activities can be gathered.  The lures of security, interoperability and economies of scale have propelled much of the Web from a vibrant ecosystem of different, and differently managed, PCs and sites to one where a handful of private Fort Knoxes take responsibility for security.

But we can’t simply put our precious data into a single well-protected vault and peek in every few years.  We need to guard our PCs and data, but we also need them to be part of a worldwide network.  When we’re not masking our digital trail, we’re eagerly sharing it.  If we try to centralize its protection, it’s not a one-time transaction: rather, we need a constant gatekeeper who signs our data in and out every time we want to make use of it.  That’s a thread that runs from the McAfee debacle, where millions of people and firms turned the keys to their computers over to a third party to handle, through to cloud-based platforms like Facebook, where the company’s assent is increasingly needed to run unrelated applications on its platform or to log in to unaffiliated Web sites that no longer care to maintain their own digital borders.

If McAfee makes a mistake, many people pay at once.  If Facebook’s computers go down or are compromised, thousands of otherwise-independent applications and sites suddenly go down with it.  It’s not just our own data and transactions at risk, but our collective memory: the flip side of a centralized defense against bad guys is vulnerability to well-meaning good guys.  For example, if the generally laudable Google Books project is a spectacular success, we’ll see libraries give up their moldering, isolated archives of regular books in exchange for PC terminals where patrons can peer at an ephemeral digital copy drawn from Google’s central archive.  It makes sense – and no doubt Google has near-impregnable backups – but it’s also an opportunity for a government to intervene in worrisome ways.

For example, if one book in the system contains copyright infringing, or defamatory, or obscene material, those aggrieved can get a court order requiring the infringing pages of the book to be deleted from the central server.  This vulnerability affects every book that is distributed and maintained through a centralized platform.  Anyone who does not own a physical copy of the book – and a means to search it to verify its integrity – will now lack access to that material.  By centralizing (and to be sure, making more efficient) the storage of content, we are building a world in which, as a practical matter, all copies of once-censored books like Candide, The Call of the Wild, and Ulysses could have been permanently destroyed at the time of the censoring, and could not be studied or enjoyed even after subsequent decision-makers lifted the ban.

So what do we do?  We have two things going for us that the real Fort Knox doesn’t: we can make copies of our digital gold, and there are lots of us, each with our own stake in security and autonomy.

First, so long as there aren’t undue barriers to extracting our own data from cloud platforms or our own PCs, backups can become more seamless, and made in a variety of ways, making a McAfee misstep or anything like it less costly.  Then we have our cake and eat it too.  The same principle applies to projects like Google Books, where participating libraries can arrange to securely maintain their own gold copies of Google’s precious trove – kept to compare against others’ copies, so omissions and changes can be detected and appropriately challenged, not leaving Google with the sole burden of holding off government speech regulation.

Second, we need to reinvigorate the Internet’s principle of open, distributed architecture that has sparked so much growth and innovation.  Our choices for security aren’t simply among government soldiers, corporate mercenaries, or our own personal barricades – though each has a valuable role to play.  Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity.  With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence.  Security shouldn’t have to be purchased like a personal bodyguard.  Far more flexible than Fort Knox are people, each with their own pocketed gold and machinery, empowered to look out for one another.

A version of this appeared in the Financial Times on June 3rd, 2010.

Google launches Government Requests tool. Google is now making public information on the requests it receives from government agents to remove content from its search results or reveal private user data. The Government Requests tool currently displays the number and type of requests by country for the last six months of 2009. In a bit of irony, last week Google disclosed that it had accidentally collected fragments of private user information over unencrypted Wi-Fi networks during drive-by data collection for Google Maps.

Communicating with the e-book mothership. If the latest must-read on Kindle is dotted with typos or has a few pages missing, there’s a good chance Amazon offers a patch to correct the error. It’s a handy Internet-enabled functionality, although one can imagine at the extreme authors continuing to update their work ad infinitum, making it impossible for a reader to say he or she has read an e-book since content is always subject to change. Information flows in the other direction on the Kindle superhighway too, as Amazon apparently keeps track of what readers are highlighting. There’s some creep factor in Amazon knowing what ideas Kindle readers think are important, even if the most highlighted passages are in works as deep as The Lost Symbol. But the information is also so interesting.

The remote control. In April, Sony quietly revised the End User License Agreement that came with the latest PS3 firmware update to allow the company to change how an owner’s console operates in whatever way it wants, no notice or permission required. Now the FCC, at the request of the MPAA, has given cable and satellite providers the right to remotely disable output connections on consumers’ set-top boxes, leading consumers to ask “What did I buy?”

Curated Computing is the new name in town for the experience provided by the tablet non-PC. This particular term is meant to accentuate the “less choice, more relevance” aspects of that experience. It rolls off the tongue more smoothly than “contingently generative” and sounds less regressive than an “appliance,” but it connotes somewhat life aboard the Axiom. However, its proponents suggest that curated computing devices are meant to exist alongside and supplement traditional PCs. Let’s call that a worthy goal and the best of both worlds.

iPhone pillow talk with Steve Jobs. A ValleyWag reporter last week exchanged late-night emails with a defiant Steve Jobs on the iPhone’s ability to give people “freedom from” data theft, battery hogs, and porn. The emails speak for themselves, giving a little insight into Jobs’ perspective on the benefits and aims of the iPhone. He gets a little snarky at the end, but then again it’s 2am when he’s responding, and he never has a chance to clarify his comments, unlike the Gawker reporter.

Android outsells iPhone. During the first quarter of 2010, phones with the Android OS grabbed 28% of the U.S. market share, surpassing iPhone’s 21% (RIM’s Blackberry is still at the top with 36%).  Although Android benefited from Verizon’s buy-one-phone-get-one-free promotion and iPhone continues to lead worldwide, it appears Google is getting closer in Apple’s rearview mirror.

McAfee prevents computers from booting up in new virus-protection strategy. Centralizing security software in a few big providers concentrates expertise to solve problems, while also meaning that there are only a few–albeit strong–security systems the bad guys need to breach in order to wreak widespread havoc.  But in a previously under-appreciated risk, a flawed update of widely-used antivirus software can cut out the middleman and accomplish the same havoc directly.  A McAfee software update mistakenly identified a critical file as a virus and quarantined it, causing computers around the world, many of which automatically install updates, to repeatedly attempt to boot up.  One source estimated that 800,000 PCs were affected.

Taking [re-]generativity seriously. A Connecticut mayor donated her kidney to a Facebook friend last month after seeing his desperate status update.  The patient’s doctor had suggested that he try publicizing his need through social media, using an online connection to a forge a real-world bond.

I’ll be offline until about May 10.  In the meantime, um, keep it generative!  …JZ

Government transparency through technology. U.S. federal government agencies published their open government plans online this week.  The plans detail long-term strategies for addressing one of the three identified principles of open government—transparency, civic participation, and government collaboration with public and private sectors.  They can be accessed by appending “/open” to the department website address.  The end goal of President Obama’s initiative is to obviate requests under the Freedom of Information Act.

Online newspapers to modify anonymous comment policies. Several major online news sites are considering or implementing changes in their approach to user comments.  There has been a trend toward requiring users to register, establishing ranking systems to identify trusted users, and highlighting the comments of those willing to use their real names, all in an attempt to hold commenters accountable for their statements and discourage vitriol.  Linking identity with posted opinions facilitates a reputation system to mitigate abuses of anonymity online (other examples of such strategies, and their risks, are discussed in the book).  Here it serves both to cement a user’s responsibly for his or her comments and maintain the status of a particular news site as a respected forum for discussion.

In the department of really freaky things: 80legs. 80legs pays developers to embed a bit of code in their programs to turn the user’s computer into a bot. But unlike all the malicious code that does the same thing, this one purports allow 80legs to use the botnet for good (for their web-crawling services), and is theoretically disclosed to the users. I’m skeptical—especially since, as one example indicates, the “disclosure” may be a few lines buried way down in the TOS. And who monitors whether 80legs is in fact doing good?

Crowdsourced Art. On the ubicomp front, Amazon Mechanical Turk can be used to create cool works of mass art. If you follow the link to artist Aaron Koblin’s website (who also kindly guested in last winter’s Stanford/HLS cyberlaw class), the Sheep Market is my favorite (although there was some debate about it).

Mark Fiore can win a Pulitzer Prize, but he can’t get his iPhone cartoon app past Apple’s satire police. Pulitzer-prize winning political cartoonist has his app bounced by Apple for…mocking political figures. Oh, come on. One interesting thing: this has apparently happened several times before with cartoonists; each time, there was an outcry, and Apple relented. Fiore himself isn’t arguing with Apple—he’s just sitting back and waiting for the reversal. Maybe this is the real App Store model: reject broadly, accept anything the public deems important enough to make a fuss about.

And a few links on the iPad:

The Kids Are All Right. An unusually thoughtful post on the iPad/Pod/Phone tradeoffs: the technology isn’t as generative, but distribution can be much simpler.

The Apple Two. Apple introduced the original generative PC, and is now doing away with that generativity with the iPad, among other devices. Tim Wu explains that this isn’t about a change in “Apple’s” ethos: it’s Steve Jobs’ ascendancy over Steve Wozniak.

The iPad Luddites. One more meditation on the iPad, generativty, and the inevitability of technological change. Carr points out that “[i]t’s useful to remember that the earliest radios were broadcasting devices as well as listening devices and that the earliest phonographs could be used for recording as well as playback,” and that the evolution from primitive to refined devices nearly always comes with a generativity loss. But the question is whether that loss is inevitable, whether there’s a salient difference between the PC/Internet combo and the radio, and whether we can hope for some generative and general-purpose device that tinkerers will turn to if the PC becomes more locked down.

—By Jennifer Halbleib and Elisabeth Oppenheimer

On April 3, an Adobe technical project manager demonstrated that Adobe’s new Air software could be used to develop across platforms—he created a Reversi game app that runs on Android, iPhone, iPad, Windows 7, Ubuntu, and OS X (see potential caveats in comments here). Cool! As JZ said, via email, “if this is really possible, I feel better about the iPad, because developers don’t have to choose among platforms to which to devote energy.”

Whoops: Five days later, Steve Jobs announced modified Apple developer rules banning use of “intermediary” tools such as Air—in other words, there will be no more cross-platform development. Adobe employees: not happy.

This is starting to sound pretty antitrust-y. It’s hard to think of any logical reason Apple cares where an app’s code originates—unless, of course, it just wants to hurt Adobe at every turn. Unfortunately, it’s been hard to find knowledgeable people analyzing actual antitrust law—anyone know of a good blog? (For what it’s worth, this old post from the Antitrust Law Blog indicates that the tech sector, including Apple, is under heavier scrutiny from the DOJ and FTC.)

Not surprisingly, there are rumors a lawsuit is brewing.

As usual, there’s another chapter in this saga: Flash translation. In a related but not identical story, Apple has long been hostile to Adobe’s Flash multimedia platform, citing stability and security concerns for refusing to offer Flash support for the iPhone and iPad. This puts websites that use Flash in a tough spot and limits iUsers’ access to content—75% of web video according to Adobe. Enter RipCode, which has developed a server-side translator solution. If an iPhone user attempts to access a Flash video, the “transcoder” detects the platform and translates the video into a compatible format. Since the transcoder is run off the website’s server, it doesn’t require Apple’s approval. Assuming it’s reliable, this is a nice example of a how the generative web allows enterprising developers to solve problems (or, depending on your point of view, do end-runs around the rules).

—By Jennifer Halbleib and Elisabeth Oppenheimer

A coalition of prominent netizens and watchdogs released its wishlist this week for Digital Due Process.  Google, Microsoft, AT&T, the ACLU, and EFF, among others, are advocating for an update of the 1986 Electronic Communications Privacy Act.  The statute, which includes the current regulations government agencies follow to access an individual’s electronic data and communications, was passed the year after Windows 1.0 was released and five years before the World Wide Web was publicly introduced.  Attempts to shoehorn unexpected emerging technologies into the Act’s framework has led to inconsistent application to the same type of communication across jurisdictions and within the life cycle of the communication (for example, depending on the length of time since a stored email was first read), confusing all parties—government officials seeking information, service providers receiving such requests, and users wanting to know the extent to which their data is protected—and arguably providing insufficient protection. Therefore, the coalition is lobbying Congress to amend the law to reflect modern developments of widespread reliance on email, cloud computing, social networking, and location technologies.  Their list of principles would require warrants—with an exception for emergencies—for disclosure of a communication without regard for where or how it is stored, its age, or whether the service provider itself has access to the information for business purposes.  Location information would also require a warrant.  And the government must have a court order to obtain aggregate information (e.g., data from a non-particularized set of subscribers to a social networking site).

While legislation embodying these principles would clarify limits and valid procedure for U.S. government agents seeking information, it does not ultimately secure user data.  Companies that request or record personal information can sell it or otherwise use it without user authorization.  Hackers can surreptitiously acquire information from sites where it has been collected or archived.  In addition, because the Internet extends across jurisdictions, foreign states have their own rules governing data seizure which may be broader or less certain than U.S. standards.  Finally, the personal information of one person is often disclosed by others, for example on blogs or in online photo repositories.

One way a user can address the first three of these risks and assert a measure of control how his or her data is used or disseminated is to understand what information is being collected, why it is needed, and how security measures are implemented to safeguard it.  Unfortunately, this is often difficult for the average user to assess, especially considering the plethora of apps requesting access and their technical nature.  A new online resource recently launched that harnesses the power of the community to provide this information.  WhatApp compiles a database of apps, mining both the knowledge of technical experts and the experience of users.  Experts rate the apps along dimensions of privacy, security, and openness, based on a specific set of criteria.  Users review the apps on how they work in practice.  Should WhatApp be successful, it may serve not just as a tool to comment on apps, but itself affect change within the app ecosystem.  If a user has a choice of several apps to perform a specific task and makes a decision based on WhatApp’s assessment of their relative privacy and security, app developers will have to take these concerns into account to be competitive.

Both Digital Due Process and WhatApp still have to gain a critical mass to sustain the movements to their completion, whether that be legislation or a comprehensive and useful database of app privacy and security.  But at least initially, they seem to be growing steadily—another promising sign that institutional and individual members of the online community are taking initiative to maintain the Internet as a safe and open environment.  However risks to Privacy 2.0 remain, in particular how to control personal information disseminated broadly by others.  These concerns will require implementing additional ameliorative mechanisms online; JZ suggests data genealogy, reputation bankruptcy, and contextualization of information.

–by Jennifer Halbleib

Internet Telephony Comes to the iPhone. Apple has approved an app intended to provide a virtual second line for business that allows consumers to make calls using Wi-Fi when available instead of AT&T’s cellular network.  The Line2 app may allow iPhone users to downgrade their AT&T cell plans, though contracts and lack of universal Wi-Fi coverage—including where users might need phone service most in an emergency—will likely prevent them from dropping it entirely.  But Line2 is available for the iPod Touch, potentially turning it into a part-time iPhone.  Unfortunately, almost immediately after the NYT write-up, the developer had to pull Line2 from the App Store because of a massive denial-of-service attack.

Security Theory to Practice. Ross Anderson has assembled a resource with links on the myriad dimensions of psychology and security.  A sampling includes why we as users discount some risks and overestimate others, how scams ensnare us, what conditions lead us to disclose private information, and ways to make security measures usable for the average person so that they actually get used and protect the greater internet community.  Interesting and practical.

Humiliating the Pirates. In a digital adaptation of medieval stocks, the Japanese gaming company Overflow released a fake installer for its erotic game Cross Days online that contains malicious code to acquire the information of people who try to use the installer to pirate the game.  That information is then posted online until the transgressor accepts responsibility for stealing the game.  It’s unclear whether the humiliation stems from being victimized—do those who play the game generally consider themselves too smart to download a trojan?—or from being exposed as a player of erotic video games.  If the latter, will the website where user information is posted receive enough traffic (besides others who play the game, who presumably won’t “out” those posted to the world if it would expose their own identity as well) to serve as a public town square?  It also seems less legitimate as an anti-piracy tactic since the company itself is making the “pirated” program available online.

Hunch Preview. Buzz-generating start-up Hunch has launched a Twitter Predictor tool that examines a Twitter user’s account profile—who follows and is followed—and predicts the answer to a series of questions, apparently with over 80% accuracy.  The tool is intended to publicize the utility of Hunch’s forthcoming API to provide personalized recommendations.  Another example of evolving privacy norms, we as users are willing to turn over some personal data (by filling out a “taste profile” to use the service from which Hunch’s algorithm extrapolates additional information) for greater convenience.

Hacker Disables More Than 100 Cars Remotely. Even cars can be tethered appliances! A Cleveland-based company “encourages” people who have been habitually late with car payments to be more timely by remotely triggering incessant horn honking or disabling the car’s ignition when payments aren’t made. This went badly amiss when a laid-off employee of the company took revenge by remotely bricking or sounding the horns of 100+ cars.

Rebecca MacKinnon’s Testimony at the Congressional-Executive Commission on China’s hearing on “China, the Internet, and Google.” In light of the fast-evolving Google-China saga, MacKinnon’s analysis of the multi-tiered problems in China and possible solutions makes for a good read. Among other things, she claims the Chinese government has hired 280,000 people to “astroturf”—that is, support the government’s views in cyberfora. (The specific number comes from research by David Bandurski, which is unfortunately behind a pay wall.) We’ve covered small-scale astroturfing on this blog, but nothing close to that size or coordination.

Facebook Threatens Greasemonkey Script Writer. A developer came up with the bright idea of writing a Greasemonkey script (that is, one that works through the user’s Firefox browser) to remove all that useless stuff from your Facebook feed—quizzes, Mafia Wars, etc. According to the developer, Facebook abruptly killed the fan page, and is now rolling out code that messes up the Greasemonkey script. If that’s true (and that’s not clear to me; we only have one side of the story) it strikes me as overreaching—Facebook can control its site, but shouldn’t be able to control your browser.

Eleventh Circuit Decision Largely Eliminates Fourth Amendment Protection in E-Mail. As the title of this well-done Volokh conspiracy post suggests, don’t expect to defeat a government search of your email if you live in the Eleventh Circuit. The decision tracks the discussion in chapter 8 of the book, but comes to a harsher conclusion—even e-mail stored locally isn’t safe from government seizure once a copy of it has been delivered elsewhere.

Finally, there are a few new thoughts posted in the comments of the EchoStar/TiVo post.

—By Elisabeth Oppenheimer and Jennifer Halbleib