Retailer’s Terms and Conditions attempt to restrict negative online reviews. After a consumer posted a negative review of an Internet retailer online, the retailer reached out, not to apologize, but rather to threaten a libel suit. It turns out that the retailer’s Terms and Conditions aim to limit the circumstances under which an unhappy customer can publicly review her experience. For example, it requires that the consumer base her critique on documented evidence, and the retailer must not have responded to her customer support request for at least seventy-two hours. It’s not clear whether a mass contract like a terms of service can penalize speech that wouldn’t otherwise be libelous. And truth is usually a defense against libel. The article also points out that the email threat’s claim that “Libel is a prosecutable felony in the state of Washington” is false – the state has held that criminal libel laws are unconstitutional. So perhaps the TOC and follow-up emails are designed to scare potential negative reviewers, or at least give them pause before they take five minutes to besmirch the retailer’s reputation online.

Apple changes its policy on iOS e-book and subscription sales. If a company has an iOS app and allows users to buy premium content, such as e-books to be displayed by the app, with purchases made via a Web site (and therefore avoiding giving Apple a cut), Apple now requires that the company also allow users to make those purchases in-app (where Apple takes 30% of the price). Magazine or newspaper subscriptions sold through a browser must be available for the same price or less in iTunes as well. And publishers can no longer embed links in their iOS apps to Web sites that sell content. Furthermore, customers must be asked and then agree to release their information to publishers when they buy content through iTunes, so publishers are less likely to get the valuable consumer data they want for targeted advertising.

Google launches subscription payment service. After Apple announced its iOS subscriptions model Google followed with its content payment system, One Pass. One Pass operates across platforms. Customers who purchase content through their Google accounts can access it on their computers, tablets, or smartphones (though presumably not on their iOS devices, though there’s no technical reason this has to be the case). A spectrum of models is available to publishers: they can sell by the article, offer subscriptions, or provide day passes, among other options. Unless a customer opts out, Google shares customer name, zip code, and email address with the publisher. For One Pass service, Google takes 10% of sales revenue.

RIM tablet rumored to run Android apps. RIM may be developing software that would allow its PlayBook tablet to run Android apps. The move would increase the number of apps that can run on PlayBook more than six-fold to over 130,000 apps, making it more attractive to consumers. The tablet, promoted as the company’s answer to the iPad, is slated for release this year.

Facebook and the bright side of human flesh search engines. A woman who found a camera in New York City identified its owner in three hours by posting pictures from its memory card to Facebook and tagging her friends to solicit their help in the search. Web sites designed to reunite owners with their lost property exist, but both the finder and the seeker must know of them and go to the same one. Facebook doesn’t suffer from either problem. Although Facebook is not a fully public forum – most users restrict access to their profiles in some way – in this case it ended up being a big enough network to connect a helpful New Yorker with a grateful French tourist.

Boston promises a pothole-reporting app. It’s probably not something that Apple would have developed on its own initiative: an app that detects and automatically reports potholes using GPS and accelerometer data from the driver’s phone is in the works by the city’s “Office of New Urban Mechanics.” (!) While an unsafe driver may be wary of sending such information to city officials, the app’s developers see it as a new form of civic engagement. Perhaps we’ll see a pothole-filling app next year.

Google adds new security and crowdsourced ranking features. Google has recently added two new features. The first feature lets people with Google accounts add a second password. An account holder generates this additional code every time he wants to login, receiving it on his phone. It expires after a few minutes – giving the user time to log into his Google account – and so dramatically reduces the chance that it will be phished. The second feature is a Chrome extension that allows searchers to block sites that they don’t want to see in their Google search results. The user reduces unhelpful content farm results in her own searches, and Google draws on the information to tweak its rankings to decrease global content farm contamination of results.

Corporate strategies for information security and transparency. As more and more information is stored in the cloud and shared through networks, companies are increasingly susceptible to accidental or intentional disclosure of sensitive information. The Economist reports that corporations are taking a range of approaches to address the problem, from technological restrictions and monitoring (software or hardware that limits or watches what employees do with data) to cultural awareness (explaining to employees how particular acts put data at risk) or openness (sanctioning the release of more information to promote trust). Meanwhile, 40,000 individual Gmail account holders lost their cloud-stored emails and contacts this week because of a bug in a software update. Google is in the process of restoring users’ data to them — from backup copies on tapes.

Android app hacked to repeatedly text premium numbers. Hackers, apparently in China, have inserted code into a legitimate Android app that causes it to continuously text premium numbers. The altered form of the (already free) Steamy Windows app is available on unauthorized app sites. Once a user installs it, the app sends text messages to premium numbers, running up the user’s bill. It also blocks incoming texts from the wireless service provider that would normally alert a user that he has exceeded his text message quota. The hackers get a commission for each text sent to the specified numbers. Unwitting Android owners are at greater risk of attack, because unlike iOS owners, they can download apps from third party sites in addition to the official marketplace.  That makes them more generative — but also less secure, leading to the “generative dilemma.” (cached) [Cached because the cloud-based host for the deep linkable version of the Future of the Internet — And How to Stop It has vanished — ironic (or fitting?), given the book’s warning about the dangers of cloud-based platforms.

PCs as an endangered species. As the evolution of computing devices marches forward, PCs may be headed for extinction. Smartphones and tablets are increasingly marketed as PC replacements. These mobile devices can be used on their own, but also connect to a range of peripherals — laptop shells, monitors, keyboards, mice, even docks that turbo-charge performance with extra CPUs — for a more PC-like experience. For example, Motorola’s Android-based Atrix smartphone can run the desktop version of the Firefox browser when docked, giving the user access to cloud-based services like Google Docs in addition to the apps installed on the phone. But Firefox doesn’t run off the Atrix, it runs off a minimal Linux machine in the dock. And the Android app ecosystem doesn’t yet match the diversity of PC applications. Still, as mobile devices and the Web 2.0 apps and services (cached) they support become more sophisticated, it’s likely that they will expand out of their niche and invade the habitat currently occupied by PCs.

—Jennifer Halbleib

The European Journal of International Law published on an affiliated web site a short book review.  The author of the book reviewed was displeased, and wrote to the editor asking for it to be taken down.  He declined in a very thoughtful letter, part of a correspondence reproduced here. He suggested that he would forward the author’s comments to reviewer, and in “uncharted” territory, possibly be prepared to approve a revised review by the reviewer and substitute that in on the Web site.  The reviewer declined to make any changes, and the editor stood by that decision.

Three months later and the editor — not the reviewer — found himself the target of a criminal libel investigation in France.  Strange location, since …

[t]he author of the book was an Israeli academic. The book was in English. The publisher was Dutch. The reviewer was a distinguished German professor. The review was published on a New York website.

He’s written up his experience with the trial, which was last week, here.  Fascinating — and chilling — reading.

You may have heard of Herdict, the Berkman Center project to crowdsource reports on the moment-to-moment health of the Internet.  (Video introduction here; FAQ here.)  We are seeking a CEO for it!

Since last year Herdict has tracked big blockages like those of China’s Great Firewall, and small ones like the temporary block of WordPress in Guatemala.  Herdict receives thousands of visitors each day and hundreds of reports from just about every country.

Last summer we were awarded a $1.5M grant from the Omidyar Network to take Herdict further, which means setting it up as a standalone non-profit, partnering with browser makers to increase Herdict’s paths for gleaning and sharing data, exploring new ways of crowdsourcing, and securing additional funds (part of our grant is for matching contributions).

So, the new Herdict venture needs a CEO.  The ideal candidate would have some combination of start-up experience, a rich human network (in the US and ideally, abroad), familiarity with the Net, experience in building and motivating online communities, and a commitment to turning Herdict into a sustainable nervous system for it.  The CEO will build and lead our technology team to shape the future of Herdict, figure out how it can best integrate with other worthy efforts in this zone, and define what the boundaries will be of just what Herdict will aspire to do.

The team will be located in Cambridge, Massachusetts — so it will help if the CEO is prepared to live in the Boston area, and at least travel there regularly.  The CEO will work closely with the board of Herdict and with faculty from the Berkman Center and members of the OpenNet Initiative as we figure out how to measure and preserve a free and open Internet.  Salary competitive.

Statements of interest can be sent to jobs@herdict.org.

[cross-posted at the CDT blog]

How the Internet is running out of room, and what we must do about it

“CDT Fellows’ Focus” is a series from CDT that presents the views of other notable experts on tech policy issues. This week, CDT Fellow Jonathan Zittrain and Leslie Daigle write about the end of IPv4 address space. Guest posts featured in “CDT Fellows’ Focus” don’t necessarily reflect the views of CDT; the goal of the series is to present diverse, well-informed views on significant tech policy issues.

The Internet’s framers famously designed it without predicting much about how, or how much, it would be used. For example, the network’s capacity was conceived less in a count of precisely how many could participate at once – the way traditional phone circuits worked – and more in flexibly divisible bandwidth. As that bandwidth got saturated, it would degrade gracefully: data might move slower for everyone, but no one would get an “all circuits are busy” message. In ways large and small, what animates Internet protocol design is a procrastination principle: if something can work well, it doesn’t have to be perfect, and not every problem or limit must be anticipated and preempted. Potential but still speculative flaws can be fixed later – possibly somewhere other than inside the network.

Unfortunately “later” is arriving now for a crucial piece of the Internet: its ability to tell one attached device from another. Internet architects designed a simple way to identify participating computers and route data among them: assign each a unique number: an Internet Protocol (IP) address. No IP address, no delivery. The routers in between you and your friend use your friend’s number the way a postal service would – the number says something about where she is. That’s made possible because IP addresses are clustered together, just like street addresses grouped in a ZIP or other postal code.

The system has an Achilles’ heel: there are a limited number of numbers. It might seem that you could add 1 to whatever the last number is and keep going, but there’s a hard cap in venerable Internet Protocol Version 4 (IPv4): 4 billion IP addresses, which the Internet is outgrowing in much the same way that applications outstripped the original 64K of memory expected for a PC running Microsoft DOS. There is now general agreement among Internet technologists that the end days are upon us: the last block of fresh IPv4 addresses will likely be allocated to the Internet’s North American address warehouse in early 2011, to be passed out to Internet Service Providers here by mid- to late-2011.

Worse, because of the clustering of addresses, we can’t squeeze the last bit of digital toothpaste out of the tube as fresh numbers become scarce. There’s a gray market for chunks of already-allocated numbers despite restrictions against selling them – and some telecommunications providers are rumored to have been purchased only for their numbers! – but such used numbers carry their own risks. Anyone who has inherited the former phone number of a pizza shop will appreciate that some numbers are less desirable than others. Moreover, some IP addresses have at one time been the source of cyberattacks, or hosted politically sensitive content, and the resulting blocking of traffic originating from them by various ISPs is rarely revisited by those ISPs. (Who wants an old Wikileaks IP address?)

Running out of fresh numbers will not stop the Internet from working. But, unchecked, it will greatly complicate growth. As new computers and devices come online, something has to give – making more use of existing addresses, or finding a new way to address things.

In the first category – making do – the procrastination principle has bought us some time. Enterprising engineers developed an ingenious baling-wire-and-twine workaround to the one-number-per-computer rule. Known as network address translation, or NAT, it allows the holder of a single IP address to share it among a group of computers. This happens nearly every time you hook up a wireless router and access point at home: your ISP only gives you one number, and you use your inexpensive router to share it with everyone who connects to your network. Cable and DSL ISPs are considering the same thing to put larger networks of multiple customers behind a single address, at least as an interim measure. Unfortunately, like most such workarounds, it doesn’t really work as well as having one number per machine: the fancy footwork required to share a number around can limit the kinds of applications you can run, and greatly increase the complexity of some software, such as Skype Internet telephony, if it’s to work at all. NAT has bought us some time – much of Qatar has been known to share one IP address – but it’s spackle covering a rapidly-rusting architecture stretched far beyond its creators’ wildest ambitions.

Which brings us to a more comprehensive solution. Internet technologists did not sit idly by when it became clear IPv4 could not last. Over a decade ago, they specified its successor, IPv6 (don’t ask what became of IPv5), with a few hundred trillion trillion trillion addresses. Such huge swaths of address space promise something even better than a well-functioning market for valuable but limited assets: abundance so great that no market is required, only careful administration. Unfortunately, for IPv6 to work, nearly every piece of networking software and hardware from one end of a data transmission to the other needs to be upgraded. If just one link in the chain hasn’t been upgraded to understand the new numbers, IPv4 will still have to be used.

The idea for transition was that systems would work with both protocols for awhile, and gradually IPv4 would end not with a bang, but with a whimper – fading away like, say, the telegraph or telex addresses that used to share letterhead with telephone and fax numbers. However, even though many operating system and hardware vendors have been anticipating IPv6 for years (current Mac and Windows systems now support it out of the box), there are still gaps in available products and little business dependency on it, and there has been remarkably little deployment. This is consistent with the procrastination principle: the only networks that have deployed IPv6 are those that have found a business model for which it as a requirement. And, because the benefits are, generally, global rather than local to one network, the procrastination principle becomes a Prisoner’s Dilemma: we’re all better off if we all move to IPv6, but the worst case is if you pay to move while others don’t. So why not wait – forever, if others act similarly – for everyone else to do it before making the investment?

We’ve spent a decade with few networks taking the plunge to deploy IPv6.

This holding pattern is not likely to persist. With the larder dry, in the absence of fundamental innovation in Internet Protocol, we’d see an unfortunate ramp up in the use of NAT and its complications, coupled with parties’ tussles over existing ‘pure’ IP addresses like rats fighting over crumbs. Demonstrated shortcomings of the type of IPv4 address sharing include degraded performance of network-intensive web services: web pages where different pieces show up slowly, rather than seamlessly. Customers will not see a poor network connection – they will perceive poor service from the product or company.

More directly, IPv6 is gaining ground among new entrants (who have little choice), so the days of an all-IPv4 Internet are numbered. In developing its broadband strategy, India went for IPv6. New industries looking at wide scale networking are also looking to IPv6 in order to have access to adequate address space, and to be able to build novel network architectures, unencumbered by the structural assumptions needed to support address sharing.

The best future for the Internet is for all networks to deploy IPv6, and pay the price of working in a dual IPv6 / IPv4 world for a period of transition. If companies wait until the business impacts of degraded IPv4 network experience or the identification of opportunities to work with new (IPv6) networks are upon them, the need to make a transition more quickly than a multi-year equipment refresh cycle will likely be more costly and difficult. So how to encourage enough entities to take the plunge?

One way out of a classic problem demanding collective action is through regulation. A government can incent or compel everyone to contribute. However, this would require coordinated regulation across boundaries not recognized by network traffic – the intricacies are daunting, and for the Internet without precedent. And if successful, governments might gain an appetite for controlling the direction of an Internet which previously managed growth and innovation through elective uptake. Few are enthusiastic about mandated transitions.

Another way out is through leadership by big players. For example, governments aren’t just regulators of information technology, they’re purchasers of it. By insisting that government- and military-run subnetworks are IPv6, they’ll stimulate demand for the newer technologies and encourage intertwined private parties to follow suit. The US government’s Office of Management and Budget followed just such a route in 2005, requiring all government services to be IPv6 capable by 2008. In September, Vivek Kundra crystallized requirements for government websites to be IPv6 capable.

China has been leading IPv6 adoption for years, in part because it may otherwise feel the IPv4 number crunch most acutely, and perhaps because the government has determined that it’s in the country’s best commercial interests. Some large companies have placed bets on an upgrade. Google has been public about its activities to deploy IPv6, and a business rationale to not be last to market with IPv6 support.

A cold calculus on such investments for many Net-connected enterprises may indeed suggest holding off. But what has made the Internet better than the more proprietary networks that it eclipsed is that its participants have had a sense of stewardship of the space, justifying the absence of government planners and sheriffs, or a single corporate umbrella. Engineers from the public and private sectors labor on Internet protocols with loyalty to a network functioning as a commons, not simply to their employers’ particular business models. An investment in IPv6 from enough corners is sensible if each corner decides to factor in the benefit to the overall ecosystem – not just itself.

If such capacious thinking comes through, the Internet won’t run out of space – and we can go back to procrastinating on its future.

Jonathan Zittrain is Professor of Law and Professor of Computer Science at Harvard University, where he co-founded its Berkman Center for Internet & Society. He is a member of the Board of Trustees of the Internet Society. Leslie Daigle is Chief Internet Technology Officer for the Internet Society.

On December 20, Apple removed an unofficial Wikileaks app from the App Store. Apple had approved the app, which simply showed the Wikileaks twitter feed and website, three days earlier. Considering Apple’s uptight attitude toward iPhone and iPad apps, it is perhaps more surprising that an app providing access to the controversial site’s content was approved in the first place than that it was quickly yanked from the store.

Although there was initially speculation that Apple pulled the Wikileaks app because it either was “not very useful” or was a paid app that solicited charitable donations and therefore contravened the Developer Guidelines (pdf), Apple later justified the app’s removal under other provisions of the Guidelines: “Apps must comply with all local laws and may not put an individual or group in harm’s way.” The app’s developer had promised to donate one dollar from each $1.99 sale to Wikileaks, giving people a way to support the organization after Paypal, Visa, and MasterCard stopped facilitating donations to the non-profit because of its questionable activities. Apple’s reluctance to serve as a conduit of funds for Wikileaks, no matter how nominal each individual donation, is a possible secondary motivation for removal. The app raised $4443 for Wikileaks while it was available in the App Store.

The app can still be downloaded onto jailbroken iOS devices from Apptrackr, and apps that provide access to Wikileaks documents are available for Android phones. In addition, the App Store itself has a handful of apps that give Wikileaks news and updates, but presumably don’t let users look through the leaked information. Nevertheless, Apple’s unilateral control over which apps users can run on their iPhones and iPads again raises concerns that a closed platform enables censorship either by Apple directly according to its standards or by government pressure on the company. And since Wikileaks posts appear to be both newsworthy and legal (so far), pulling the app may well have a chilling effect on other news outlets considering publishing controversial information of public interest to their iOS apps. For example, would Apple also pull the New York Times app if the newspaper posted a story on the leaked cables to its app?

These concerns, both disturbing and credible, will grow as more people get their news from apps run on closed platforms rather than print or Web sources. But the (hopefully farfetched) nightmare scenario is a universally adopted closed platform with a slick, free Wikileaks app… that gives users access to documents that have been surreptitiously altered to remove or even provide false information. A similar worry exists with search engines or ISPs that are overwhelmingly dominant or government-enforced monopolies. If such a search engine doesn’t index the Wikileaks website (or indexes a modified fake site instead), the site may as well not exist, unless a user knows where to look. And incidents during the recent Belarussian election highlight how a national ISP could achieve an analogous result by redirecting requests for a legitimate independent news site to a fake one.

In the past, open, distributed media in the U.S. has made such tactics impractical. And there still may be little chance that extreme deception of this nature could occur in the U.S. as private companies don’t often have an incentive to mislead their customers and the government is constrained from doing so. Yet it’s worth thinking about, both out of concern for citizens of other countries and because our government does on occasion employ technology to covertly alter reality by, for example, wiretapping or other surveillance. Surveillance is distinguishable in that it is directed against a particular individual or group, usually requires a warrant, and, while deceitful, simply collects information instead of affirmatively providing misinformation. But if authorities have probably cause, is a warrant to push an app “update” to a specific individual that provides inaccurate information to thwart criminal activity or facilitate capture – say, an altered fight schedule or public transit timetable – acceptable? In a very small minority of cases courts have enjoined the publication of certain information, but is there ever a situation where, if feasible, it would be permissible for the government require a company to mislead the general public? We may never need to answer these questions, but Apple’s response to the Wikileaks app is a step in their direction.

—Jennifer Halbleib

I just finished recording a podcast with Larry Lessig and the Berkman fellows about Wikileaks.  It should be online within a day or two.  In the meantime, we’ve been trying to simply nail down some of the facts surrounding the situation.  We figured we’d share what we’ve gathered so far as a FAQ, and we’ll update it as we learn more or get corrections.  Feel free to leave new questions in the comments and we’ll aim to work those in too.

What is Wikileaks?

Wikileaks is a self-described “not-for-profit media organization,” launched in 2006 for the purposes of disseminating original documents from anonymous sources and leakers.  Its website says: “Wikileaks will accept restricted or censored material of political, ethical, diplomatic or historical significance. We do not accept rumor, opinion, other kinds of first hand accounts or material that is publicly available elsewhere.”

More detailed information about the history of the organization can be found on Wikipedia (with all the caveats that apply to a rapidly-changing Wiki topic).  Wikipedia incidentally has nothing to do with Wikileaks — both share the word “Wiki” in the title, but they’re not affiliated.

Who is Julian Assange and what is his role in the Wikileaks organization?

Julian Assange is an Australian citizen who is said to serve as the editor-in-chief and spokesperson for Wikileaks since its founding in 2006.  Previously he’d been described as an advisor.  Sometimes he is cited as its founder.  The media and popular imagination currently equate him with Wikileaks itself, with uncertain accuracy.

In 2006, Assange wrote a series of essays which have recently been tapped as an explanation of his political philosophy.   A close reading of these essays shows that Assange’s personal philosophy is in opposition to secrecy-based, authoritarian conspiracy governments, in which category he includes the US government amidst many others not conventionally thought of as authoritarian.  Thus, as opposed to espousing a philosophy of radical transparency, Assange is not “about letting sunlight into the room so much as about throwing grit in the machine.”  For further analysis, check out  Aaron Bady‘s original blog post.

Why is Wikileaks so much in the public eye right now?

At the end of November 2010, Wikileaks began to slowly release a trove of what it says are 251,287 diplomatic cables acquired from an anonymous source.  These documents came on the heels of the release of the “Collateral Murder” video in April, and Afghan and Iraq War Logs in July and October, which totaled 466,743 documents.  The combined 718,030 are said to originate from a single source, thought to be U.S. Army intelligence analyst Pfc. Bradley Manning, who was arrested in May 2010, but that’s not confirmed.

Has Wikileaks released classified material in the past?

Yes, under an evolving set of models.

Berkman Fellow Ethan Zuckerman has some interesting thoughts on the development of Wikileaks and its practices over the years, which will be explained in greater detail when the Berkman Center podcast is released later this week.  In the meantime, here’s a capsule version.

Wikileaks has moved through three phases since its founding in 2006.  In its first phase, during which it released several substantial troves of documents related to Kenya, Wikileaks operated very much with a standard wiki model: the public readership could actively post and edit materials and had a say in the types of materials that were accepted and how such materials were vetted.  The documents released in that first phase were more or less a straight dump to the Web: very little organized redacting occurred on the part of Wikileaks.  Wikileaks’ second phase was exemplified with the release of the “Collateral Murder” video in April of 2010.  The video was a highly curated, produced and packaged political statement.  It was meant to illustrate a political point of view, not merely to inform.  The third phase is the one we currently see with the release of the diplomatic cables: Wikileaks working in close conjunction with a select group of news organizations to analyze, redact and release the cables in a curated manner, rather than dumping them on the Internet or using them to illustrate a singular political point of view.

What news organizations have access to the diplomatic cables and how did they get them?

According to the Associated Press, Wikileaks gave four news organizations (Le Monde, El Pais, The Guardian and Der Spiegel) all 251,287 classified documents.  The Guardian subsequently shared their trove with The New York Times.

So have all 251,287 documents been released to the public?

No.  Each of the five news organizations is hosting the text of at least some of the documents in various forms with or without the relevant metadata (country of origin, classification level, reference ID).  The Guardian and Der Spiegel  have performed analyses of the metadata of the entire trove, excluding the body text.  The Guardian’s analysis is available for download from its website.

Wikileaks itself has released (as of 1:06pm on 7 December 2010) 1095 documents out of the total 251,287.  The Associated Press has reported that Wikileaks is only releasing cables in coordination with the actions of the five selected news organizations.   Julian Assange made similar statements in an interview with Guardian readers on 3 December 2010.  Cables are being released daily as the five news organizations publish articles related to the content.

Are each of the five news organizations hosting all the documents that Wikileaks has released?

No.  Each of the five news organizations hosts a different selection of the released documents, in different forms, which may or may not overlap.  It’s not clear how much they’re coordinating on releasing new documents, since each appears to have a full set.

How are the five news organizations releasing the cables?

Le Monde hosts an application, developed in conjunction with Linkfluence, which host the searchable text of several hundred cables.  The text can be searched by  the sender (either country of origin, office or official), date range, persons of interest cited in the docs, classification status, or any combination of the above.  Only the untranslated, English text of the cables can be accessed and there is no cut-and-paste available.

El Pais offers access to over 200 cables, available in the orginal English or in Spanish translation, searchable by country of origin and key terms and subjects (such as “Google and China”).  These searches also return El Pais articles written on a given subject (often places ahead of the cables in the search listings).  They also offer a “How to read a diplomatic cable” feature, explaining what all the abbreviations and and technical verbage mean in plainspeak, posted on 28 November 2010.

The Guardian offers the cable data in several forms: they have performed an analysis of metadata of the entire  251,287 document trove, and made it available in several forms (spread sheets hosted on Google Docs and in downloadable form) as well as infographics.

The Guardian also hosts at least 422 cables on their website, searchable by subject, originating country and countries referenced.

The New York Times hosts what it calls a

selection of the documents from a cache of a quarter-million confidential American diplomatic cables that WikiLeaks intends to make public starting on Nov. 28.  A small number of names and passages in some of the cables have been removed by The New York Times to protect diplomats’ confidential sources, to keep from compromising American intelligence efforts or to protect the privacy of ordinary citizens.

The documents are not searchable and are organized by general subject.

Who is responsible for redacting the documents?  What actions did Wikileaks take to ensure that individuals were not put in danger by publication of the documents?

According to the Associated Press and statements released by Wikileaks and Julian Assange, Wikileaks is currently relying on the expertise of the five news organizations to redact the cables as they are released, and is following their redactions as it releases the documents on its website.  (This cannot be verified without examining the original documents, which we have not done — nor are we linking to them here.)  According to the BBC, Julian Assange approached the US State Department for guidance on redacting the documents prior to their release.  One can imagine the dilemma for the Department there: assist and risk legitimating the enterprise; don’t assist and risk poor redaction.  In a public letter, Harold Koh, legal adviser to the Department of State, declined to assist the organization and demanded the return of the documents.

The Los Angeles Times reported that Wikileaks has directly released at least one cable describing a U.S. Department of Homeland Security list of sensitive overseas facilities:

The Department of Homeland Security list on overseas sites, known as the Critical Foreign Dependencies Initiative, includes oil and gas pipelines, telecom cables, rare-metal and other mines, military contractors, ocean navigation chokepoints, and such obscure facilities as an Australian laboratory described as the sole supplier of Crotalid Polyvalent Antivenin — an antidote to rattlesnake venom.

The list, “whose loss could critically impact the public health, economic security, and/or national and homeland security of the United States,” according to the leaked cable that contained it, is maintained by the Department of Homeland Security, which was seeking to update it in February 2009 by getting recommendations from State Department diplomats.

American officials have denounced the apparent release of the list, and it’s not clear that the document has been made available by any of the five newspapers possessing copies of all the cables.

If you’re willing to part with your email address, you can find out from stratfor.com why they think that

[s]uggestions that a list of critical infrastructure released by WikiLeaks helps terrorists drastically underestimate transnational terrorists’ capabilities and sophistication when it comes to target selection.

Are the documents hosted anywhere else on the Internet? What is the “insurance” file?

In late July 2010, Wikileaks is said to have posted to its Afghan War Logs site and to a torrent site an encrypted file with “insurance” in the name. The file, which apparently can still be found on various peer-to-peer networks, is 1.4 gigabytes and is encrypted with AES256, a very strong encryption standard which would make it virtually impossible to open without the password. What is in the insurance file is not known. It has been speculated that it contains the unredacted cables provided by the original source(s), as well as other, previously unreleased information held by Wikileaks. There is further speculation, which has been indirectly boosted by Julian Assange, that the key to the file will be distributed in the event of either the death of Assange or the destruction of Wikileaks as a functioning organization. However, none of these things is known. All that is known for sure is that it’s a really big file with heavy encryption that’s already in a number of people’s hands and floating around for others to get.

What happens if Wikileaks gets shut down? Can it be shut down?

It depends on what’s meant by “Wikileaks” and what’s meant by “shut down.”

Julian Assange has made statements suggesting that if Wikileaks becomes non-functional as an organization then the key to the encrypted “insurance” file will be released. The actual machination of how such a “dead man’s switch” would operate is not known. If the key were released, and if the encrypted insurance file contains unredacted and unreleased secret documents, then those decrypted files would be available to many people nearly instantaneously. Wikileaks claimed in August that the insurance file had been downloaded over 100,000 times.

Wikileaks apparently maintains a small paid staff — who and where is not exactly on a “people” page, though there used to be a physical PO box in Australia where documents could be sent — and is additionally supported by volunteers, speculated to be at most a few thousand. So, would it be possible for a motivated organization to disrupt its real-world infrastructure? Yes, probably. However, at this point, it is not practical to recover the information the organization has already distributed (which includes the entire trove of diplomatic cables to the press as well as whatever is in the encrypted insurance file), as well as any other undistributed information the organization might seek to release. So in terms of the recovery of leaked information, the downfall of Wikileaks as an organization would matter little.

Furthermore, there appear to be currently over a thousand sites mirroring Wikileaks and its content. Wikileaks has made available downloadable files containing its entire archive of released materials to date.

On a more technical level, the Wikileaks website can come under attack, and its means of collecting money can be made much more difficult.

Why did wikileaks.org stop working as a way to find the site?

For a traditional website to work it will want a domain name like website.com, so people can find it.  Those domain names can stop working for any number of reasons.  One commonly assumed action for Wikileaks is that ICANN, the Internet Corporation for Assigned Names and Numbers that manages certain top-level protocol and parameter assignments for the Internet, intervened.  It did not.

A little technical discussion to explain why: The domain name system (“DNS”) is hierarchical, and its zones are exclusive of one another rather than inherited (save for the lateral mirroring among the twelve root zone servers). The root zone orchestrated by ICANN is a very small file — just a mapping between each top-level domain like .org or .ch (“TLD”) and the IP address(es) of the servers designated to say more about that TLD (one server, not in ICANN’s hands, keeps track of names under .org, one for names under .ch, etc.). You can see a user-friendly version of the file here, with the Swiss name servers described here. The info you see there is what ICANN can directly change — and that only for its own root zone servers (B, L, and sort-of A), hoping to have it mirrored by the others; map below the fold here.

So for those servers, ICANN could all-or-nothing delete .ch, which means for those drawing TLD info from the ICANN roots they’d eventually (depending on caching of previous info) cease finding the nic.ch server(s) in Switzerland through which to resolve any .ch name. But there’s no way to express in the TLD zone something like “go to nic.ch for every domain name under .ch except wikileaks.ch.” And if .ch were ditched, the mirroring root servers would likely balk at mirroring that elision, and ISPs using B, L, and A to resolve TLDs would just turn to other root zone servers — or hard code in the last known IP address for nic.ch as the place to go for .ch names.

I guess a too-crafty-by-half solution would be to mirror everything in the .ch zone to a new .ch server run by ICANN, then delete wikileaks.ch’s info from that server’s files, then redirect the root zone to the new server instead of the old. That would work for about five minutes. After that, increasing chaos as Swiss webmasters made changes to their .ch names in the “official” nic.ch registry only to find them not reflected for those users unlucky enough to be rerouted to ICANN’s snapshot mirror. At which point the mirror roots (and the ISPs) awaken to the deception and take action a la the preceding graf.

Note that wikileaks.org went down not because of anything done to its DNS entry within the list kept by the registry* that minds the list of .org domains.  Instead, the name server to which its entry pointed was attacked by unknown parties — DDOS’d — and EveryDNS, the operator of the name server, chose to stop answering queries about wikileaks in the hopes that the DDOS would stop.  (Apparently it did.)  EveryDNS is not to be confused with EasyDNS, which is a separate company that isn’t involved in the situation! [Update 12/9/10: Wired reports that EasyDNS is now assisting Wikileaks as a result of being confused with EveryDNS; "We've already done the time; we might as well do the crime," said its CEO.]

*I’m on the board of Trustees for the non-profit Internet Society, ISOC, which is the parent to the Public Interest Registry, which keeps track of names in .org.

If a domain name doesn’t work, a website can try to register and maintain another domain name, or it can just use a direct IP address — a number — to be found.  A website also needs hosting, and Wikileaks has apparently had to shift its hosting at least once after being dropped by a chosen provider: Amazon’s commodity hosting service shut down the site for terms of service violations after being contacted by U.S. Senator Joseph Lieberman.

(added 9 December 2010)

Is Wikileaks breaking US law by receiving and releasing the cables and other classified material?

Good question.  There are laws that penalize the release of classified information, but they’ve generally been applied to someone — such as a government official — entrusted with the information who then leaks it or gives it to an enemy — Aldrich Ames was a CIA officer who gave information to the Soviets, and Army soldier Bradley Manning is currently under arrest for claimed involvement in passing information to Wikileaks.  Ames was charged under a part of the “ Espionage Act,” 18 U.S.C. 794, “Gathering or delivering defense information to aid foreign government.”  Manning was charged under the Uniform Code of Military Justice; there’s a helpful summary of what provisions have been applied here.

So what about Wikileaks?  There are some provisions of the Espionage Act that might apply — 18 U.S.C. 793 is about “gathering, transmitting, or losing defense information,” and it criminalizes the act of “obtaining” a document “connected with the national defense” if done “for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation.”  18 U.S.C. 798 on classified information might also apply.

The former section was invoked in the famed “Pentagon Papers” case, where the government sought to prevent continuing publication of a classified history of the Vietnam War authored by the government and leaked to the Times by Daniel Ellsberg, a former military analyst who was employed by the RAND Corporation at the time.  The Times prevailed in the Supreme Court, which issued a brief and unenlightening “per curiam” opinion accompanied by more detailed concurring opinions, none of which garnered a majority of the Justices’ votes.  One reading of the outcome of the case is that the Pentagon Papers themselves weren’t deemed so sensitive — so damaging to the national security — that once leaked to the Times the Times could be ordered not to share them.  Rather, the Times could share them and then face whatever consequences the government might bring to bear.  But once the papers were published, the government did not seek to prosecute the Times, both because its behavior isn’t a great fit with the statute(s), because the First Amendment might be found to trump the statutes, and because there are political difficulties with making an enemy of the press.

A separate criminal case under section 793 against Ellsberg as the leaker is a more natural fit with the statute, and it was brought — but it evaporated amidst revelations of illegal government wiretaps against him.

So, what about Wikileaks?  Its position may be roughly equal to that of The New York Times or any of the other four news organizations currently hosting copies of the cables.  Indeed, the prospect has been raised that the Times should face prosecution.  Perhaps here the balance of the news value of the cables versus the harm caused by their release is less helpful to the intermediaries like the Times and Wikileaks.  And Assange’s own statements, described above, about the purpose of Wikileaks — to bring down what he sees as corrupt governments rather than merely to inform the public — might establish a needed intent to harm the government that a “regular” newspaper arguably lacks.  The Justice Department has also stated that it is exploring options other than the Espionage Act, including “conspiracy or trafficking in stolen property,” under which to indict Julian Assange.  That would look closely at the levels of cooperation and encouragement between Wikileaks and any government leakers; something more than the prototypical “small brown envelope” appearing on Wikileaks’s (or the Times’s) doorstep could be enough to say that a leaker like Manning and an intermediary like Wikileaks are engaged in a criminal enterprise together — and anything done wrong by one can be attributed to the other.  (The classic example is the driver of a getaway car in the bank robbery being held responsible for the shooting of a bank employee inside as if he or she had pulled the trigger.)

Of course, even a prosecution with a good chance of success would face tricky political questions — does arrest and prosecution make Assange and Wikileaks underdog heroes?  Traditionally prosecutors have not applied the Espionage Act’s broad proscriptions to the press, and this may make sense given the frequency with which high-level government officials intentionally leak information to the press — it’d be strange to leak the information and the prosecute the press for publishing it, or worse, only prosecute the press when one isn’t the leaker.

Wikileaks has indicated that its next leak will be of private sector information: the private records of a large bank or BP, for example.  If that is true, releasing such information could be a breach of trade secret or copyright law.  There, civil cases could be brought by the organizations originally holding the records, or even perhaps private torts cases by those whose privacy might be invaded.

A final note: Bills have been introduced in both the House and the Senate that would overtly criminalize the publication of the “names of military or intelligence community informants.”  These are being played as “anti-Wikileaks” bills, but because they would specifically criminalize publication, they attack news organizations and Wikileaks equally.

What is Operation Payback?  Who is “Anonymous”? What is a distributed denial of service attack (DDOS)?

Operation Payback began in September 2010 as a coordinated retaliation to actions taken by the MPAA, RIAA, and other groups against file sharing sites such as The Pirate Bay and BitTorrent search engines.  In some cases, it was in response to DDOS attacks targeted at file-sharing sites, such as those launched by Aiplex Software against sites hosting pirated copies of Bollywood films.  In others, the triggers were statements made by individuals that were considered hostile to file sharing services or their users, such as those made by KISS bassist Gene Simmons.  Internet security consulting firm Pandalabs reported that by October 7, 2010, the total downtime for copyright-related websites targeted by Operation Payback was 537 hours and 55 minutes.

Operation Payback has since evolved to include attacks against those organizations perceived to be taking actions harmful to Wikileaks.  Targets appear to include Mastercard, Amazon, Paypal, PostFinance, and the Swedish Prosecution Authority, among others. (Wikileaks, too, has suffered denial of service attacks.  You can see an account of these and other attacks at the Pandalabs blog.)

The group associated with Operation Payback is known as “Anonymous,” a “loose coalition” of internet users, associated with the image board 4chan and a handful of other forums and wikis.  Because of this most recent and very high profile campaign, they’ve attracted significant media attention from The Guardian, the New York Times, the BBC, and the Wall Street Journal, among others.

In this particular wave, Anonymous is using a tool known as a distributed denial of service attack , or DDOS.  During a DDOS attack, an attacker will generate, either via the use of proxy machines or an automated program, a flood of “pings” or requests to the targeted site. The server essentially has a meltdown, unable to respond to the many, many requests for information and is rendered unable to serve the page to the legitimate user requests.  In most cases, a DDOS attack is effected through the use of innocent machines which have been previously been infected and are part of a botnet or zombie army, without the knowledge of their owners.  It is unclear whether or not Anonymous is using an all-volunteer botnet with motivated Internet users adapting such tools as the colorfully named “Low Orbit Ion Cannon,” or whether some machines are being used without their owners’ permission as would happen with a traditional botnet. You can see the Internet Storm Center’s analysis of the DDOS tool here.

There’s at least one rumor circulating that Anonymous is shifting its tactics away from DDOS.

First Amendment and prior restraint issues aside, does the US government have any legal authority to arbitrarily shut down a website?  Is there any precedent for the US government shutting down websites?

The US government has previously taken action to seize domain names and thus render the associated websites practically unavailable on the Internet, most recently with the November 30 “Cyber Monday” seizure of about 80 websites thought to be involved in the sale of counterfeit goods.  “Operation In Our Sites II” was an effort of the Department of Homeland Security’s Immigration and Customs Enforcement.

So far there is no indication that a government has attempted to overtly seize the Wikileaks.org domain name. Rather, it appears as though Wikileaks’s troubles are arising from political pressure, claimed TOS violations,  and DDOS attacks (actual or threatened) arising from non-governmental sources.

For more on the role of intermediaries with regard to the hosting and operations of Wikileaks, you might read Rebekah Heacock’s analysis of the situation over at ONI.

What is the relationship between Wikileaks and the Wikimedia Foundation?

There is no connection between Wikileaks, the Wikimedia Foundation or other “Wiki-” organizations. The Wikimedia Foundation does not own the Wikileaks.org domain name. “Wiki” is a descriptive term, not a trademark, and does not indicate any relationship between the two entities.

Here is the domain name registration (“Whois”) data for both Wikileaks.org and Wikimedia.org.

What is a mirror?  What are the risks of running a mirror site?

A mirror is a site which hosts a copy of data on another site.  There are currently appear to be over a thousand sites mirroring both the Wikileaks main site and its diplomatic cables site.

The legal risks of mirroring the Wikileaks content may at first glance track the risks of hosting the original content, particularly if the mirroring is done with the intention of preserving the specific contents of the mirrored site.

For that matter, participating in a DDOS attack runs afoul of the law in multiple jurisdictions.

A few months ago it looked like there’d be no action on net neutrality in the US by the FCC or Congress.  After some momentum gathered during both the Bush and Obama administrations, a federal court ruling had cast doubt on the FCC’s ability to regulate in the area, and a rancorous election season suggested this wouldn’t find much room within Congress’s agenda.

Then in September the FCC announced that its open Internet proceeding was continuing, and yesterday the commission’s agenda for the December meeting suggests a vote in short order.

While the proposed rules are not yet publicly available, reports drawing from the chairman’s speech yesterday and other talk in DC have something modeled on Congressman Henry Waxman’s draft legislative proposal.  The central plank is that broadband Internet service providers — at least non-wireless ones — must let their subscribers get where they want to go on the Internet.  An ISP can’t decide, say, that you’re not to be allowed to get to facebook.com or that your service package doesn’t permit streaming video or Internet telephony, each of which could conceivably compete with other services offered by the ISP, such as regular cable television or phone service.

It’s good to have that off the table — it would be awful if ISP’s started to do such things, and the prospect isn’t as far-fetched as it might seem.  An ISP might want to charge Facebook or Vimeo or some other content source for the privilege of reaching the ISP’s subscribers, and the most direct way to do that is to threaten to halt the movement of bits from that source until a deal is reached.  (This might look something like the recurring fights between the likes of Cablevision and Fox over showing the World Series, though in that case it was the content provider holding out for payment from the cable company.  The risk that eager fans might not get to see baseball resulted in calls for FCC and Congressional intervention.)

With a net neutrality rule in place, if a Web site’s bits can’t be stopped in the middle just on the basis of where they came from, the ISP can’t threaten to come between the site and its users.  The market alone may not be able to deal with this in the absence of a net neutrality rule, both because there isn’t much competition for broadband at a given location and because it’s good for people to have assurances ahead of time that sites they are beginning a relationship with — as they put photos on Flickr or stow mail on Gmail — won’t suddenly be pulled out from under them, held ransom to extra payments either from the sites or from them.

The telcos and other ISPs seem reconciled to this prospect, at least for wired networks.  Now’s the time to lock that in, when such holdups are not central to their business models — not by source, at least — and even application blocking has not historically been a core goal.  (To be sure, five years ago at least one U.S. ISP appeared to be blocking an Internet telephony service, and it’s happened elsewhere on a larger scale around the world.)

The FCC rules are said to exempt wireless from this mandate, instead simply requiring transparency about what’s being blocked.  [Update: A look at the FCC chairman's speech suggests there may be more than a transparency requirement for wireless; it mentions a "basic no blocking rule" there too.  That would track the Waxman bill at p. 4 lines 1-7.] My reaction now is the same as it was when that division between wired and wireless was proposed as part of the Google/Verizon “framework” the two companies released in August.  Basically:

Some critics have said: who cares about network neutrality for regular broadband; wireless is the important part.

I’m not so sure.  If the framework had said the opposite — Verizon is OK with network neutrality for wireless but not for regular broadband — I can imagine many critics being just as upset, saying that wireless is still ancillary and that full broadband, with consumers’ wi-fi attached, is what really matters.  I guess they’d say that both matter.  I’m skeptical myself of rules that carve a difference between them — one point of the Internet is to be medium-agnostic — but I’m less inclined to find an evil plan lurking in the differentiation.  I can see that bandwidth management, at least, can be more crucial for wireless than wired at this stage in its development, and a Verizon might not feel comfortable having to justify any policies in those terms as an exception to a network neutrality rule.  I’m less confident that there’s robust competition in the wireless Internet space — there are still only a handful or providers, and switching among them is costly.

If a basic net neutrality mandate can be established for broadband — not only formally mandated by law (which includes FCC edict), but accepted as doable by the ISP’s — that’s good progress, and a metric against which the wireless ISPs will always be measured.  Any protestations that they have to discriminate for the network’s sake — or for the sake of a business model — will be increasingly belied by their wired counterparts’ experiences under no-longer-controversial net neutrality rules. [And if the rule for wireless goes beyond the weak tea of Google/Verizon -- no-blocking as well as transparency -- that much the better.]

Another exception built in is for reasonable network management.  Some critics have described this as a hole large enough to drive a truck through.  But there has to be some kind of exception.  The most obvious example is if a denial-of-service attack is in progress; there an ISP may refuse to carry bits precisely because of the content or purpose of the communication, discriminating by source, and no one would find that unacceptable.  Should “reasonable” be stretched too far that could lead to trouble — but the alternative is to try to write down a more detailed set of technical requirements that might become stale very quickly.  (I’m also no fan of Internet privacy legislation that makes specific reference, say, to “cookies.”)  This is exactly what a commission is for: to lay down principles, to stand by them, and then to adjudicate complaints under them with the benefit of transparency about what’s going on.  The ongoing Level 3/Comcast dispute is a great example of the utter rabbit hole of complexity — coupled with obscurity — surrounding some disputes over the movement of bits.  There’s no easy rule I can think of to anticipate it, much less resolve it, today.  (And on that example, I hope to be part of a Berkman Center podcast next week exploring the topic as a way of thinking through just how unusual and not-fully-realized the economics of Internet connectivity are.)

Finally there is the question — abstruse to anyone who isn’t a student of US telecom law — of whether the FCC should proceed under its “Title I” or “Title II” authority here.  You can read some of the details in a guest post by Kevin Werbach at the FCC blog here.  Essentially Title I is the weaker brew — so-called “ancillary authority” — and the FCC’s use of it to advance the first round of net neutrality rules is what got it into trouble in the federal court ruling mentioned at the beginning of this post.  Title II is stronger medicine, representing a claim to be able to more comprehensively regulate in the area, and ISPs have long rued the prospect of a reclassification of Internet services to Title II.  I think whatever works … works.  If this can happen with Title I, despite the D.C. Circuit ruling, great.  If not — Title II remains a possibility.  (Congressional action could clear all this up, of course, but it seems remote that Congress would wade into this once it reconvenes politically divided between House and Senate.)

I’ll read the proposed rules with interest when they’re released.  In the meantime, the Chairman’s speech shows the FCC knows what’s at stake and is moving within a field of complex interests and claims to assure an Internet that’s not cantonized, and that is open to new applications and content coming from anywhere, not just incumbents.

As part of a panel on net neutrality yesterday at Yale Law School with Susan Crawford, Dawn Nunziato, and Nick Bramble, I’ve drafted some general thoughts on why net neutrality matters.  That should be up on a Yale site next week — I’ll link to it or include a copy here once the essays are released.

Yesterday the FTC announced a new project to encourage the formation of a “do-not-track” list, where Internet users could opt out of certain kinds of cookie-based Web tracking in one place and for good.  The NYT room for debate blog asked for reactions –

It’s amazing to think that the sophistication and intensity of behavioral tracking technologies are primarily for the purpose of targeted advertising: giving dog food ads to dog owners, and homemade veggie burger ads to locavore vegans.  All that borderline Orwellian machinery to … offer us stuff we might actually have interest in purchasing.  What’s more, if we click on an ad at a favorite Web site, we’re sending money to that Web site.  The more relevant the ad, the more clicks we make — and the more money we cause to be sent in support of the site we like.  So I can see the worry of making opt-out so easy and permanent that people do it without another thought — and then injure the model that’s bringing them free content.

This feels different to me than a do-not-call list, which seems like an unambiguously good idea.  There I’m opting out of getting bothered by sales calls while I’m eating dinner or reading a book.  Those calls weren’t underwriting the cost of my food or going to the author of my book.  Do-not-track, on the other hand, doesn’t opt out of getting ads at all, it just opts out of having them targeted.  If do-not-call didn’t affect how many calls I got — just whether I was getting pitched stuff I was likely to want — I’m not sure I would care one way or the other.  I’d hang up on them all.

Nonetheless I support some sort of global do-not-track system.  That’s because there are currently no functioning limits on what gets collected and how it is used, and the rise of cookie consortia like Doubleclick means otherwise-unrelated Web sites can all quietly serve as collection points for data about us that gets fed to a central source.  If kept for long periods of time and not distilled, that data can prove as revealing about us as, say, our search engine histories.  If the data is distilled — say, I’m targeted into old-fashioned advertising categories like “empty nester” or “college wannabe” — I’m much less concerned about its collection in order to better hone my placement.

I’d couple opt-out with some helpful auditing tools.  Let people see what’s being collected about them and what impact it’s having.  For example, imagine a browser button that toggles between targeted and not-targeted, flipping back and forth between ads in the same space.  Users may quickly get a sense of what they prefer, and if they can be assured that they can wipe everything clean at any time after checking out what’s been gathered about them, they might be willing to let the data collection pay out a bit before deciding whether to pull the plug.

The real nightmare scenarios to avoid are not better placed dog food ads.  They have to do with varying price or service depending on undisclosed and long-collected behavior cues.  Imagine if your wait for a customer service agent — and level of flexibility in making a return on a regrettable product purchase — depended on your overall purchasing (and product return) history across multiple merchants.  Or if the price you were quoted (or coupons offered) at Amazon were a function of how quickly you click to purchase something at Etsy?  (Those with known itchy trigger fingers don’t get the discount, of course.)  Or if your life insurance rates were grounded not just in openly collected facts like a medical checkup, but unexplained variances in what Web sites you elected to visit (backpacked across Europe, did you?).

Bottom line: Web surfers get a bad deal right now; information is collected about them all over the place, and used in murky ways.  Let’s empower them to know what’s going on and opt out of practices they don’t like, both prospectively and retroactively.  Those options can be honed to eliminate abuses while still touting to people the products and services they want — and that fund the free content and services they already enjoy.

Several weeks ago, Canon announced that the latest version of its document management system, Uniflow 5, features a new security tool that allows a company to prevent its employees from printing, scanning, copying or faxing documents that contain keywords such as client or project names. The Uniflow server identifies prohibited keywords, which are designated by a central administrator, and blocks transmission of the offending document.

There are certainly reasons why this feature is worrisome. Uniflow blocks transmission of documents that use specific words, in effect selectively censoring the content of existing documents. In addition to preventing dissemination, Uniflow notifies an administrator, forwards the document at issue, and exposes the infringing employee’s identity. These procedures give an employer all the evidence it needs to hold the employee responsible for illicit transmission. Finally, the power imbalance in an employer-employee relationship likely will make the employee overly cautious, in particular if her employer does not disclose the magic keywords that trigger Uniflow’s alarm. In order to make sure she avoids disseminating sensitive documents, she may hesitate even when sending files she believes can be shared, because the cost to her if she is mistaken is too high to warrant the risk.

Nevertheless, I can also see Uniflow as an extension of employer email monitoring. Most employers have explicit technology policies that give employees notice that their work email belongs to the employer, who may monitor its contents. Therefore, workers don’t have an expectation of privacy in their messages. If employers have a similar disclosure for company documents, Uniflow is simply the mechanism used for such monitoring. While keyword automation can lead to more extensive surveillance by decreasing the time and expense required to keep a close eye on employees, an employer often has good reason to control the dissemination of its sensitive documents. For example, employers should be able to regulate client information, legal advice, and intellectual property to protect against liability or loss of company assets. The documents do, after all, belong to the company. Can preventing circulation of its own speech really be labeled “censorship”? And Uniflow prevents only routine office transmission. A whistleblower, for example, can circumvent the security measure by taking pictures of relevant documents with his smartphone. So while Uniflow instinctively makes me uncomfortable, in general, I don’t think its use will lead to untenable outcomes, at least in the workplace. (Use by governments, on the other hand, presents another question — as does government email surveillance.)

Instead, increasingly pervasive distributed surveillance is of greater concern. An employee knows that Uniflow is watching and can either print only documents she knows are keyword-free or avoid scrutiny by not using Canon machines if she thinks she is printing documents with prohibited keywords. In addition, she knows how her employer will use any information that it collects about her copying habits. But individuals often have no control over or even awareness of the personal information distributed observers digitally collect and publicize online. And once it is in the public sphere, they have no control over its use or further dissemination across the Internet. In addition to spreading information online, technology also facilitates sweeping data capture at both endpoints: collecting data to put online and collecting data from online sources. At one end surveillance casts a broad net; on the other it pans for gold.

In the employment context, consider an employee who called in sick to go to a World Series game. MLB photographed the face of every fan at the game and posted the panoramic composite image online (wide net), supported by Facebook Connect. A new app that runs on Facebook allows users to find photos of themselves and their friends and tag them automatically, so our hapless fan may be outed if one of his friends runs the software and his employer monitors — directly or indirectly — social media sites (gold).

The EU is currently grappling with this issue. It is drafting legislation that would give its citizens a right to remove personal data from websites. But in addition to difficulties enforcing EU law across an international Internet, the DMCA tack hasn’t proven a particularly acclaimed copyright protection. While sites might be sympathetic to personal information takedown notices, identifying and contacting the totality of sites that have the data could be problematic. In the book, JZ proposes an alternative approach:  engaging the Internet to disseminate the cure along with the disease by attaching metadata to personal information. Tagging personal information with the individual’s request that his data not be posted publicly or copied or searchable (for example) attenuates its spread. In fact, Facebook implemented such an approach with its facial recognition tool. Automatic tagging includes not only the person’s name but also the photo preferences he has set up on his Facebook account. So truant employees can control the dissemination of their photos after all. Sometimes you don’t need mystery keywords or a centralized security system. All you have to do is ask.

—Jennifer Halbleib

Google calls out Facebook. Last month, Facebook added an information download feature that made users’ data portable. But there was one big exception. A user could download any content that he had uploaded or created — photos, wall posts, messages, etc.; however, he could only get a list of his friends, no contact information that would allow him to rebuild his social network easily elsewhere. Effectively, he could now sit alone in a room with all of his data. Google, which has always allowed its users and third parties (with the user’s permission) to export contact information, put its foot down last week and changed its terms of service. Now sites have access to Google Contacts only if they are willing to reciprocate. So a user will have to export her contacts herself and then import them into Facebook, perhaps alerting her to Facebook’s one-sided policy. While this change promotes fairness and openness in general, it doesn’t take into account the possibility that some people use Facebook because it provides both contact with and a degree of separation from those in their social graph. Unlike a Google Contact, which is created when a user emails someone directly, Facebook users may friend people they wouldn’t normally give their email addresses or phone numbers to, with the expectation that these friends can’t batch download personal contact information. Facebook’s policy may be tailored to respect such expectations, instead of being motivated by data protectionism, particularly given hits the company has taken in the past regarding user privacy. But a simple resolution of these conflicting interests — data portability and expectation of privacy — would allow a user to download the contact information of all his friends except those that have designated such information as private. The battles continue here.

For every smartphone, someone, somewhere has an app kill switch. This week, Microsoft discussed the circumstances in which its kill switch could be flipped on the Windows Phone. It emphasized that pre-screening apps and subsequent removal of any remaining risky apps from the Market Place were preferred tools for addressing privacy and security concerns, characterizing the kill switch as a scram in case of impending meltdown.

i(Gold)Bricks. An iPhone 3G user has accused Apple of a different type of killing. In a lawsuit filed last week, she alleges that Apple intentionally used the iOS 4 update to debilitate iPhone 3Gs in order to increase sales of the iPhone 4. Part of her claim is based on the charge that Apple didn’t allow consumers to revert to a previous version of iOS after experiencing poor iOS 4 performance on an iPhone 3G — at least without voiding the warranty by jailbreaking the phone.

What are the limits on employee Internet policies? The NLRB is suing a Connecticut company, alleging that the employer fired one of its workers because she posted a negative comment about her supervisor on her Facebook page from her home computer. According the Legal Times, the NLRB is challenging a provision of the policy that the union says prohibits “depicting the company in any way over the Internet without company permission.” The EMT service contends the woman was fired for “multiple serious issues.”

A picture is worth a thousand dollars in traffic tickets. Next generation speed cameras not only calculate a driver’s speed, but also check to see if his insurance is current, his seatbelt is on, and he’s keeping a safe distance from the car in front of him. Some jurisdictions are apparently having difficulty making money off their speed cams. Upping the number of violations per picture should help.

Market Captcha. In the grand capitalist tradition of slapping an ad on any exposed surface, NuCaptcha is selling squiggly commercial space. Website visitors will have to type in a company slogan to proceed. Several prominent companies have signed up. I wonder if sellers of knock-off Rolexes and cheap pharmaceuticals will as well.

—Jennifer Halbleib