Brad Templeton is an EFF director, Singularity U faculty, software architect and internet entrepreneur, robotic car strategist, futurist lecturer, hobby photographer and Burning Man artist.

This is an "ideas" blog rather than a "cool thing I saw today" blog. Many of the items are not topical. If you like what you read, I recommend you also browse back in the archives, starting with the best of blog section. It also has various "topic" and "tag" sections (see menu on right) and some are sub blogs like Robocars, photography and Going Green. Try my home page for more info and contact data.

Being a privacy nut

Those of us who opposed the TIA and other programs were recently branded as "privacy nuts" for doing so. Hiawatha Bray wrote that it was stupid to quash this sort of research just because it might lead to abuse.

Nonetheless, it is important to understand that this is exactly the role
of the privacy advocate.

Protecting privacy is one of the most difficult tasks in the civil rights
pantheon for several reasons. One is that people are rarely concerned about
privacy invasions until after they have taken place. The consequences of
privacy invasion are often subtle as well, even after the fact. The
simple fact that you know you are being watched alters your behaviour in
subtle ways, causes self-censorship of all sorts of speech and activities.

After all, who acts the same home at dinner with their mother than they
do out on their own at college for the first time away from her eye?

Thus it is important not only that the government not engage in general
surveillance. It must, like Ceasar's wife be _seen_ to not engage in
such activity. Anything that gives the public grounds to fear they
are under surveillance impinges on freedom. Even if the watchers are
well intentioned and well behaved and don't exceed their authority.

But of course, even though they may be well intentioned, countless
evidence shows they do exceed their authority, and not infrequently.

Thus we come to the next princple. That we must not build the
infrastructure of the police state. We must not make it be that the
action needed to have a real police state is to flip a switch or
change a policy. Perhaps the risk that the switch will actually be
flipped is one in 100 in your judgement. To me the cost of such a
state is so high we must not even let that level of risk go by.

Instead, let us always have those who would want a surveillance state
have to do both things -- change the policy and create the infrastructure.
Let us not do the hard work for them.

San Jose Bike Route Airport to Downtown

Pardon the local entry boring to those outside this valley.

San Jose is seeking something "distinctive" for the airport remodel. Let me suggest something I have not seen anywhere else, something that would say something about the area.

San Jose has a bike trail that, except for a short gap, runs along the Guadalupe River from the airport terminals to almost highway 280. The part along Airport Blvd is unpaved, the rest is paved and landscaped. Step one would be to complete this trail and pave the unpaved part. Until the gap can be filled in, create some clearly marked bike lanes. Also do a lane on San Carlos, Park or San Fernando to lead to the convention center and downtown hotels.

Next: Franchise or subsidize specialty one-way bike and electric scooter rentals at both ends. Have regular bikes with towable trailers or trikes, and have electric powered bikes and scooters (again with luggage capacity) for those unwilling to get in some exercise. Make the rental cheap, like a few dollars each way.

This is worth doing just for the polution it would avoid with all those folks taking cabs. (Let's face it, people are not using the shuttle to the light rail much.) It would actually be faster in may cases than either of those methods, especially during rush hour. It would expose the visitor to something other than the highway trip. With San Jose's weather, it could operate well most of the year.  read more »

Support public/private in 802.11 access points

Almost everybody has a WiFi (802.11) access point these days. Some leave them open by accident, some deliberately, some turn on encryption or other security. Being open can be nice to neighbours and wanderers, though it can also be abused, and if you have insecure machines on the local NAT, it's risky.

I propose pushing home NAT/WiFi boxes to, by default, work in both open and closed modes. They would support two NAT networks, independent of one another. One network would be for inside. Connecting machines on the inside network would need the WEP encryption key, or in lesser-security mode, be on the approved MAC list. Machines without the authentication would go on the external, open network.

The two networks might have two different SSIDs if the box can broadcast both of them, or it might be easier to have one broadcast SSID and one non-broadcast one.

Traffic for the external network would be given low priority, so that internal network use is never slowed by external use.

In other words, other than ISP complaints, there would be no reason not to do this. It would be good for giving access to visitors to the home or office, and also mean free wireless almost everywhere in the world.

Foresight Conference

The weekend of May 14th, I will be attending (and MCing for part of) the Foresight Senior Associates Conference. This conference is always a lot of fun, with many at the edge (and beyond) ideas about nanotech, AI, anti-aging and other related topics. It's run by my friends Chris Peterson and Eric Drexler and their Foresight Institute. You may have read Eric's book "Engines of Creation."

They are offering readers of my blog a $200 discount on attending. To attend, you must be a senior associate, which requires a $250 annual donation, so the discount just about compensates for that. If you're into futurism, this is a fun place to be.

Accelerometer in Cell Phone for emergencies

In writing the previous entry, another idea came to me that I stuck at the end which is worthy of its own entry. Place an accelerometer in your cell phone that will detect a violent event, such as a car crash or bike crash. Similar to the detector already in the car that triggers the airbag.

Upon detection of the event, the phone would start beeping for about 30 seconds warning about the emergency. If there is no emergency, you would press any key to stop the call. Otherwise it could call 911.

However, it would need to be sure not to trigger an emergency just because you dropped the phone or threw it or went flying when you turned a corner in your car. However, if this can be arranged it could be a handy feature to sell as a cell phone extra.

Why don't cell phones have USB?

In line with earlier thoughts about univeral DC power, let me ask why cell phones haven't standardized on USB (or a mini-USB plug) as an interface?

USB provides power. Not as much as some chargers, but enough to get a decent rate to many phones. And it has data, which can be used for phone control and configuration, speakerphone and headset interfaces, address book sync, ringtone download, memory card download, data-modem connections to PCs and anything else, all with one standard plug.

Every cell store has a rack of scores of adapters, chargers and cables. Each time you get a new phone they want to sell you new accessories, I guess. We have a standard. Why don't we use it, or extend it enough to be used.

(I'll admit it's not a good headset interface due to USB's silly master-slave protocol, since to connect to the PC the phone would be a slave, and to connect to the headset it would be the master. But this can be worked around, and I'll tolerate an extra headset jack.)

See below for some interesting safety ideas...  read more »

Efficient airline passenger loading

Many know that Southwest Airlines has some of the best on-time records and plane turnaround times. Some of this comes from the fact that without reserved seating, people can board the planes more quickly.

It seems to me it should be possible to board planes quickly even with reserved seating. Here's how...

For a simple system, draw on the carpet a diagram of the largest plane that uses the gate. Except put the rear of the plane up by the door, with numbers counting down to the front. Have a 2nd area for 1st class if you need to keep them boardig at their convenience. This can be just a line with row numbers, and a marker that puts window seats near the line, aisles further away.

When boarding is called, passengers stand in the line for their row, and sorted internally as noted, so window seats go first. Then just empty the line into the plane. Being out of place in the line will be very obvious on the plane. If people line up over their row number, you'll never wait while people load their stuff to get to your row, unless you're late for the boarding call -- which few people are today due to crazy security rules.

You hae to decide if premium frequent flyers and "people needing extra time" should go first or not as they do now. My view is that the pre-boarding needs are minimal, and that even a slow child or senior will be better placed with their row than pre-boarding, but pre-board can still be allowed. I also think the frequent flyers would rather have a plane that boards and leaves quickly than get on first, except for one issue -- overhead storage. However, even if you let us get on first, doing this for the rest of the passengers still will streamline things.

You could also just print a series of numbers on the carpet. People would be given a card with their number and expected to stand by it, showing the card. The cards can have a clear colour code making it impossible to hide which group of 12 you are in. In this case, you can assign low numbers to 1st class, pre-boarders and frequent flyers, and just sequence up by seat otherwise. Again, zip on the plane almost as fast as leaving it. That means boarding closer to take-off, and faster turnaround, which is good for everybody.

Offshore patient monitoring

As you might guess from the prior entry, somebody I know recently had an ICU visit. The hospital had to cut back staff, laying off nurses' aides and hiring some extra nurses, then making them do the former work of the nurses aides (changing sheets etc) because of regulations forcing them to have a higher ratio of patients to nurses. So, more nurses per patient but the nurses end up doing less actual nursing per patient because they are doing the work the aides did. Clever, no?

Anyway, to add fuel to the offshore outsourcing debate, I wondered how practical it would be to outsource patient watching. A trained nurse in a lower-income area, possibly on the other side of the world, would watch a patient via a live video feed and data feeds of all the instruments. If they see a problem, they would send an alert to a physically present nurse or doctor. They could see and talk to the patient, if the patient is responsive.

Since the bandwidth would be expensive for this, I imagine a lower-res video for real-time, though still good enough to see important things with remote pan and zoom control. However, on-demand they could jump up the bandwidth during an event. They would also be able to send a command to replay something they saw in full-resolution, with some delay.

To do this the local recorder would record the full resolution video, even HDTV, and keep it for an hour on a hard disk. It woudl transmit a lower-res version live. Since most hospital beds are static scenes this would compress well. Motion, instead of causing artifacts would just call for more bandwidth from the total pool. However, when the watcher says, "let me see the last 10 seconds" the patient's recorder would re-transmit it in full HDTV if necessary.

But the main point is the overseas workers might be so cost effective that you can have near full-time monitoring of a patient by a skilled professional. In many hospitals and nursing homes, the staff might visit only once every few hours, perhaps every 15 minutes at best. You can die in 15 minutes.

Of course it's spooky from a privacy standpoint to be watched all the time, this would not be for everybody. And better instrumentation that's non-intrusive and can detect emergency events quickly would be even better. Though nothing will do as well as a trained person right now. This might also allow more effective home care, though of course in that case it might be too long before an ambulence arrives if an emergency is seen on the monitor. And you had better hope your internet connection does not go down.

Still, there's a lot to say for home care, considering just how many people die or suffer greatly due to hospital-caught infections. As I noted earlier, they are the 4th leading cause of death.

Cheaper beds to move patients

A lot of patients sit in hospitals unable to move, and as such they develop tremendous bedsores and other problems. My grandmother lost a leg to this (and the resulting hospital-caught infection) many years ago. (Hospital-caught infection is the 4th largest cause of death in the USA, after heart disease, cancer and stroke.)

Today I saw one answer, a fancy bed that uses inflatable chambers in the bed to adjust the patient. Seems like a good plan, but the kicker is the bed costs $1000/day to rent. This bed is good in an ICU with a patient hooked up to tons of tubes and wires, but for the more stable stroke and paralysis patient, it seems there could be something much cheaper.

What about a U shaped bed with curved side walls that simply sits on a track with a geared motor that can rotate it left and right to flip a patient over? The U sides could be lowered by the hospital staff to remove the patient from the bed, though in fact the motor might also be able to turn the bed to roll the patient onto a gurney for transport.

Also handy would be cushions on a conveyer belt. Such patients, and I have known several, often move down the bed if the back is tilted up for them, and they have to be lifted and moved back up. This could also help. For many patients it could all be under their control, with safeguards of course to avoid going too far.

The value of being moved is well known, the problem is how to make it cheap enough so that all these patients can have it. Perhaps the inflatable concept can be made cheaper. Typical airbeds aren't that expensive and the principles are similar. Does being "medical grade" really jump the cost of the bed to $300,000?

How can the US have been a player in new Iraqi constitution?

The new constitution of Iraq says:

Article 7.

A) Islam is the official religion of the State and is to be considered a source of legislation. No law that contradicts the universally agreed tenets of Islam, the principles of democracy, or the rights cited in Chapter Two of this Law may be enacted during the transitional period. This Law respects the Islamic identity of the majority of the Iraqi people and guarantees the full religious rights of all individuals to freedom of religious belief and practice.

This constitution was signed by Iraqis, but can anybody doubt that the USA played a large role in bringing it to be, a role beyond toppling the Saddam government?

How can this be legal. No agents of the USA are permitted to take actions respecting the establishment of any religion. The 1st amendment does not just say "In the united states." I would say that US agents must play no role in creating foreign governments which have established churches.

The Iraqis, on their own and soverign, may decide to have an official religion. But they are not on their own here. I have no doubt it was Iraqi desires which led to the introduction of this article, and that the US probably didn't want it.

But the US is required to not just not want it. They are constitutionally forbidden from playing any part in it, I would say. Besides, the whole point of the 1st amendement is it doesn't matter what even the majority of individuals want with regards to religion, they are not to be given their way. It doesn't just say "in the USA." No agents of congress, including the military, may engage in this.

Of course, all this means is somebody could sue in US court that the US government violated the 1st amendemnt. It's not clear what remedy could be granted them.

Political action in anger

The recent attacks in spain appear to have affected the outcome of the election. Some say the voters rejected the pro-US stand of the former government. Others say they rejected the botched handling of the early investigation. Whatever reason, it seems the terrorist attacks altered the election, since the government was considered fairly solid before, and experienced quite the upset.

This, and the PATRIOT act in the USA convince me that to defend against the emotional response we all feel to terrorism (that being its goal) we should consider constitutional amendments to limit political action in times of great anger and emotion.

This amendment would first set to declare a major violent event -- a terrorist attack, or the start or major escalation of war hostilities within the country. The supreme court would get to declare when such an event had taken place.

Then the following rules would apply:

a) Should the event take place within one week of an election, said election shall be delayed by 2 weeks, such delay to be done no more than twice.

b) Any law passed by congress within 30 days of the event which significantly relates to the event, including any law relating to expansion of police or military powers shall remain in force for no more than 6 months. After 5 months congress may elect to renew or redraft the law.

More on generic domains, and poli-spam

There has been some discussion of the generic domain proposal on slashdot (alas mostly incorrect because they didn't read the underlying essays.) The posting here was also posted on
CircleID
a DNS discussion site, and there are multiple comments.

As noted, my blog entry was primarily a summary of views related to the proposal of yet another generic TLD. Mistakenly I gave the .yahoo example making some people think I was proposing just giving TLDs to big companies, which is the exact opposite of the proposal. Those who wish to comment should see actual proposal to break up ICANN to see where I'm coming from.

Additional not on Political Spam: John Gilmore wondered if it might be unconstitutional to limit the number of E-mails each candidate got to send to the voters in their district. I doubt that's true, but it turns out it's not needed. If voters have easy opt-out links and an opt-out web site, candidates that overwhelm voters with messages would quickly be unsubscribed to, losing their chance to get their message out closer to the election.

It's also not necessary to provide email for ballot propositions. They are not really in need of campaign finance reform in the same way. Those who donate to a proposition do so only to help it win. They may have ulterior motives for that, but they are not doing it to get influence with a candidate later on other issues, which is the CFR problem.

Otherwise doing ballot propositions seems harder, since it is hard to see who would be the "official" opponent (though election books seem to do something here.) Everybody deserves a say, but open mail lists clearly would not work.

New mobile domain another bad idea

You may have seen a new proposal for a "mobile" top-level domain name for use by something called "mobile users" whatever they are. (The domain will not actually be named .mobile, rumours are they are hoping for a coveted one-letter TLD like .m "to make it easier to type on a mobile phone.)

Centuries ago, as trademark law began its evolution, we learned one pretty strong rule about building rules for a name system for commerce, and even for non-commerce.

Nobody should be given ownership of generic terms. Nobody should have ownership rights in a generic word like "apple" -- not Apple Computer, not Apple Records, not the Washington State Apple Growers, not a man named John Apple.

Rather, generics must be shared. Ownership rights can accrue to them only in specific contexts that are not generic. Because the word "Apple" has no generic meaning when it comes to computers, we allow a company to get rights in that name when applied to computers. A different company has those rights when it applies to records. More than this, different parties could own the same term with the same context in two different cities. There is probably a "China Delight" restaurant in your town.

We hammered out the rules to manage such naming systems literally over centuries, with many laws and zillions of court cases.

Then, when DNS came along we (and I include myself since I endorsed it at the time) threw it all away. We said, when it came to naming on the internet, we would create generic top level domains, and let people own generic names within them.

Thus, "com" for commerce has within it "drugstore.com." Centuries of law establshed nobody could own the generic word "drugstore" but when it comes to names used on the internet, we reversed that. No wonder that company paid near a million for that domain as I recall, and at the record, the inflated number of 7.5 million was paid for business.com

The old TLDs have that mistake built into them. On the internet, we are the only EFF organization because we were first. Nobody else can be that.

The new TLDs continue that trend. Be it .museum, which allows one body to control the generic word museum, or a new proposal for .mobile.

Because of this, people fight over the names, pay huge sums, sue and insist only one name is right for them.

I maintain that the only way to get a competitive innovative space is to slowly get rid of the generics and allow a competitive space of branded TLDs for resale. .yahoo, .dunn, .yellowpages, .google, .wipo, and a hundred other branded resellers competing on on even footing to create value in their brand and win customers with innovative designs, better service, lower prices and all the usual things. I presume .wipo would offer trademark holders powerful protections within their domain. Let them. Perhaps .braddomains would, when you bought a domain, give you every possible typo and homonym for your domain so people who hear it on the radio won't get it wrong typing it in. Perhaps .centraal (former, non-generic name of the now defunct "RealNames" company) would follow their keyword rules. I know .frankston would offer permanent numeric IDs to all. Let them all innovate, let them all compete.

We're nowhere near this system, but I didn't just make up the idea of not owning generics. I think centuries of experience shows it is the best way to go. I wrote this today in response to the .mobile proposal, but you can also find much more on the ideas in my site of DNS essays including this plan to break up ICANN, and essays on generics and also the goals we have for a domain system

Political Spam == Campaign Finance Reform?

I’ve maintained for some time that while most spam is commercial, whether something is spam is not dependent on it being commercial. Charity spam, religious spam and political spam are just as bothersome as Viagra spam.

However, fellow EFFer Larry Lessig challenged me on this by asking whether we might want to allow political spam. Spam is super-cheap to send (that’s one reason it’s a problem) but as a very cheap form of advertising it could be an equalizer when it comes to campaign expenses, since a candidate would low-funding could spam almost as well as one with boatloads of special interest money. That’s unlike TV advertising, where the better funded candidate wins the game.

I have to admit that the current way elections are funded and political influence is bought and sold is a much more important problem than spam, so this is a question worth looking at.

Of course, it would be stupid for a politician to spam, even though they have exempted themselves from the spam laws. Spam generates such ill will (appropriately too) that I think a spam campaign from a candidate would backfire. Plus, I really don’t like the idea of regulating spam based on what it says — If it says one thing it’s banned, if it says another it’s OK.

But is there a germ of something worthwhile in here? What if the election officials managed the mailing list and voters had to be on it, for example.  read more »

On Nader running and third parties

I've been reading a number of pieces, both before and after, on the evil of Ralph Nader running for office. The arguments for the harm that could come to Nader's cause if
he "spoils" the election are possibly quite valid. I doubt Nader is
unaware of them; perhaps is he more aware of them than anybody.

But I continue to find great dismay in those who tell him not to
run. Perhaps it is my perspective as a non-citizen of this fine
country, since in my country, and many others, strong third parties
are common, and it is common for them to change the outcome of
an election.

The argument to Nader seems to say, "You should not run because you
might make a difference." In this case a difference other than the
one he wants to make.

But with this philosophy, that third voices may only be heard in
U.S. politics when hearing them won't actually make a difference, the
U.S. will never hear more than 2 voices, and indeed 2 similar voices.
(There was a nice paper on Dave's mailing list not too long ago which
demonstrated how a 2 party system pushes both candidates to the middle.)

Exercise your political will, you tell Nader, only when it can make
no difference. If you ever get popular enough to actually alter the course of
an election, back off.  read more »

Undefeatable commercial elimination

I've written elsewhere about the doom of the TV commercial, and as you may know, we represented Replay TV owners in their fight to not be declared lawbreakers for skipping commercials..

Commercial skipping tools have existed for some time, my old VCR has a complex automatic commercial advance. DVR makers have been scared against doing it for a while it seems.

However, an algorithm exists that makes it a fight they can't win. While networks can try to fool automated commercial skipping algorithms, they can't fool large numbers of live people.

One could build a commercial skip (or general "boring parts skipper") in PVRs by having the first party to watch a show be required to manually fast forward over the boring parts. As more and more people do this, patterns will emerge. Combined with automated algorithms looking for the usual (fades to black, standard time periods, changes in sound patterns) it would be possible to get a very accurate measure of where the commercials and other boring parts in a show are. So accurate you could even delete them from disk, though there isn't a great need to do that.

Of course, you would need to use only people without a reputation for dishonesty. If one person's skippings don't match the others, or they do this a lot, don't use them. You could also do collaborative filtering techniques, to see people who skip what you do, or who even pause to watch certain ads (like movie trailers) as you do.

This could apply to not just shows with commercials, but other shows with boring parts. Pauses in sporting events. Boring speeches in award shows and political press conferences. Sharing your skipping with people of similar tastes could cause on-the-fly personal edits of shows ready within an hour or two of airing.

Sometimes you would want to watch first and you become the editor. Most of the time you would just be the beneficiary. If you don't like the editing one group of people are doing, you could switch to another.

Exercise bike that makes you exercise

Everybody knows one of the big problems with exercise machines is they end up as clothesracks. I've seen this literally happen. A lot of people put their machine in front of the TV to make them use it, for a while we even had no couch.

Here's an invention to create an exercise machine you'll really use, if you watch TV. The machine, or a device attached to it, would be programmed to constantly broadcast a recorded infrared signal trained from your remote. This code would be one that would interfere with watching TV. For example, volume-mute or channel-up, or a digit. Whatever you want to train it to. (Off doesn't work as that also turns the TV on.)

However, once you get on the machine and start using it, it stops sending this code, and you can watch TV. Once you have done your exercise quota, it would stop sending the muck-up code until you are next due to exercise, whatever your schedule is.

To stop you from just covering the transmitter with clothing (remember the clothesrack?) it would also need to have a receiver some distance away which gets upset and chirps annoyingly if it can't see the regular ping from the transmitter.

Others in the house not on a regimen could enter a code on the remote to temporarily disable the system when they want to watch. If 2 or more people had a regimen, they would have to enter which person they were to activate their disabling code. That gets a bit messy but it can be done.  read more »

Fantasy a risk in moviemaking?

At the Oscars last night (which were pretty boring, with one nice joke featuring Billy Crystal camcordering a new movie) Peter Jackson thanked the Studios for having the courage to back a big fantasy epic like the Lord of the Rings.

But a look at IMDB's list of all-time movie revenues reveals something else. Of the top 25 grossing movies of all time, how many were science fiction and fantasy?

23 of them. Only Titanic (at #1) and Forrest Gump were not. So with that record, how hard should it have been to pitch the generally regarded top fantasy book in history (not counting the Bible) for big box office. Yes, the prior two animated productions had been poor performers, but with modern moviemaking techniques, and skilled people, this was not a risky proposition.

(Yes, the list is in current dollars, which heavily biases towards recent films. Even the constant dollar list is heavily loaded with fantasy and science fiction.)

And the next 25 are heavily loaded that way too.

Down with P2P software that isn't P2P

No surprise that after the RIAA started filing lawsuits against people they allege were distributing lots of copyrighted files, a movement has sprung up to build filesharing networks where the user hosting data can't be traced so easily.

Today, on Kazaa, all they need to do is try to find a file, look at what a user is sharing and try to download it. That gives them the IP address of the party in question.

The suits will push people into systems that don't make that information easily available. One common design being pushed involves removing the peer to peer aspect that made these systems so efficient and capable of distributing files. Namely the connections are no longer direct, the data flows between one or more intermediaries.

In this case, they can request a file but the data will come from an intermediary. Since that intermediary won't log what they pass on (they are just a router) you would have to have a live wiretap on the intermediary to find where the data came from, and that may be another intermediary. You would need live wiretaps on half the net to actually track somebody. The intermediaries have no idea what data they are routing, and are no more guilty of copyright infringement than UUNET is for owning routers.

But this is of course terribly inefficient, especially since the intermediaries are mostly at network endpoints.

There are designs which protect the privacy of users, but don't let the RIAA sue the hosting system. One was the Mojo Nation project, which died, but has spun off technologies like HiveCache and MNet.

In Mojo Nation, files were broken up into many blocks, with some redundancy. For example a file might have 8 different component blocks, any 4 of which can resassemble the file. Those 8 blocks would themselves be replicated all over the net. You could find out what IP sent you a block, but the owner of that IP address would not have any idea what was in it, it's just an encrypted black box to them, so they are not liable. At best you could order them to delete the block after showing that it's part of a copyrighted file using a DMCA takedown. But it's not practical to do.

At least it's P2P. It's sad that the RIAA's crusade will cause people to modify P2P networks into non-P2P, and gain the RIAA nothing.

Big Brother Tivo

Each year when Tivo reminds people they gather anonymized viewing data on Tivo usage by reporting superbowl stats, a debate arises. A common view is that it's OK because they go to a lot of work (which indeed they do) to strip the data of the identity of the user.

As noted, I've read Tivo's reports and talked to Tivo's programmers, and they did work hard to try to keep the data secure and anonymised.

So why worry? A number of principles are at stake. Privacy is an
unusual issue. You only care about privacy invasions _after_ your
privacy is violated. To avoid invasions some people have to be a
little paranoid, and justifiably argue against building the infrastructure
of a massive surveillance system, even if the people who build it
have good intentions. They might not always run it.

This is not simply an Orwellian fear of the TV watching you (though that
does play a part.) Recently, Studios sued SonicBlue over the Replay TV,
a competitor to Tivo. To gather data, they sought a court order for
Replay to modify their code to monitor their users to gather data for
the court. Replay doesn't do even the anonymous monitoring Tivo does.
There was great outcry, and the order was reversed. Sadly, that's a
lesson that will cause the next such order to be done in secret.

And unfortunately, Tivo has done 90% of the work needed to allow such
an order to be easy. Yes, they anonymize the data, but they do it
by choice, not natural law. They can undo that choice, either because
they change their minds, or a court or police agency changes their minds
for them.

How paranoid is it to be worried about something that is not just
hypothetical, but has already taken place at least once?  read more »

Syndicate content