Google Subpoena is the tip of the iceberg

Google is currently fighting a subpoena from the DoJ for their search logs. The DoJ experts in the COPA online porn case want to mine Google’s logs, not for anybody’s data in particular, but because they are such a great repository of statistics on internet activity. Google is fighting hard as they should. Apparently several Google competitors caved in.

These logs are a treasure trove of information, just as the DoJ experts say they are. No wonder they want them. They are particularly valuable to Google, of course, so much so that they have resisted all calls to wipe them or anonymize them. In fact, Google has built a fancy system with its own custom computer language to do massively parallel computing to let it gather statistics from this giant pool of data.

The DoJ and the companies that didn’t fight the order insist there is no personally identifiable information in these logs, but that’s certainly not true of the source logs. Even if you remove the Google account cookie that is now sent with most people’s queries, the IP address is recorded. I have a static IP address myself on my DSL. It’s always the same, and so it would be easy to extract all my searches, which include some pretty confidential stuff, things like me entering the names of medicines I have been prescribed. (It even includes me searching for “Kiddie Porn” because I wanted to see if any adwords would be presented on such a search. There were not, in case you are wondering.) Yahoo and MSN state the IP address and other information was stripped from what they handed over.

Static IPs are the norm for corporations and more savvy internet users, but while most DSL and cable users have a dynamic IP, it isn’t really very dynamic. If you have a home gateway box or computer that is on all the time, it changes very infrequently, in some cases, never. All your activity can be linked back to you through that address. Only dial-up users can expect any anonymity from their dynamic IP, and even then ISPs keep logs for some period of time which connect dynamic IPs and accounts.

But there is something far more frightening about this collection of data. I hope Google wins its fight over this data, because the DoJ really has no business forcing a private company to help them with their statistics problems.

But what about when a subpoena comes about an individual? Imagine you are under investigation for something, or just in a frivolous lawsuit or even a messy divorce. You can bet lawyers are going to want to say, for those with mostly-static IPs, “I want the search records for this IP, or this cookie.” And it’s going to be a lot harder for search engines to turn down those requests, because they will be specific and will relate to the data the search companies are holding on all of us.

One way to hold the lawyers back will be to make it expensive. But how long will it remain expensive? After a few requests, the software to pull the records will exist, and it will not be possible to claim it’s more expensive than the data mining Google already does for itself, to improve its own business.

Now, before it seems like I am ragging on Google here, let’s not forget that Google’s competition — AOL, Yahoo and MSN — hasn’t been even so good as to fight this first salvo. Yahoo has a whole department to comply with legal requests for their records, and famously handed over the ID of a journalist who sent an E-mail that has landed him in a Chinese jail. When it comes to intent, Google has indeed been the “do the least evil” company here.

But with court orders, intent matters not. This pool of data is an “attractive nuisance.” In the end, I think Google will realize it has to start anonymizing this data to the point that it can respond to requests with “we don’t have that information.” Doing so will erase information that can be valuable to Google’s business. It will come at a cost to them. Worse, the cost can’t be predicted because they will lose the ability to learn new things they haven’t even realized they want to learn about how people use their tools. But in the end, it’s the only choice, both to keep their subpoena costs down, and to make users comfortable with searching.

Perhaps these logs were handed over without IPs or user names. But what if somebody browses them and sees queries on things like kiddie porn or white house security or how to build a nuclear bomb? Could that be sufficient cause for a further order to get the identifying information associated with that query?

In the meantime, if you feel motivated to foolishly search for things that could be misinterpreted, as I did, may I recommend you do so through Tor, the anonymizing proxy. (The EFF provided significant financial support to the development of Tor.) Tor bounces your web requests through a series of randomly chosen servers, all encrypted, so nobody can trace back your requests to you. Be sure not to login when using it, though!

Wanted -- a system to anonymously test the support of radical ideas

How often does it happen? There’s an important idea or action which is controversial. The bravest come out in support of it early, but others are wary. Will support for this idea hurt them in other circles? Is the idea against the “party line” of some group they belong to, even though a sizeable number of the group actually support it? How can you tell.

What the world needs is a way that people can register their support for something anonymously and learn how many other members of their group also secretly support it — but not who. However, once the support reaches a certain threshold, their support would become public. And not just public, but an actual binding committment to the support.

For example, Republicans may oppose the war, or the wiretapping, but are afraid to say so, even among their closer associates. What if really a lot of people feel that way, but nobody speaks up?

Now, obviously, you can do this with a trusted web site where people register and then can vote on issues. But you have to really, really trust the web site, because some of the positions such a system is designed to record are ones that could get you branded a traitor to the group. For issues like war, no web site could be trusted.

So can it be done cryptographically? Is there a way to do this in a public space? I think that with the use of things like Chaum’s blinding algorithms, and fragmented keys (So that a secret message can be decoded in the presence of N of M key fragments, but no fewer than N) it would be possible to create a club, give everybody fragments of everybody else’s key for a given message, and thus arrange that only after at least N votes of support arrive, everybody can decrypt the identities of the supporters. But it’s a bit messy, and might require new generation of keys for every question and various other complex logistics.

There is a particular danger as well. Opponents of a proposition might well pretend to be supporters, in order to bump the support number above the threshold and reveal who the “traitors” are. The opponents would make sure to record that their support was fake in some notarized location so they can renounce it when the names are revealed.

As such, in a governing body, it would be necessary to make the measures of support non-repudiable, which is to say they would be binding votes.

Say you wanted to have a vote to legalize gay marriage. There might be lawmakers who would support it, but could not do so publicly while it’s likely to lose. However, once it is assured to pass, they would accept making their support public — as is necessary in an open legislature. People would see the tally go up, and once it hit a majority the vote would pass. This stops people from pretending to support something just to unmask the real supporters.

Of course none of this prevents regular open support or opposition on things. Would the temporary secrecy cause risks due to some temporarily reduced transparency? And of course on failed propositions, the transparency would be permanent. (Or perhaps permanent until the person leaves office or dies or whatever.) Would it be good or bad that we knew that 30% of the house would vote to ban abortion if they could win, without knowing who they were?

On the two-tier internet

Of late there’s been talk of ISPs somehow “charging” media-over-IP providers (such as Google video) for access to “their” pipes. This is hard to make sense of, since when I download a video from a site, I am doing it over my pipe, which I have bought from my ISP, subject to the contract that I have with it. Google is sending the data over their pipe, which they bought to connect to the central peering points and to my ISP. However, companies like BellSouth, afraid that voice and video will be delivered to their customers in competition with their own offerings, want to do something to stop it.

To get around rules about content neutrality on the network that ILEC based ISPs are subject to, they now propose this as a QOS issue. That there will be two tiers, one fast enough for premium video, and one not fast enough.

Today I’ve seen comments from Jeff Pulver and Ed Felten on possible consequences of such efforts. However, I think both directions miss something… (read on)  read more »

Press fedora with built-in flash

A really geeky idea: A fedora (common hat of the classic press photographer's uniform) or other hat with a built in remote controlled flash unit in it.

As photographers know, on-camera flash sucks. You get no shadows, and the people look like washed out deer caught in the headlights. If the flash is really close to the lens as it is in small point and shoot cameras, you get red-eye. The best is to do bounce flash where you can, off the ceiling, or in the studio off umbrellas or through softboxes. Most importantly, the flash is not at the camera. It's typically 20-40 degrees away, and also elevated.

You can't have that walking around without a lovely assistant holding a slave flash. Many pro photographers buy an "L" shaped arm which puts the flash about a foot from the camera, usually above and to the right. If you can't have that you have a hotshoe mounted flash on top of your camera.

I'm suggesting some style of hat you can mount a flash in. This would not be perfect, in fact it would be only a little bit higher than a hotshoe flash. And it would be above your eyes, not off to the side like it should be. It would be controlled by IR, or even better, RF. (I don't know why they don't work out a standard protocol for flash control over IR or RF and just put a transmitter in every camera made, since such circuits, especially IR LEDs, are super cheap.)

In particular, with live preview digital cameras, you can hold the camera away from your eyes. So even though the flash is 8" above your eyes, the cameras can be off to the right, or down low, for better lighting. Of course be sure to have head facing the subject even though your eyes are looking at the camera.

The hat-mounted flash would make the camera less unweildy compared to a big hotshoe mounted one. The batteries and circuits would be inside the hat of course. You could also place the flashtube itself out ont he rim of the hat for more distance, though it would not be so unobtrusive as a hat with a small clear panel at the front. Though you need height -- light from below looks creepy, of course.

Combining traffic light control and wireless mesh networking

Here's an idea I had years ago and tried to promote to some of the earliest wireless companies, such as Metricom, without success. I just posted it on Dave Farber's IP list, so I should write it up again for my own blog...

The idea is a win-win situation for wireless service and municipalities. Combine wireless data service with traffic light control. Offer a wireless mesh company the use of a city's traffic light poles -- which provide a nice high spot at every major intersection in town, with power available -- in exchange for using that network for traffic control. Indeed, I think this space is so valuable to the wireless companies that they should probably buy traffic control software and offer it free to the cities.

The bandwidth for light control is of course trivial. One could also support traffic cams (though hopefully not universal surveillance cams) to help provide dynamic adjustments to the traffic system.

Today, full-bore automatic traffic lights are expensive -- $150,000 in many cases. That's because of the need to bring in safety-equipment grade power, and to dig up the road to lay down vehicle sensors,
as well as data of course. That's changing. New lights use LEDs and thus a fair bit less power. (Some cities have realized that the LED switch pays for itself very quickly.) I think car sensor tech is changing too, and especially with a large market, either LIDAR or CCD cameras with automatic recognition should be capable of good traffic detection without digging up the road.

So it's a win all around. Cities get better traffic flow (and less gas is burned) and wireless networks sprout everywhere to compete with the monopoly cable/ILEC crew.

For places where a full street light is too expensive, I have also suggested the [wireless brokered 4-way stop](/archives/000118.html) as an alternative.

Boy SBC/ATT online ordering, do you ever suck

Can giant companies, especially monopolies, ever get it right? Listen to this litany of the efforts to move my phone service, and get DSL.

  1. SBC offers rebate of the $35 install fee if you order your service transfer online. Great.
  2. First attempts to do it fail. When it says I can’t do this, it gives me an 800 number to dial to make the trasnfer. Number asks me which state I am in, and offers a choice of Texas, Oklahoma and a few other Southern states. Press 0, eventually get to agent who says, “You’re in California, I can’t help you.”
  3. Try to call California customer service. Long IVR and long wait. Have no idea who to ask to fix web problem.
  4. Email online customer service. A few days later I get a canned meaningles response, as is so common with online customer service these days.
  5. Notice there is a $100 gift card offer if you sign up for DSL online. That’s great, since at the 6 month promo price, you can effectively get DSL free for 6 months if you want it.
  6. Promo notice says terms of $100 gift card can be found at This URL just redirects to the AT&T home page. Mucked up in the merge. Nobody knows who to tell to ask to fix it. Did email customer service, never heard back. Nobody at the live agent desk knows the terms of the online promotion of course.
  7. Phone customer service says they can take my order, but will charge me $35. I should have accepted that then and there!
  8. Instead I try online transfer again. Now it lets me in. But it can’t find “23rd avenue” in their database. I try many permutations
  9. Eventually call agent again. Long, long wait again. Agent says, “Oh, we spell it ‘23D avenue’” — gee, that’s obvious.
  10. Yes, I order the transfer to address on 23D avenue. That works. It asks if I want DSL too.
  11. Note that while I am moving the phone, I am not changing the billing address which was always a different location. I have to re-enter my billing address.
  12. I order DSL. It asks for new phone number and account code. It says order is taken, but account code was incorrect. I’m presuming that’s because there’s a new phone number. Says somebody will contact me in 48 hours to verify account code.
  13. No sign of DSL order. I phone. They say no sign of order, and can’t place order on phone number yet to be installed. I phone again, they confirm account code is the same for me with the new number as with the old.
  14. Still no sign of DSL order. Promoted to smarter agent. Smarter agent says DSL order was “dropped” due to some problem, possibly not being able to find new target address. (Though it says 23D on the order.) Can’t place order. Old number at the location does not match the address. Some other disconnected number is also ringing the phone at the new location!
  15. Transfer to yet smarter agent. 10 minute wait. I explain I want the gift card, but deadline for ordering is the 15th. Other agents have now said I can’t order until I get dial tone, which is the 18th.
  16. Smarter agent says she can place the order for me even though there is no dial tone. However, won’t get $100 gift card. Puts note in file about how order was dropped due to their error so if I am crazy enough, I can call to try and get it.
  17. In theory order is now in place, but for another week after I get dial tone. So no DSL for a while.

Who knows how many hours of time wasted in all this? I would not have SBC at all if not for the fact you must get SBC voice to get DSL at a good price, and it is a good backup if you do have a VoIP failure in any event.

Curses on you, bluetooth

Well, I am going to get a bluetooth cell phone shortly and so I got a headset and dongle to use on my laptop, where I also make VoIP calls.

I was shocked, flabbergasted to find that the bluetooth headset profile only transmits audio at telephone quality 8khz sampling rate. So even plugged into my laptop for hifi (didn't think I
would ever need to use that term again) recording, it sounds like a telephone, and likewise for

Why? Why? Why?

This makes all the typical bluetooth headsets a terrible choice for Skype or other hifi voip, no good as voice recorders, terrible for listening to ordinary quality audio and effectively useless for anything but toll-quality phone calls.

It would have been so simple to have allowed the headset profile to support higher quality, or to simply have it always do high quality and let the cell phones do the trivial downsampling. I realize that an earpiece is not going to provide headphone quality but there's no reason it should always sound like crap.

Bluetooth includes a "headphone" profile that does CD quality digital audio, and that profile can in theory have microphone to make a hifi headset, but that's not what everybody is buying these days, so no point in making sofware products (such as VoIP tools) that use a bluetooth headset and want higher quality.

Perhaps a few years down the road it will be common to have headphone profile headsets but we are now a long way away from this.

What a stupid mistake. Sorry, but I just have to rant.

Reinventing the phone call -- demos for team members for re-startup this week

This week I will be doing some demos of Voxable, my system that combines VoIP, presence and all sorts of cool stuff I won’t be writing about in the public blog to create a new user interface for the phone that is both as modern and internet as it can get while also being a reflection of the ancient interface for the phone that was lost.

This project underwent development a couple of years ago, but was put on hold after investment in telecom became a dirty word. Suddenly, with the $3 billion purchase of Skype, the excitement about a Vonage IPO and other hot deals, new tech in telecom is attracting investor attention. I have the software (not shippable) but to get funding I need to expand the team. I’m seeking hotshot programmers. (the current work is in Java, the web interfaces will be in javascript/ajax, and the windows client is in C++/win32 but truth is, if you’re the type of programmer I like, the language isn’t crucial.) Later I’ll be seeking other folks in marketing and bizdev when there is significant work for them to do.

Anyway, if this space interests you, contact me ( to try to attend one of the demos. They will be Wednesday the 11th in Sunnyvale, CA at 1:30 pm and Thursday the 12th in the financial district of San Francisco, 1pm. For the right folks, and for potential investors, demos can be arranged at other times, even remotely. (Though I tend to reserve telecommuting to those I’ve worked with and know have the discipline for it.) This is pre-funding startup mode — which means working or moonlighting for lottery tickets (options) with at most survival salary — until the funding arrives. People I know are Ok with frieNDA, for strangers a two paragraph written NDA will be appreciated. Coders should send me an ASCII resume in advance.

While most of the action in new telephony up to now has been in the “how” and “what” — infrastructure and PSTN replacements, I believe the user experience is where the value will truly lie. And he who owns the user experience will own the user, something a lot of companies are very keen to do in the telecom world. That’s why I’ve invested and coded in this area and why you might be too.

As blog readers will know, I’ve been in the innovation seat before, beginning as the first employee of the first major PC applications software company (VisiCorp), then creating many innovative and award winning programming tools, then founding the world’s first dot-com (ClariNet) and next there will be Voxable.

Demand junk mail by PDF

Who could possibly imagine wanting spam? Well, I just read that in the USA, 100 million trees are felled every year for junk mail. 28 billion gallons of water used to process the paper. And 350 million dollars spent to throw it out. That doesn't include I presume the other costs, including postage and wasted time, this is just the paper part of it.

So I started musing. What if the USPS started making some new rules for bulk mail rates. In particular, that if you want to do bulk mail, you must either use a bonded mailing house, or a special service provided by the post office to which you provide your mailing list. And you MUST provide a PDF or other electronic form of your mailing, with formats for the stupid customizations that they do to mailings. This would simply be the new rule for the bulk pieces.

And then, any household or other address could say, "Give me my bulk mailings in electronic form."
Or possibly fine grain it by sender ID, so that if you want a certain set of senders to be on paper you can specify that, and all others come electronic.

Of course they don't come to your regular mailbox unless you ask. They go to a special mailbox of your choice, perhaps an extra you have or one run by the USPS. Perhaps you go to the USPS web site to see your junk mailings.

All sounds great but of course there are some hairy problems. Obviously shippers would not want to pay the full bulk postage for this, nor should they. However, it is not simply because of the fact that no paper is mailed, it's because people will probably not look at these items as much as they look at their paper junk mail. Like it or not, they spend 50 cents to a dollar for a typical paper junk mailing because they make a profit. However, do they make a profit from the people who would say "don't do it."

In Canada, houses can declare "no flyers" on their mailbox. This stops delivery of bulk flyers, but not mail with postage. It's a start.

The reason the bonded mail houses are needed is that the mailers must not get to learn who is getting PDF and who is getting paper, just how many there are of each. So they provide only that many paper pieces and pay full postage for those, and a minimal postage for the electronic ones. Not zero -- it is the zero cost that enables spam, after all. With a few cents of cost you still think about the cost of what you are mailing. There is a risk some marketers would want to mail only the electronic customers, and then mail far more stuff since the cost would be a few cents vs. a dollar.

The DMA lobby would probably go nuts fighting this plan, though some of them might love it, since the electronic versions, if looked at, would save a ton of money. And eventually they would just try to get people on "permission marketing" opt-in commercial mail lists, and bypass the postal service and its costs.

So I'm probably dreaming. But it always annoys me to see people generate a big document on a computer and print it on paper for me to toss in the garbage, or at most glance at. The times I would glance, I would be happy enough to get it in electronic form. For those who really want their paper junk mail sometimes, they could offer a service where you click on the junk mail items you liked and they are sent to you on paper later.

inflatable sofabed

For many the guest bed has for years been the sofabed. But they are usually terrible beds, with too-thin mattresses that get lumpy. People are moving more towards inflatable beds they put on the floor or a stand. On the floor of course is not comfortable either.

So why not a sofabed with an air mattress inside, a quality one like those found in the higher-end airbeds. Those are quite nice to sleep on, with adjustable firmness. You can't have the thick foam walls, those would have to be inflated, but you could have the foam padding on top. Could auto-inflate with built in pump.

Would be a good idea in RV sofas as well.

New Essay on Autoresponder practices

I wrote earlier this week on the discovery that people were blacklisting sites with email autoresponders. More thought and debate on the issue has led to a number of thoughts over how to solve the issues around autoresponders, in particular the concern that they will respond to messages with forged From addresses.

These thoughts have been laid out in this essay on practices for autoresponders which starts off by pointing to RFC3834, and goes further in a world where people might want to blacklist sites just for autoresponding.

The RFC specfies a way for an autoreponse to be reliabily identified as such. Those who are blacklisting or filtering autoresponders can use this so that if they are going to go about blacklisting a site for running an autoresponder (as is required in the SMTP spec) that they only blacklist further autoresponses, and not ordinary mail from the same server. While some blacklisters, unfortunately, have a capricious disregard for the consequences of their actions, most of them agree that they should wish to block as little legitimate, desired mail as possible, ideally zero, so techniques which can make this happen deserve their attention.

There are many other techniques outlined in my essay on challenge-response best practices which are still not followed (admittedly in a few cases even by my own code, since I never put it into public distribution.) These techniques make C/R not only workable, but I believe a must in any good anti-spam system. If somebody’s anti-spam system is going to block my mail, I want the ability to know about it and reverse that decision by proving I’m not a robot. While it is annoying to have to respond to a challenge, if the alternative is not having your mail read, most people would take the challenge — if it was really necessary. C/R systems allow systems to have no false positives, at least for non-anonymous mailers, and that should be the goal for everybody.

Why can't a gas tank feed from both sides?

We risked running low on fuel today, and saw the car sputter briefly while going up a hill. Made it to the gas station fine, in fact with a gallon to spare, it seems.

I presume the gas lines in this car drain from one low spot in the gas tank, but when it's on a slope and very low, there's no fuel there. Why can't we have a series of drains at both back and front (and even all 4 corner points.) It would have to go down from there to stop air getting into the fuel line from the exposed fuel outlet, which may be the reason this isn't done, since the tank is usually down low for various good reasons. Could a smart valve allow for any hose exposed to air to close so that air doesn't get in the line?

I guess stalling going up a hill might not be the end of the world in most places, since you can go down to a flat part and start again, but in a "U" you would be trapped.

Student annotated video of lectures

Today many universities are doing video of their lectures, and making it available on the campus LAN (or older campus cable TV.) In some cases students are not going to class, but many just find it a useful addition.

I suggest an application where students, while watching the lecture, could press keys on their computer synced in timestamp with the video. They don't need to be online, they just need a modestly good clock. Buttons like "This is important, review this for the final." Or even comments like "I already know this" and "I'm lost."

Students might use the timestamps themselves to build a "best of" video of the lectures, since you could not possibly watch all the lectures to review for the exam. The combined votes of students could be merged to produce a consensus vote on the best and worst parts of the lecture.

The professor could even review these things to see where the students are getting lost, what material they think is most valuable etc.

Of course this could also be done with plain audio of the classes but video would show the course materials and blackboards.

Perhaps one student in the class might take it upon herself to edit together a study video for others to use. They could even charge for it if it were really good.

Spamcop blacklists autoresponders

I learned a couple of days ago my mail server got blacklisted by They don’t reveal the reason for it, but it’s likely that I was blacklisted for running an autoresponder, in this case my own custom challenge/response spam filter which is the oldest operating one I know of.

I understand the debate about the merit of C/R spam filters. Like all autoresponders, they can generate unwanted mail when spammers and viruses send mail with a forged From address, and the responder annoys the innocent victim. However, this is a problem common to all autresponders, and unlike the even-more-hated open-relay, it doesn’t magnify the spam problem — there is one possibly annoying response per spam, not hundreds.

I am bothered because I don’t want to see anti-spam advocates fighting other anti-spam methods because they don’t agree with them, or blacklists in general used to punish people you don’t agree with. Spamcop should be fighting spammers, not anti-spammers.

In addition, e-mail autoresponse is an important mail tool. In fact, anti-spammers insist that mailing lists do a confirmed opt-in (also known as double opt-in), generally by autoresponse, before adding a person to a mailing list. When a mail server bounces directly delivered mail it can avoid doing an autoresponse, but if mail comes in through an MX — a vital feature of mail — it requires an autoresponse to bounce it. Vacation programs and many other tools use this ability.

Check to see if your mail system uses as a blacklist. If it does, disable it or switch to something else until they change this policy. Otherwise you won’t receive mail from me, and many others.

Update: My server is no longer blacklisted. I didn’t do anything (other than this blog post and a few complaints to people using the spamcop BL) so perhaps they auto remove. But it could happen again at any time until they change their policy. This is also a nasty DOS attack. Find anybody with any autoresponder, including a bounce of MX’d mail. Send forged mail to it with a From set to a spamtrap address — and they’re blacklisted. Also can be used against any sites that have you enter an E-mail address on a web page and then email that address to confirm you own it — you can get these sites blacklisted trivially. Every web form that can enter an E-mail address is at risk.

Rethinking household/office power, beyond 60hz

I’ve written before about the desire for a new universal dc power standard. Now I want to rethink our systems of household and office power.

These systems range from 100v to 240v, typically at 50 or 60hz. But very little that we plug in these days inherently wants that sort of power. Most of them quickly convert it to something else. DC devices use linear and switched mode power supplies to generate lower voltage DC. Flourescent lights convert to high voltage AC. Incandescent bulbs and heating elements use the voltage directly, but can be designed for any voltage and care little about the frequency. There are a dwindling number of direct 60hz AC motors in use in the home. In the old days clocks counted the cycles but that’s very rare now.

On top of that, most of what we plug in uses only modest power. The most commonly plugged in things in my house are small power supplies using a few watts. Most consumer electronics are using in the 50-200w range. A few items, such as power tools, major appliances, cooking appliances, heatters, vacuum cleaners and hairdryers use the full 1000 to 1800 watts a plug can provide.

So with this in mind, how might we redesign household and office power…  read more »

How much must we keep the obvious from stupid criminals

One particularly interesting argument seen in the Underwatergate scandal is the one that the NYT, by revealing the existence of warrantless wiretaps on international communications lines, compromised national security.

Reporters asked how that can be. After all, surely the bad guys knew the U.S. had the ability to perform surveillance on them, and has a secret intelligence court, and was presumably getting lots of secret warrants to watch them, and was furthermore watching them overseas without being subject to the 4th amendment.

The White House response was effectively, "Well, we're catching some of them with this program. So obviously in spite of the fact that they should know we are listening, they forget, and we learn things." In other words, the bad guys are sometimes stupid, and by bringing a lot of publicity on the surveillance (legal or illegal) we're reminding them not to be stupid.

I've seen this issue talked about before. Many members of the mafia have been caught with wiretaps, saying things on phones that you think they would know are probably tapped. This argument is used to counter the claim that since encrypting communications are readily available (such as in Skype) the smart criminals will not get caught with wiretaps.

Furthermore, in this case, while the White House revealed only minimal details of the program, security experts in blogs and other media around the world engaged in all sorts of informed speculation about what's really going on. While the NYT didn't reveal any technical details, kernels in the discussion almost surely do.

I'm willing to accept that even the smart criminals make mistakes, and get caught this way, and this will continue. So indeed, heavy publicity around the surveillance techniques and issues probably does, as they claim, instruct or remind some bad guys not to use certain communications that could put them at risk for being caught.

The harder question is this: Does that imply we must keep silent on these issues? I think the answer is clearly no. The standard the spooks and White House suggest is untenable, and there is no clear way to draw the line. Because if we use the stupidity of criminals as a standard, then it's hard to see what public discourse might not be considered potentially harmful to the exploitation of the criminal's mistakes. Yes, it's clear to see that a massive public debate with constant articles in all major media is more likely to remind a bad guy to watch what he says on the phone, more than a single blog posting would. But this is a difference of degree, not of kind.

In the end, it's a security through obscurity argument of a particularly high order. Not only must we not let the bad guys know that we can wiretap, we must not remind them after it is presumed they already know. It's hard to imagine a rule against this that would not chill speech at an extreme level.

Crash-avoiding cars

I’ve written before about automatic self-driving cars, both their risks (overregulation due to fear of their use by terrorists) and possible driving forces (oil companies excited by people taking longer trips) and more.

Generally, except for a few specialized applications (such as the automatic parking lot) such cars, if they are to be used where people or cars that may not under network control are present, must start with a basic ability to avoid accidents. In a vigourous debate with friend Charles Merriam last night, the question came up about where the value will lie. Charles is a big proponent of worrying first about crash-avoiding cars.

Right now we all pay from $250 to $500 per year, and often much more, for insurance to cover the risk of accidents. Of course, that’s just the financial cost, and financial proxies for suffering, so the real value we would put on an accident resistent car might be much higher. Perhaps $5,000 to $10,000 over the life of the car.

That seems like a highly lucrative market on its own. While the self-driving car has many other long term merits (because you can do other work while moving, and you don’t have to park it, and it can appear on demand as a taxi for you) we should be very close to financially justifying the accident-avoiding car today…  read more »

How to deal with illegal, classified operations?

The AP reports that the DoJ is going to investigate the Underwatergate "leak" to the New York Times. Many of course wish they would investigate the program instead, but since the AG was involved in it, that's difficult.

But this puts forward the complex problem of how to deal with, and stop, illegal classified programs. Because they are classified, they lack many of the checks and balances that exist for other government operations. Indeed, it is suspected that many programs get classified entirely or in part in order to avoid scrutiny.

In theory, one does not have to obey an illegal order. But in practice it takes a lot of guys to defy one. And it's hard to be certain an order is illegal when your superiors and their lawyers are insisting it is.

Senator Rockefeller is one of the people elected to provide oversight over intelligence activities, and he was told about the NSA spying. He was also told he could not consult with the advisors he needed on technical and legal issues to make proper judgements. This is an unacceptable situation. There must be checks and balances.

I don't like secret courts, but they are better than having no courts at all. There should be a secret court with auditing power over all secret activities of the government. Anybody should be able to file a complaint with this court that the government is engaging in illegal secret activities. The identity of the whistleblower must be fully protected, as well. The court should have full power to investigate any and all classified and secret programs to find out if they are engaging in illegal activity. And it should have full power and duty to punish illegal activity by anybody, including the President. (Judgements against the President and other top officials would be subject to appeal by the Supreme Court.)

Furthermore, when the court finds wrongdoing, details of this wrongdoing should be declassified as soon as possible and as much as possible. Even at risk to national security. That's because illegal covert activities by the government are a greater risk to the security of the people and the nation than most disclosures are.

How much auditing of secret programs does the GAO get to do? Can its role be expanded? This seems more a judicial idea than a congressional one but there's no reason that auditing of illegal secret activity should not go on in all branches, of all branches.

Absent such a process, the leak to the New York Times is the only answer. The whistleblowers who revealed this program did the right thing for the nation, and should be rewarded, not punished.

MMORPG for Seniors and Shut-ins

I was visiting a senior citizen today who rarely leaves her house due to lack of mobility. Like many her age, she is not connected to the net, nor interested in it. Which makes the following idea a challenge.

Could we design a really engaging game/online community for seniors? Especially those who have had to give up much of their old community because of infirmity? They don’t want to slay monsters like in Evercrack or Warcraft. They won’t build objects like in Second Life.

It must be a killer app — so compelling that they are willing to learn a bit about computers in order to get it. For some seniors, they killer app has been emails and photos from grandchildren.

The game would have to be aimed at the fantasies that seniors have, and it must also be deliberately aimed at the computer novice with less desire to learn new technology than average. (Not that there aren’t seniors with full ability to learn new tech — many of them are already online.)

Thus it would not necessarily require the hottest new graphics cards or fastest net connection. It might try to avoid typing or require fast reaction times. It might use audio for socializing, and focus on the topics most dear to these players. (I jokingly wonder if avatars should be surrounded by pictures of grandkids.) Obviously research is needed to see what they want to play about, and how to deliver it.

There are also questions of levels of ability. Some people become mentally infirm with age and their skills and desires are limited. But is there nothing in the way of interactive community entertainment we can offer them?

Giftwrapping Robot

Here’s a festive idea for a robotics company — a giftwrapping robot, able to take a standard, not particularly fragile rectangular box and perfectly giftwrap it.

This might be a viable product for online stores that offer giftwrapping options, but I think one decent market would be malls at Christmastime. Aside from making money charging for wrapping, it would be an attraction (expecially in Japan where they love gifts) that brought in shoppers. I suppose some might worry it could deprive the charities that sometimes do giftwrapping in malls of a fundraising opportunity.

The robot would presumably grab the gift by its sides, and spin it or the paper roll to place a perfectly cut ring of paper around it with adhesive dabbed in the right places by a robot arm. The trickier part would be arms to fold the end folds.

Do you sense the fact that I just spent a lot of time wrapping? Due to the fear of customs and the TSA, I wrap my presents after I arrive in Toronto. The TSA did indeed open my box of gifts and one gift inside, providing the gift of TSA inspection tape for my nephew.