What you would have read in TBTF

A number of you wrote asking whether you had missed an issue of TBTF (and thousands more assuredly wondered). No, the newsletter simply took a longer-than planned hiatus. I've been posting to the TBTF Log almost daily and mailing the collected Log items weekly to subscribers on a new mailing list, tbtf-log@tbtf.com (see Notes at the bottom of this issue, or subscribe here).

Allow me to note in passing a few of the recent developments you might expect to have read about in TBTF.

AOL announced its intention to merge with Time Warner. If I read one more piece about this development I shall squit a squatter. Oh, you too, eh?

Silicon Valley firm Transmeta emerged from its five-year silence to reveal its product direction: soft silicon. You may be amused to read the TBTF Log for the week of 2000-01-16 [7], when the company took the wraps off. For best results read from the bottom up.

Hedwig Kiesler, inventor of spread spectrum, died. Moviegoers knew her as Hedy Lamarr. Her story [8] is one of the strangest and most touching in the history of technology in the last century. When she died the son of her co-inventor George Antheil posted a reminiscence on Slashdot [9].

Bill Gates stepped down from the day-to-day running of Microsoft.

Cryptography export policy See also TBTF for 2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more...

And the US Commerce Department released its new, looser regulations on the export of cryptography. Let's spend a little time on that one.

Here's the Commerce Department's press release [10], the regulations themselves [11] (84K), and an analysis [12] by the EFF, EPIC, and ACLU of the constitutional defects still embodied in the new rules.

One welcome relaxation is that Open Source crypto is freely exportable to all but seven designated terrorist countries (the "T-7"). Posting code on a Web site for anonymous download is allowed, and the poster is not required to check that downloaders might be from one of the T-7. Exporters must to send the Department of Commerce a copy of the code, or a URL, upon publication.

Kerberos [13] and PGP [14] were quickly posted to the Net, as these copies of the required Commerce Department notifications attest.

At the RSA security conference in San Jose last month, the company hastily organized a "PGP export ceremony." Two US members of Congress who have fought to relax crypto export regulations took the stage with Phil Zimmermann, author of PGP. Here's what happened next, from an account by Cabe Franklin <cabe dot franklin at pnicg dot com>:

[7] http://tbtf.com/blog-archive/2000-01-16.html
[8] http://www.nando.net/newsroom/ntn/enter/030997/enter20_20093.html
[9] http://slashdot.org/article.pl?sid=00/01/19/1847210
[10] http://204.193.246.62/public.nsf/docs/60D6B47456BB389F852568640078B6C0
[11] http://www.epic.org/crypto/export_controls/regs_1_00.html
[12] http://www.interesting-people.org/200001/0048.html
[13] http://www.mail-archive.com/cryptography@c2.net/msg02737.html
[14] http://www.mail-archive.com/cryptography@c2.net/msg02746.html

[15] http://www.whitehouse.gov/WH/SOTU00/sotu-text.html

DoubleClick flip-flops, gets sued

DoubleClick has insisted since 1996 that, while it tracks 100 million Internet users' browsing and buying habits across 11,500 Web sites, it does not identify users personally. But last June the company purchased Abacus Direct Corp., a direct-marketing services company with a database of names, addresses, phone numbers, and catalog purchasing habits of 90% of American households.

Cue the loud bassoon.

On 31 January Will Rodger of USA Today broke the news [16] that since December, at the latest, DoubleClick has been merging its anonymous, cookie-borne, unique-user-ID data with the personal data from Abacus. DoubleClick's move moved Lauren Weinstein, the ever-dependable voice of reason on privacy issues, to flights of prose and heights of alarm that have rarely been seen on the PRIVACY Forum [17].

In a massively lame attempt at damage control, DoubleClick asked Slashdot [18] to take down a link to the USA Today story. The story's poster, Hemos, refused.

Three days later a California woman sued DoubleClick for illegally collecting and selling consumers' personal information [19]. Her lawyer said she wants to represent the California general public in the suit.

DoubleClick replies, in effect, "What's the big deal? We let customers opt out of the tracking." How very generous. The instructions [20] for opting out will make your eyes cross. Be easy on yourself: edit your cookie file and delete all but one of the cookies for .doubleclick.net. Replace that one with:

.doubleclick.net TRUE / FALSE 1920499172 id OPT_OUT

Be sure to use a single tab, not spaces, for each whitespace in this line.

Or do like I do [21]: before you start your browser -- every time -- overwrite its cookie file with one containing only the innocuous and helpful cookies you want.

[16] http://www.usatoday.com/life/cyber/tech/cth211.htm
[17] http://www.vortex.com/privacy/priv.09.06
[18] http://slashdot.org/article.pl?sid=00/01/28/0917229
[19] http://news.cnet.com/news/0-1005-200-1531929.html
[20] http://www.mercurycenter.com/svtech/news/indepth/docs/dg012800.htm
[21] http://tbtf.com/archive/1999-08-23.html#s03

Texas company accuses Yahoo of privacy violations

In a considerably more complicated case, a Texas company called Universal Image has taken Yahoo to court [22] to test the legal theory that, under Texas law, using cookies to track visitors constitutes electronic stalking and eavesdropping. Universal Image has a long-standing beef with broadcast.com, which Yahoo inherited when it bought the streaming-media company last year. Universal might be accused of jumping on the privacy bandwagon to aid their ongoing legal quarrel, and perhaps of cynicism as well. The original point of their complaint was that broadcast.com wasn't turning over to them as much customer data as it should be doing. Cynicism or no, the case could still set legal precedent.

[22] http://www.zdnet.com/zdnn/stories/news/0,4586,2429363,00.html

This book is important, and it deserves to be big. Simson Garfinkel has nailed the history, the present circumstances, and the nightmare future scenarios as the remaining shreds of privacy in American life circle the drain at the new century's dawn.

Garfinkel shows the future we're heading toward in pictures no-one can mistake:

Like good dystopian science fiction, Database Nation bids not to predict a future but to prevent one. Garfinkel is longer on description than on prescription for the problem of privacy under attack. Many of the remedies he sketches suggest government intervention to wrest back some control of private information for the individual. This emphasis on government action will be the most controversial aspect of Database Nation, spurring automatic resistence in overlapping circles of Net culture from the libertarian to the privacy-aware. But the fact is that in the privacy arena, Big Brother may not be the biggest threat -- it's thousands of Little Brothers, private actors in a capitalist free-for-all.

Database Nation's dust jacket sports a killer array of blurbs from a who's-who of privacy advocates: Ralph Nader, Marc Rotenberg, Peter Neumann, Sen. Edward Markey. I hope they convince the people who need to read this book to buy it -- that majority of the population in this consumer society who see nothing wrong with selling their most private data for a $5 coupon.

If you're a regular reader of TBTF, RISKS, the PRIVACY Forum, or the newsletters of EPIC or the EFF, you probably don't need to read DataBase Nation. But I hope you will; you'll learn more than you might imagine, I guarantee it. When you're done, loan the book to a friend who needs to get a clue about privacy. If it comes back, loan it again.

Note -- if you buy this book at [23] you'll be helping to support TBTF through Amazon's associates program.

[23] http://www.powells.com/cgi-bin/partner?partner_id=23196&cgi=search/search&searchtype=isbn&searchfor=1565926536

What if the prosecution won't hand over seized encrypted evidence?

Suppose the government suspects you of a crime. They obtain a search warrant, raid your home, and seize your computers. Some of the information stored there is encrypted under a key known only to you. You need that material for your defense. The prosecution is required to give it to you. Right?

Rule 16 of the US Federal Rules of Criminal Procedure [24] says:

Seems pretty straightforward. But a year-old ruling in the case of Kevin Mitnick, the just-released computer hacker, questions the defendant's right to seized encrypted material [25]. The prosecution argued that since they couldn't read the files, the files weren't really in their possession. Further, they said, the files might contain spoils of the defendant's depredations or even dangerous information: "For all we know, it could be plans to take down a computer system." The judge bought these arguments, and any immediate chance to appeal the ruling was forfeited in Mitnick's plea bargain.

This question will certainly come up again in the courts, as a tangent off of a larger question to which I've not seen a good answer: can you be compelled to reveal your secret key in a court proceeding?

[24] http://www.law.ukans.edu/research/frcrimIV.htm#16
[25] http://www.nytimes.com/library/tech/00/01/cyber/cyberlaw/28law.html

Her name is Ananova and she's coming soon to a screen near you

PA New Media has been garnering pots of attention since news leaked [26] about their development of a virtual newscaster -- a synanchor. (I just made that word up -- like it? "Syncaster" sounds too much like a Biblical admonition.) The developers have named their creation Ananova and have reserved the three obvious domain names [27]. Ananova has been under development for 10 months and is not yet ready to serve the public; PA New Media gives no target date. The Ananova character is animated in real-time to read out bulletins from a 24-hour newsfeed. She won't get tired, take time off for illness, or demand a raise. The company notes that correspondents in the TV news business have informed them that some flesh-and-blood newsreaders are waxing nervous.

PA New Media invited UK journalist Mike Butcher to a demo of the pre-release Ananova. He reports [28] that seeing her is

[26] http://www.it.fairfax.com.au/breaking/20000117/A29757-2000Jan17.html
[27] http://www.ananova.com/
[28] http://www.ananova.com/948369821_4361.html

Don't think of it as competition. Richard Swetenham is a longtime TBTF reader and benefactor [29] who runs QuickLinks [30], a Web log for breaking news on many of the subjects that you read about here. Here's the QuickLinks masthead:

Swetenham works for the European Commission in a position he describes as "Mr. Internet Porn." The QuickLinks blog is "half way between work and a hobby," he says, and springs from his "natural desire to be inquisitive about fields which in our set-up are strictly speaking someone else's concern."

QuickLinks is admirably organized to delight the dedicated infosurfer. Using Blogger [31], Swetenham adds around half a dozen items per day to the blog, each a one- or two-sentence article summary and a link. Once per week he emails the collected items to subscribers, in text or HTML format. Links in the email take you to the item on a standalone page, with a further link to the source article. Each item page also links its parent category, an instant topical table of contents. The blog is fully indexed and searchable.

The site includes this quite useful page [32] of upcoming conferences, seminars, and other events worldwide.

To subscribe to QuickLinks by email, fill out the form at [30] or send an empty message to one of

  quicklinks-subscribe@eGroups.com       (text version)
  quicklinkshtml-subscribe@eGroups.com (HTML version)

[29] http://tbtf.com/the-benefactors.html
[30] http://www.qlinks.net/
[31] http://www.blogger.com/
[32] http://www.qlinks.net/quicklinks/events.htm

High-quality links and readable summaries, all watched over by machines of loving grace

Two graduate students from Carnegie Mellon University have put together algorithms and tools for automatically building high-quality directories of Web content. Digger Chen and Ying Li run a demonstration site at www.hubat.com [33]. Their "beta" directory contains 3.5M pages and 800 categories and is growing all the time. It looks and acts rather like the Yahoo or Open Directory databases; the quality and relevance of the links are high and the text summaries are cogent. But unlike the human-intensive directories, the Hubat directory was built entirely automatically.

Chen and Yi seeded the process with a directory outline and one sample site for each leaf node. Their spider, based on an algorithm they call SPARKLE, crawls the Web politely (honoring robots.txt) and brings back high-quality results. SPARKLE automatically summarizes the returned Web pages using a technique based on collaborative annotation, the authors say. In my exploration of Hubat.com I've often found it hard to believe these summaries were not written by humans.

The site does not rely on a Google-style page ranking scheme, but still manages somehow to return the most relevant pages as the top search results.

Hubat.com has been up since 10 November (the TBTF Log provided its first publicity [34]). Chen and Yi are looking for seed funding to continue developing their automatic directory technologies. Read their FAQ [35] and get in touch at info@hubat.com if you can be of assistance.

Thanks to Gary Stock for the pointer.

[33] http://www.hubat.com/
[34] http://www.hubat.com/hubat/inthenews.html
[35] http://www.hubat.com/hubat/hubat-desc.html

A maze of little twisty items, all different

Y2K the molecule

Before Christmas the journal Science ran a quick report from Jeffrey Roberts and Christopher Cramer, chemists at the University of Minnesota. The researchers had used a local supercomputer to calculate whether or not two atoms of yttrium (periodic chart symbol Y) could stably combine with one atom of potassium (K) [36]. The answer is affirmative. The scientists considered analyzing two other yttrium-containing compounds, YOY (two yttriums, one oxygen) and YNOT (yttrium, nitrogen, oxygen, and tritium -- sort of cheating, that). "We could have studied Y3K too, but we thought we could put it off," they said.

If anyone ever produces solid Y2K, be assured it will pose no danger to your computer. Unless you've spilled coffee on the keyboard -- potassium reacts violently with water, you see.

[36] http://unisci.com/stories/19994/1222996.htm

Snow screeching on water

The AIP's Physics News Update carried this provocatively titled research note [37]. It seems that when snowflakes hit water, the resulting capillary action can create bubbles vibrating at up to 200 kHz. You couldn't hear the screeching, but a dolphin could. It's not unknown for researchers to shut down sonar surveys of salmon populations during snowfall because of the noise.

[37] http://www.aip.org/enews/physnews/2000/split/pnu468-3.htm

Noodle

Download Noodle [38] (for Mac or Windows, > 4 MB) if you have the slightest interest in user-interface design, music, or computer games. It's a little bit of each. Noodle is a free gizmo for making music on a computer. The interface is so slick and inventive you'll find yourself emailing the link [38] to three or four friends, as Mark Dionne <mdionne at mediaone dot net> did for me. (Personally, I just had to pass it on to 11,849 of you [39].)

This addictive app is not new news: Noodle came out 10 months ago. Lance Arthur's glassdog spotted it last July [40]. One of Noodle's creators presented it at the Navigating Intelligence summit last fall in Banff [41]. Noodle has been making the rounds again after a Memepool [42] cite last month.

[38] http://realworld.on.net/rwmm/noodle/
[39] http://tbtf.com/growth.html
[40] http://www.glassdog.com/homepage/gdrec/0899.html
[41] http://www.google.com/search?q=cache:www.banffcentre.ab.ca/nmi/navintel.htm
[42] http://www.memepool.com

These are the spaces I've set up at Take It Offline [43], [44] for those who wish to comment on and discuss this issue's articles. I'll be monitoring and actively posting to these forums.

• TBTF book review: Database Nation
  http://www.quicktopic.com/1/H/VOfEmn2lVBP0ACeGmO.html

• Other comments on this issue of TBTF:
  http://www.quicktopic.com/1/H/DUTk7WRobJTXdvCoqj.html

[43] http://www.quicktopic.com/
[44] http://tbtf.com/archive/1999-10-05.html#06

Remember the Internet Freedom Journalism Awards, a competition announced in the previous issue of TBTF [45]? Well, the judges voted, the winners were announced, and... how do I put this modestly? I'm one of them [46]. The awards are:

• Internet Investigation of the Year. For a news story or feature revealing attempts to regulate the Net.

  AOL, others plan global Net content rating system
  Courtney Macavinta, CNET: September 2, 1999

• The Fair Reporting News Agency of the Year. To a news organisation for consistently high standards in writing about the Net.

  Salon

• Internet Journalist of the Year. To a journalist for consistently high standards in writing about the Net.

  Keith Dawson

• Internet Article of Shame. For a news report, feature or opinion piece distinguished by misrepresentation, bias or invention of inflated dangers about the Internet.

  Cyber-stress panic strikes
  Robin McKie, The Observer: July 4, 1999

[45] http://tbtf.com/archive/1999-12-16.html#s06
[46] http://www.netfreedom.org/news.asp?item=104

I've started a new mailing list, tbtf-log@tbtf.com, for those who want to receive a consolidated email message on Sunday evenings containing all the TBTF Log entries for the week preceding. (No, Richard Swetenham's QuickLinks didn't shame me into it, I just finally got organized.) To subscribe, send the message subscribe (the title doesn't matter) to tbtf-log-request@tbtf.com; or fill out the brief form at [47].

[47] http://tbtf.com/blog-archive/#subscribe

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.