(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 2000-02-06: Privacy at the boil

Keith Dawson (dawson dot tbtf at gmail dot com)
Sun, 6 Feb 2000 22:42:50 -0500


Quote Of The Foregoing Millennium

My mother's got a Y2K problem, and it's carved in stone.

-- Henry Bohne, son of Ella Bohne,

who with her husband bought a tombstone in the mid-1960s. The engraver carved "19" for their dates of death. Her husband died in 1971, but Ms. Bohne is very much alive at 97.

Threads Year 2000 straws in the wind
See also TBTF for
2000-02-06, 1999-12-16, 08-23, 01-26, 01-13, 1998-11-11, 10-12, 07-27, 05-25, 05-11, 04-20
There weren't a lot of Y2K problems to go around on One, One, Uh-oh. Most ISPs experienced no problems [1]. A large number of Web pages displayed the wrong date [2], mostly due to a subtle nest of JavaScript version and implementation problems. The most serious glitch that I've seen reported was the three-day disruption -- some said near-blindness -- of all US reconnaissance satellites [3], [4]. This went unreported for 9 days after the fact, so it's possible the bad guys never knew.

As early as 4 January, ignorant people began questioning whether the spending to avert a Y2K disaster had been a waste [5]. I refer them to my first published words on the subject, from TBTF for 1998-04-20 [6]:

What's going to happen to the world's computers -- and to the world -- after December 31, 1999? No one knows. In the 21st century we will all conveniently forget this fact, and will assume that the consequences should have been obvious, whatever they turn out to be.
[1] http://www.cctec.com/maillists/nanog/current/msg01268.html
[2] http://go.to/y2kmistakes/
[3] http://www.chicagotribune.com/news/nationworld/article/0,2669,2-40599,FF.html
[4] http://www.chicagotribune.com/news/nationworld/article/0,2669,2-40642,FF.html
[5] http://www.abcnews.go.com/ABC2000/abc2000us/y2kspending_000104.html
[6] http://tbtf.com/archive/1998-04-20.html#Ty2k

Catching up

What you would have read in TBTF

A number of you wrote asking whether you had missed an issue of TBTF (and thousands more assuredly wondered). No, the newsletter simply took a longer-than planned hiatus. I've been posting to the TBTF Log almost daily and mailing the collected Log items weekly to subscribers on a new mailing list, tbtf-log@tbtf.com (see Notes at the bottom of this issue, or subscribe here).

Allow me to note in passing a few of the recent developments you might expect to have read about in TBTF.

AOL announced its intention to merge with Time Warner. If I read one more piece about this development I shall squit a squatter. Oh, you too, eh?

Silicon Valley firm Transmeta emerged from its five-year silence to reveal its product direction: soft silicon. You may be amused to read the TBTF Log for the week of 2000-01-16 [7], when the company took the wraps off. For best results read from the bottom up.

Hedwig Kiesler, inventor of spread spectrum, died. Moviegoers knew her as Hedy Lamarr. Her story [8] is one of the strangest and most touching in the history of technology in the last century. When she died the son of her co-inventor George Antheil posted a reminiscence on Slashdot [9].

Bill Gates stepped down from the day-to-day running of Microsoft.

Threads Cryptography export policy
See also TBTF for
2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more...
And the US Commerce Department released its new, looser regulations on the export of cryptography. Let's spend a little time on that one.

Here's the Commerce Department's press release [10], the regulations themselves [11] (84K), and an analysis [12] by the EFF, EPIC, and ACLU of the constitutional defects still embodied in the new rules.

One welcome relaxation is that Open Source crypto is freely exportable to all but seven designated terrorist countries (the "T-7"). Posting code on a Web site for anonymous download is allowed, and the poster is not required to check that downloaders might be from one of the T-7. Exporters must to send the Department of Commerce a copy of the code, or a URL, upon publication.

Kerberos [13] and PGP [14] were quickly posted to the Net, as these copies of the required Commerce Department notifications attest.

At the RSA security conference in San Jose last month, the company hastily organized a "PGP export ceremony." Two US members of Congress who have fought to relax crypto export regulations took the stage with Phil Zimmermann, author of PGP. Here's what happened next, from an account by Cabe Franklin <cabe dot franklin at pnicg dot com>:

Phil had asked if he could finally grant permission to the Congressmen to export PGP. The crowd got a kick out of this, and the mood was high. Without further ado, Goodlatte and Lofgren took their positions at the computer (the monitor was linked to a giant projection screen so the crowd could see what was going on) -- Lofgren attached the PGP executable, addressed it [to a Ministry of Defense official in the UK], typed a note saying "this is the first export of PGP software, from U.S. Congressman Bob Goodlatte and Congresswoman Zoe Lofgren, sent 1/18/2000" and clicked Send, and it was done. Wild applause.

[7] http://tbtf.com/blog-archive/2000-01-16.html
[8] http://www.nando.net/newsroom/ntn/enter/030997/enter20_20093.html
[9] http://slashdot.org/article.pl?sid=00/01/19/1847210
[11] http://www.epic.org/crypto/export_controls/regs_1_00.html
[12] http://www.interesting-people.org/200001/0048.html
[13] http://www.mail-archive.com/cryptography@c2.net/msg02737.html
[14] http://www.mail-archive.com/cryptography@c2.net/msg02746.html


Privacy boils over

Public concern about the loss of privacy online has intensified with each new revelation of a corporation or Web site playing loose with customers' personal data. Over the last few months the issue has grown hot enough to have bubbled up into the US President's State of the Union address [15]. (The topic gets one paragraph about 90% of the way through the long speech; search for "privacy" in [15].) Privacy advocates (and I count myself one) may be forgiven for disappointment that the President only desires to prevent misuse of medical records, bank and credit card statements, and genetic information. It's a start.

[15] http://www.whitehouse.gov/WH/SOTU00/sotu-text.html

bul DoubleClick flip-flops, gets sued

DoubleClick has insisted since 1996 that, while it tracks 100 million Internet users' browsing and buying habits across 11,500 Web sites, it does not identify users personally. But last June the company purchased Abacus Direct Corp., a direct-marketing services company with a database of names, addresses, phone numbers, and catalog purchasing habits of 90% of American households.

Cue the loud bassoon.

On 31 January Will Rodger of USA Today broke the news [16] that since December, at the latest, DoubleClick has been merging its anonymous, cookie-borne, unique-user-ID data with the personal data from Abacus. DoubleClick's move moved Lauren Weinstein, the ever-dependable voice of reason on privacy issues, to flights of prose and heights of alarm that have rarely been seen on the PRIVACY Forum [17].

In a massively lame attempt at damage control, DoubleClick asked Slashdot [18] to take down a link to the USA Today story. The story's poster, Hemos, refused.

Three days later a California woman sued DoubleClick for illegally collecting and selling consumers' personal information [19]. Her lawyer said she wants to represent the California general public in the suit.

DoubleClick replies, in effect, "What's the big deal? We let customers opt out of the tracking." How very generous. The instructions [20] for opting out will make your eyes cross. Be easy on yourself: edit your cookie file and delete all but one of the cookies for .doubleclick.net. Replace that one with:

.doubleclick.net TRUE / FALSE 1920499172 id OPT_OUT

Be sure to use a single tab, not spaces, for each whitespace in this line.

Or do like I do [21]: before you start your browser -- every time -- overwrite its cookie file with one containing only the innocuous and helpful cookies you want.

[16] http://www.usatoday.com/life/cyber/tech/cth211.htm
[17] http://www.vortex.com/privacy/priv.09.06
[18] http://slashdot.org/article.pl?sid=00/01/28/0917229
[19] http://news.cnet.com/news/0-1005-200-1531929.html
[20] http://www.mercurycenter.com/svtech/news/indepth/docs/dg012800.htm
[21] http://tbtf.com/archive/1999-08-23.html#s03

bul Texas company accuses Yahoo of privacy violations

In a considerably more complicated case, a Texas company called Universal Image has taken Yahoo to court [22] to test the legal theory that, under Texas law, using cookies to track visitors constitutes electronic stalking and eavesdropping. Universal Image has a long-standing beef with broadcast.com, which Yahoo inherited when it bought the streaming-media company last year. Universal might be accused of jumping on the privacy bandwagon to aid their ongoing legal quarrel, and perhaps of cynicism as well. The original point of their complaint was that broadcast.com wasn't turning over to them as much customer data as it should be doing. Cynicism or no, the case could still set legal precedent.

[22] http://www.zdnet.com/zdnn/stories/news/0,4586,2429363,00.html


Threads TBTF book reviews
See also TBTF for
2000-03-31, 02-06, 1999-11-21, 1998-12-15, 05-25

TBTF book review: Database Nation

Database Nation
  The Death of Privacy in the 21st Century
by Simson Garfinkel
O'Reilly, 312 pages with notes, annotated bibliography, & index
  ($24.95 at [23])
Database Nation cover
Reviewed by Keith Dawson <dawson at world dot std.com>

This book is important, and it deserves to be big. Simson Garfinkel has nailed the history, the present circumstances, and the nightmare future scenarios as the remaining shreds of privacy in American life circle the drain at the new century's dawn.

Garfinkel shows the future we're heading toward in pictures no-one can mistake:

You're planning a trip to New York City for Valentine's Day with your sweetheart. You call up your travel agent to make a reservation, then go out for lunch. When you return, you discover that your email inbox is filled. There are more than 5,000 restaurants in the Big Apple, and a third of them have sent you electronic coupons...
You pick up your phone. You want to call your travel agent and yell at her for selling your name. But... instead of hearing a dial tone you find yourself speaking with a representative for United Airlines. Your travel agent [had] ticketed you on American...
You're 10 minutes late for a meeting. As you get up, your phone rings again. The Caller ID box says that it's from your sweetie, so you take the call. Surprise! This time the call is from a local travel agent (who has programmed her telephone switch to give out fake information on the Caller ID)...
A few days later, you find yourself besieged with mail-order catalogs. Companies selling everything from "New York style suits" to chemical Mace are trying to get your attention...
When your tickets show up, you discover an advertisement for a prescription drug (one you've researched because you've been thinking about taking it) printed on your boarding pass. Even on the plane, you look at one of those "air phones" on the back of the seat in front of you and notice that it's displaying a tiny personalized advertisement for a jewelry store in Times Square...
When you finally get home a week later, you discover that your home has been burglarized.

Like good dystopian science fiction, Database Nation bids not to predict a future but to prevent one. Garfinkel is longer on description than on prescription for the problem of privacy under attack. Many of the remedies he sketches suggest government intervention to wrest back some control of private information for the individual. This emphasis on government action will be the most controversial aspect of Database Nation, spurring automatic resistence in overlapping circles of Net culture from the libertarian to the privacy-aware. But the fact is that in the privacy arena, Big Brother may not be the biggest threat -- it's thousands of Little Brothers, private actors in a capitalist free-for-all.

Database Nation's dust jacket sports a killer array of blurbs from a who's-who of privacy advocates: Ralph Nader, Marc Rotenberg, Peter Neumann, Sen. Edward Markey. I hope they convince the people who need to read this book to buy it -- that majority of the population in this consumer society who see nothing wrong with selling their most private data for a $5 coupon.

If you're a regular reader of TBTF, RISKS, the PRIVACY Forum, or the newsletters of EPIC or the EFF, you probably don't need to read DataBase Nation. But I hope you will; you'll learn more than you might imagine, I guarantee it. When you're done, loan the book to a friend who needs to get a clue about privacy. If it comes back, loan it again.

Note -- if you buy this book at [23] you'll be helping to support TBTF through Amazon's associates program.

[23] http://www.powells.com/cgi-bin/partner?partner_id=23196&cgi=search/search&searchtype=isbn&searchfor=1565926536


Playing keep-away with scrambled files

What if the prosecution won't hand over seized encrypted evidence?

Suppose the government suspects you of a crime. They obtain a search warrant, raid your home, and seize your computers. Some of the information stored there is encrypted under a key known only to you. You need that material for your defense. The prosecution is required to give it to you. Right?

Rule 16 of the US Federal Rules of Criminal Procedure [24] says:

Upon request of a defendant the government must disclose to the defendant and make available for inspection, copying, or photographing: any relevant written or recorded statements made by the defendant, or copies thereof, within the possession, custody, or control of the government...

Seems pretty straightforward. But a year-old ruling in the case of Kevin Mitnick, the just-released computer hacker, questions the defendant's right to seized encrypted material [25]. The prosecution argued that since they couldn't read the files, the files weren't really in their possession. Further, they said, the files might contain spoils of the defendant's depredations or even dangerous information: "For all we know, it could be plans to take down a computer system." The judge bought these arguments, and any immediate chance to appeal the ruling was forfeited in Mitnick's plea bargain.

This question will certainly come up again in the courts, as a tangent off of a larger question to which I've not seen a good answer: can you be compelled to reveal your secret key in a court proceeding?

[24] http://www.law.ukans.edu/research/frcrimIV.htm#16
[25] http://www.nytimes.com/library/tech/00/01/cyber/cyberlaw/28law.html


An artificial newsreader


Her name is Ananova and she's coming soon to a screen near you

PA New Media has been garnering pots of attention since news leaked [26] about their development of a virtual newscaster -- a synanchor. (I just made that word up -- like it? "Syncaster" sounds too much like a Biblical admonition.) The developers have named their creation Ananova and have reserved the three obvious domain names [27]. Ananova has been under development for 10 months and is not yet ready to serve the public; PA New Media gives no target date. The Ananova character is animated in real-time to read out bulletins from a 24-hour newsfeed. She won't get tired, take time off for illness, or demand a raise. The company notes that correspondents in the TV news business have informed them that some flesh-and-blood newsreaders are waxing nervous.

PA New Media invited UK journalist Mike Butcher to a demo of the pre-release Ananova. He reports [28] that seeing her is

a little like seeing RealVideo for the first time: the movement and the voice is jerky. Remember Max Headroom in the 1980s? But when you realise this is being created on the fly you begin to see the potential.

[26] http://www.it.fairfax.com.au/breaking/20000117/A29757-2000Jan17.html
[27] http://www.ananova.com/
[28] http://www.ananova.com/948369821_4361.html



A current-awareness service aimed straight at the heart of TBTF's concerns

Don't think of it as competition. Richard Swetenham is a longtime TBTF reader and benefactor [29] who runs QuickLinks [30], a Web log for breaking news on many of the subjects that you read about here. Here's the QuickLinks masthead:

Internet, information society, information content; legal and regulatory aspects, market and technology

Swetenham works for the European Commission in a position he describes as "Mr. Internet Porn." The QuickLinks blog is "half way between work and a hobby," he says, and springs from his "natural desire to be inquisitive about fields which in our set-up are strictly speaking someone else's concern."

QuickLinks is admirably organized to delight the dedicated infosurfer. Using Blogger [31], Swetenham adds around half a dozen items per day to the blog, each a one- or two-sentence article summary and a link. Once per week he emails the collected items to subscribers, in text or HTML format. Links in the email take you to the item on a standalone page, with a further link to the source article. Each item page also links its parent category, an instant topical table of contents. The blog is fully indexed and searchable.

The site includes this quite useful page [32] of upcoming conferences, seminars, and other events worldwide.

To subscribe to QuickLinks by email, fill out the form at [30] or send an empty message to one of

  quicklinks-subscribe@eGroups.com       (text version)
  quicklinkshtml-subscribe@eGroups.com (HTML version)

[29] http://tbtf.com/the-benefactors.html
[30] http://www.qlinks.net/
[31] http://www.blogger.com/
[32] http://www.qlinks.net/quicklinks/events.htm


Hubat: A promising automatic directory builder

High-quality links and readable summaries, all watched over by machines of loving grace

Two graduate students from Carnegie Mellon University have put together algorithms and tools for automatically building high-quality directories of Web content. Digger Chen and Ying Li run a demonstration site at www.hubat.com [33]. Their "beta" directory contains 3.5M pages and 800 categories and is growing all the time. It looks and acts rather like the Yahoo or Open Directory databases; the quality and relevance of the links are high and the text summaries are cogent. But unlike the human-intensive directories, the Hubat directory was built entirely automatically.

Chen and Yi seeded the process with a directory outline and one sample site for each leaf node. Their spider, based on an algorithm they call SPARKLE, crawls the Web politely (honoring robots.txt) and brings back high-quality results. SPARKLE automatically summarizes the returned Web pages using a technique based on collaborative annotation, the authors say. In my exploration of Hubat.com I've often found it hard to believe these summaries were not written by humans.

The site does not rely on a Google-style page ranking scheme, but still manages somehow to return the most relevant pages as the top search results.

Hubat.com has been up since 10 November (the TBTF Log provided its first publicity [34]). Chen and Yi are looking for seed funding to continue developing their automatic directory technologies. Read their FAQ [35] and get in touch at info@hubat.com if you can be of assistance.

Thanks to Gary Stock for the pointer.

[33] http://www.hubat.com/
[34] http://www.hubat.com/hubat/inthenews.html
[35] http://www.hubat.com/hubat/hubat-desc.html


Quick bits

A maze of little twisty items, all different

bul Y2K the molecule

Before Christmas the journal Science ran a quick report from Jeffrey Roberts and Christopher Cramer, chemists at the University of Minnesota. The researchers had used a local supercomputer to calculate whether or not two atoms of yttrium (periodic chart symbol Y) could stably combine with one atom of potassium (K) [36]. The answer is affirmative. The scientists considered analyzing two other yttrium-containing compounds, YOY (two yttriums, one oxygen) and YNOT (yttrium, nitrogen, oxygen, and tritium -- sort of cheating, that). "We could have studied Y3K too, but we thought we could put it off," they said.

If anyone ever produces solid Y2K, be assured it will pose no danger to your computer. Unless you've spilled coffee on the keyboard -- potassium reacts violently with water, you see.

[36] http://unisci.com/stories/19994/1222996.htm

bul Snow screeching on water

The AIP's Physics News Update carried this provocatively titled research note [37]. It seems that when snowflakes hit water, the resulting capillary action can create bubbles vibrating at up to 200 kHz. You couldn't hear the screeching, but a dolphin could. It's not unknown for researchers to shut down sonar surveys of salmon populations during snowfall because of the noise.

[37] http://www.aip.org/enews/physnews/2000/split/pnu468-3.htm

bul Noodle

Download Noodle [38] (for Mac or Windows, > 4 MB) if you have the slightest interest in user-interface design, music, or computer games. It's a little bit of each. Noodle is a free gizmo for making music on a computer. The interface is so slick and inventive you'll find yourself emailing the link [38] to three or four friends, as Mark Dionne <mdionne at mediaone dot net> did for me. (Personally, I just had to pass it on to 11,849 of you [39].)

This addictive app is not new news: Noodle came out 10 months ago. Lance Arthur's glassdog spotted it last July [40]. One of Noodle's creators presented it at the Navigating Intelligence summit last fall in Banff [41]. Noodle has been making the rounds again after a Memepool [42] cite last month.

[38] http://realworld.on.net/rwmm/noodle/
[39] http://tbtf.com/growth.html
[40] http://www.glassdog.com/homepage/gdrec/0899.html
[41] http://www.google.com/search?q=cache:www.banffcentre.ab.ca/nmi/navintel.htm
[42] http://www.memepool.com

Offlist Discussions

bul These are the spaces I've set up at Take It Offline [43], [44] for those who wish to comment on and discuss this issue's articles. I'll be monitoring and actively posting to these forums.

[43] http://www.quicktopic.com/
[44] http://tbtf.com/archive/1999-10-05.html#06


bul Remember the Internet Freedom Journalism Awards, a competition announced in the previous issue of TBTF [45]? Well, the judges voted, the winners were announced, and... how do I put this modestly? I'm one of them [46]. The awards are:

[45] http://tbtf.com/archive/1999-12-16.html#s06
[46] http://www.netfreedom.org/news.asp?item=104

bul I've started a new mailing list, tbtf-log@tbtf.com, for those who want to receive a consolidated email message on Sunday evenings containing all the TBTF Log entries for the week preceding. (No, Richard Swetenham's QuickLinks didn't shame me into it, I just finally got organized.) To subscribe, send the message subscribe (the title doesn't matter) to tbtf-log-request@tbtf.com; or fill out the brief form at [47].

[47] http://tbtf.com/blog-archive/#subscribe


bul For a complete list of TBTF's email and Web sources, see http://tbtf.com/sources.html.


bul TBTF is free. If you get value from this publication, please visit the TBTF Benefactors page and consider contributing to its upkeep.

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.



Copyright © 1994-2023 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.

Most recently updated 2000-02-27