Posts filed under ‘video’
What else would you call it? Consider the facts:
- He spent over two years building bot nets- not a person who was a mule but someone who actively recruited people for his A Team- and would have kept going if not stopped. The judge still sees no criminal intent on his part, just curiosity.
- Even the prosecution called for leniency. So much for the vaunted FBI operation Bot Roast.
- He controlled 1.3 million computers around the world yet escaped conviction (also video) since it might ruin the prospects of using his skills in a positive way. No doubt those 1.3 million people are thrilled at that prospect as is UPenn, which he crashed for a couple of days with an accidental distributed denial of service attack
- All he got was a fine of $9,526 or about US$ 7,300 for damage that runs into millions of dollars because all the police actually proved was the UPenn attack.
OK, so he was 16 when he started and suffers from mild Asperger’s syndrome but what message does the sentence send to bored teenagers? That the Internet is a lawless wild west? That if you’re stupid enough to get caught, don’t worry, there’s not going to be a hanging? Instead, the police and overseas companies will line up to give you a job? That all you’re going to get is a fine that you can probably pay from your first month’s salary (as you’ve already blown the $40,000 you’ve made)?
From the news coverage, it seems to me that all of the hinting that he might work for the police is just a red herring.
Owen Walker was not that good a programmer, even though the police think so (video), just a person with a very relaxed sense of right and wrong.
The message is physical crime is not worth it- you actually do get sent to jail and no prosecutor is going to ask a judge to discharge you without a conviction. The Internet is where the smart guys go to- it seems that everyone is on your side then.
On TV (video) they aren’t willing to speak out against the sentence. So what’s next? A book deal? An invitation to speak at the RSA Conference a la Frank Abagnale?
Do we get the crime that we deserve?
In my first official post on the SSC blog, I mentioned that April is Identity Month, a time for NZ government agencies to talk about identity management.
The first event of the month was yesterday when the Biometrics Institute organised its 2008 Annual New Zealand Conference. I co-presented with a colleague about igovt and then was on the “Biometric Data Management and Data Security Issues” panel. The panel discussion gave me an opportunity to talk about the dangers of using static identifiers like biometrics and gave the example of Germany’s unfortunate interior minister.
The highlight of the month is the Identity Conference on 29th and 30th April but there are two more events around the same time that are worth having a look at:
First, a barcamp focussing on User-Centric Identity on 25th and 26th April. Secondly, the Office of the Privacy Commissioner’s next Technology and Privacy Forum has Marek Kuziel on 28th April talking about “OpenID Enabled New Zealand.”
With so much happening, it’s heaven for the identityrati in Wellington. And, with apologies to the people across the ditch, where the bloody hell are you?
I found talking with Simon really interesting, whether it was about Webstock, New Zealand, or OpenID. He had some great insights into the current state of play, including the challenges and opportunities facing OpenID. I particularly liked his emphasis on looking at OpenID in the context of decentralised social networking and the fit with OAuth and OpenSocial.
Though, I did think Simon did well to duck the question about national-level implementation of OpenID (a la Estonia).
As a first go at video interviewing, it was certainly a great experience for me. But I’m clearly no John Campbell so I guess I’ll have to keep my day job…
The Easter Bunny has done his magic and recordings from last month’s Webstock conference are now online. There’s hours of great quality presentations to sit back and enjoy.
For Kiwis, my pick is the interview (“fireside chat”) of TradeMe’s Sam Morgan (streaming video, mp3). For the identityrati there is Simon Willison on OpenID and decentralised social networks (streaming video, mp3).
Very cool stuff.
Google is a data-driven company. That’s kind of obvious when you think about it but just how true that is was made clearer in a blog post by Google’s Chief Economist, Hal Varian, Why data matters. The first sentence of the post sets the tone, “Better data makes for better science.”
He provides a history of search to come up with some critical points, “But in order to come up with new ranking techniques and evaluate if users find them useful, we have to store and analyze search logs… If we don’t keep a history, we have no good way to evaluate our progress and make improvements… the data in our search logs will certainly be a critical component of future breakthroughs.”
It has information people mostly never read like “We may combine personal information collected from you with information from other Google services or third parties to provide a better user experience…” as well as “our servers automatically record the page requests made when users visit our sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.”
What they are not as explicit about is that cookies are set to typically expire in 2038 or that they have never erased a single search query (which, when you consider that about 60% of all web searches are Google, is a staggering amount). And, just like other companies, they will hand over the data to governments when lawfully required to do so.
Google is a company who has as one of their ten key philosophies “You can make money without doing evil.” Making money is of course not evil but some underhand tactics like automatic matching, broad matching, content networks, the way the toolbar operates, etc. come pretty close.
As a data-driven company, I think it is likely that several corollaries arise that tends to explain some of the things Google does:
Corollary 1: Data is valuable therefore the more the better. So, Google collects and stores data about everything at everytime about everyone. Searches are just one of the many, many collection points across its vast reach.
Corollary 2: The richer the data the better. Context and results are important to give better insight so the more the linked data it can get, the more it can learn from the data. Hence, the combination of personal information from multiple services.
Corollary 3: Data is a competitive advantage. Not only does Google need it for improving search but as a core corporate asset that drives advertising revenues.
Corollary 4: Collection of data has to be protected at all costs. Hence, Google’s disingenuous arguments about how IP addresses aren’t personal information (PII).
There’s a whole lot more but it looks like data is Google’s itch and the more it scratches, the more privacy advocates feel the pain.
New York governor Eliot Spitzer might have saved himself a whole lot of trouble if he was instead an Australian ministerial staffer.
The Australian Government has ordered over 315 staff to fill out a 25-page form and undergo an in-depth interview about their personal finances, drug habits and sexual history to get security clearance. The reason? To protect them from blackmail.
In what is perhaps the understatement of the year, Cabinet Secretary John Faulkner said that “Some staff find it intrusive.”
Gaining security clearance includes requiring staff to list their history of sexual partners, reveal extra-marital affairs and detail homosexual experiences.
Privacy advocates like Roger Clarke point out that “It’s a given that sensitive data, stored in large databases will inevitably leak.”
With apologies to Foster’s (see this iconic commercial if you’re not familiar about this reference), is this Australian for privacy?
It seems to be the season for official privacy reviews. The Australian Law Reform Commission recently published its recommendations to reform Australia’s privacy laws and the UK Information Commissioner’s Office has launched the UK’s first Privacy Impact Assessment (PIA) handbook.
Joining the list, in NZ the Law Commission has released a study paper Privacy: Concepts and Issues which is the first stage in a major review of laws related to privacy. There is also a video of the press conference of the report’s launch (23 minutes) that includes a good overview of the paper and a discussion on the interplay between privacy and technology.
The report is the outcome of stage 1 of the Law Commission’s Review of Privacy, and provides background for the later stages. It therefore does not include recommendations.
As one would expect, one of the big questions it looked at was “How is changing technology (particularly the internet) affecting privacy?” Other questions looked at include:
• What is privacy?
• How has it been recognised and protected by the law?
• Are there particular Māori concepts of privacy?
• Do young people have different ideas about privacy from older people?
Given the report’s importance, scope, and size (222 pages) it is hard to summarise it or highlight only a few things. I will come back to the report in future blog posts and look at how some of the major questions have been addressed.
However, one thing that I would like to highlight is the recognition of the work we are doing in the Authentication Programme. The report says:
“In New Zealand, innovative work on authentication is being undertaken as part of the e-government programme coordinated by the State Services Commission… New Zealand may not be a leading developer of new hardware or software, but our relatively small size may assist in finding innovative ways of protecting privacy in the design of systems, as the example of the e-government programme suggests.”
There is an interesting video entitled What does a friend of a friend of a friend need to know about you? It does a really good job of illustrating how relationships in social networks work and the dangers to personal information that can arise.
Given the privacy slant of the video, perhaps the source of the video is not so surprising- the Privacy Commissioner of Canada’s blog. Showing a great understanding of the target market, the video has also been put on YouTube. A good example of effective Web 2.0 use by government.
Unfortunately, the people who really need to understand and act on this message are unlikely to do so. It’s not that these people don’t know the dangers- they just don’t act on it. And that remains a core problem of addressing the downsides of social networking and protecting people from the dangers they continue to expose themselves to.
As the last post for the year, there was a temptation to look back and reflect on the past year. All that changed after I heard a recording of Jon Udell interviewing Dick Hardt in IT Conversations. It made me realise how the real opportunities and challenges lie ahead of us, not behind.
In the interview, Dick talks about the work being done for the Government of British Columbia, Canada (BC) to develop a claims-based identity metasystem. Essentially, the work is an Identity 2.0 and Info Cards rendition of traditional government to people interactions.
New Zealand’s approach, GOAAMS delivered under the “igovt” banner, is perhaps best understood from the 2007 IDDY Award webcast. Both the slides and the webcast recording (needs WebEx Player) are now available.
The drivers that Dick articulated for BC are the same for NZ:
- better service delivery that requires information held across various government departmental and organisational silos to somehow be brought together in a secure and privacy-protective manner; and
- giving citizens better access to the information held about them by government.
However, the implementation paths are different. The BC project is based on Info Cards while the NZ one will probably go down the Liberty Alliance’s specs path but allowing Info Cards as an optional UI.
One thing everyone will agree with is that both implementation paths have their own pros and cons. Over time, hopefully differences will not matter too much but given the current state of interoperability, they do. And that translates into substantial differences in architecture, customer experience, the “mental model”, requirements on information providers, ability to join up service delivery, and the uptake strategy.
While the similarities in outcomes between the BC and NZ approaches are important, it is the differences in implementation that provide a great insight into the opportunities and challenges for both governments. Work on comparing and contrasting the two should throw up areas that both governments need to consider in their respective efforts.
To me, that is a very important piece of work to do next year.
In the meantime, it’s time to get the barbie (BBQ) going and break out the beer. I hope you have a great holiday and, like me, come back refreshed and ready for a cracker year ahead.
A colleague sent me this link to a YouTube video. She obviously wanted us to be inspired by the South Korean example of promoting e-government services.
Problem is… how are we going to find a Kiwi music group that the Australians won’t promptly claim to be theirs?