Posts filed under ‘video’

Invitation to become a bot herder

What else would you call it? Consider the facts:

– Owen Walker, aka AKILL, the Kiwi bot herder who was stupid enough to get caught, couldn’t stop smiling in court when the judge called him a “very bright young man.”

– He spent over two years building bot nets- not a person who was a mule but someone who actively recruited people for his A Team- and would have kept going if not stopped. The judge still sees no criminal intent on his part, just curiosity.

– Even the prosecution called for leniency. So much for the vaunted FBI operation Bot Roast.

– He controlled 1.3 million computers around the world yet escaped conviction (also video) since it might ruin the prospects of using his skills in a positive way. No doubt those 1.3 million people are thrilled at that prospect as is UPenn, which he crashed for a couple of days with an accidental distributed denial of service attack

– All he got was a fine of $9,526 or about US$ 7,300 for damage that runs into millions of dollars because all the police actually proved was the UPenn attack.

OK, so he was 16 when he started and suffers from mild Asperger’s syndrome but what message does the sentence send to bored teenagers? That the Internet is a lawless wild west? That if you’re stupid enough to get caught, don’t worry, there’s not going to be a hanging? Instead, the police and overseas companies will line up to give you a job? That all you’re going to get is a fine that you can probably pay from your first month’s salary (as you’ve already blown the $40,000 you’ve made)?

From the news coverage, it seems to me that all of the hinting that he might work for the police is just a red herring.

Owen Walker was not that good a programmer, even though the police think so (video), just a person with a very relaxed sense of right and wrong.

The message is physical crime is not worth it- you actually do get sent to jail and no prosecutor is going to ask a judge to discharge you without a conviction. The Internet is where the smart guys go to- it seems that everyone is on your side then.

On TV (video) they aren’t willing to speak out against the sentence. So what’s next? A book deal? An invitation to speak at the RSA Conference a la Frank Abagnale?


Do we get the crime that we deserve?


July 17, 2008 at 12:00 am Leave a comment

NZ: Identity Month

In my first official post on the SSC blog, I mentioned that April is Identity Month, a time for NZ government agencies to talk about identity management.

The first event of the month was yesterday when the Biometrics Institute organised its 2008 Annual New Zealand Conference. I co-presented with a colleague about igovt and then was on the “Biometric Data Management and Data Security Issues” panel. The panel discussion gave me an opportunity to talk about the dangers of using static identifiers like biometrics and gave the example of Germany’s unfortunate interior minister.

The highlight of the month is the Identity Conference on 29th and 30th April but there are two more events around the same time that are worth having a look at:

First, a barcamp focussing on User-Centric Identity on 25th and 26th April. Secondly, the Office of the Privacy Commissioner’s next Technology and Privacy Forum has Marek Kuziel on 28th April talking about “OpenID Enabled New Zealand.”

With so much happening, it’s heaven for the identityrati in Wellington. And, with apologies to the people across the ditch, where the bloody hell are you?

[To be fair, I actually did like the original advert and found the politically-incorrect NZ spoof only somewhat amusing.]

April 4, 2008 at 9:55 pm Leave a comment

Interviewing Simon Willison about OpenID

During the recent Webstock conference, I had the opportunity to interview Simon Willison about OpenID. This is now available online (windows streaming video, MP3, about 15 minutes).

I found talking with Simon really interesting, whether it was about Webstock, New Zealand, or OpenID. He had some great insights into the current state of play, including the challenges and opportunities facing OpenID. I particularly liked his emphasis on looking at OpenID in the context of decentralised social networking and the fit with OAuth and OpenSocial.

Though, I did think Simon did well to duck the question about national-level implementation of OpenID (a la Estonia).

As a first go at video interviewing, it was certainly a great experience for me. But I’m clearly no John Campbell so I guess I’ll have to keep my day job…

March 25, 2008 at 11:35 pm 1 comment

Webstock recordings now available

The Easter Bunny has done his magic and recordings from last month’s Webstock conference are now online. There’s hours of great quality presentations to sit back and enjoy.

I had earlier posted comments on day 1 and day 2.

For Kiwis, my pick is the interview (“fireside chat”) of TradeMe’s Sam Morgan (streaming video, mp3). For the identityrati there is Simon Willison on OpenID and decentralised social networks (streaming video, mp3).

Very cool stuff.

March 20, 2008 at 9:40 pm 2 comments

Google’s data itch

Google is a data-driven company. That’s kind of obvious when you think about it but just how true that is was made clearer in a blog post by Google’s Chief Economist, Hal Varian, Why data matters. The first sentence of the post sets the tone, “Better data makes for better science.”

He provides a history of search to come up with some critical points, “But in order to come up with new ranking techniques and evaluate if users find them useful, we have to store and analyze search logs… If we don’t keep a history, we have no good way to evaluate our progress and make improvements… the data in our search logs will certainly be a critical component of future breakthroughs.”

Just what information does Google track? They’ve got three videos and a whole sub-site that explains things.

It has information people mostly never read like “We may combine personal information collected from you with information from other Google services or third parties to provide a better user experience…” as well as “our servers automatically record the page requests made when users visit our sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.”

What they are not as explicit about is that cookies are set to typically expire in 2038 or that they have never erased a single search query (which, when you consider that about 60% of all web searches are Google, is a staggering amount). And, just like other companies, they will hand over the data to governments when lawfully required to do so.

Google is a company who has as one of their ten key philosophies “You can make money without doing evil.” Making money is of course not evil but some underhand tactics like automatic matching, broad matching, content networks, the way the toolbar operates, etc. come pretty close.

As a data-driven company, I think it is likely that several corollaries arise that tends to explain some of the things Google does:

Corollary 1: Data is valuable therefore the more the better. So, Google collects and stores data about everything at everytime about everyone. Searches are just one of the many, many collection points across its vast reach.

Corollary 2: The richer the data the better. Context and results are important to give better insight so the more the linked data it can get, the more it can learn from the data. Hence, the combination of personal information from multiple services.

Corollary 3: Data is a competitive advantage. Not only does Google need it for improving search but as a core corporate asset that drives advertising revenues.

Corollary 4: Collection of data has to be protected at all costs. Hence, Google’s disingenuous arguments about how IP addresses aren’t personal information (PII).

There’s a whole lot more but it looks like data is Google’s itch and the more it scratches, the more privacy advocates feel the pain.

March 19, 2008 at 11:17 pm Leave a comment

Aussie for privacy

New York governor Eliot Spitzer might have saved himself a whole lot of trouble if he was instead an Australian ministerial staffer.

The Australian Government has ordered over 315 staff to fill out a 25-page form and undergo an in-depth interview about their personal finances, drug habits and sexual history to get security clearance. The reason? To protect them from blackmail.

In what is perhaps the understatement of the year, Cabinet Secretary John Faulkner said that “Some staff find it intrusive.”

Gaining security clearance includes requiring staff to list their history of sexual partners, reveal extra-marital affairs and detail homosexual experiences.

Privacy advocates like Roger Clarke point out that “It’s a given that sensitive data, stored in large databases will inevitably leak.”

With apologies to Foster’s (see this iconic commercial if you’re not familiar about this reference), is this Australian for privacy?

March 17, 2008 at 11:08 pm 2 comments

NZ: Privacy review report

It seems to be the season for official privacy reviews. The Australian Law Reform Commission recently published its recommendations to reform Australia’s privacy laws and the UK Information Commissioner’s Office has launched the UK’s first Privacy Impact Assessment (PIA) handbook.

Joining the list, in NZ the Law Commission has released a study paper Privacy: Concepts and Issues which is the first stage in a major review of laws related to privacy. There is also a video of the press conference of the report’s launch (23 minutes) that includes a good overview of the paper and a discussion on the interplay between privacy and technology.

The report is the outcome of stage 1 of the Law Commission’s Review of Privacy, and provides background for the later stages. It therefore does not include recommendations.

As one would expect, one of the big questions it looked at was “How is changing technology (particularly the internet) affecting privacy?” Other questions looked at include:

• What is privacy?
• How has it been recognised and protected by the law?
• Are there particular Māori concepts of privacy?
• Do young people have different ideas about privacy from older people?

Given the report’s importance, scope, and size (222 pages) it is hard to summarise it or highlight only a few things. I will come back to the report in future blog posts and look at how some of the major questions have been addressed.

However, one thing that I would like to highlight is the recognition of the work we are doing in the Authentication Programme. The report says:

“In New Zealand, innovative work on authentication is being undertaken as part of the e-government programme coordinated by the State Services Commission… New Zealand may not be a leading developer of new hardware or software, but our relatively small size may assist in finding innovative ways of protecting privacy in the design of systems, as the example of the e-government programme suggests.”

February 11, 2008 at 10:31 pm 4 comments

Older Posts

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter