The Volokh Conspiracy

 I was struck by the EU competition bureau’s recent threat to punish Google because of “the way Google copies content from competing vertical search services and uses it in its own offerings.” (Vertical search services are specialized search engines like Yelp and Kayak that help people find local restaurants or cheap flights and rental cars.) 

In his public statement, the EU’s vice president for competition policy, Joaquin Almunia, seemed to say that Google is abusing a dominant position in search by “copying original material from the websites of its competitors such as user reviews and using that material on its own sites without their prior authorisation.” This is bad, says the EU, because:

 ”In this way they are appropriating the benefits of the investments of competitors. We are worried that this could reduce competitors’ incentives to invest in the creation of original content for the benefit of internet users. This practice may impact for instance travel sites or sites providing restaurant guides.”

This is odd language for a competition case, but quite familiar in an intellectual property context. The United States and the Europeans have a demanding copyright regime precisely to prevent companies from “appropriating the benefits” of other people’s content; and this regime has been expanded many times in living memory to better protect the investments of copyright owners.  Indeed, going the U.S. one better, the EU has adopted an additional set of intellectual property protections for compilers of databases; these protections cover uncopyrightable compilations, like phone books. 

Again, the point of both laws is to create “incentives to invest in the creation of original content” — and to balance those incentives against society’s interest in the free exchange of information.

If Google had violated either regime, presumably it would be in court or under investigation for doing so. (Marvin Ammori has a recent post explaining why they aren’t.) 

Instead,the European Union’s competition bureau seems to be saying that the balance struck by the EU in its two highly IP-friendly regimes isn’t, well, IP-friendly enough. 

Vertical search providers apparently need a kind of super-copyright.  Indeed, reading the EU’s press release, it appears that vertical search providers need a super-copyright not only in their own work but in their users’ comments as well. 

That may or may not be good competition law, but it sure looks like overkill when viewed through an intellectual property lens.

CAVEAT LECTOR: My law firm and I have done work for Google, though not in connection with competition or EU issues.

As far as I can tell, one of the few network security tools getting better at the speed of Moore’s Law is network monitoring and audit.  Modern networks throw off vast amounts of data as users go about their daily business.  It is often possible to find the telltale signs of network intrusion by watching for activity that is anomalous or that fits the signature of network attacks elsewhere.

But finding those faint signals in a sea of noise isn’t easy.  No one wants to sit and read logs.

The good news is that tools to analyze Big Data are improving and getting cheap at a great rate, and companies like Zions Bank have begun using open source programs like Hadoop to analyze their networks. 

Around 2005, [Zions Bank Chief Security Officer] Wood said, his team made the move to a massively parallel processing system that was designed for log management but that his team bent and hammered into a data warehouse for analytics. “We adopted a business intelligence mindset,” he said, “but slanted toward security.” He brought in some data-analysis specialists, and they started mining data and searching for patterns, a process made easier by the new higher-powered and more scalable system. But it, too, reached its limits as unstructured data from myriad new sources began streaming in.

In 2010, Zions started its transition to Hadoop and has been running its big data workloads exclusively on that platform since late 2011. Wood said he’s loading about 130 data sources into Hadoop, including server logs, web logs and customer transactions. Now, he explained, his team is able to analyze massive amounts of data — and fast — to detect everything from malware and spear phishing attempts to account takeovers. The latter is similar to credit card theft, only instead of discovering anomalous spending, Zions is able to detect anomalous transfers from customers’ bank accounts.

And Wood doesn’t worry about outgrowing his Hadoop cluster, which means his team can keep innovating on new ways to detect criminal behavior. If you’re monitoring network traffic, for example, Wood said, you “have to get down to 0s and 1s in packets to look for the needle in the haystack.” That means storing and analyzing everything in its raw form.

This approach to security is gaining traction, but once again, it looks as though the financial sector, rather than government, is pioneering a network security technology.  In fact, this is going to be a tough act for government to follow.  Just read that last sentence again.  “That means storing and analyzing everything in its raw form.”

Just as they stalled government network intrusion prevention technology for a decade, privacy advocates are likely to trash any government security system that depends on storing and analyzing everything, even everything on the government’s own networks.  Which means that security will likely remain Mission Impossible for most government information security officers.

The promise of perfectly personalized products manufactured by 3D printers is on the horizon, but this 3D-printed bikini – supposedly the “world’s first ready-to-wear, completely 3D-printed article of clothing” – looks surprisingly uncomfortable and badly fitted to me.

And believe me, I looked closely. I take seriously my responsibilities as a technology commentator.  And in that role, I think it’s safe to say that the future is already here but its coverage is skimpy.

Two and a half years after former Director of National Intelligence Mike McConnell called for a “dot-secure” network, a Silicon Valley startup with $9.6 million in funding has announced plans to launch one. From the description, this isn’t intended to be a wholly secure network, since that’s a promise no one can fulfill.  Instead, it’s intended to link companies that take security seriously. At a minimum, the shared standards and security consciousness should allow much better forensics and audits of network behavior, even when the behavior crosses organizational and technical firewalls.  In fact, I assume the $9.6 million will be spent mainly on rule-writing and rule-enforcement.

If ever there were a startup that lawyers and accountants could have dreamed up, this is it.  I hope that doesn’t guarantee its failure.

The one man convicted of the Lockerbie bombing has died, three years after being released by the Scottish Nationalist government for what was advertised as his last few weeks of life.

Evidently determined never to apologize, SNP leader Alex Salmond defended that release today, saying that “regardless of people’s views they can have complete confidence that it was taken on the basis of the due process of Scots Law.”

As a practical matter, Scots now have full responsibility for “due process of Scots law,” having achieved home rule by a process known as devolution.  A remarkably apt name that, when you think about it.

UPDATE: I edited the last paragraph to avoid the erroneous implication that compassionate release was governed by British law before devolution.

Here’s something for those who liked my earlier article for Foreign Policy about the foolishness of letting lawyers determine our cyberwar strategy, though it’s probably even more of a treat for those who hated my article and wished they had equal time. The ABA Journal has posted an extensive, no-holds-barred debate over the views expressed in that article.  Gen. Charles Dunlap, a former deputy judge advocate general of the U.S. Air Force, contradicts my article with passion, after which I offer a rebuttal, and he a surrebuttal. 

Here’s a sample of Gen. Dunlap’s full-throated assault on my position:

Military commanders have seen the no-legal-limits movie before and they do not like it. In the aftermath of 9/11, civilian lawyers moved in exactly that direction. Former Attorney General Alberto Gonzales, for example, rejected parts of the Geneva Conventions as “quaint.” He then aligned himself with other civilian government lawyers who seemed to believe that the president’s war-making power knew virtually no limits. The most egregious example of this mindset was their endorsement of interrogation techniques now widely labeled as torture.

The results of the no-legal-limits approach were disastrous. The ill-conceived civilian-sourced interrogation, detention and military tribunal policies, implemented over the persistent objections of America’s military lawyers, caused an international uproar that profoundly injured critical relations with indispensable allies. Even more damaging, they put the armed forces on the road to Abu Ghraib, a catastrophic explosion of criminality that produced what military leaders like then-U.S. Commander in Iraq Lt. Gen. Ricardo Sanchez labeled as a “clear defeat.”

Infused with illegalities, Abu Ghraib became the greatest reversal America has suffered since 9/11. In fact, in purely military terms, it continues to hobble counterterrorism efforts. Gen. David Petraeus observed that “Abu Ghraib and other situations like that are nonbiodegradable. They don’t go away.” Petraeus told the New York Times, “The enemy continues to beat you with them like a stick.” In short, military commanders want to adhere to the law because they have hard experience with the consequences of failing to do so.

…

In truth, as important as the moral perspective may be, the practical advantages of adherence to the rule of law have a power all their own—as history plainly shows.

Nazi Germany’s and Imperial Japan’s gruesome violations of the law of war, for example, hardly proved advantageous to them. More recently, Saddam Hussein, who embraced war without “limits,” was pulled from a subterranean spider hole—dirty, defeated and soon to be dead. Moammar Gadhafi’s illicit threats to wage war upon his own civilian population in the spring of 2011 brought the military power of the international community down upon him to the point where he ended his days groveling in a sewer pipe.

Military leaders know that adherence to the law is a pragmatic essential to prevailing in 21st century conflicts. It might be attractive to some to capitalize on the unpopularity of lawyers, to demonize them and even the law itself, but military commanders understand that war today has changed. They know that law has permeated war much as it has every other human activity, and they realize the perils of ignoring its power and influence. Whether anyone likes it or not, war has become, as Gen. James Jones, then the commander of NATO forces, observed in 2003, “very legalist and very complex.”

 And here’s a taste of my rebuttal:

Gen. Dunlap’s second theme is plainly heartfelt but equally mistaken. To him, taking lawyers out of cyberwar strategy will lead to “lawless war,” and he pulls out all the stops to condemn it, invoking Abu Ghraib, Adolf Hitler, Imperial Japan and, um, Alberto Gonzales.

If you’re wondering how the former attorney general got on that list, I suspect it’s because Gen. Dunlap is still fighting the last war. The last turf war, to be precise. The years after 9/11 saw bitter conflict between military judge advocates general and civilian leaders like Gonzales. They fought over military tribunals, Guantanamo and interrogation.

The military lawyers mostly won. But the cost of that victory was high. It did surprising damage to civilian control of the military (it’s hard, for example, to read Gen. Dunlap’s essay without getting the impression that “civilian lawyer” is some new kind of epithet). And it led military and national security lawyers to draw the wrong lessons from the post-9/11 wars. In the future, they concluded, no war should be planned or fought without a lawyer at every commander’s elbow.

Really? Let’s assume, despite substantial contrary evidence, that when we fight in places like Libya or Iraq or Afghanistan we can deprive our adversaries of propaganda victories so long as our military does nothing without a lawyer’s approval. Even if that’s true, why would we expect the same approach to work for a war in cyberspace?

At its worst, cyberwar could reduce large parts of the United States to the condition of post-Katrina New Orleans, maybe for weeks or months. Responding to propaganda attacks isn’t likely to be high on our to-do list.

The exchange is part of a new book, soon to be published by the ABA, entitled “Patriots Debate.” It is a sequel to the earlier volume, Patriot Debates, in which most provisions of the Patriot Act requiring renewal were debated in the same long-form, mostly civil format. The sequel deals with a broader range of legal issues arising from the last ten years of fighting terrorists.

Security guru Dan Kaminsky and I joined earlier this year to fight SOPA because it was bad for cybersecurity.  Today, for the same reason, we joined in a Politico op-ed to rebut attacks on CISPA, the Cyber Intelligence Sharing and Protection Act:

They say victory has a hundred fathers. It also has a hundred would-be sons — and “son of SOPA” campaigns have proliferated. In Europe, for example, SOPA’s defeat inspired a surprisingly successful effort to block the Anti-Counterfeiting Trade Agreement.

Here in the United States, though, the debate has taken an odd turn. After stopping a bill that would have undermined cybersecurity, some Internet activists are now targeting bills that could actually make the Internet safer. They’re charging that bills like the Cyber Intelligence Sharing and Protection Act represent stealth attempts to resurrect SOPA under the guise of promoting cybersecurity….

There are ways to address this concern, but we must remember the bigger privacy and civil liberties threat: the Internet’s insecurity….

Without security, no network offers privacy. A hacked database offers no protection.

Part of the solution is to get better at sharing information. That means sharing attack signatures at light speed so as soon as a new attack vector is identified by one company, it can be blocked by others. Government needs to be part of that system — it has a lot to defend and it’s pretty good at identifying signatures.

But under current law, once the government shows up to receive information, private-sector participation slows from the speed of light to the speed of lawyers. Current law lets companies share information with the government without a court order only to protect their own networks against malware, but not to protect others….

In short, we need to fix CISPA, not fight it. We can all agree that if Facebook reports that a link has been used to propagate malware, the government should expend its resources to warn users and foil the attack, not issue notices of potential copyright violations about the link.

Ever so slowly, TSA is closing loopholes in the security system that it jury-rigged on top of the old, airline-run system inherited in 2001.  The biggest loophole in recent years was the way risky travelers were identified. In essence, the airline was told to print a special code on a risky traveler’s boarding pass.  Then, the traveler would carry his pass to the checkpoint, where he’d get special scrutiny. 

That was hardly the best system. It depended on risky travelers themselves hand-carrying security messages from airline to checkpoint.  And it was easy to forge boarding passes that didn’t carry the mark of Cain.

Under a new system now being piloted, TSA will still depend on travelers carrying messages, but at least the messages will be hard to forge. Airlines will use private encryption keys to authenticate and protect the information stored on each boarding pass. Once the information is decrypted at the checkpoint, it will be compared to the information on the traveler’s ID. If the two match, TSA can apply its identity-based security measures with some confidence.

In addition to securing the information on boarding passes, the new TSA system will automate ID-checking.  ID readers will scan for security features and compare the written and the encoded information on IDs to make sure they match each other and the data on the boarding pass. This obviously raises the bar for forgery of both boarding passes and IDs.  It likely also spells the end of black-light flashlights and jeweler’s loupes in the security line. The new system will roll out first at Dulles airport near Washington.

In an effort to address the privacy objections that dog every new measure it proposes, TSA has announced that, after its machines have carefully checked those IDs and correlated them to boarding pass and flight information, TSA will destroy all the data. That strikes me as a choice that’s open to debate.  Enforced amnesia means that all travelers will always look alike to TSA.  I suppose that sounds good if you fear government discrimination, but not if you want a security system that applies different security measures to travelers based on differences in their conduct.

Watergate ushered in, among other things, the echt Age of Mainstream Media.  In a demonstration of raw media power, the Washington Post brought down a President who had just received a massive re-election mandate. No one questioned the media’s power again until the Drudge Report systematically undermined its legitimacy by covering the media the way the media covered government.

I’ve often wondered how Watergate would have played out in a blogosphere world, a  thought that came back to me when I read this in the recent NY Times obituary for Charles Colson:

 Mr. Colson served seven months after pleading guilty to obstructing justice in the case of Daniel Ellsberg, a former National Security Council consultant who leaked the Pentagon Papers, a secret history of the Vietnam War, to The New York Times. In July 1971, a few weeks after the papers were published, Mr. Colson approved Mr. Hunt’s proposal to steal files from the office of Mr. Ellsberg’s psychiatrist. The aim was “to destroy his public image and credibility,” Mr. Hunt wrote.

“I went to prison, voluntarily,” Mr. Colson said in 2005. “I deserved it.”

But did he deserve it?  The theory of his plea was that he intended to gather (apparently true) information about Ellsberg and leak it at a time when Ellsberg faced criminal charges.  How is that obstruction of justice, exactly?  Well, the leak might have affected Ellsberg’s trial, perhaps tainting the jury pool, I suppose.  That’s how Time summarized the charges at the time, saying that Colson pleaded guilty “to obstruction of justice for devising a scheme to get and disseminate derogatory information about Pentagon Papers Defendant Daniel Ellsberg in 1971.”

To his credit, Jonathan Aitken flags exactly this issue in his book, Charles Colson:  A Life Redeemed.  He notes that this was the only crime that Colson felt he had committed and that Judge Gesell had to be persuaded to accept a plea based on such an unusual theory.  In any other atmosphere, Aitken notes, treating such a leak as felony obstruction of justice would have been “hotly debated.”

At the time, of course, the mainstream media had so primed the pump that the Watergate prosecutors and Judge Gesell seem to have had few qualms about accepting Colson’s plea, or about sentencing him to one to three years in jail on this unusual theory.

In an Age of Bloggers, though, with alternative fact-finders and opinion-shapers, I wonder if it would have gone down so easily.  Maybe this is the time and place to take another look at that theory.   I’m under the impression that leaks from police and prosecutors are pretty common (though not exactly condoned) in criminal investigations.  In the nearly forty years since Colson pleaded to this crime, has any federal investigator or prosecutor been charged with felony obstruction of justice for leaking true information about a defendant? If not, should we reconsider the fairness of the sentence and the plea that launched Charles Colson on the second — and more admirable — half of his career?

According to Richard Clarke,  government lawyers play such a large role in designing American covert cyber operations that by the time the lawyers are done messing with them, they’re anything but covert:

One reason to believe the Stuxnet attack was made in the USA, Clarke says, “was that it very much had the feel to it of having been written by or governed by a team of Washington lawyers.”

“What makes you say that?” I asked.

“Well, first of all, I’ve sat through a lot of meetings with Washington [government/Pentagon/CIA/NSA-type] lawyers going over covert action proposals. And I know what lawyers do.

“The lawyers want to make sure that they very much limit the effects of the action. So that there’s no collateral damage.” He is referring to legal concerns about the Law of Armed Conflict, an international code designed to minimize civilian casualties that U.S. government lawyers seek to follow in most cases.

Clarke illustrates by walking me through the way Stuxnet took down the Iranian centrifuges.

“What does this incredible Stuxnet thing do? As soon as it gets into the network and wakes up, it verifies it’s in the right network by saying, ‘Am I in a network that’s running a SCADA [Supervisory Control and Data Acquisition] software control system?’ ‘Yes.’ Second question: ‘Is it running Siemens [the German manufacturer of the Iranian plant controls]?’ ‘Yes.’ Third question: ‘Is it running Siemens 7 [a genre of software control package]?’ ‘Yes.’ Fourth question: ‘Is this software contacting an electrical motor made by one of two companies?’” He pauses.

“Well, if the answer to that was ‘yes,’ there was only one place it could be. Natanz.”

“There are reports that it’s gotten loose, though,” I said, reports of Stuxnet worms showing up all over the cyberworld. To which Clarke has a fascinating answer:

“It got loose because there was a mistake,” he says. “It’s clear to me that lawyers went over it and gave it what’s called, in the IT business, a TTL.”

“What’s that?”

“If you saw Blade Runner [in which artificial intelligence androids were given a limited life span—a “time to die”], it’s a ‘Time to Live.’” Do the job, commit suicide and disappear. No more damage, collateral or otherwise.

“So there was a TTL built into Stuxnet,” he says [to avoid violating international law against collateral damage, say to the Iranian electrical grid]. And somehow it didn’t work.”

The last time I wrote about the restrictions that US government lawyers are piling on cyberweapons, I asked, “Lawyers don’t win wars. But can they lose one?” Clarke’s observation, however, suggests another problem.

If other nations decide that they can attribute attacks to the United States because our legal culture leaves such distinct fingerprints on our covert weapons, maybe the better question is whether American government lawyers will be responsible for causing the next war.

(Hat tip to Jack Goldsmith, who flagged the Clarke article in Lawfare. Photo credit: Freefoto)

I testified a few days ago at a House Judiciary subcommittee hearing on REAL ID implementation.  I expected to have harsh things to say about the way REAL ID has been treated by the National Governors Association and the Obama administration. And there was certainly plenty to criticize.  But what surprised me after a few years away from the issue was not how badly the secure ID problem had been neglected.  It was how much progress has been made, almost reluctantly, by all parties.  Much more secure identification is now within reach, though politics may still delay the final steps.

Here’s some of what I told the subcommittee:

Unfortunately, not everyone agrees with the need for better drivers’ license security. Opposition to REAL ID unites the nations’ governors and the ACLU. As a candidate, President Obama campaigned against REAL ID. And as a governor, Secretary Napolitano did the same. So it was no surprise that the Obama administration supported repeal of REAL ID and adoption of a softer approach, called PASS ID. Expecting PASS ID to be adopted, the administration soft-pedaled the states’ obligations under REAL ID.

But PASS ID did not pass, and REAL ID is still the law. Unfortunately, however, it’s not being treated like a real law. In 2009, the Secretary of Homeland Security permanently stayed the deadline for states to come into material compliance, on the grounds that the Department was pursuing PASS ID. By March 2011, with the deadline for full compliance with REAL ID just two months away, that reasoning wouldn’t work anymore; everyone recognized that PASS ID was dead. But the Secretary nonetheless postponed the deadline for full compliance to January 2013 without taking comments. The remarkable justification for the delay was that the administration had encouraged the states to hope that the law would change, so they didn’t take steps to comply with the law as it stands:

…

I only wish I could get an extension on my tax return by saying I was hoping the law would change before the returns were due but that I’m now ready to “refocus on achieving compliance” with the requirements of the tax code.

In fact, apart from hoping that the states will refocus, the Department does not seem to be doing much to encourage them to meet the new deadline. As far as I can see, it hasn’t audited state compliance; it hasn’t processed the submissions of states that want to certify their compliance with REAL ID; and it hasn’t pressed the states that are lagging far behind to step up their efforts.

…

[D]espite all the public outcry and political posturing, most motor vehicle departments are making good progress toward the goals set out in the REAL ID act. Janice Kephart of the Center for Immigration Studies has done invaluable work in surveying the states’ progress toward achieving compliance with the standards set by REAL ID. Her most recent study estimates that nine states are on track to achieve full compliance with all REAL ID requirements by January 2013, and that another 27 will have achieved material compliance with the act by then. That means that the great majority of states can meet the deadline, at least for material compliance, if they simply keep on doing what they have been doing.

In saying that I do not mean to overlook the distinction between material compliance and full compliance. The principal difference is that states can achieve material compliance without having in place an electronic verification system for birth certificates. To achieve full compliance, they must check birth certificates with the issuing jurisdiction.

Now, as you might guess from my early remarks, I think that checking birth certificates is crucial to achieving a more secure license system. Birth certificates are much easier to forge and much harder to check than licenses, so it’s no wonder that everyone from aspiring terrorists to cop-killing car thieves views a forged birth certificate as the key to building a fake identity.

And so, having an electronic system for checking birth certificates is crucial. It too should be in place as soon as possible.

…

Once again, there is good news on this front in the Kephart report, which says that by February of this year, 37 states had already entered their birth records into a system that allows other agencies to conduct verification online. This system, called Electronic Verification of Vital Events (or EVVE), is administered by the National Association for Public Health Statistics and Information Systems (or NAPHSIS). The network is still growing; NAPHSIS tells me that they’ve added another state since February; EVVE now covers 38 states. And the system isn’t just theoretically available. It’s actually being used on a daily basis by several US government agencies, such as the State Department’s passport fraud investigators, the Office of Personnel Management, and the Social Security Administration.

The really good news, then, is that there are no technical barriers to nearly immediate implementation of electronic birth certificate checks. Any state that can achieve material compliance by 2013 can also achieve the most important element of full compliance by that date; it just has to hook up its DMV to EVVE. In short, nearly 40 jurisdictions are on track to do what the 9/11 Commission recently urged them to do: implement drivers’ license security without delay.

The rest of my testimony is here.

The hearing itself was remarkable in several respects.  Considering that there were three very different current or former Judiciary committee chairman in the hearing room (Sensenbrenner, Conyers, and Smith), there was much less heat than I expected.

Chairman Sensenbrenner, author of REAL ID, seemed pleased with the progress to date and disinclined to beat up the Administration.  The Administration’s witness (my successor at DHS Policy, David Heyman) said there were no plans to extend the January 2013 deadline for full compliance. The governors’ witness was less hostile to REAL ID than in the past.  The privacy groups were not much in evidence, and their arguments about the dangers of a giant database were undercut by the fact that four of the five data-sharing networks needed to implement REAL ID are already in operation, with George Orwell nowhere in sight.

There’s a lesson here for government officials, especially those of us who are little impatient: Despite enormous friction and resistance, things that ought to get done in Washington do get done, eventually.

We aren’t quite done with the fight to implement REAL ID, but if this were World War II, we’d be somewhere between D-Day and the Battle of the Bulge.

The Senate’s big cybersecurity bill has finally surfaced officially, and the hearing will be tomorrow at 2:30 DC time in front of the Homeland Security and Government Affairs Committee. After Sen. Rockefeller and Sec. Napolitano, I’ll be part of a panel that includes Gov. Tom Ridge, Scott Charney of Microsoft, and Jim Lewis of the Center for Strategic and International Studies.

Here’s the first few pages of my prepared testimony. The rest is up on Skating on Stilts, for those who just have to see my take on how to draft cybersecurity emergency authorities.

Mr. Chairman, Ranking Member Collins, members of the committee, it is an honor to testify before you on such a vitally important topic. I have been concerned with cybersecurity for two decades, both in my private practice and in my public service career, as general counsel to the National Security Agency and, later, to the Robb-Silberman commission that assessed U.S. intelligence capabilities on weapons of mass destruction, and, more recently, as assistant secretary for policy at the Department of Homeland Security. In those two decades, security holes in computer networks have evolved from occasionally interesting intelligence opportunities into a full-fledged counterintelligence crisis. Today, network insecurity is not just an intelligence concern. It could easily cause the United States to lose its next serious military confrontation.

Moore’s Outlaws: The Exponential Growth of the Cybersecurity Threat-

Our vulnerabilities, and their consequences, are growing at an exponential rate. We’ve all heard of Moore’s Law. What we face today, though, are Moore’s outlaws: criminals and spies whose ability to penetrate networks and to cause damage is increasing exponentially thanks to the growing complexity, vulnerability, and ubiquity of insecure networks. If we don’t do something, and soon, we will suffer network failures that dramatically change our lives and futures, both as individuals and as a nation.

It doesn’t take a high security clearance or great technical expertise to understand this threat. It follows from two or three simple facts.

Fact One. Breaking into computer networks to steal secrets has never been easier, despite all the security measures we encounter on those networks.

Why do I say that? Simple. In recent months, we have learned that some of the most security-conscious institutions on the planet have been compromised. HBGary, RSA, Verisign, and DigiNotar are all in the network security business; they understand how to protect secrets on line — if anyone does. But RSA was electronically attacked and its most important business secrets, the keys to its security business, were stolen. HBGary lost control of its CEO’s email correspondence to a group of online vigilantes, and its CEO lost his job as a result. DigiNotar, a Dutch entity that issues online credentials, was compromised by a hacker working with Iranian security forces. Six weeks after the breach became public, DigiNotar was out of business. I think it’s fair to say that these security-conscious companies would have done whatever they could to prevent these disclosures, but they failed. They were unable to secure their networks.

Actually, the same is true for governments. The Defense Department used to say that attacks on its systems had never penetrated the classified networks. Now it has disclosed that this is no longer true. Defense contractors have also been compromised, and with them, the designs for our most recent weapons systems.

That is the first fact: No network, no matter how important its secrets and no matter how security conscious its owner, can be seen as secure in today’s world. Attackers have an excellent chance of breaking in and stealing secrets. And here is the second:

Fact Two. Once the attackers are in, they don’t have to stop at stealing secrets. They can cause severe physical damage just by manipulating the digital systems they have compromised.

When I was at DHS, we demonstrated that hackers could cause a large generator to self-destruct, just by sending the generator commands over the network. More recently, the Stuxnet malware is believed to have crippled Iran’s uranium enrichment efforts for months, simply by infecting the computerized industrial control system responsible for Iran’s centrifuges. That was good news for people who think that Iran’s nuclear program is dangerous. But Stuxnet was also a proof of concept, showing that network flaws can be used to cause massive damage to any machinery that relies on computerized industrial controls.

And what machinery runs on such controls? Pretty much everything necessary to sustain our society: refineries, pipelines, electric power, water, and sewage systems. Worse, the industrial control systems that run these necessities are not really designed with cybersecurity in mind. In fact, there is reason to believe that Windows networks running on the Internet are much more secure than industrial control systems. At a minimum, we can say with confidence that industrial control systems are no better protected than the systems that failed at RSA, Verisign, HBGary, and DigiNotar.

Cyberweapons pose a real threat to the United States. Those two facts lead to a third, common-sense conclusion: Any nation that feels the need to prepare for a military confrontation with the United States has already begun developing cyberweapons. Cyberweapons are especially potent against the United States. That’s because they are deniable; figuring out who has launched a cyberattack will be very difficult, making our other military assets less useful in deterring attacks. Cyberweapons are also asymmetric; they cause more harm in developed nations than in less advanced societies. And perhaps most importantly, such weapons can overturn the American war experience of the last sixty years – that conflicts will be fought far away, at a time and place of our choosing. Any nation expecting a conflict with the American military would be enthusiastic about developing a weapon that can cause massive civilian suffering on our home front before a single shot has been fired on the battle lines.

Now that such a weapon is within their reach, the impact could be unprecedented. We have no experience with losing large parts of our power, refinery, water and sewage systems all at once. The closest we’ve come was New Orleans after Katrina. And there, everyone knew beforehand that the disaster was coming. Preparations had been made, and most people left the city well in advance. They went to places where the infrastructure still worked, while organized military and civilian relief efforts rapidly moved in to help those who remained. Even so, the breakdown in order and the human suffering was extreme.

Thanks to growing cyber insecurity, all Americans now live in a digital New Orleans, with Katrina just offshore. And not one Katrina, but many. Computer exploits that we once thought were the work of large nations such as Russia or China now seem to be within the capability of countries like Iran and North Korea. If I am right that computer insecurity continues to grow worse each year, then the sophistication needed to launch a cyberattack will continue to decline, and soon such attacks will be within the capability of criminal gangs and online vigilantes like Anonymous.

Disaster is not inevitable. We can head this threat off if we treat it seriously. We may have years before suffering an attack of this kind. We do not have decades. We must begin now to protect our critical infrastructure from attack. And so far, we have done little.

…

Another source of resistance comes from advocates who claim that this bill is somehow similar to the Stop Online Piracy Act, or SOPA. If the bill reaches the floor, they threaten, it will meet the same fate as SOPA.

Well, to paraphrase Sen. Bentsen in the 1988 vice-presidential debate, I knew SOPA, I opposed SOPA, and Mr. Chairman, this bill is no SOPA.

I took a very early stand against SOPA, and I’m proud to have played a role in forcing its reconsideration. SOPA was a bad idea because it would have given a little help to one industry while making everyone who uses the Internet much less secure. That criticism of SOPA struck a chord with Americans because we all use the Internet with a nagging fear that our security is at risk. That security concern was at the heart of the early opposition to SOPA. This bill, in a real sense, is the opposite of SOPA. It addresses the entirely justified security concerns of ordinary users.

There is another reason not to heed the advocates who oppose this title. They’re the guys who got us into this fix.

…

Here’s a revised version of an op-ed I published on the potential importance of the SOPA fight.  The original appeared in Hollywood Reporter (caution: paywall; free version is here)

What went wrong for SOPA, the entertainment industry’s proposal for stopping international piracy? And what does it mean for Hollywood’s future clout in Washington?

I had a ringside seat for the battle over SOPA, though not as a supporter.  I thought it would make Internet users more vulnerable to cybercrime. That was a problem that could have been fixed.  Instead, after a brief halt and some modest changes, the entertainment industry decided to press for a showdown.

And a showdown, of course, is what it got.

Why did it turn out so badly? The entertainment industry’s first mistake, then and now, is believing that its adversary is a group of other companies — Google, Internet service providers, and others — who are somehow hoping to profit from the Internet travails of the entertainment industry.

In fact, the industry is fighting what amounts to a new popular culture.

Unlike the old pop culture, this one is largely independent of the music, movie, and broadcast industries. In fact, people who spend hours on line instead of watching TV or going to movies will probably encounter the entertainment industry only when Youtube videos of their kids dancing to Prince or spoofing Star Wars are pulled down by Hollywood’s bots, or when the RIAA threatens to sue them for their college savings, or when digital rights software makes it hard to move their stuff to a new tablet or phone.

To the entertainment industry these episodes may seem like collateral damage in the fight to stop piracy.  To the new pop culture, though, collateral damage and misuse of enforcement tools is everywhere, and it threatens everyone.  The content industry has made itself into the villain. Increasingly it looks like an occupying power; obeyed at gunpoint, despised for its hamhanded excesses, and resisted from every dark corner.  Unfortunately for the entertainment industry, as its customers migrate to the Internet, it loses not just their money but their hearts and minds as well.

The industry’s miscalculation about the source of the resistance to SOPA may have led to an even bigger mistake.  As long as the campaign for better IP enforcement was an inside-the-beltway, company-versus-company struggle, it could be fought within the Congressional judiciary committees, where both Republican and Democratic politicians were wooed and won as individuals. As a result, strengthening intellectual property enforcement has been a bipartisan issue for the last 25 years.  But when the fight went from the committees to the floor, and Wikipedia went dark, every member of Congress was expected to take a stand.

The two parties reacted very differently. Despite widespread opposition to SOPA from bloggers on the left, Democrats in Congress (and the Administration) were reluctant to oppose the bill outright. The MPAA was not shy about reminding them that Hollywood had been a reliable source of funding for Democratic candidates, and that it would not tolerate defections.

But that very public message also reached another audience: Tea Party conservatives. Most of them had never given a second’s thought to intellectual property enforcement before coming to town. But many had drawn support from conservative bloggers.  They began to ask why they should vote against their Internet supporters to rescue an industry that was happily advertising how much it hated them. Pretty soon, far more Republicans than Democrats had bailed on SOPA, and the Republican presidential candidates had all come out for what they called “Internet freedom.”

That’s what really ought to worry the entertainment industry. For Republicans, opposition to new intellectual property enforcement is starting to look like a political winner. It pleases conservative bloggers, appeals to young swing voters, stokes the culture wars, and drives a wedge between two Democratic constituencies, Hollywood and Silicon Valley.

We’ve seen this movie before.  Immigration reform and the DREAM Act, free trade agreements, and the USA PATRIOT Act all commanded impressive bipartisan support. For a while. Now, not so much. Bills on these topics still come to the floor, and they sometimes even pass, but only after endless partisan point-scoring and amendments driven by talk radio and mass email. The same could soon be true of intellectual property enforcement.

With SOPA, the entertainment industry pushed a generation of Republicans into choosing sides between Hollywood and the Internet.

They may never look back.

While I’m on the subject, talk about culture clash: I’ve written two SOPA op-eds, for Politico and Hollywood Reporter, and both have been put without notice behind paywalls. That’s never happened to me before, and it seems a little odd. Sure, it must sound good to the publishers, at least for a while.  But they aren’t paying op-ed contributors in gobs of cash, or in massive circulation.  They’re giving circulation to the contributors’ ideas.  Or not, in the case of the paywalled publications.

Contributors who actually care about communicating to the public have to wonder why they should offer content to an outlet with such a policy.  That only makes sense to contributors who have a strong reason to communicate just to the elite audience that pays to get these highly specialized publications — lobbyists or studio execs in the case of Politico and Hollywood Reporter. It makes sense, in other words, only to contributors who see their op-eds as an alternative form of targeted advertising.

Nothing wrong with that, either, except that it means the subscribers who pay for the publications have to read even the op-eds with their hands on their wallets, wondering, “Now why did he want me, and only me, to read that?” Ironically, then, in the long run the paywalled op-eds are less valuable than op-eds that appear for free.

UPDATE: The Hollywood Reporter assures me that the paywall is temporary — likely to last only a day or two while they’re promoting the new issue.  So, uh, never mind.  When the public link is available, I’ll add it.

UPDATE 2: Done.

Matt Drudge and The Atlantic are hyperventilating, and Mark Hosenball of Reuters is bragging, about what The Atlantic calls an “exclusive” report that DHS “routinely monitors dozens of popular websites, including Facebook, Twitter, Hulu, WikiLeaks and news and gossip sites including the Huffington Post and Drudge Report.”

There are just two problems with this exclusive news report.

It isn’t news and it isn’t exclusive.

Readers of this blog could have learned exactly the same thing in one of my posts from, uh, February of 2010.

Here’s what I said two years ago:

With his usual nudge-and-wink, Matt Drudge invites us to be dismayed that “BIG SIS” — his moniker for Janet Napolitano — is “Monitoring Web Sites for Terror and Disaster Info.” Drudge links to a story saying that DHS will be monitoring social media like Twitter, as well as websites like Drudge, to keep abreast of events during the Winter Olympics. The source of the story is a twelve-page “Privacy Impact Assessment” issued by DHS.

This isn’t the first Privacy Impact Assessment (PIA) on DHS’s use of social media. A few weeks earlier, DHS wrote a similar assessment of using social media during Haitian rescue operations.

I am indeed dismayed, but not for Drudge’s reasons.  True, it’s disappointing that neither the Volokh Conspiracy nor www.skatingonstilts.com is deemed worthy of government monitoring.  But what’s really dismaying is that DHS and its Privacy Office felt obliged to labor over two separate and painfully obvious privacy assessments just to do things that you and I would do by simply firing up our browsers.

That’s it.  The story is that people at DHS are, gasp, browsing the Internet. As I said then, there’s no scandal, other than the electrons wasted by DHS agonizing over the privacy implications of browsing public Internet sources to find out what’s happening in the world.

And if it was a nonstory in February of 2010, what does that make it in January of 2012?

Actually, it’s a lesson — that both the mainstream media and the blogosphere are doggedly overreporting anything that could be deemed a privacy violation by government, especially DHS.  If you only followed these things casually, you’d be sure that DHS was constantly violating Americans’ rights, and reports like this would be a key bit of evidence.  But when you give the “story” a little scrutiny, all you find is an agency that needs to know what’s happening in an emergency and that is looking at public social media sites for information, just like the rest of us.  There’s no privacy issue there at all, despite the heavy breathing and the headlines.

Kind of makes you wonder how many more phony privacy violations you’ve been conned into believing, huh?

UPDATE: Mark Hosenball of Reuters says that he never called his report an exclusive, since he knew about the 2010 assessment; the “exclusive” label was applied by The Atlantic, not Hosenball.  I changed the first line to avoid tagging him with the statement.

I will be testifying next Wednesday against SOPA, reprising my concerns about its impact on implementation of new web security protocols.  I’ve blogged those concerns here and here. The hearings are being held by Darrell Issa (R-CA), chair of the House Oversight and Government Reform Committee, who is troubled by the Judiciary Committee’s determination to take SOPA to the floor without hearing from witnesses on this issue. More details here.

I recently read Popular Mechanics’ riveting article reconstructing the last minutes Air France 447, which in 2009 disappeared without explanation over the Atlantic between Rio and Paris. Using the cockpit transcript, the article reveals that the pilots essentially flew a fully functioning passenger jet into the sea. Why?  It appears that a temporary loss of flight speed data and then the disconnection of autopilot systems panicked a copilot into lifting the nose of the plane.  He then more or less kept the stick pulled all the way back as the plane lost forward speed and plunged into the ocean, paying no attention to dozens of blared stall warnings. Here’s a bit of the transcript and Popular Mechanics’ commentary:

02:10:55 (Robert) Putain!
Damn it!
Another of the pitot tubes begins to function once more. The cockpit’s avionics are now all functioning normally. The flight crew has all the information that they need to fly safely, and all the systems are fully functional. The problems that occur from this point forward are entirely due to human error.
02:11:03 (Bonin) Je suis en TOGA, hein?
I’m in TOGA, huh?
Bonin’s statement here offers a crucial window onto his reasoning. TOGA is an acronym for Take Off, Go Around. When a plane is taking off or aborting a landing—”going around”—it must gain both speed and altitude as efficiently as possible. At this critical phase of flight, pilots are trained to increase engine speed to the TOGA level and raise the nose to a certain pitch angle.
Clearly, here Bonin is trying to achieve the same effect: He wants to increase speed and to climb away from danger. But he is not at sea level; he is in the far thinner air of 37,500 feet. The engines generate less thrust here, and the wings generate less lift. Raising the nose to a certain angle of pitch does not result in the same angle of climb, but far less. Indeed, it can—and will—result in a descent.
While Bonin’s behavior is irrational, it is not inexplicable. Intense psychological stress tends to shut down the part of the brain responsible for innovative, creative thought. Instead, we tend to revert to the familiar and the well-rehearsed. Though pilots are required to practice hand-flying their aircraft during all phases of flight as part of recurrent training, in their daily routine they do most of their hand-flying at low altitude—while taking off, landing, and maneuvering. It’s not surprising, then, that amid the frightening disorientation of the thunderstorm, Bonin reverted to flying the plane as if it had been close to the ground, even though this response was totally ill-suited to the situation.

The article offers a final observation on what things were like in that cockpit, minutes from the crash:

Over the decades, airliners have been built with increasingly automated flight-control functions. These have the potential to remove a great deal of uncertainty and danger from aviation. But they also remove important information from the attention of the flight crew. While the airplane’s avionics track crucial parameters such as location, speed, and heading, the human beings can pay attention to something else. But when trouble suddenly springs up and the computer decides that it can no longer cope—on a dark night, perhaps, in turbulence, far from land—the humans might find themselves with a very incomplete notion of what’s going on. They’ll wonder: What instruments are reliable, and which can’t be trusted? What’s the most pressing threat? What’s going on? Unfortunately, the vast majority of pilots will have little experience in finding the answers.

That all sounds right.  But like everything else these days, it made me think about cyberwar.  Some of the most effective tactics used by our adversaries have a social engineering component.  That is, they know how humans react to certain situations and take advantage of that reaction to gain control of our computers.  They know we’re likely to open messages and click on links sent by superiors in our organization. They know we will accept friend requests from people who are already connected to a lot of our friends.  Stuxnet took advantage of social engineering of a sort by making sure that the systems reported normal activity to the humans in the control center while sending abnormal requests to the machines.  The humans believed what their controls told them.

What does this have to do with the crash of AF447?  The reaction of the AF447 pilots was tragically human.  Once we lose faith in computer systems, especially in an emergency, all of us are likely to ask, “What instruments are reliable, and which can’t be trusted? What’s the most pressing threat? What’s going on?” And if we have only minutes to make a decision, we’re likely to lock on a fragment of our training and keep trying it. The evidence that we’re failing disastrously just makes us pull harder on the stick.

So:  Why can’t that reaction be engineered? Put another way, could a hacker have caused the AF447 crash, not by directly overriding the pilots but by manipulating their very human reactions? I should stress that I don’t believe a hacker did that.  Quite the reverse. I’m asking whether future cyberattacks will try to manipulate the human beings behind the computers.

On reflection, the answer is obvious.  All of war is an effort to manipulate the opponent into a different, defeated frame of mind. But the logical conclusions are pretty troubling. Even as we begin to deploy automated defenses against remote sabotage, attackers will turn to social engineering to defeat them. Once again, this gives the offense far more options than the defense.

Thus, imagine that we decide to improve our cyberdefenses by redesigning critical military or civilian systems so that computers alone cannot cause catastrophic missteps. That’s good, but it simply challenges the attacker to find a way to influence not just the computers but also the humans – to panic the humans into a catastrophic misstep. Even if the attacker can’t fly our planes into the sea, maybe he can get our pilots to do it for him. Even if he can’t cross the air gap to bring down our nuclear plants, he might be able to fake an emergency in the operations center that leads to the same outcome.

As AF447 shows, the key to such an attack is to create doubts about what is true in a situation where decisions must be made in minutes.  Then, as AF447 shows, humans revert to muscle memory and to training, which in some cases can lead rather predictably to disaster.

We’re already seeing rudimentary social engineering in cyberattacks.  We need to get ready for something a lot more sophisticated.

Critics of the Stop Online Piracy Act (H.R. 3261) have had an impact.  A manager’s amendment has been offered by Lamar Smith, R-TX, the Judiciary Committee chairman.  I was critical of the first version.  Here’s my take on the new version.

This version contains several provisions aimed at the security concerns raised about the first version.  The new bill insists that it is imposing no technology mandate and that it should not be construed to impair the security of the domain name system or the network of an ISP that receives an order. And it whittles away at the original requirement that ISPs must “block and redirect” visitors to pirate sites. Now, the ISPs are only obliged to block those efforts, not to redirect the subscribers to an alternative site that warns against piracy. ISPs also get a safe harbor that allows them some assurance that they don’t have to redesign their networks to carry out the blocking.

Unfortunately, the new version would still do great damage to Internet security, mainly by putting obstacles in the way of DNSSEC, a protocol designed to limit certain kinds of Internet crime. Today, it’s not uncommon for crooks to take over Internet connections in hotels, coffee shops and airports — and then to direct users to fake websites.  Users sent to a fake banking site are prompted to enter account and password data, which is used to loot the account. DNSSEC prevents such attacks by giving each website a signed credential that must be shown to the browser by the domain name system server before the connection can be completed.

That’s a great idea, but crooks will predictably try to override it.  Their best bet is to claim that the website doesn’t have a signed credential – a claim that will be plausible at least during the transition to DNSSEC.  What should a browser do if a website says it doesn’t have a signed credential yet?  The site might be telling the truth, or it might be a fake site backed by a DNS server that’s been tampered with.  To find out, the browser needs to ask a second DNS server, and if that server doesn’t give an answer, a third and a fourth server until it gets an answer. That’s the only way to keep criminals from blocking the real DNS credentials and offering their own.

Unfortunately, the things a browser does to bypass a criminal site will also defeat SOPA’s scheme for blocking pirate sites.  SOPA envisions the AG telling ISPs to block the address of www.piracy.com.  So the browsers get no information about www.piracy.com from the ISP’s DNS server. Faced with silence from that server, the browser will go into fraud-prevention mode, casting about to find another DNS server that can give it the address.  Eventually, it will find a server in, say, Canada.  Free from the Attorney’ General’s jurisdiction, the server will provide a signed address for piracy.com, and the browser will take its user to the authenticated site.

That’s what the browser should do if it’s dealing with a hijacked DNS server.  But browser code can’t tell the Attorney General from a hijacker, so it will end up treating them both the same. And from the AG’s point of view, the browser’s efforts to find an authoritative DNS server will look like a deliberate effort to evade his blocking order.

The latest version of SOPA will feed that view.  It allows the AG to sue “any entity that knowingly and willfully provides …a product … designed by such entity or by another in concert with such entity for the circumvention or bypassing of” the AG’s blocking orders.

It’s hard to escape the conclusion that this provision is aimed squarely at the browser companies. Browsers implementing DNSSEC will have to circumvent and bypass criminal blocking, and in the process, they will also circumvent and bypass SOPA orders. The new bill allows the AG to sue the browsers if he decides he cares more about enforcing his blocking orders than about the security risks faced by Internet users. Indeed, the opaque language about “another in concert with such entity” makes perfect sense in the context of browser extensions.  It allows the AG to sue not just browsers but also add-ons with this feature.

OK, that’s the law.  Now imagine you are Microsoft, or Google, or Apple, or Mozilla.  The DNSSEC guys come to you and ask you to implement DNSSEC.  It won’t increase your revenue, they admit, but it will make the Internet much safer for your users.  You want to be a good internet citizen, so you think maybe you should devote some precious code-writing resources to the cause.  But first you ask your lawyers whether they foresee any problems.

“Well, yes,” they’d have to say. “If you add code to the browser that implements DNSSEC, you’ll have to add code that circumvents criminal hijackings of the DNS system.  And that code can be declared illegal by the Attorney General pretty much whenever he likes.  You can litigate about it, of course, but if you lose, the AG can shut down all shipments of your browser until it’s been revised to the satisfaction of his staff and their advisers in Hollywood.”

Faced with that advice, would you implement DNSSEC?

Neither would I.

In fact, I wouldn’t even allow the DNSSEC guys to write an extension that implemented their protocol. And so, by poising a sword of Damocles over the browser companies, SOPA will kill DNSSEC.

Let’s hope that the opposition to SOPA hasn’t punched itself out against the first version of the bill, because this version is badly in need of a knockout punch.

The Wall Street Journal recently published a round-robin dialogue on privacy featuring Jeff Jarvis, danah boyd, Chris Soghoian, and me. Our vibrant discussion was quite heavily compressed for publication, so two of the other participants have now published their contributions in full.  Jeff Jarvis’s is here, and danah boyd’s is here. Publishing the full version on the web seems like good practice generally, so I’m following suit, with a few edits to avoid cross-referencing material that hasn’t been put on the web.  The Wall Street Journal’s questions are in bold italics.

How much should people care about privacy?

 That’s like asking how much they should care about the weather. Some, for sure. If we don’t, we’re liable to end up deeply uncomfortable from time to time.

 But let’s not kid ourselves. Privacy is like the weather in another way, too. For all the complaining, no one is going to do much about it.

 They can’t. The price of storing and analyzing data is dropping exponentially; and keeping that data hidden is a hopeless task.

 So, in the end, we will adjust.  Privacy is the most adaptable of rights. 

 Sometimes our sense of what is private shrinks. The man who invented the right to privacy, Louis Brandeis, was appalled that ordinary newsmen could snap his picture and print it in the paper without so much as a by-your-leave.  And most of us can sympathize, if we remember the shock of seeing ourselves in a photo, looking quite different than we imagined.  But no one today thinks that photography is a privacy violation. We’ve adjusted to the new technology. 

 And sometimes our sense of privacy grows. Most of us would be deeply uncomfortable at the idea of having strangers sleeping in our homes, listening to our family conversations, and gossiping about us over the back fence. But Brandeis never gave the privacy risk posed by his servants a second thought.

 It’s tempting, in that first uncomfortable moment when new technology starts to shrink our old sense of privacy, to ask for new laws to protect us from change.

 They won’t. Sooner or later, the laws on the books will yield to Moore’s law. But in the meantime, bad laws can do a lot of damage.

 Maybe it made sense to tell the FBI in Hoover’s day that its agents couldn’t compile clippings files on Americans who weren’t suspected of acting improperly. But by the time of 9/11, when any coed could assemble clips files on her blind dates — in seconds, for free, with the help of Google — did it really make sense for FBI agents to be the only people in the country barred from printing out name searches?

 So, sure, we should care about privacy. But we should also care about dumb privacy laws whose cost we won’t appreciate until it’s too late.

 What is the harm that can be inflicted by bad privacy laws? Will it prevent us from catching terrorists or drug cartels?

 Bad privacy laws abound, but the harm they do is too often downplayed in the media. 

 Take the story of September 11 itself. As the attacks loomed, the secret court that approves national security wiretaps had plunged the FBI into turmoil — but over privacy, not terrorism. Perhaps reacting to charges that it was merely a rubber stamp, the secret court had begun aggressively protecting Americans’ privacy — by imposing harsh, career-killing sanctions on an FBI agent who failed to observe the Wall between law enforcement and intelligence.

 As described in Skating on Stilts, the court’s harsh punishment was still reverberating when the FBI learned that two al Qaeda operatives had entered the US. Members of its massive Cole bombing task force begged for a chance to track them down.  But no one was willing to risk the secret court’s wrath by using a criminal task force to pursue intelligence leads.

 And so we missed our last, best chance to stop the 9/11 attacks — thanks to the secret court’s misplaced enthusiasm for a dubious privacy doctrine. That’s what turned me from a moderate privacy supporter into a profound skeptic. 

 Worse, because the secret court has never been held to account for its fecklessness, it is reportedly still following the same path — imposing new and secret privacy restrictions on our intelligence agencies. And leaving us all at risk of becoming the next privacy victims.

 You’ve said that privacy advocates have helped turn our computers into surveillance machines; what privacy laws are you referring to? And how should it have been prevented?

 There are indeed privacy laws that make computer defense much more difficult.  European laws protecting employee privacy make it harder to secure corporate networks, and U.S. privacy rules make it hard for the government to identify and warn Americans whose computers have been taken over by botnets. But the real problem is the way privacy groups have prevented the government from making policy changes in response to the growing danger of network attacks. 

 Take intrusion detection. Many corporate networks use technology that monitors networks to detect intrusions and alert administrators to threats. As long ago as the 1990s, the Clinton Administration proposed creating a Federal Intrusion Detection network, or FIDNet, that would do the same thing for civilian government networks.  It didn’t happen. FIDNet was condemned by privacy groups as “a monitoring system that threatens privacy and other civil liberties.” Along with their allies in the press, privacy advocates made FIDNet so controversial that Congress killed it. When George W. Bush revisited the idea, it made even less progress.  Only now, after a third President has raised the alarm about network attacks, are we beginning to roll out coordinated intrusion detection for the civilian arms of government.  Of course we’re a decade late; foreign governments have had ten years to steal all the information the privacy advocates now say they’re worried about – delays caused in large part by the privacy advocates themselves. 

If secret court orders protecting privacy led to 9/11, as you contend – isn’t the answer to not have secret courts? Not that privacy is terrible?

 Secrecy may well be cloaking dubious rulings by the secret court, just as it cloaked the court’s enforcement of the Wall. But we can’t expose those rulings without also exposing the highly classified intelligence operations the court is overseeing.  To solve this kind of dilemma, the Congress’s intelligence committees sometimes conduct classified investigations and release an unclassified summary of their findings.  Maybe the value of such an investigation is one thing that privacy advocates and I (and the Wall Street Journal) can all agree on.

 But the problem at its heart is not secrecy.  It’s the court’s willingness to create novel privacy and civil liberties protections.  That may sound like a good thing, but it cost us dearly in August 2001. We should consider that cost before we impose new privacy rules.

Why is there so much bad privacy law, and so many privacy victims? Here’s my theory.  Privacy advocates exploit that first uncomfortable moment when we realize that technology is changing our world, offering a Luddite illusion that law can prevent uncomfortable change.  The result is laws and court rulings on privacy that quickly become quaint.

It’s not hard to find support for that view if you compare United States v. Jones, the GPS 4th Amendment case, with an article in today’s Washington Post about the rapid spread of license plate readers:

When stored over time, the collected data can be used instantaneously or can help with complex analysis, such as whether a car appears to have been followed by another car or if cars are traveling in a convoy.

Police also have begun using them as a tool to prevent crime. By positioning them in nightclub parking lots, for example, police can collect information about who is there. If members of rival gangs appear at a club, police can send patrol cars there to squelch any flare-ups before they turn violent. After a crime, police can gather a list of potential witnesses in seconds.

…

Arlington police cars equipped with the readers regularly drive through the parking garage at the Pentagon City mall looking for stolen cars, checking hundreds of them in a matter of minutes as they cruise up and down the aisles.

At the same time that license plate readers are spreading across the landscape, companies like Google and Apple are investing heavily in location-based services for smartphones.  As a result, we’re rapidly losing any expectation that our location is private.  These fast-moving technologies make the technique at issue in Jones – whether law enforcement can physically attach a GPS tracking device to a suspect’s car – seem almost antediluvian.

Recall the moment that many journalists treated as the critical coup de grace for the government in Jones. Pressing the SG’s office about GPS tracking of Supreme Court Justices, Chief Justice Roberts asked, “So your answer is yes, you could tomorrow decide that you put a GPS device on every one of our cars, follow us for a month; no problem under the Constitution?” Many reporters and lawyers thought that this question was a killer for the government, likely hoping that the Court will ride to privacy’s rescue and  impose constitutional constraints on such tracking.

That may be so, but what the Court says about location privacy in Jones is not likely to stand the test of time. It’s as caught in the present moment as Adele’s “Someone Like You” – and a little less likely to endure. If the case had come up ten years ago, the Court, unthreatened by the location revolution, would likely have accepted the SG’s answer — that the FBI could physically follow the Justices’ movements in public without causing a constitutional concern, and a GPS device shouldn’t be viewed differently. And if the case came up ten years from now, the SG would answer, “Chief Justice Roberts, we don’t need to attach a GPS device to your car.  We can already track its movements with no warrant in a license plate database that is always getting bigger and more effective.  And we already have subpoena access to the third party location-based service providers that you all authorized when you activated your smart phones. Hell, soon, those services are going to merge.  People will mount dirt-cheap cloud-connected license-plate reading cameras on their cars as protection against a hit-and-run or road-rage attack — or to help the police find a kidnapper. No one is going to expect privacy in their car’s location then.”

In 2021, I predict, thirty-somethings will snuggle nostalgically to “Someone Like You,” and reminisce about the days when their parents didn’t know where they were – while smugly congratulating themselves that their kids will never be able to do the same to them.

And if the Court imposes constitutional restrictions on GPS tracking in Jones? What will be the ruling’s fate in 2021?  It seems to me that the debate is going to end in one of two ways.  Either constitutional restrictions on GPS devices will become a forgotten corner of the law, as law enforcement moves to newer location tracking techniques, or the Court will begin a campaign it cannot win – trying to regulate a host of location technologies in a vain effort to preserve twentieth century notions of privacy.

That’s where dumb privacy law comes from.

Photo credits:  Thanks to Francis Storr in Flickr and to Amazon.co.uk

Once again, Congress is being asked to make bad rules that will hurt network security, but this time the blame doesn’t fall on the privacy lobby.  This time the booby prize goes to the intellectual property lobby.

Below is an op-ed I wrote for Politico this week on the security consequences of the copyright enforcement bills now on the Hill — PROTECT IP and the Stop Online Piracy Act.  As it happens, the House Judiciary Committee held a hearing on the proposal on Wednesday, when the op-ed appeared, and some of the questioning turned on my op-ed.  Indeed, I gather that it contributed to an unexpectedly ragged performance from Hollywood’s normally smooth witnesses.

Unfortunately, the Politico article was posted behind a paywall.  That’s pretty ironic for an op-ed questioning the value of over-enforcing the copyright laws. So I’m posting it here, too:

Everyone knows that internet security is bad and getting worse.  Recognizing the problem, Congress is hard at work on cybersecurity, with a number of bills on the table.  Ironically, at the very same time, Congress is getting ready to pass a copyright enforcement bill that could kill our best hope for actually securing the internet.

How did that happen?  Let’s start with the internet, where fake websites cost users millions of dollars in fraud losses every year.  Unless we find a better system for locking down website identities, this and other forms of online crime will continue to skyrocket.

It turns out that internet engineers have already designed a system to solve this problem — a set of technical rules that go by the unlovely name of DNSSEC. Under these rules, an Internet website will be given identification credentials by the same company that registers its Internet name.  Thus, when Citibank claims the domain name citibank.com, the registry who issues the name will at the same time lock that name to a particular Internet address. From then on, anyone who types “citibank.com” into his browser will be sent to one and only one Internet address.  Under the new system, the browser simply will not take the user to a site that isn’t verified by Citibank’s unique credentials.

That’s protection that the people who bank online need today. 

Why don’t they have it?  Two reasons.  The first is friction.  Moving to the new rules won’t be free.  It will require a lot of work by browser companies, internet service providers, domain registries, and others – many of whom may never get any direct benefit from the change.  Naturally, these companies are a little slow to spend money that just makes the internet overall safer; that’s the tragedy of the commons.  But as the need for security becomes obvious to all, we’re slowly overcoming that friction, thanks in part to the leadership of my old agency, the Department of Homeland Security, in getting government to adopt the new procedures.

The second problem is new. It is Hollywood’s desperate desire to keep foreign websites from delivering pirated movies and music to American computers.  To do that, the movie industry wants a law that will require internet service providers block their customers from going to those sites.  Instead, the users are supposed to be sent to a site that warns them against copyright infringement.

 Hollywood has sold that idea to Congress, and bills are now moving through both houses to impose this “block and redirect” obligation on internet service providers.  And they’re moving fast. The Senate bill is out of committee, while the House judiciary committee is holding hearings on a similar bill this week.

 This is far faster than Congress’s cybersecurity effort, and it runs directly counter to that effort. Because “block and redirect” is exactly what crooks are doing today to bank customers.  If the bills become law, the security system won’t be able to tell the difference between sites that have been blocked by law and those that have been sabotaged by hackers. Indeed, it isn’t hard to imagine crooks redirecting users to sites that say, “You were redirected here because the site you asked for has violated copyright,” while at the same time planting malware on the user’s computer. 

 What’s more, the bill will likely break the fragile consensus that my former agency, the Department of Homeland Security, has spent years helping to build around the switch to DNSSEC.  If the bill passes, practically everyone who needs to make changes to implement DNSSEC will instead be on the phone to their lawyers, asking whether they will be sued for adopting a security technology that makes the mandated “block and redirect” system even more difficult. 

If “block and redirect” could stop Hollywood’s bleeding, perhaps a case could be made for undermining everyone’s security in order to protect the studios’ intellectual property. But it won’t stop the bleeding.  Even today, if someone is blocked and redirected away from his favorite pirate website, he can find many simple ways to defeat the block. He can paste his favorite pirate website’s number (rather than its name) into the address box on his browser.  Or he can simply tell his computer to look up the site’s address on a Canadian server instead of an American one.

Passing this bill will make Hollywood feel better, and richer. 

For about a minute. 

It will leave the rest of us hurting and poorer for years.

A recent report by Danah Boyd and others reveals that turning parents and children into liars is a principal effect of the Children’s Online Privacy Protection Act, or COPPA.  According to Consumer Reports, 7.5 million kids under 13 have joined Facebook. Since Facebook prohibits kids of that age from the service, that’s 7.5 million children who lied in the signup process.  And most of them got help in telling the lie from their parents.  According to Boyd’s study, the vast majority of parents were aware that their children joined Facebook before reaching 13; in fact, more than two-thirds of these parents helped their under-age kids join.

That’s a lot of lying.

COPPA more or less forces Facebook into excluding thirteen-year-olds.  The law and the FTC regs implementing it set stringent limits on the kinds of information that web services can collect from kids under 13 in the absence of “verifiable parental consent.” Obtaining verifiable consent requires mail, fax, phone calls, or credit card numbers; email is allowed only if accompanied by a cryptographically secure digital signature. It is quite deliberately a hassle.  And once the consent is received, the service is charged with knowledge that the customer is a child, which triggers special legal protections and limits, not to mention FTC and state attorney general oversight.

All in all, unless you’re running a site focused exclusively on preteens, you’d be crazy to let them join.  Facebook isn’t crazy.  It excludes children.  But staying off Facebook isn’t really an option for kids with a social life, or grandparents for that matter. So the real effect of the law and Facebook’s policy is to force children and their parents to lie about the child’s age.

Teaching kids to lie isn’t exactly a government policy to be proud of.  But federal law has another unintended legal consequence in store for those parents and kids.  As Orin Kerr and I have pointed out, Facebook users who violate the site’s terms of service also violate the Computer Fraud and Abuse Act, at least according to the Justice Department. Which would make every one of those parents and children guilty of a federal misdemeanor.

By my count, that’s well over ten million misdemeanors, not to mention ten million privacy victims.

Now, you might ask, “Who the hell is the government to take away the decision whether my kids can join Facebook?”  Actually, most parents feel exactly this way.  When the study asked them who should have the final say about whether or not their child should be able to use online services, 93% chose the parents, 3% opted for the company providing the service, 2% chose the government, and  2% would leave the decision to the child.

So how did we end up with an online regime that is this intrusive, stupid, and unpopular?

It wasn’t easy.  It took a lot of lobbying, and the story may help explain why we have so many stupid privacy rules.

First, in the 1990s, when parents and children were just beginning to go online, no one knew what that would be like.  There was a lot of free-floating anxiety.   By the late 1990s, the Federal Trade Commission and groups like the Consumer Federation of America were maneuvering to focus that anxiety on fear that evil websites would extract information from trusting youngsters without parental knowledge.  My guess is that the Commission and the consumer groups wanted an overarching online privacy law, and they thought that a law focusing on children’s privacy would be a good first step.

The FTC released a study in 1998 that painted the online industry in dark colors:

The results with respect to the collection of information from children are … troubling. Eighty-nine percent of children’s sites surveyed collect personal information from children. While 54% of children’s sites provide some form of disclosure of their information practices, few sites take any steps to provide for meaningful parental involvement in the process. Only 23% of sites even tell children to seek parental permission before providing personal information, fewer still (7%) say they will notify parents of their information practices, and less than 10% provide for parental control over the collection and/or use of information from children. The Commission’s examination of industry guidelines and actual online practices reveals that effective industry self-regulation with respect to the online collection, use, and dissemination of personal information has not yet taken hold.

Later, in testifying before Congress, the FTC highlighted a few extreme examples:

One child-directed site collected personal information, such as a child’s full name, postal address, e-mail address, gender, and age. The site also asked a child extensive personal questions about financial information, such as whether a child previously had received gifts in the form of stocks, cash, savings bonds, mutual funds, or certificates of deposit; who had given a child these gifts; and whether a child had put monetary gifts into mutual funds, stocks or bonds. The site also asked for family financial information including whether a child’s parents owned mutual funds. Apparently in exchange for providing this information, a child was entered into a contest. Elsewhere on the Web site, contest winners’ full names, age, city, state, and zip code were posted.

Another child-directed site collected personal information to register a child for a chat room. The information included a child’s full name, e-mail address, city, state, gender, age, and hobbies. The Web site had a lotto contest that asked for a child’s full name and e-mail address. Lotto contest winners’ full names were posted on the site. For children who wished to find an electronic pen pal, the site offered a bulletin board service that posted messages, including children’s e-mail addresses. While the Web site said it asked children to post messages if they were looking for a pen pal, in fact anyone of any age could visit this bulletin board and use the Web site information directly to contact a child.

Those examples would have a lot less power today, partly because the gathering of online data doesn’t seem as alien or scary as it did in 1998.  We’ve given our email addresses to a lot of sites without being stalked by predators.  We also know that there are practical limits on web services data collection and usage. Sites that ask kids for too much information are unlikely to prosper because, as Boyd’s study shows, parents play a pretty big role in their preteens’ decision to join a service. 

But in 1998 the FTC’s stories were seen as disturbing portents of a dystopian future. And how could we head off this future?  Not to worry; the FTC also had a solution.  Casting itself as a vigilant defender of parental rights, the Commission told Congress that the solution was – what else? – an expansion of Commission authority over online privacy practices: “As a result of our activities over the past three years, the Commission has developed significant expertise regarding children’s privacy. … The Commission strongly supports the approach adopted in this legislation.”

The bill was enacted later that year.

Where were the privacy groups while this was going on?  On the case, sort of.  The Center for Democracy and Technology testified in favor of the overall bill, but it wanted changes to give parents even less knowledge about their kids’ online activities; it asked (with some success) for modification of provisions that would have given parents access to any information their child provided to a website and alerted them when the child gave his email address to a website.

If you were a parent in 1998, you probably felt pretty good when you heard about COPPA’s passage.  You’d been told that it was going to protect your kids’ privacy by empowering you. But in fact, it mainly empowered a government agency to decide what your kids can do online.  And the privacy groups you thought were on your side?  They were more interested in protecting your kids from, well, you.

This isn’t just history.  The story of COPPA is by and large the story of most privacy legislation: a new technology emerges, followed by a “privacy panic” over how it might be misused (often engineered by interested agencies and privacy groups), followed by hasty legislation with large-scale unintended consequences — and, soon, a new class of privacy victims.

If I were a libertarian, I’d be particularly troubled by the FTC’s role in this drama. In the name of privacy and parental control, we let the FTC create a legal regime that expanded government’s authority over the Internet and took away parents’ ability to control their childrens’ online memberships, at least without lying.

And this weird mix of the authoritarian and the libertarian is not a bug unique to COPPA; it is a deliberate feature embraced by most of the privacy lobby whenever they talk about setting privacy rules for the private sector.  Considering how many supporters of privacy legislation tend to be dubious about government authority, it’s remarkable how often privacy legislation empowers some bureaucrat to regulate some part of the economy more aggressively.

Photo credit: http://www.flickr.com/photos/joebehr/5130944038/sizes/o/in/photostream/

The British Commonwealth has endorsed an end to the traditional preference for sons over daughters in royal succession.  Said British Prime Minister David Cameron, “The idea that a younger son should become monarch instead of an elder daughter simply because he’s a man … this way of thinking is at odds with the modern countries that we’ve all become.”

So, instead of letting its ruler be determined by an accident of biology, the UK will now choose its ruler based on … a different accident of biology.

Anyone who’s read Skating on Stilts knows I am a big believer in using travel data for counterterrorism purposes.  What’s more interesting is that the Obama administration has been just as enthusiastic.  Some of the reasons for its enthusiasm showed up in testimony to the House Homeland Security Committee last week, when the Department of Homeland Security released stories about its use of travel data that I had not seen before. 

Remember Faisal Shahzad, the Times Square bomber who was pulled off a plane at JFK as it was preparing to leave the country?  It turns out that travel data was his nemesis, helping DHS and the FBI track him at every turn:

Early in this investigation, the Federal Bureau of Investigation (FBI) learned of Shahzad‘s cell phone number from a report shared by DHS.  The FBI ran the phone number in their ACS system and was able to connect it to the DHS report. Through good interagency cooperation, the FBI asked DHS if it had encountered any individual who reported this phone number during border crossings.  DHS searched its PNR database for the phone number, identified Shahzad, and learned other information he had provided to DHS.  DHS then provided the additional data to the FBI.  Later, Shahzad attempted to flee the United States, but DHS‘s analysis of departing passenger data identified him before departure and DHS removed him from the aircraft.

Najibullah Zazi was the guy who rented a truck and drove cross country to set off explosives in the New York City subway. It turns out we used travel data to identify the scope of the conspiracy and to interrogate him. According Indian news sources, Tom Bush, testifying for Customs and Border Protection, revealed that:

“Using PNR data, DHS and CBP worked closely with the FBI to crosswalk the names of his co-travelers against open counter-terrorism cases inside the United States and determined his co-travelers were being trained during the same trips to Pakistan in the same training camps. Zazi was arrested on September 19th, 2009, and the information from his PNR records were used in his questioning and his indictment. Zazi pled guilty in February 2010.”

Particularly impressive was the use of travel data to identify David Headley, the American who did reconnaissance work for the Mumbai attacks

“Law enforcement intelligence information implicated a specific person in the plotting of a 2008 Mumbai attack, as well as the possible attacks against a Danish newspaper office. … Starting with a very common first name, David, a partial travel itinerary and a very vague travel timeframe, CBP was able to review its PNR data in connection with other DHS databases…. Within 24 hours, CBP was able to provide the FBI with the person’s full name, address, passport number, travel history and other information useful to law enforcement pursuing him. You may know that person as David Headley, who pled guilty in March 2010.”

In short, travel data has been crucial in keeping Americans alive during the ten years since 9/11.  And during the same decade, the European Union has been doing everything it can to cripple our use of travel data.  It’s forced four rounds of negotiation on privacy standards for travel data and then has blown up every deal it’s reached, always threatening to cut off the flow of data if the US doesn’t keep talking.

With that record, you’d be forgiven for wondering whether Europe’s elite actually thinks it’s a good thing to keep Americans alive.

In fact, with that record, you’d probably be forgiven if you stopped wondering.

The Institute of Medicine, part of the National Academy of Sciences, has studied the problem of how to distribute antibiotics in the event of an anthrax attack.  It’s a big problem, because, as the study confirms, the antibiotics have to be in people’s hands (mouths, really) within 48 hours of an attack.  And it may take the government almost that long to realize we’ve been attacked.  So, the scientists had a choice between recommending (1) a Big Government solution, in which the government stockpiles the antibiotics, flies them to the affected area when needed, and relies on the near-bankrupt Postal Service to get them to the right people in time, or (2) letting people have (or buy) Medkit packets of antibiotics to store at home for an emergency.

The study was funded by HHS, so you won’t be surprised to discover that the Institute recommended (1) a Big Government solution.  The main reason it gives is that you and the rest of the public are just too bone stupid to be trusted with antibiotics.  But to spare your feelings, the Institute puts it this way:  letting you have antibiotics raises “the potential for inappropriate use in routine settings (e.g., using the antibiotics to treat a cold) and the potential for widespread inappropriate use in response to a distant anthrax attack, a false alarm caused by a nonanthrax white-powder event, or some other public health emergency for which antibiotics are not indicated.”

But, really, “too bone stupid” is pretty much what they meant.

This is the National Academy of Sciences, of course, so they’ve got scientific evidence of our stupidity.  Like, for example, the Center for Disease Control gave more than four thousand people in St. Louis special antibiotic medkits to hold for an emergency.  Months later, they went back and collected them.  They counted the people who had engaged in “inappropriate use in routine settings.” And they found, uh, four.  Not four percent, four people.  That’s one-tenth of one percent, last time I looked.

Apparently we weren’t as dumb as the National Academy of Sciences would like to think, so they declared that this science wasn’t settled, in fact it wasn’t even worth thinking about.  Why?  Because participants were promised a $25 gift certificate if they completed the study. According to the National Academy’s report, this promise of a gift card so tantalized the unwashed masses that they pretended to be less stupid than the scientists know we really are. So the study didn’t count.

Once all that nasty unpredictable science was out of the way, the National Academy of Sciences was free to say what it wanted to say all along:  No antibiotics for you.

But the gob-smacking foolishness of relying on government distribution of antibiotics in an emergency was simply too obvious for even the Institute of Medicine and the National Academy of Sciences to completely ignore.  So they encouraged the distribution of some medkits to some people.

Which people, you ask?

Do you really have to?  The study tentatively recommends that the life-saving kits be issued to “some first responders, health care  providers, and other workers that support critical infrastructure, as well as their families.” Apparently medical workers aren’t too stupid to live, according to the Institute of, uh, Medicine.  And neither are government workers – those postal workers, the cops that will have to accompany them, and anybody else in government who’s smart enough to call himself a first responder (want to bet that includes the Governor?).

And their families too, of course.  We’ll need to repopulate, after all.

Have I been unfair to the authors?  It’s possible.  I went through the report fast, and with mounting blood pressure.  So I welcome corrections in the comments. Or jokes about government health care, as you choose.

The more important question is:  What can you do to protect yourself from this astonishing feat of policy malpractice?

Here, at least, I can praise the report, because it acknowledges, a bit grudgingly, an option I highly recommend:  Ask your doctor for a prescription for antibiotics and stash them in a cool, dark,dry place (not your warm, light, wet bathroom).  If your doctor balks, you can quote this passage from the report:

Personal stockpiling might also be used for certain
individuals who lack access to antibiotics via other timely
dispensing mechanisms (for example, because of their
medical condition and/or social situation) and who de-
cide—in conjunction with their physicians—that this is
an appropriate personal strategy. This is allowed under
current prescribing practice and would usually be done
independently of a jurisdiction’s public health strategy
for dispensing medical countermeasures.

Of course you’re supposed to persuade your doctor that you’d “lack access to antibiotics via other timely dispensing mechanisms.” I suggest reading him the part about how the Postal Service will carry out the distribution.

If that doesn’t convince him, maybe you need a smarter doctor.

Photo credit: http://www.flickr.com/photos/hukuzatuna/2536746395/

The Kindle Fire is a remarkable innovation in the Apple mold:  taking a bunch of components that are pretty well known and combining them into a powerful new experience.  But unlike Apple, Amazon’s integrating vision isn’t visual design or even user delight.  Instead it’s far more ambitious — a new vision of the entire Internet ecosystem.

OK, let me try that again without the Valley babble.  The Kindle Fire forks Android into an Amazon-designed and Amazon–controlled operating system.  So far, no surprises. Amazon owns and subsidizes the hardware, too, so it can design features that integrate operating system and processor tightly.  Again, nothing that Apple can’t do.  But then comes the clever, almost-new idea:  Fire uses its own browser, called Silk, which is designed to work with Amazon’s massive cloud computer. So instead of downloading web pages one after the other and opening them on your computer, Amazon’s cloud stores and even opens them, sending you the end result.  This allows speedier downloads for a couple of reasons:  Caching of popular pages (or even parts of pages) avoids download delays when the original source is overloaded; and Amazon’s cloud can handle even the most processor-intense pages instantaneously, far faster than your wheezing desktop machine.  In short, your Internet experience on the Fire ought to be lightning quick.

There’s another advantage to this new vision of what might be called the Bezosnet.  The Bezosnet ought to be a lot more secure.  One way that hackers compromise your machine is by getting you to go to malware infected sites.  Just visiting the site triggers routines that take over the visitor’s computer.  But if the routine runs, not on a visitor’s computer but in a virtual environment at Amazon’s data center, the attacker’s code isn’t likely to work.

In fact, it looks to me as though Amazon has a remarkable security opportunity here.  It controls the Fire hardware, the Fire operating system, and the Fire user’s internet connection. If a Fire tablet joins a botnet, Amazon will know immediately. It can quarantine the tablet and alert the owner.  Indeed, it can go further, performing diagnostics to figure out and remedy the security flaw the botnet exploited. If a Fire tablet starts sending beacons or massive encrypted data files to a Chinese controller site, Amazon can spot the pattern and alert the user or even block the transmissions.  No one else, not even Apple, maybe not even DoD, will have the same ability to drive security into all parts of the Internet ecosystem.

If Amazon exploits its security opportunity, this could be transformative for users. To take one example, most people are, or should be, wary about Internet financial transactions.  Small businesses that do electronic funds transfers are at enormous risk today.  Like consumers, their machines are easily compromised, but unlike consumers, their losses to hackers are not underwritten by the banks.  That’s costing them easily hundreds of millions of dollars a year. As small businesses come to appreciate the risk, Amazon has a chance to persuade them that a dirt-cheap Amazon Fire tablet is the only safe way to access their funds.

Competitively, that could put Amazon squarely in the stream of high-value Internet transactions.  Maybe it becomes a bank.  Maybe it forces Mastercard and Visa to give it a discount because fraud on Amazon-mediated transactions is lower. Maybe it takes on Google’s relationship with advertisers, since now Amazon has insight into information advertisers really want:  what are consumers actually buying and how much are they paying? Maybe it kills the prospects of ISPs and telcos hoping to transcend dumb pipe status and exploit their direct connection to consumers; that connection won’t be much use if Amazon controls and can encrypt the entire stream of communication.

For consumers, the Fire opens up a prospect of feudal security on the Internet.  We already know that we can’t protect our own machines from attack. For all the talk of insecurity in the cloud, it’s almost certainly more secure than the decentralized system we have now. To take one example, I have a lot more faith in Google’s ability to protect my gmail account than in the ability of my system administrator to do the same for my corporate account.  And I have more faith in Amazon’s ability to spot malware infested websites than in my ability to do the same, even with help from Google and antivirus software. Yes, you’re putting all your eggs in one basket, but you’re also hiring someone to guard that basket while you get on with life. Sooner or later, to get security, it looks as though we’re all going to have to pick a liege lord and shelter under his castle walls. And now Amazon has an chance to build the first string of forts and castles across the most desirable territory.

Of course, where there’s feudalism, there’s droit de seigneur. The price for security will be, probably must be, a loss of privacy, anonymity, and control to Amazon.  Right now, Amazon’s terms of service provide some contractual anonymity to users, but as a technical matter Amazon has total visibility into everything that happens on a Fire tablet.  That visibility is very likely necessary for security, and it is damn sure valuable for commercial purposes.  So it’s hard to imagine that it won’t be used for both purposes.

I can hear the privacy Luddites cranking up their outrage machinery now.  As usual, they’ll be a day late.  But they’ll also be a dollar short, at least if I’m right that the alternative to sheltering under Amazon’s walls is living out on the plains alone, at the mercy of marauders. No one will thank the data protection authority that saves us from Amazon by pushing us into the arms of the Russian Business Network. What the authorities can do is police Amazon’s terms of service and perhaps hold Amazon to any promises of security with tough new liability rules.  But, like Regulation Z, which declares that credit card fraud can’t cost US consumers more than $50, a rule imposing liability on Amazon for Internet security breaches could turn out to be an enormous market advantage (not to mention a tough barrier to entry for imitators).

All in all, then, the Fire Tablet is potentially a very big deal.  Too bad I’m too cheap to buy one.

(As always when I get into the details of security technology, I do so with considerable humility about my grasp of, well, actual technical details. This is technology poetry, not prose, and a first draft of the poetry at that. I welcome technical corrections. )