I’ve been collecting examples of cases where there are hidden dangers facing consumers, cases where the information necessary to make an informed decision about a product isn’t obvious, or isn’t included in most of the dialogue about that product. Sometimes, this deals with hidden implications under the law, but sometimes it’s about non-obvious capabilities of technology.
We’re increasingly entering situations where most customers simply can’t decide whether a certain product makes sense without lots of background knowledge about copyright law, evidence law, network effects, and so on. Things are complicated.
So far, I have come up with these examples, which would seem to be unrelated, but there’s a common thread – they’re all bad for the end user in non-obvious ways. They all seem safe on the surface, and often, importantly, they seem just like other approaches that are actually better, but they’re carrying hidden payloads – call them “Trojan technologies”.
To put it clearly, what I’m talking about are the cases where there are two different approaches to a technology, where the two are functionally equivalent and indistinguishable to the end user, but with vastly different implications for the various kinds of backend users or uses. Sometimes, the differences may not be evident until much later. In many circumstances, the differences may not ever materialize. But that doesn’t mean that they aren’t there.
- Remote data storage. I wrote a previous post about this, and Kevin Bankston of the EFF has some great comments on it. Essentially, the problem is this. To the end user, it doesn’t matter where you store your files, and the value proposition looks like a tradeoff between having remote access to your own files or not being able to get at them easily because they’re on your desktop. But to a lawyer asking for those files, it makes a gigantic difference in whether they’re under your direct control or not. On your home computer, a search warrant would be required to obtain them, but on a remote server, only a subpoena is needed.
- The recent debit card exploit has shed some light on the obvious vulnerabilities in that system, and it’s basically the same case. To a consumer, using a debit card looks exactly the same as using a credit card. But the legal ramifications are very different, and their use is protected by different sets of laws. Credit card liability is typically geared in favor of the consumer – if your card is subject to fraud, there’s a maximum amount you’ll end up being liable for, and your account will be credited immediately, as you simply don’t owe the money you didn’t charge yourself. Using a debit card, the money is deducted from your account immediately, and you have to wait for the investigation to be completed before you get your refund. A lot of people recently discovered this the hard way. There’s a tremendous amount of good coverage of debit card fraud on the Consumerist blog.
- The Goodmail system, being adopted by Yahoo and AOL, is a bit more innocuous on the surface, but it ties into the same question. On the face of it, it seems like not a terrible idea – charge senders for guaranteed delivery of email. But the very idea carries with it, outside of the normal dialogue, the implications of breaking network neutrality (the concept that all traffic gets equal treatment on the public internet) that extend into a huge debate being raged in the confines of the networking community and the government, over such things as VoIP systems, Google traffic, and all kinds of other issues. I’m not sure if this really qualifies in the same league as my other examples, but I wanted to mention it here anyway. There’s a goodmail/network neutrality overview discussion going on over on Brad Templeton’s blog.
- DRM is sort of the most obvious. Consumers can’t tell what the hidden implications of DRM are. This is partly because those limitations are subject to change, and that in itself is a big part of the problem. The litany of complaints is long – DRM systems destroy fair use, they’re security risks, they make things complicated for the user. I’ve written a lot about DRM in the past year and a half.
- 911 service on VoIP is my last big example, and one of the first ones that got me started down this path. This previous post, dealing with the differences between multiple kinds of services called “911 service” on different networks, is actually a good introduction to this whole problem. I ask again ‘Does my grandmother really understand the distinction between a full-service 911 center and a “Public Safety Answering Point”? Should she have to, in order to get a phone where people will come when she dials 911?‘
I don’t have a good solution to this, beyond more education. This facet must be part of the consumer debate over new technologies and services. These differences are important. We need to start being aware, and asking the right questions. Not “what are we getting out of this new technology?“, but “what are we giving up?“.
I’ve changed the feeds to fulltext. Please do still come to the site and comment if you find something interesting.
If you bought an infected CD from Sony, you’re entitled to some benefits under the lawsuit settlement:
Phil Zimmermann, the guy who brought you PGP, has just released a public beta of his new open source encrypted VOIP software – Zfone. The beta is Mac/linux only, the Windows version will be out in a month or so.
It’s an encrypting proxy for SIP calls using pre-existing software. I don’t know enough about how the protocol works to say if this would work with things like Vonage or not.
“In the future, the Zfone protocol will be integrated into standalone secure VoIP clients, but today we have a software product that lets you turn your existing VoIP client into a secure phone. The current Zfone software runs in the Internet Protocol stack on any Windows XP, Mac OS X, or Linux PC, and intercepts and filters all the VoIP packets as they go in and out of the machine, and secures the call on the fly. You can use a variety of different software VoIP clients to make a VoIP call. The Zfone software detects when the call starts, and initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the voice packets on the fly. It has its own little separate GUI, telling the user if the call is secure.”
Zfone has been tested with these VoIP clients and VoIP services:
VoIP clients: X-Lite, Gizmo, and SJphone.
VoIP service providers: Free World Dialup, iptel.org, and SIPphone.
As predicted, U.S. Judge James Ware intends to force Google to hand over the requested data to the DoJ.
I was thinking about using this to kick off a business and technology blog I’m planning, but I just haven’t had the time to do the work necessary to launch it, and this was too good to not share (and a corollary rule is that when you’re the boss, you need to realize early that things aren’t going to work out and make alternate arrangements).
This is from an exchange with a client who has a problem which is, in my experience, not unique among small business leaders – they’re the bottleneck.
“I don’t like being the bottleneck but I am on most projects and I can’t seem to break the trend”.
The answer I gave him, and the answer I give you, is this:
Stop doing other people’s work for them. Stop being the customer. You’re the bottleneck because you have the vision. When someone does some work, they’ll reach a point where they have to stop and check it with you, because you have the vision for what it should be. If they had the vision, they’d know if their work was right or not, but they’re not sure. And when that happens, sometimes, maybe even often, instead of helping to transfer the vision, you get involved in their work more deeply because it worries you that they don’t have the vision and that means you need to do more oversight. That makes you busier, and takes away the time you have to approve the other things that are waiting for your approval of the vision. Maybe you’ll even take over some of those things, “because it will be faster if I just do it”, which sucks even more of your time, which makes you more of a bottleneck. As the boss, concentrate on transferring the vision instead of doing work that other people can and should be doing. You won’t always be able to, but wherever you can, it will help. Focus on giving people a template to check their work against, and you’ll have to do less of it.
This is not to say that you shouldn’t be involved, but when people bring work to you for approval, it goes a lot faster if they’re already confident that it’s right.
Some kind of massive fuckup is going on with the international ATM network, possibly a class break of the interbank ATM network. Lots of conflicting information, but it’s pretty clear that things are not going well:
The big news this week – video that Bush knew that Katrina would destroy New Orleans a day before the storm hit:
Asking for complaint forms in Flordia Police stations gets you harassed and threatened:
Greek cell phone taps of high officials were enabled by embedded surveillance tech:
Zogby poll shows 72% of troops want to get out of Iraq in the next year, but also that 85% of them think they’re there to retaliate for Saddam’s attacking us on 9/11. So, there’s that:
Human rights abuses in Iraq are worse than under Saddam (oops, Freudian slip – I typed Bush there first):
Daily Kos is mumbling something about State-initiated impeachment:
And, a kitten:
We watched the broadcast, and thought it was stupid, and didn’t give it an adequate chance. Turns out the part we watched was the worst 15 minutes of the series. I was prodded by a few people to give it another try, and was pleasantly surprised.
If you haven’t watched it, you should. Amazon has the DVD series for $20:
Power, once given, will be abused. And not necessarily by those it’s given to.
Bruce Schenier has a blog entry about the Greek cell phone tapping scandal – about 100 cell phones of politicians and officials, including the American embassy, have been tapped by an unknown party since the 2004 Olympics.
Bruce points out that the “malicious code” used to enable this was actually designed into the system as an eavesdropping mechanism for the police.
“There is an important security lesson here. I have long argued that when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes. That’s exactly what happened here.”
Joe Gratz and I are having an interesting discussion about Creative Commons licenses over in the comments of his blog post about Schmap:
I received this email in my flickr inbox this morning:
“I am writing to let you know that one of your photos with a creative commons license has been short-listed for inclusion in our Schmap Rome Guide, to be published late March 2006.”
And a link where I was given an opportunity to remove my photo from the queue or approve it for use in their guide. I responded to this before I had my coffee, so I didn’t capture the text from the page as I should have before clicking no. But it had a short blurb of text with something along the lines of “oh, even though some people may disagree, this isn’t really a commercial use, because it’s free to download and the ads support keeping it free”.
The geographic data, photographs, diagrams, maps, points of interest, plans, aerial imagery, text, information, artwork, graphics, points of interest, video, audio, listings, pictures and other content contained on the Site (collectively, the “Materials”) are protected by copyright laws. You may only access and use the Materials for personal or educational purposes and not for resell or commercial purposes by You or any third parties. You may not modify or use the Materials for any other purpose without express written consent of Schmap (”Schmap”). You may not broadcast, reproduce, republish, post, transmit or distribute any Materials on the Site.
This is a gross perversion of what Creative Commons is about. Ad-supported “free” content is commercial (unless Google is “just trying to organize the world’s information and any money collected from selling ads is just helping keep that goal alive”). Taking CC-licensed media from other sources and roadblocking the license while claiming that the use is non-commercial is possibly deceptive.
[Update: there's more discussion on this Flickr Central thread.]