business

The importance of network effects to social software

From danah boyd’s “Social Media is Here to Stay… Now What?” at the Microsoft Research Tech Fest, Redmond, Washington (danah: 26 February 2009):

Many who build technology think that a technology’s feature set is the key to its adoption and popularity. With social media, this is often not the case. There are triggers that drive early adopters to a site, but the single most important factor in determining whether or not a person will adopt one of these sites is whether or not it is the place where their friends hangout. In each of these cases, network effects played a significant role in the spread and adoption of the site.

The uptake of social media is quite different than the uptake of non-social technologies. For the most part, you don’t need your friends to use Word to find the tool useful. You do need your friends to use email for it to be useful, but, thanks to properties of that medium, you don’t need them to be using Outlook or Hotmail to write to them. Many of the new genres of social media are walled gardens, requiring your friends to use that exact site to be valuable. This has its advantages for the companies who build it – that’s the whole attitude behind lock-in. But it also has its costs. Consider for example the fact that working class and upper class kids can’t talk to one another if they are on different SNSs.

Friendster didn’t understand network effects. In kicking off users who weren’t conforming to their standards, they pissed off more than those users; they pissed off those users’ friends who were left with little purpose to use the site. The popularity of Friendster unraveled as fast as it picked up, but the company never realized what hit them. All of their metrics were based on number of users. While only a few users deleted their accounts, the impact of those lost accounts was huge. The friends of those who departed slowly stopped using the site. At first, they went from logging in every hour to logging in every day, never affecting the metrics. But as nothing new came in and as the collective interest waned, their attention went elsewhere. Today, Friendster is succeeding because of its popularity in other countries, but in the US, it’s a graveyard of hipsters stuck in 2003.

The importance of network effects to social software Read More »

MySpace/Facebook history & sociology

From danah boyd’s “Social Media is Here to Stay… Now What?” at the Microsoft Research Tech Fest, Redmond, Washington (danah: 26 February 2009):

Facebook had launched as a Harvard-only site before expanding to other elite institutions before expanding to other 4-year-colleges before expanding to 2-year colleges. It captured the mindshare of college students everywhere. It wasn’t until 2005 that they opened the doors to some companies and high schools. And only in 2006, did they open to all.

Facebook was narrated as the “safe” alternative and, in the 2006-2007 school year, a split amongst American teens occurred. Those college-bound kids from wealthier or upwardly mobile backgrounds flocked to Facebook while teens from urban or less economically privileged backgrounds rejected the transition and opted to stay with MySpace while simultaneously rejecting the fears brought on by American media. Many kids were caught in the middle and opted to use both, but the division that occurred resembles the same “jocks and burnouts” narrative that shaped American schools in the 1980s.

MySpace/Facebook history & sociology Read More »

Defining social media, social software, & Web 2.0

From danah boyd’s “Social Media is Here to Stay… Now What?” at the Microsoft Research Tech Fest, Redmond, Washington (danah: 26 February 2009):

Social media is the latest buzzword in a long line of buzzwords. It is often used to describe the collection of software that enables individuals and communities to gather, communicate, share, and in some cases collaborate or play. In tech circles, social media has replaced the earlier fave “social software.” Academics still tend to prefer terms like “computer-mediated communication” or “computer-supported cooperative work” to describe the practices that emerge from these tools and the old skool academics might even categorize these tools as “groupwork” tools. Social media is driven by another buzzword: “user-generated content” or content that is contributed by participants rather than editors.

… These tools are part of a broader notion of “Web2.0.” Yet-another-buzzword, Web2.0 means different things to different people.

For the technology crowd, Web2.0 was about a shift in development and deployment. Rather than producing a product, testing it, and shipping it to be consumed by an audience that was disconnected from the developer, Web2.0 was about the perpetual beta. This concept makes all of us giggle, but what this means is that, for technologists, Web2.0 was about constantly iterating the technology as people interacted with it and learning from what they were doing. To make this happen, we saw the rise of technologies that supported real-time interactions, user-generated content, remixing and mashups, APIs and open-source software that allowed mass collaboration in the development cycle. …

For the business crowd, Web2.0 can be understood as hope. Web2.0 emerged out of the ashes of the fallen tech bubble and bust. Scars ran deep throughout Silicon Valley and venture capitalists and entrepreneurs wanted to party like it was 1999. Web2.0 brought energy to this forlorn crowd. At first they were skeptical, but slowly they bought in. As a result, we’ve seen a resurgence of startups, venture capitalists, and conferences. At this point, Web2.0 is sometimes referred to as Bubble2.0, but there’s something to say about “hope” even when the VCs start co-opting that term because they want four more years.

For users, Web2.0 was all about reorganizing web-based practices around Friends. For many users, direct communication tools like email and IM were used to communicate with one’s closest and dearest while online communities were tools for connecting with strangers around shared interests. Web2.0 reworked all of that by allowing users to connect in new ways. While many of the tools may have been designed to help people find others, what Web2.0 showed was that people really wanted a way to connect with those that they already knew in new ways. Even tools like MySpace and Facebook which are typically labeled social networkING sites were never really about networking for most users. They were about socializing inside of pre-existing networks.

Defining social media, social software, & Web 2.0 Read More »

DRM fails utterly

From John Siracusa’s “The once and future e-book: on reading in the digital age” (Ars Technica: 1 February 2009):

Nuances aside, the big picture remains the same: DRM for digital media distribution to consumers is a mathematically, technologically, and intellectually bankrupt exercise. It fails utterly to deliver its intended benefit: the prevention of piracy. Its disadvantages, however, are provided in full force: limiting what consumers can legally do with content they have legitimately purchased, under threat of civil penalties or criminal prosecution.

DRM fails utterly Read More »

Why everyone wants a computer: socializing

From Paul Graham’s “Why TV Lost” (Paul Graham: March 2009):

The somewhat more surprising force was one specific type of innovation: social applications. The average teenage kid has a pretty much infinite capacity for talking to their friends. But they can’t physically be with them all the time. When I was in high school the solution was the telephone. Now it’s social networks, multiplayer games, and various messaging applications. The way you reach them all is through a computer. Which means every teenage kid (a) wants a computer with an Internet connection, (b) has an incentive to figure out how to use it, and (c) spends countless hours in front of it.

This was the most powerful force of all. This was what made everyone want computers. Nerds got computers because they liked them. Then gamers got them to play games on. But it was connecting to other people that got everyone else: that’s what made even grandmas and 14 year old girls want computers.

Why everyone wants a computer: socializing Read More »

The future of TV is the Internet

From Paul Graham’s “Why TV Lost” (Paul Graham: March 2009):

About twenty years ago people noticed computers and TV were on a collision course and started to speculate about what they’d produce when they converged. We now know the answer: computers. It’s clear now that even by using the word “convergence” we were giving TV too much credit. This won’t be convergence so much as replacement. People may still watch things they call “TV shows,” but they’ll watch them mostly on computers.

Whether [TV networks] like it or not, big changes are coming, because the Internet dissolves the two cornerstones of broadcast media: synchronicity and locality. On the Internet, you don’t have to send everyone the same signal, and you don’t have to send it to them from a local source. People will watch what they want when they want it, and group themselves according to whatever shared interest they feel most strongly. Maybe their strongest shared interest will be their physical location, but I’m guessing not. Which means local TV is probably dead. It was an artifact of limitations imposed by old technology.

The future of TV is the Internet Read More »

New Zealand’s new copyright law

From Mark Gibbs’ “New Zealand gets insane copyright law” (Network World: 20 February 2009):

A law was recently passed in New Zealand that has created what many consider to be the world’s harshest copyright enforcement law. This insanity, found in Sections 92A and C of New Zealand’s Copyright Amendment Act 2008 establishes – and I am not making this up – a guilt upon accusation principle!

Yep, you read that right. This means that anyone accused of “copyright infringement” will get his Internet connection cut off; and treated as guilty until proven innocent.

And if that weren’t enough, this crazy legislation defines anyone providing Internet access as an ISP and makes them responsible for monitoring and cutting off Internet access for anyone who uses their services and is accused of copyright violations. Thus libraries, schools, coffee shops, cafes – anyone offering any kind of Internet access – will be considered ISPs and become responsible and potentially liable.

New Zealand’s new copyright law Read More »

The cochineal insect’s gift of red

From Allen Abel and Madeleine Czigler’s “Scandal, communism, blood” (National Post: 27 June 2008):

The blood-red allure of lipstick is a gift of a parasitic insect that infests cactus plants, principally in Mexico and Peru. It has been known since Aztec and Mayan times that, when boiled, the body of the cochineal insect dissolves into a deep crimson dye. France is the leading importer. Cochineal dye, which is neither Kosher nor Halal (since it is forbidden for Jews or Muslims to consume any insect) also is used in thousands of foods and beverages, ranging from sausages and gelatin desserts to some Cheddar cheese.

The cochineal insect’s gift of red Read More »

Should states track cars with GPS?

From Glen Johnson’s “Massachusetts may consider a mileage charge” (AP: 17 February 2009):

A tentative plan to overhaul Massachusetts’ transportation system by using GPS chips to charge motorists a quarter-cent for every mile behind the wheel has angered some drivers.

But a “Vehicle Miles Traveled” program like the one the governor may unveil this week has already been tested — with positive results — in Oregon.

Governors in Idaho and Rhode Island, as well as the federal government, also are talking about such programs. And in North Carolina, a panel suggested in December the state start charging motorists a quarter-cent for every mile as a substitute for the gas tax.

“The Big Brother issue was identified during the first meeting of the task force that developed our program,” said Jim Whitty, who oversees innovation projects for the Oregon Department of Transportation. “Everything we did from that point forward, even though we used electronics, was to eliminate those concerns.”

A draft overhaul transport plan prepared for Gov. Deval Patrick says implementing a Vehicle Miles Traveled system to replace the gas tax makes sense. “A user-based system, collected electronically, is a fair way to pay for our transportation needs in the future,” it says.

The idea behind the program is simple: As cars become more fuel efficient or powered by electricity, gas tax revenues decline. Yet the cost of building and maintaining roads and bridges is increasing. A state could cover that gap by charging drivers precisely for the mileage their vehicles put on public roads.

In Oregon, the state paid volunteers who let the transportation department install GPS receivers in 300 vehicles. The device did not transmit a signal — which would allow real-time tracking of a driver’s movements — but instead passively received satellite pings telling the receiver where it was in terms of latitude and longitude coordinates.

The state used those coordinates to determine when the vehicle was driving both within Oregon and outside the state. And it measured the respective distances through a connection with the vehicle’s odometer.

When a driver pulled into a predetermined service station, the pump linked electronically with the receiver, downloaded the number of miles driven in Oregon and then charged the driver a fee based on the distance. The gas tax they would have paid was reduced by the amount of the user fee. Drivers continued to be charged gas tax for miles driven outside Oregon.

Under such systems, one of which is already used in London, drivers are charged more for entering a crowded area during rush hour than off-peak periods.

Should states track cars with GPS? Read More »

Why cons work on us

From Damien Carrick’s interview with Nicholas Johnson, “The psychology of conmen” (The Law Report: 30 September 2008):

Nicholas Johnson: I think what I love most about con artists and the world of scammers is that they’re criminals who manage to get their victims to hand over their possessions freely. Most thieves and robbers and the like, tend to use force, or deception, in order for them to take things, whereas a con artist manages to get their victim to freely give up their stuff.

The main thing that really makes people susceptible to con artists is the idea that we’re going to get something for nothing. So it really buys into our greed; it buys into sometimes our lust, and at the same time, sometimes even our sense that we’re going to do something good, so we’re going to get a great feeling from helping someone out, we’re going to make some money, we’re going to meet a beautiful girl—it really ties into our basest desires, and that’s what the con artist relies on.

Most con artists rely on this idea that the victim is in control. The victim is the one who is controlling the situation. So a great example of that is the classic Nigerian email scam, the person who writes to you and says, ‘I’ve got this money that I need to get out of the country, and I need your help.’ So you’re in control, you can help them, you can do a good deed, you can make some money, you’ve got this fantastic opportunity, and the con artist needs your help. It’s not the con artist doing you a favour. So really, you feel like you’re the one who’s controlling the situation when really it’s the con artist who knows the real deal.

I think for a lot of con artists they’re very proud of their work, and they like people to know exactly what they’ve gotten away with.

… for many of [the conmen], they really feel like even if they get caught, or even if they don’t get away with it, they feel like they’re giving their victim a good story, you know, something to dine out over, something to discuss down at the pub. They think that’s OK, you can scam somebody out of a couple of hundred bucks, because they’re getting a good story in return.

My all-time favourite one only makes the con artist a few dollars every time he does it, but I absolutely love it. These guys used to go door-to-door in the 1970s selling lightbulbs and they would offer to replace every single lightbulb in your house, so all your old lightbulbs would be replaced with a brand new lightbulb, and it would cost you, say $5, so a fraction of the cost of what new lightbulbs would cost. So the man comes in, he replaces each lightbulb, every single one in the house, and does it, you can check, and they all work, and then he takes all the lightbulbs that he’s just taken from the person’s house, goes next door and then sells them the same lightbulbs again. So it’s really just moving lightbulbs from one house to another and charging people a fee to do it.

But there’s all sorts of those homemaker scams, people offering to seal your roof so they say, ‘We’ll put a fresh coat of tar on your roof’, or ‘We’ll re-seal your driveway’. In actual fact all they do is get old black sump oil and smooth it over the roof or smooth it over the driveway. You come home and it looks like wet tar, and so ‘Don’t step on it for 24 hours’, and of course 24 hours later they’re long gone with the money, and you’re left with a sticky, smelly driveway.

Why cons work on us Read More »

Conficker creating a new gargantuan botneth

From Asavin Wattanajantra’s “Windows worm could create the ‘world’s biggest botnet’” (IT PRO: 19 January 2009):

The Downadup or “Conficker” worm has increased to over nine million infections over the weekend – increasing from 2.4 million in a four-day period, according to F-Secure.

The worm has password cracking capabilities, which is often successful because company passwords sometimes match a predefined password list that the worm carries.

Corporate networks around the world have already been infected by the network worm, which is particularly hard to eradicate as it is able to evolve – making use of a long list of websites – by downloading another version of itself.

Rik Ferguson, solution architect at Trend Micro, told IT PRO that the worm was very difficult to block for security companies as they had to make sure that they blocked every single one of the hundreds of domains that it could download from.

Ferguson said that the worm was creating a staggering amount of infections, even if just the most conservative infection estimates are taken into account. He said: “What’s particularly interesting about this worm is that it is the first hybrid with old school worm infection capabilities and command and control infrastructure.”

Conficker creating a new gargantuan botneth Read More »

What happens to IP when it’s easy to copy anything?

From Bruce Sterling’s “2009 Will Be a Year of Panic” (Seed: 29 January 2009):

Let’s consider seven other massive reservoirs of potential popular dread. Any one of these could erupt, shattering the fragile social compact we maintain with one another in order to believe things contrary to fact.

2. Intellectual property. More specifically, the fiat declaration that properties that are easy to reproduce shouldn’t be reproduced.

Declaring that “information wants to be free” is an ideological stance. A real-world situation where information can’t be anything but free, where digital information cannot be monetized, is bizarre and deeply scary. No banker or economist anywhere has the ghost of clue what to do under such conditions.

Intellectual property made sense and used to work rather well when conditions of production favored it. Now they don’t. If it’s simple to copy just one single movie, some gray area of fair use can be tolerated. If it becomes easy to copy a million movies with one single button-push, this vast economic superstructure is reduced to rags. Our belief in this kind of “property” becomes absurd.

To imagine that real estate is worthless is strange, though we’ve somehow managed to do that. But our society is also built on the supposed monetary worth of unreal estate. In fact, the planet’s most advanced economies are optimized to create pretty much nothing else. The ultimate global consequences of this situation’s abject failure would rank with the collapse of Communism.

What happens to IP when it’s easy to copy anything? Read More »

CCTV in your plane’s cabin?

From Michael Reilly’s “In-flight surveillance could foil terrorists in the sky” (New Scientist: 29 May 2008):

CCTV cameras are bringing more and more public places under surveillance – and passenger aircraft could be next.

A prototype European system uses multiple cameras and “Big Brother” software to try and automatically detect terrorists or other dangers caused by passengers.

The European Union’s Security of Aircraft in the Future European Environment (SAFEE) project uses a camera in every passenger’s seat, with six wide-angle cameras to survey the aisles. Software then analyses the footage to detect developing terrorist activity or “air-rage” incidents, by tracking passengers’ facial expressions.

“It looks for running in the cabin, standing near the cockpit for long periods of time, and other predetermined indicators that suggest a developing threat,” says James Ferryman of the University of Reading, UK, one of the system’s developers.

Other behaviours could include a person nervously touching their face, or sweating excessively. One such behaviour won’t trigger the system to alert the crew, only certain combinations of them.

CCTV in your plane’s cabin? Read More »

Give CLEAR your info, watch CLEAR lose your info

From “Missing SFO Laptop With Sensitive Data Found” (CBS5: 5 August 2008):

The company that runs a fast-pass security prescreening program at San Francisco International Airport said Tuesday that it found a laptop containing the personal information of 33,000 people more than a week after it apparently went missing.

The Transportation Security Administration announced late Monday that it had suspended new enrollments to the program, known as Clear, after the unencrypted computer was reported stolen at SFO.

The laptop was found Tuesday morning in the same company office where it supposedly had gone missing on July 26, said spokeswoman Allison Beer.

“It was not in an obvious location,” said Beer, who said an investigation was under way to determine whether the computer was actually stolen or had just been misplaced.

The laptop contained personal information on applicants to the program, including names, address and birth dates, and in some cases driver’s license, passport or green card numbers, the company said.

The laptop did not contain Social Security numbers, credit card numbers or fingerprint or iris images used to verify identities at the checkpoints, Beer said.

In a statement, the company said the information on the laptop, which was originally reported stolen from its locked office, “is secured by two levels of password protection.” Beer called the fact that the personal information itself was not encrypted “a mistake” that the company would fix.

Give CLEAR your info, watch CLEAR lose your info Read More »

Socioeconomic analysis of MySpace & Facebook

From danah boyd’s “Viewing American class divisions through Facebook and MySpace” (danah boyd: 24 June 2007):

When MySpace launched in 2003, it was primarily used by 20/30-somethings (just like Friendster before it). The bands began populating the site by early 2004 and throughout 2004, the average age slowly declined. It wasn’t until late 2004 that teens really started appearing en masse on MySpace and 2005 was the year that MySpace became the “in thing” for teens.

Facebook launched in 2004 as a Harvard-only site. It slowly expanded to welcome people with .edu accounts from a variety of different universities. In mid-2005, Facebook opened its doors to high school students, but it wasn’t that easy to get an account because you needed to be invited. As a result, those who were in college tended to invite those high school students that they liked. Facebook was strongly framed as the “cool” thing that college students did.

In addition to the college framing, the press coverage of MySpace as dangerous and sketchy alienated “good” kids. Facebook seemed to provide an ideal alternative. Parents weren’t nearly as terrified of Facebook because it seemed “safe” thanks to the network-driven structure.

She argues that class divisions in the United States have more to do with lifestyle and social stratification than with income. In other words, all of my anti-capitalist college friends who work in cafes and read Engels are not working class just because they make $14K a year and have no benefits. Class divisions in the United States have more to do with social networks (the real ones, not FB/MS), social capital, cultural capital, and attitudes than income. Not surprisingly, other demographics typically discussed in class terms are also a part of this lifestyle division. Social networks are strongly connected to geography, race, and religion; these are also huge factors in lifestyle divisions and thus “class.”

The goodie two shoes, jocks, athletes, or other “good” kids are now going to Facebook. These kids tend to come from families who emphasize education and going to college. They are part of what we’d call hegemonic society. They are primarily white, but not exclusively. They are in honors classes, looking forward to the prom, and live in a world dictated by after school activities.

MySpace is still home for Latino/Hispanic teens, immigrant teens, “burnouts,” “alternative kids,” “art fags,” punks, emos, goths, gangstas, queer kids, and other kids who didn’t play into the dominant high school popularity paradigm. These are kids whose parents didn’t go to college, who are expected to get a job when they finish high school. These are the teens who plan to go into the military immediately after schools. Teens who are really into music or in a band are also on MySpace. MySpace has most of the kids who are socially ostracized at school because they are geeks, freaks, or queers.

In order to demarcate these two groups, let’s call the first group of teens “hegemonic teens” and the second group “subaltern teens.”

Most teens who exclusively use Facebook are familiar with and have an opinion about MySpace. These teens are very aware of MySpace and they often have a negative opinion about it. They see it as gaudy, immature, and “so middle school.” They prefer the “clean” look of Facebook, noting that it is more mature and that MySpace is “so lame.” What hegemonic teens call gaudy can also be labeled as “glitzy” or “bling” or “fly” (or what my generation would call “phat”) by subaltern teens. Terms like “bling” come out of hip-hop culture where showy, sparkly, brash visual displays are acceptable and valued. The look and feel of MySpace resonates far better with subaltern communities than it does with the upwardly mobile hegemonic teens. … That “clean” or “modern” look of Facebook is akin to West Elm or Pottery Barn or any poshy Scandinavian design house (that I admit I’m drawn to) while the more flashy look of MySpace resembles the Las Vegas imagery that attracts millions every year. I suspect that lifestyles have aesthetic values and that these are being reproduced on MySpace and Facebook.

I should note here that aesthetics do divide MySpace users. The look and feel that is acceptable amongst average Latino users is quite different from what you see the subculturally-identified outcasts using. Amongst the emo teens, there’s a push for simple black/white/grey backgrounds and simplistic layouts. While I’m using the term “subaltern teens” to lump together non-hegemonic teens, the lifestyle divisions amongst the subalterns are quite visible on MySpace through the aesthetic choices of the backgrounds. The aesthetics issue is also one of the forces that drives some longer-term users away from MySpace.

Teens from poorer backgrounds who are on MySpace are less likely to know people who go to universities. They are more likely to know people who are older than them, but most of their older friends, cousins, and co-workers are on MySpace. It’s the cool working class thing and it’s the dominant SNS at community colleges. These teens are more likely to be interested in activities like shows and clubs and they find out about them through MySpace. The subaltern teens who are better identified as “outsiders” in a hegemonic community tend to be very aware of Facebook. Their choice to use MySpace instead of Facebook is a rejection of the hegemonic values (and a lack of desire to hang out with the preps and jocks even online).

Class divisions in military use

A month ago, the military banned MySpace but not Facebook. This was a very interesting move because the division in the military reflects the division in high schools. Soldiers are on MySpace; officers are on Facebook. Facebook is extremely popular in the military, but it’s not the SNS of choice for 18-year old soldiers, a group that is primarily from poorer, less educated communities. They are using MySpace. The officers, many of whom have already received college training, are using Facebook. The military ban appears to replicate the class divisions that exist throughout the military. …

MySpace is the primary way that young soldiers communicate with their peers. When I first started tracking soldiers’ MySpace profiles, I had to take a long deep breath. Many of them were extremely pro-war, pro-guns, anti-Arab, anti-Muslim, pro-killing, and xenophobic as hell. Over the last year, I’ve watched more and more profiles emerge from soldiers who aren’t quite sure what they are doing in Iraq. I don’t have the data to confirm whether or not a significant shift has occurred but it was one of those observations that just made me think. And then the ban happened. I can’t help but wonder if part of the goal is to cut off communication between current soldiers and the group that the military hopes to recruit.

Thoughts and meta thoughts

People often ask me if I’m worried about teens today. The answer is yes, but it’s not because of social network sites. With the hegemonic teens, I’m very worried about the stress that they’re under, the lack of mobility and healthy opportunities for play and socialization, and the hyper-scheduling and surveillance. I’m worried about their unrealistic expectations for becoming rich and famous, their lack of work ethic after being pampered for so long, and the lack of opportunities that many of them have to even be economically stable let alone better off than their parents. I’m worried about how locking teens indoors coupled with a fast food/junk food advertising machine has resulted in a decrease in health levels across the board which will just get messy as they are increasingly unable to afford health insurance. When it comes to ostracized teens, I’m worried about the reasons why society has ostracized them and how they will react to ongoing criticism from hegemonic peers. I cringe every time I hear of another Columbine, another Virgina Tech, another site of horror when an outcast teen lashes back at the hegemonic values of society.

I worry about the lack of opportunities available to poor teens from uneducated backgrounds. I’m worried about how Wal-Mart Nation has destroyed many of the opportunities for meaningful working class labor as these youth enter the workforce. I’m worried about what a prolonged war will mean for them. I’m worried about how they’ve been told that to succeed, they must be a famous musician or sports player. I’m worried about how gangs provide the only meaningful sense of community that many of these teens will ever know.

Given the state of what I see in all sorts of neighborhoods, I’m amazed at how well teens are coping and I think that technology has a lot to do with that. Teens are using social network sites to build community and connect with their peers. They are creating publics for socialization. And through it, they are showcasing all of the good, bad, and ugly of today’s teen life.

In the 70s, Paul Willis analyzed British working class youth and he wrote a book called Learning to Labor: How Working Class Kids Get Working Class Jobs. He argued that working class teens will reject hegemonic values because it’s the only way to continue to be a part of the community that they live in. In other words, if you don’t know that you will succeed if you make a run at jumping class, don’t bother – you’ll lose all of your friends and community in the process. His analysis has such strong resonance in American society today. I just wish I knew how to fix it.

Socioeconomic analysis of MySpace & Facebook Read More »

US government makes unsafe RFID-laden passports even less safe through business practices

From Bill Gertz’s “Outsourced passports netting govt. profits, risking national security” (The Washington Times: 26 March 2008):

The United States has outsourced the manufacturing of its electronic passports to overseas companies — including one in Thailand that was victimized by Chinese espionage — raising concerns that cost savings are being put ahead of national security, an investigation by The Washington Times has found.

The Government Printing Office’s decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.

The profits have raised questions both inside the agency and in Congress because the law that created GPO as the federal government’s official printer explicitly requires the agency to break even by charging only enough to recover its costs.

Lawmakers said they were alarmed by The Times’ findings and plan to investigate why U.S. companies weren’t used to produce the state-of-the-art passports, one of the crown jewels of American border security.

Officials at GPO, the Homeland Security Department and the State Department played down such concerns, saying they are confident that regular audits and other protections already in place will keep terrorists and foreign spies from stealing or copying the sensitive components to make fake passports.

“Aside from the fact that we have fully vetted and qualified vendors, we also note that the materials are moved via a secure transportation means, including armored vehicles,” GPO spokesman Gary Somerset said.

But GPO Inspector General J. Anthony Ogden, the agency’s internal watchdog, doesn’t share that confidence. He warned in an internal Oct. 12 report that there are “significant deficiencies with the manufacturing of blank passports, security of components, and the internal controls for the process.”

The inspector general’s report said GPO claimed it could not improve its security because of “monetary constraints.” But the inspector general recently told congressional investigators he was unaware that the agency had booked tens of millions of dollars in profits through passport sales that could have been used to improve security, congressional aides told The Times.

GPO is an agency little-known to most Americans, created by Congress almost two centuries ago as a virtual monopoly to print nearly all of the government’s documents … Since 1926, it also has been charged with the job of printing the passports used by Americans to enter and leave the country.

Each new e-passport contains a small computer chip inside the back cover that contains the passport number along with the photo and other personal data of the holder. The data is secured and is transmitted through a tiny wire antenna when it is scanned electronically at border entry points and compared to the actual traveler carrying it.

According to interviews and documents, GPO managers rejected limiting the contracts to U.S.-made computer chip makers and instead sought suppliers from several countries, including Israel, Germany and the Netherlands.

After the computer chips are inserted into the back cover of the passports in Europe, the blank covers are shipped to a factory in Ayutthaya, Thailand, north of Bangkok, to be fitted with a wire Radio Frequency Identification, or RFID, antenna. The blank passports eventually are transported to Washington for final binding, according to the documents and interviews.

The stop in Thailand raises its own security concerns. The Southeast Asian country has battled social instability and terror threats. Anti-government groups backed by Islamists, including al Qaeda, have carried out attacks in southern Thailand and the Thai military took over in a coup in September 2006.

The Netherlands-based company that assembles the U.S. e-passport covers in Thailand, Smartrac Technology Ltd., warned in its latest annual report that, in a worst-case scenario, social unrest in Thailand could lead to a halt in production.

Smartrac divulged in an October 2007 court filing in The Hague that China had stolen its patented technology for e-passport chips, raising additional questions about the security of America’s e-passports.

Transport concerns

A 2005 document obtained by The Times states that GPO was using unsecure FedEx courier services to send blank passports to State Department offices until security concerns were raised and forced GPO to use an armored car company. Even then, the agency proposed using a foreign armored car vendor before State Department diplomatic security officials objected.

Questionable profits

The State Department is now charging Americans $100 or more for new e-passports produced by the GPO, depending on how quickly they are needed. That’s up from a cost of around just $60 in 1998.

Internal agency documents obtained by The Times show each blank passport costs GPO an average of just $7.97 to manufacture and that GPO then charges the State Department about $14.80 for each, a margin of more than 85 percent, the documents show.

The accounting allowed GPO to make gross profits of more than $90 million from Oct. 1, 2006, through Sept. 30, 2007, on the production of e-passports. The four subsequent months produced an additional $54 million in gross profits.

The agency set aside more than $40 million of those profits to help build a secure backup passport production facility in the South, still leaving a net profit of about $100 million in the last 16 months.

GPO plans to produce 28 million blank passports this year up from about 9 million five years ago.

US government makes unsafe RFID-laden passports even less safe through business practices Read More »

The end of Storm

From Brian Krebs’ “Atrivo Shutdown Hastened Demise of Storm Worm” (The Washington Post: 17 October 2008):

The infamous Storm worm, which powered a network of thousands of compromised PCs once responsible for sending more than 20 percent of all spam, appears to have died off. Security experts say Storm’s death knell was sounded by the recent shutdown of Atrivo, a California based ISP that was home to a number of criminal cyber crime operations, including at least three of the master servers used to control the Storm network.

Three out of four of [Storm’s] control servers were located at Atrivo, a.k.a. Intercage, said Joe Stewart, a senior security researcher with Atlanta based SecureWorks who helped unlock the secrets of the complex Storm network. The fourth server, he said, operated out of Hosting.ua, an Internet provider based in the Ukraine.

Stewart said the final spam run blasted out by Storm was on Sept. 18.Three days later, Atrivo was forced off the Internet after its sole remaining upstream provider — Pacific Internet Exchange (PIE) — decided to stop routing for the troubled ISP. In the weeks leading up to that disconnection, four other upstream providers severed connectivity to Atrivo, following detailed reports from Security Fix and Host Exploit that pointed to a massive amount of spam, malicious software and a host of other cyber criminal operations emanating from it.

Stewart said spam sent by the Storm network had been steadily decreasing throughout 2008, aided in large part by the inclusion of the malware in Microsoft’s malicious software removal tool, which has scrubbed Storm from hundreds of thousands of PCs since last fall. Stewart said it’s impossible to tell whether the Storm worm was disrupted by the Atrivo shutdown or if the worm’s authors pulled the plug themselves and decided to move on. But at least 30,000 systems remain infected with the Storm malware.

The end of Storm Read More »

The end of Storm?

From “Storm Worm botnet cracked wide open” (Heise Security: 9 January 2009):

A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn’t as invulnerable as it once seemed. Quite the reverse, for in theory it can be rapidly eliminated using software developed and at least partially disclosed by Georg Wicherski, Tillmann Werner, Felix Leder and Mark Schlösser. However it seems in practice the elimination process would fall foul of the law.

Over the last two years, Storm Worm has demonstrated how easily organised internet criminals have been able to spread this infection. During that period, the Storm Worm botnet has accumulated more than a million infected computers, known as drones or zombies, obeying the commands of a control server and using peer-to-peer techniques to locate new servers. Even following a big clean-up with Microsoft’s Malicious Software Removal Tool, around 100,000 drones probably still remain. That means the Storm Worm botnet is responsible for a considerable share of the Spam tsunami and for many distributed denial-of-service attacks. It’s astonishing that no one has succeeded in dismantling the network, but these researchers say it isn’t due to technical finesse on the part of the Storm Worm’s developers.

Existing knowledge of the techniques used by the Storm Worm has mainly been obtained by observing the behaviour of infected systems, but the researchers took a different approach to disarm it. They reverse translated large parts of the machine code of the drone client program and analysed it, taking a particularly close look at the functions for communications between drones and with the server.

Using this background knowledge, they were able to develop their own client, which links itself into the peer-to-peer structure of a Storm Worm network in such a way that queries from other drones, looking for new command servers, can be reliably routed to it. That enables it to divert drones to a new server. The second step was to analyse the protocol for passing commands. The researchers were astonished to find that the server doesn’t have to authenticate itself to clients, so using their knowledge they were able to direct drones to a simple server. The latter could then issue commands to the test Storm worm drones in the laboratory so that, for example, they downloaded a specific program from a server, perhaps a special cleaning program, and ran it. The students then went on to write such a program.

The team has not yet taken the final step of putting the whole thing into action with a genuine Storm Worm botnet in the wild. From a legal point of view, that could involve many problems. Any unauthorised access to third-party computers could be regarded as tampering with data, which is punishable under paragraph § 303a of the German Penal Code. That paragraph threatens up to two years’ imprisonment for unlawfully deleting, suppressing, making unusable or changing third-party data. Although this legal process would only come into effect if there was a criminal complaint from an injured party, or if there was special public interest in the prosecution of the crime.

Besides risks of coming up against the criminal law, there is also a danger of civil claims for damages by the owners of infected PCs, because the operation might cause collateral damage. There are almost certain to be configurations in which the cleaning goes wrong, perhaps disabling computers so they won’t run any more. Botnet operators could also be expected to strike back, causing further damage.

The end of Storm? Read More »