Archive for December, 2010

Nice privacy policy

Thursday, December 9th, 2010

Too true – especially for consumer-facing sites:


WikiLeaks – what do you think?

Monday, December 6th, 2010

What do you all think of the latest WikiLeaks disclosure? To be more specific:

  1. The leak itself – do you think it’s actually meaningful or damaging?
  2. Do you buy the US government’s claims that it puts people at risk?
  3. Do you think the leaks harm US interests?
  4. Do you think this is a failure of internal controls in the US government?
  5. What sort of controls do you think the government should have had in place to either prevent this from happening or to prosecute the people who leaked it?
  6. Do you think the WikiLeaks organization did anything wrong and should carry liability, or only the person who leaked information, or nobody at all?

Here are my views … I’d love to hear yours:

  1. Meaningful or damaging?
    Not at all meaningful — did you read any leak that did anything more than put in some diplomat’s own words something everybody already knew?
  2. Puts people at risk?
    I think the US government is over-reaching here. Really? Put who at risk? Give a single example. That goes for all past wikileaks too – if you’re going to claim that people are harmed, then give at least one example!
  3. Harms US interests?
    It’s a bit of embarassment, but really — there was no new information in the leaks. For example, I would think that citizens of Arab countries already knew that their government was scared of the Iranian nuclear threat and wanted the Americans to act. Can they really be so stupid as to think otherwise? To think so is at least condescending. I think the US reputation was harmed somewhat, but only by the fact that the data leaked, not by the content of the leaks themselves. i.e., damage from “How could you let so much of this data leak out? How incompetent are you?” rather than “Wow, I didn’t know that about your internal policies!”
  4. Failure of internal controls?
    If you don’t want something leaked, clearly you don’t share it with thousands of people! Clearly, this was a failure of controls, but arguably someone looked at the data and classified it as very low risk even if it leaked, and consequently didn’t protect it. That decision may have been reasonable, while the government effort to hush it up afterwards is more of an embarassment.
  5. What sort of controls are needed?
    Well – if they limited document downloads to one at a time, if they authenticated users who search for and download these documents, if they logged access and if they watermarked documents with the ID of the user who grabbed them, they would force users to take personal, legal and possibly criminal liability for their use of these documents. That seems to me to be the right balance between open information sharing and accountability. Now that the leaks have happened, I think it’s almost inevitable that the (useful) data sharing program will be replaced with some sort of draconian controls, due to government over-reaction.
  6. Did do anything wrong?
    The person who leaked the data certainly did break the law. I doubt did anything unethical or illegal, but I am not a lawyer.

I would add to this that the American government response to this whole incident has been nothing short of embarassing. I’m embarrassed for the US government — for making wild claims about the harm caused by these leaks (what harm? seriously?) and about the strong-arm tactics they seem to be using to suppress further distribution (shutting down WikiLeaks’ DNS service, Amazon web hosting and most recently PayPal account).

Latest WikiLeaks: watermarks and IAM?

Thursday, December 2nd, 2010

The main buzz around the latest dispatch from WikiLeaks is about the content – and I have to agree with most people who have commented on it – the response amounts to “Yawn, really, that’s what all the fuss is about?”

The process of the leak itself is more interesting. This was a mass download of a bunch of data that various US government agencies were intentionally sharing. Sharing is good, especially for low-risk data such as this. On the other hand, the US government didn’t actually want the data to leak outside of itself, and given the thousands of people with access, that’s a tall order.

So how do you share something with thousands of people while still minimizing the chances that one of them will release it?

Well …. first, you should change the access method to be “one document at a time” rather than “all at once.” I have to assume they actually did do that – but someone scripted a bulk download of these documents.

The second step is to impose some sort of economic cost on anyone considering a breach of protocol by releasing the content. This is where some people jump up and yell “Digital Rights Management!” and where I claim “No! DRM Sucks!” 😉 Actually, I think a much more benign solution is to apply a hard-to-detect, hard-to-remove watermark to individual documents downloaded from this sort of database. Basically, if I download a file from this database, the file should be marked up in some way to indicate that it was me who downloaded it. Anyone can read it – but at least people in authority should be able to figure out that it is my download they are reading.

That’s watermarking, and it has lots of applications. I think Apple is using this approach when they offer unencrypted MP3 downloads on their music store – you can download an MP3 and play it on any device, but somewhere in the data stream is an indicatino that it was you who downloaded it. If they find the same MP3 on BitTorrent later, they know that you shared it. If you know that they will know that, you are much more likely to violate their terms of use, because you bear some legal and possibly financial liability.

Same thing with the WikiLeaks documents – if the feds had used a file format that allows for watermarking and had marked up downloaded documents, then legitimate users, including whoever actually leaked the content, wouldn’t have been so eager to let the cat out of the bag.

Technologically, you need some sort of watermarking system and, of course, an identity and access system — users have to identify themselves and authenticate before they can download this stuff, else the central server wouldn’t know what to put in the watermark.

In fact, this raises another question – don’t they log who downloads content? If they don’t, then they deserve the outcome they got. If they do log, then they should already know who downloaded all this content.

That’s my $0.02 for today.

— Idan