Technology

Lawsuits by the National Security Archive of George Washington University and the watchdog group Citizens for Responsibility and Ethics in Washington (CREW) have won a ruling from a U.S. district court judge that the White House can be forced to recover the five million “lost” emails that were deleted between March 2003 and October 2005. Those emails were required to have been preserved under the Presidential Records Act. Another set of emails from the office of Vice President Dick Cheney from September 30, 2003 to October 6, 2003 were found to be “lost and unrecoverable” by an Office of Administration investigation. 65,000 backup tapes have been preserved as part of the litigation, and those tapes will apparently be available for review to recover some of the five million lost emails. More details at IntelDaily.

Google is closing its office in Tempe, Arizona on November 21. It’s also closing offices in Denver and Dallas. Alan Eustace, SVP of Engineering & Research, writes at Google’s blog: At Google, engineering is everything - no great engineers, no life enhancing products, no happy users. So we’ve spent a lot of time structuring our engineering operations to make the most of the exceptional talent that’s available across America - developing local centers that give engineers the autonomy and opportunity to be truly innovative. These principles have served us well as we’ve grown, so when the model fails, it’s doubly disappointing. We opened our Phoenix office in 2006 and hoped that it would develop to support many of our internal engineering projects, the systems that make Google, well, Google. But we’ve found that despite everyone’s best efforts, the projects our engineers have been working on in Arizona have been, and remain, highly fragmented. So after a lot of soul searching we have decided to incorporate work on these projects into teams elsewhere at Google. We will therefore be closing our Arizona office on November 21, 2008. We’d like to thank everyone involved in this project for their energy and enthusiasm: our engineers; the engineering community in Arizona; Arizona State University; the city of Tempe; and the greater Phoenix area. We are now working with the Phoenix Googlers to transition them to other locations, or to identify other opportunities for them at Google.I’ve been expecting to see Google start cutting back on expenses in various ways, as it seems to me that their model of business, with huge per-employee expenses, isn’t sustainable for the long term. Apparently it’s also the case that it’s not cost-effective to put separate engineering centers in many locations–they probably need a critical mass of engineers and profitable projects that they didn’t get here. This is probably good news for other high-tech companies and startups in Phoenix, as those Googlers who wish to stay in the Valley become available talent. ...

At Trading Markets is a story about the largest corporate bankruptcies in U.S. history, with the recent Chapter 11 filing of Lehman Brothers Holdings Inc. at the top of the list. At #9 on the list is my employer, Global Crossing Ltd., about which the article says: Hurt by a sluggish demand and declining prices for bandwidth capacity, and burdened by a heavy debt load, telecom company Global Crossing Ltd. filed for Chapter 11 bankruptcy on January 28, 2002. At the time of filing, Global Crossing had $30 billion in assets and $12 billion in debts. ...

The Electronic Frontier Foundation has filed Jewel v. NSA to try another tactic in stopping unconstitutional warrantless wiretapping of U.S. residents. Their previous lawsuit against AT&T, Hepting v. AT&T, is still in federal court as the EFF argues with the government over whether the telecom immunity law passed by our spineless Congress is itself constitutional or applicable to the case. Jewel v. NSA names as defendants the National Security Agency, President George W. Bush, Vice President Dick Cheney, Cheney’s chief of staff David Addington, former Attorney General Alberto Gonzales, and “other individuals who ordered or participated in warrantless domestic surveillance.”

Sarah Palin has apparently been using a personal email account for State of Alaska business (perhaps following Republican precedent on how to avoid subpoenas?), and it’s been compromised. Wikileaks has the documents. UPDATE (September 19, 2008): The screenshots used by the attacker showed that he used ctunnel as his web proxy, and contained enough information to identify his source IP in ctunnel’s logs. As pointed out by commenter Schtacky, it looks like they’ve identified the culprit, who used some Google research and Yahoo’s password recovery feature to change the password on the account to break in. This shows the problem with choosing “security questions” for password recovery that have answers which are easily publicly available. I hope that this kid’s actions don’t sabotage the corruption case against Palin that may have been supported by evidence in her Yahoo email, evidence that is now tainted by the fact that it was compromised (and subsequently deleted). ...

Spammer Julian Jaynes now gets off as a result of a bad decision from the Virginia Supreme Court, reversing its own previous decision from six months ago. The court ruled that the Virginia anti-spam law’s prohibition of header falsification constitutes an unconstitutional infringement of the right to anonymous political and religious speech, suggesting that it would have been acceptable of it was limited to commercial speech. The court’s decision was predicated on the assumption that header falsification is a necessary requirement for anonymity, but this is a faulty assumption. All that is needed for anonymity is the omission of identity information that leads back to an individual, not the falsification of headers or identity information. That can be done with remailers, proxies, and anonymously-obtained email accounts, with no header falsification required. I previously made this argument in more detail in response to the arguments given by Jaynes’ attorney in the press. I also disagree with the court’s apparent assumption that commercial speech is deserving of less protection than religious or political speech. What makes spam a problem is its unsolicited bulk nature, not its specific content.

Adam Frucci at Gizmodo writes: So, are you enjoying the snappy, clean performance of Google Chrome since downloading yesterday? If so, you might want to take a closer peek at the end user license agreement you didn’t pay any attention to when downloading and installing it. Because according to what you agreed to, Google owns everything you publish and create while using Chrome. Ah-whaaa?This is false. The EULA doesn’t transfer ownership of anything. The provision that has everyone upset is the rather broadly worded provision 11.1: 11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.Note that the very first sentence says that you retain all intellectual property rights. This gives Google the rights to do the things it already does–let other people play YouTube videos you upload, syndicate your Blogger content, store cached versions of your web pages, allow people to see versions of your web pages translated into other languages, display thumbnails of images on your web pages in Google Images search, and so forth. The last sentence appears to limit it solely for the purpose “to display, distribute and promote the Services” and not allow them to, say, use your content in order to compete with you, undermine your intellectual property rights, etc. An earlier provision in the EULA also makes this explicit: 9.4 Other than the limited license set forth in Section 11, Google acknowledges and agrees that it obtains no right, title or interest from you (or your licensors) under these Terms in or to any Content that you submit, post, transmit or display on, or through, the Services, including any intellectual property rights which subsist in that Content (whether those rights happen to be registered or not, and wherever in the world those rights may exist). Unless you have agreed otherwise in writing with Google, you agree that you are responsible for protecting and enforcing those rights and that Google has no obligation to do so on your behalf.So even if 11.1 is a bit too broad, there’s this provision to fall back on if you feel your intellectual property rights are being infringed. Some commenters at Gizmodo said that they didn’t agree with this provision and therefore have uninstalled the software, but that’s not sufficient to terminate this agreement. Terminating the agreement requires you to give notice to Google in writing and close all of your accounts with them: 13.2 If you want to terminate your legal agreement with Google, you may do so by (a) notifying Google at any time and (b) closing your accounts for all of the Services which you use, where Google has made this option available to you. Your notice should be sent, in writing, to Google’s address which is set out at the beginning of these Terms.One thing that is clear from these terms is that Google definitely wants to interpose itself between user and content in a manner similar to what Microsoft has done for years with Windows, and in a much stickier way than telecom providers are between user and content. If you have network neutrality concerns about telecom providers or had antitrust concerns about Microsoft’s bundling of the Internet Explorer web browser with Windows, you should probably have similar concerns about Google, given the way use of its browser is bundled with an EULA covering all of its services. Shouldn’t I be able to discontinue this EULA by getting rid of the browser, and not by terminating all of my accounts with Google? Will there be a lawsuit about unbundling the Google Chrome browser from the rest of its services? UPDATE: Ars Technica reports that Google says this was an error and they will be correcting the license, which was borrowed from other Google services, apparently without careful review. It also notes that since Chrome is distributed under an open license, users can download the source code and compile it themselves without being bound by the agreement. The major flaw in the 11.1 language is that it gives Google the right to publish content you merely “display” in the browser, even if it’s private content on a local server or restricted content from a secured website. That clearly wasn’t their intent, but that’s an implication of how it was written. ...

I’m quoted in Peter Buxbaum’s “Battling Botnets” article in the August 20, 2008 Military Information Technology. It didn’t really fully capture the points I made in the interview, and I don’t remember saying the statement at the end about using botnets as an offensive measure as “a nuclear option.” I said that nullrouting is a much better method of denial of service for network service providers than flooding attacks, and made a point similar to Schneier’s about military attacks on the infrastructure of another nation that the U.S. is at war with–it would be more useful to obtain access to their systems, monitor, and disrupt than to just shut off access completely, but those points weren’t reflected in the article. I’ve written more about military use of botnets at this blog.

Kim Komando (who at least used to be based here in Phoenix) is promoting nonsense about “digital drugs”: But websites are targeting your children with so-called digital drugs. These are audio files designed to induce drug-like effects. All your child needs is a music player and headphones. Digital drugs supposedly synchronize your brain waves with the sound. Hence, they allegedly alter your mental state. Binaural beats create a beating sound. Other noises may be included with binaural beats. This is intended to mask their unpleasant sound. ...

Yesterday while getting my car serviced, I noticed that Toyota’s brochure about its latest vehicles says on the back that “Moving Forward is in our DNA,” and became annoyed. “X is in our corporate DNA” has become an incredibly popular marketing buzzphrase lately, and I’ve heard it said for some value of X in almost every vendor presentation I’ve heard this year. My thought yesterday was that I don’t really care if X is in the genotype if it isn’t expressed in the phenotype. If the company really wants to make the point that X is a core competency or value, saying “it’s in our DNA” isn’t really an accurate way of putting it. So this morning I did a search to see if any biologists have commented on this buzzphrase, and was pleased to see that Keith Robison commented on it last December: The question posed is this: what do companies asking this really mean, or more specifically what might it mean that they don’t intend (very Dilbert-esque). Presumably they are trying to make a statement about deeply embedded values, but what does it really mean to have something in your DNA? For example, do they mean to imply: A lot of our company is unfathomable to the human mindThere’s a lot of redundancy hereOften we often repeat ourselves often repeatedly, often repeating repetitiously.We retain bits of those who invade our corporate DNA, though with not much rhyme or reasonA lot of pieces of the organization resemble decayed portions of other pieces of our organizationSome pieces of our organization are non-functional, though they closely resemble functional pieces of related organizationsMost of our organization has no immediate impact on routine operations, or emergency onesMost of our organization has no immediate obvious purpose, if anyOur corporate practices are not the best designable, but rather reflect an accumulation of historical accidentsNow, many of these statements may well be true about a given company, but is that what you really want to project?This gives me some great ideas on how to respond the next time I hear a vendor use the phrase. ...