Les anglonautes

About | Search | Vocapedia | Learning | Podcasts | Videos | History | Arts | Science | Translate

 Previous Home Up Next


History > 2008 > USA > Internet, media (III)




With Security at Risk,

a Push to Patch the Web


July 30, 2008
The New York Times


Since a secret emergency meeting of computer security experts at Microsoft’s headquarters in March, Dan Kaminsky has been urging companies around the world to fix a potentially dangerous flaw in the basic plumbing of the Internet.

While Internet service providers are racing to fix the problem, which makes it possible for criminals to divert users to fake Web sites where personal and financial information can be stolen, Mr. Kaminsky worries that they have not moved quickly enough.

By his estimate, roughly 41 percent of the Internet is still vulnerable. Now Mr. Kaminsky, a technical consultant who first discovered the problem, has been ramping up the pressure on companies and organizations to make the necessary software changes before criminal hackers take advantage of the flaw.

Next week, he will take another step by publicly laying out the details of the flaw at a security conference in Las Vegas. That should force computer network administrators to fix millions of affected systems.

But his explanation of the flaw will also make it easier for criminals to exploit it, and steal passwords and other personal information.

Mr. Kaminsky walks a fine line between protecting millions of computer users and eroding consumer confidence in Internet banking and shopping. But he is among those experts who think that full disclosure of security threats can push network administrators to take action. “We need to have disaster planning, and we need to worry,” he said.

The flaw that Mr. Kaminsky discovered is in the Domain Name System, a kind of automated phone book that converts human-friendly addresses like google.com into machine-friendly numeric counterparts.

The potential consequences of the flaw are significant. It could allow a criminal to redirect Web traffic secretly, so that a person typing a bank’s actual Web address would be sent to an impostor site set up to steal the user’s name and password. The user might have no clue about the misdirection, and unconfirmed reports in the Web community indicate that attempted attacks are already under way.

The problem is analogous to the risk of phoning directory assistance at, for example, AT&T, asking for the number for Bank of America and being given an illicit number at which an operator masquerading as a bank employee asks for your account number and password.

The online flaw and the rush to repair it are an urgent reminder that the Internet remains a sometimes anarchic jumble of jurisdictions. No single person or group can step in to protect the online transactions of millions of users. Internet security rests on the shoulders of people like Mr. Kaminsky, a director at IOActive, a computer security firm, who had to persuade other experts that the problem was real.

“This drives home the risk people face, and the consumer should get the message,” said Ken Silva, chief technology officer of VeriSign, which administers Internet addresses ending in .com and .net. “Don’t just take for granted all the things that machines are doing for you.”

When Mr. Kaminsky, 29, announced the flaw on July 8, he said he would wait a month to release details about it, in the hope that he could spur managers of computer systems around the world to fix them with a software patch before attackers could figure out how to exploit it.

Last week, however, accurate details of the flaw were briefly published online by a computer security firm, apparently by accident. Now security experts are holding their breath to see whether the patching of as many as nine million affected computers around the world will happen fast enough.

“People are taking this pretty seriously and patching their servers,” Mr. Silva said.

Major Internet service providers in the United States this week indicated that in most cases, the software patch, which makes the flaw much more difficult to exploit, was already in place or soon would be.

Comcast and Verizon, two of the largest providers, said they had fixed the problem for their customers. AT&T said it was in the process of doing so.

But the problem is a global one, and the length of time required to fix it could leave many Web users vulnerable for weeks or months. And there are millions of places around the world where people might find themselves vulnerable to potential attacks, ranging from their workplaces to an airport lounge or an Internet cafe.

Individuals and small companies with some technical skills can protect themselves by changing the network preferences of their computer settings so that they use the domain name servers of a Web service called OpenDNS (www.opendns.com).

Some computer systems are immune to the flaw. About 15 percent of domain name servers in the United States and 40 percent in Europe, including those at major Internet providers like America Online and Deutsche Telekom, use software from a Dutch company called PowerDNS, which is not vulnerable.

Still, much of the Internet remains vulnerable. “I’m watching people patch, and I realize this is not an easy thing to do,” Mr. Kaminsky said in an interview.

The flaw, which Mr. Kaminsky stumbled across in February, had been overlooked for more than two decades. The eureka moment came when he was idly contemplating a different security threat. He suddenly realized that it would be possible to guess crucial information about the protocol that domain name servers use to convert the numerical Web addresses.

Mr. Kaminsky worried about his discovery for several days and then contacted Paul Vixie, a software engineer who runs the Internet Systems Consortium and is responsible for maintaining a widely used version of software for domain name servers, known as BIND. Almost immediately, software engineers who looked at the vulnerability realized that Mr. Kaminsky had found a significant weakness.

In March, Microsoft held the secret meeting at its headquarters in Redmond, Wash. Sixteen representatives from security organizations and companies, including Cisco, talked about ways to combat the potential threat.

But after several delays while vendors fixed their software, Mr. Kaminsky went public.

For Mr. Kaminsky, the discovery and his subsequent warning to the Internet community were the culmination of an almost decade-long career as a security specialist. He was spotting bugs in software for Cisco and contributing to a book on computer security while still in college.

“I play this game to protect people,” he said.

He thinks that it is necessary to publish information about security threats to motivate system operators to protect themselves. Otherwise, “You don’t get to tell the river you need more time until it floods,” he said.

He said that he had initially hoped to give the Internet community a head start of a full month to fix the problem, but his plan was foiled when technical details were briefly posted online last week. “I would have liked more time, but we got 13 days and I’m proud of that,” he said.

The new flaw has sharpened the debate over how to come up with a long-term solution to the broader problem of the lack of security in the Domain Name System, which was invented in 1983 and was not created with uses like online banking in mind.

While Mr. Kaminsky is being hailed as a latter-day Paul Revere, Internet experts like Bruce Schneier, a member of the insular community that guards online security, said flaws like this were a routine occurrence and no reason to stay off the Internet.

“If there is a flaw in your car, it will get fixed eventually,” said Mr. Schneier, the chief security technology officer for British Telecom. “Most people keep driving.”

    With Security at Risk, a Push to Patch the Web, NYT, 30.7.2008, http://www.nytimes.com/2008/07/30/technology/30flaw.html






New Tool From Facebook

Extends Its Web Presence


July 24, 2008
The New York Times


SAN FRANCISCO — Facebook, the rapidly growing social network, unveiled some new features on Wednesday as it works to broaden its reach online and to recalibrate its sometimes contentious relationship with the thousands of developers writing programs for the service.

In a speech at his company’s annual conference for developers, called F8, Mark Zuckerberg, Facebook’s 24-year-old chief executive, also demonstrated the company’s new design. He predicted that there would soon be a wave of social Web sites built on top of the information users give to social networks.

“We are going to see the big social networks start to decentralize into a series of social applications across the Web,” Mr. Zuckerberg said. “I think we are at the beginning of a movement and the beginning of an industry.”

To carve out a piece of that future, the company announced Facebook Connect, a way that other Web sites can integrate parts of Facebook’s service. Web sites can ask users for their Facebook user name and password, instead of creating an identity verification system themselves, and offer their users the ability to import their list of friends from Facebook.

For example, the mobile service company Loopt, based in Mountain View, Calif., helps people find their friends and see what they are doing on a map on their mobile phone. It will use Facebook Connect so its users do not have to re-enter their connections to the friends they want to track.

“Recreating the social graph and helping people identify who their friends are is never something we wanted to do,” said Evan Tana, director of product management at Loopt. “This makes our lives a lot easier.”

Sites including Google and MySpace have introduced similar systems for confirming users’ identities.

Facebook Connect is a two-way highway — information about a user’s activity on those other Web sites also travels back and appears on the “news feed” on Facebook, where it is seen by that person’s friends on the service. But Mr. Zuckerberg said users could strictly control what they share, jokingly referring to last year’s controversial Beacon advertising program, which was viewed as being overly invasive.

“We paid a lot of attention to making sure that people have complete control over what is in their feed,” he said. “We learned from last time.”

Mr. Zuckerberg also reflected on the 15 months since Facebook opened up its site to outside companies and invited them to build profitable features for it.

The move was generally seen as smart and somewhat momentous inside the tech world. Facebook says 400,000 developers have worked on tools for the site, and other companies, including Google and Microsoft, have sought to create their own competing open systems.

But Facebook’s platform has also generated its share of controversy. Many trivial applications have clogged the site, and sought to spread themselves among users using a variety of tricks. Frustrated, Facebook has tried to counter that and put more emphasis on significant and trustworthy applications.

“As happy as I am with the growth of the ecosystem, there are a lot of mistakes we made,” Mr. Zuckerberg said. “I think we can all agree that we don’t want an ecosystem full of applications that are just trying to spread themselves.”

To that end, Facebook announced a series of new incentives for developers to write what it characterized as “meaningful” tools for the service. It said it would pick certain applications that meet a set of Facebook principles to be part of a new “Great Apps” program.

Those applications will get higher visibility on the service and will be able to work more closely with Facebook. Causes, a charitable giving tool, and iLike, a music sharing service, were the first two applications to receive this designation.

Sean Parker, a former Facebook executive who now runs Causes, said Facebook was trying to stimulate the creation of more sophisticated applications. “They are trying to evolve to a place where the right companies get funded and they launch more ambitious features on the platform,” he said.

Facebook said it was also setting up another level of certification, called the Facebook Verification program, for applications that meet the basic criteria of being secure and trustworthy. These applications will get added visibility and a graphical “badge.”

Facebook also unveiled a new developer’s site and pledged to communicate more openly with the entrepreneurs who have tethered their future to Facebook.

The last few months have been marked by plenty of controversy in Facebook’s world, with developers complaining that Facebook was not communicating well about changes to the service. Some accused Facebook of copying the most successful features of outside applications and introducing competing versions.

One part of its redesign, for example, duplicates some of the features of Top Friends, a popular program created by San Francisco-based Slide, a leading applications maker.

Keith Rabois, a vice president at Slide, said this was one reason that interest among venture capitalists in backing application makers had cooled. “I think every venture capitalist is looking at Facebook very differently than it did a year ago,” he said. “No one wants to build something that just becomes an R.& D. company for Facebook.”

Not everyone was negative. Blake Commagere, the developer who created zombie and vampire games for a variety of social networks, said Facebook was simply learning as it goes, like everyone else in an unprecedented Web experiment.

“It’s been a learning process for developers and for Facebook,” he said. “They are breaking new ground, but these guys are sharp. They are going to continue to improve it.”

    New Tool From Facebook Extends Its Web Presence, NYT, 24.7.2008, http://www.nytimes.com/2008/07/24/technology/24facebook.html






To Save Gas, Shoppers Stay Home and Click


July 19, 2008
The New York Times


To go shopping these days, more Americans are trading in their car keys for a keyboard.

Online shopping is gaining at a time when simply filling up a gas tank to head to the mall can seem like a spending spree.

A number of retailers — including Gap, Victoria’s Secret and J. C. Penney — are experiencing double-digit sales growth at their shopping Web sites, creating a surprising bright spot during an otherwise gloomy time for sales in brick-and-mortar stores.

One popular strategy for getting shoppers’ attention is offering free shipping, in contrast to many other businesses, like airlines, that are adding surcharges and other fees to offset their higher costs.

The Web sites of Neiman Marcus, Saks, Nordstrom, Bloomingdale’s, Macy’s, Bon-Ton Stores, Aéropostale, American Eagle Outfitters, Target and Kmart were all offering a deal on shipping this week.

“With gas being such an issue, we know that mall traffic is down more than off-mall traffic,” said Mike Boylson, chief marketing officer for J. C. Penney, which had an 8.7 percent increase in Internet sales in the first quarter of this year.

That is in contrast to a 7.4 percent decrease in sales at stores open at least a year, known as same-store sales and a measure of retail health. “We see more people turning to online because it’s much more efficient in terms of time and money,” Mr. Boylson said.

Retailers are walking a fine line in encouraging online sales. Of course, they are happy to attract more shoppers to their Web sites, but not at the expense of in-store sales — an important measure for investors.

Then again, the Web can drive in-store business, whether shoppers go into a store to return an online purchase or whether they buy an out-of-stock item through a computer at the store.

Lately Nichelle Hines, an actress in Los Angeles, has been shopping online for everything but gas itself — pet supplies, books, DVDs, water filters, kitchen appliances, a dress, her favorite health drink and materials to build a voiceover booth so she does not have to drive to a recording studio.

“It has saved us,” said Ms. Hines, who lives with her boyfriend, Charles, the builder of the booth. “And we really just started doing this three or four months ago just from sheer desperation of spending money on gallons of gas.”

When she does have to drive somewhere, Ms. Hines says she goes online first to note the location of the nearest gas station.

“I’m a computer illiterate person,” she said. “But I’m becoming much more literate as a result of gas prices.”

Victoria’s Secret, too, has had an online sales increase. Its catalog and Internet sales were up 11 percent in the first quarter of this year while same-store sales declined 8 percent, according to Maggie Taylor, vice president, senior credit officer at Moody’s Investors Service.

Gap had an 11 percent decline in same-store sales in the first quarter, but a 21 percent increase in online sales. About six weeks ago, just in time for the back-to-school shopping season, Gap reinvented its e-commerce operations, enabling consumers to shop the Web sites of all of its brands — Gap, Old Navy and Banana Republic as well as its newest, Piperlime, an online shoe store — with a single virtual shopping cart and a flat $7 shipping fee.

“Parents don’t want to drive to four different stores, two different malls,” said Kris Marubio, a spokeswoman for Gap Inc. The new Web design “helps time-pressed and gas-price sensitive parents achieve their back-to-school shopping goals in less time and at less cost,” she added.

The number of shoppers visiting Web sites that offer discounts has jumped, too. Over all, the number of visits to what are known as coupon Web sites increased 21 percent from June 2007 to this June, according to the Internet audience measurement company comScore Media Metrix.

CouponWinner.com, which works with more than 2,000 retailers, had an 186 percent increase in traffic from February to June of this year, according to comScore. Another such site, ShopItToMe.com, which sends alerts to members when their favorite brands go on sale in their sizes at retailers including Saks, Bloomingdale’s, Nordstrom, Ralph Lauren and J. Crew, has more than doubled its membership in the last three months, according to the site’s founder, Charlie Graham.

“People are feeling less comfortable going out to the stores or driving two hours to outlet stores because of gas,” Mr. Graham said. “It almost doesn’t pay for itself.”

Online retail sales, often made all the more alluring by the lack of sales tax, have grown right from the start, but still represent a small percentage of total retail sales. And while e-commerce growth has slowed in the current economic downturn, analysts do not expect it to cease. In fact, online sales represent one of the only positives for many retailers.

“E-commerce, when you compare it to store retail is a bright spot because whereas store growth is in the middle low single digits e-commerce is still growing at least in the mid to highteens,” said Jeffrey Grau, retail e-commerce senior analyst with eMarketer.

Internet sales are expected to surpass $200 billion this year, up from $175 billion in 2007, according to Forrester Research. Given that growth, Moody’s, the credit rating agency, said last month that it would begin giving retailers’ Internet sales and strategies more weight when analyzing the companies. And retailers like J. C. Penney and Target have begun including online sales in their same-store sales figures.

“Online is starting to matter, and it is performing well,” said Ms. Taylor of Moody’s. “Now that it is big enough to matter, companies want to call it out.”

To encourage the trend, retailers are investing in online operations and experimenting with new marketing techniques. Even retailers that are scaling back in their physical stores are expanding or enhancing online operations, which are by and large the fastest growing parts of their company. The shopping Web sites themselves are becoming speedier, easier to navigate and filled with more products.

A couple of months ago, Sears Holdings began working with a company called RichRelevance, which makes technology that monitors 15 to 25 consumer behaviors — like how visitors navigate through a retailer’s Web site and how they arrived at the site — and then suggests products the consumer may like.

“We want to make sure customers are finding these products,” said Imran Jooma, vice president for e-commerce at Sears, who explained that such online initiatives are “just the beginning for us.”

Investing in online operations is less risky than investing in real world stores because Web sites do not require the same level of personnel or resources.

What is potentially risky, though, is an emerging fuel-centric marketing technique.

“Do you really want to remind people how much it costs to fill up their tank?,” said Scott Silverman, executive director of Shop.org, a retail industry group.

For some retailers the answer is yes. EBags.com, a purveyor of items like dainty clutches and backpacks, sent more than a million members an e-mail message late last month with an illustration of gas pumps set at various migraine-inducing prices. Then there was a pump that said “eBags.” It was set at $0.

“Paying too much to get from here to there?” the accompanying text read. “Skip the mall. We’ll ship it to you for free.”

Then again, these days some consumers do not mind paying for shipping.

“A lot of shipping costs are $3 and $5,” said Jessica Delmar, 23, a manager for a technology company in San Francisco who says she rarely sees the inside of stores anymore. “That’s even less than a gallon of gas now.”

    To Save Gas, Shoppers Stay Home and Click, NYT, 19.7.2008, http://www.nytimes.com/2008/07/19/business/19shop.html





Les Crane, Talk-Show Host, Dies at 74


July 15, 2008
The New York Times


Les Crane, a provocative talk-show host who was the first to challenge the primacy of Johnny Carson on late-night television — and lose — died Sunday in Greenbrae, Calif., north of San Francisco. He was 74 and lived in Belvedere, Calif.

Mr. Crane’s daughter, Caprice Crane, confirmed his death.

Personable, cocky and well-attuned to the tenor of the times, Mr. Crane predated Howard Stern as a “king of all media”; his multifaceted career began in radio, moved to television and ended in computer software, with a stop in between as a Grammy-winning recording artist, though even he would have shuddered at calling his recording art.

An early, and by later standards, tame incarnation of a shock jock, Mr. Crane was a radio star in San Francisco in the early 1960s. From a studio in the hungry i, a nightclub that was a launching pad for performers like Mort Sahl, Woody Allen, Barbra Streisand and Lenny Bruce, he took listeners’ calls from all over the West Coast, fielding their questions, sometimes with a celebrity guest, and often dismissing callers’ comments on current events and culture with brusque wit or outright disdain, simply hanging up on some in what was then a startling breach of accepted etiquette.

His station, KGO, was owned by ABC, and the parent company transferred Mr. Crane first to the local television affiliate and then to its flagship station, WABC in New York. The show, initially with the title “Night Line ... With Les Crane” and later as “The Les Crane Show” was first broadcast in September 1963, beginning at 1 a.m. Within two months it was the object of civil rights picketers protesting the appearance on the show of Gov. George Wallace of Alabama.

Calling him “the bad boy of late night television,” The New York Times described Mr. Crane’s role on the show as “public relations expert, complaint-department chief, psychiatrist and tough hero to the callers.”

The show was well-received, and Mr. Crane, telegenic, blithely confrontational and at least partly hip — he conducted the first American television interview with the Rolling Stones, in June 1964 — was attractive enough that the following summer the network gave him a weeklong tryout in the 11:30 p.m. slot with a more conventional talk show, again called “The Les Crane Show,” which was broadcast in five big cities. The week featured interviews with Richard Burton, Shelley Winters, Melvin Belli and Marguerite Frances Claverie, the mother of Lee Harvey Oswald

“We’re sitting here in the studio of a major broadcasting company in America and we are talking to the mother of a man it is alleged assassinated our President,” he said on the air, adding: “It’s pretty wonderful, isn’t it? Pretty exciting.”

The tryout was successful, but the show was not. On Nov. 9, 1964, Mr. Crane, just 30 years old, went up against Carson, who had taken over NBC’s “Tonight” show from Jack Paar two years earlier. The Crane show was canceled just a few months later, in spite of Mr. Crane’s interview with Bob Dylan, during which Mr. Crane asked Mr. Dylan, then 23, about the songwriters who influenced him and about the overall message of his songs. Hank Williams and Cole Porter were the answers to the first question. To the second, Mr. Dylan said: “Eat?” Mr. Crane returned to the show in June but lasted only until November.

Mr. Crane was born on Dec. 3, 1933, but sources about his birthplace conflict. His name at birth, his daughter said, was Lesley Stein, adding that she thought he was born in New York. According to an ABC biography, he was born in Long Beach, N.Y. The Daily News in New York once reported that he was born in the Bronx, and various Web sites say San Francisco.

Mr. Crane graduated from Tulane University in New Orleans and spent four years in the United States Air Force as a jet pilot and helicopter flight instructor; for years afterwards, he wore a bracelet with his Air Force wings on it, a reminder, he said, “that whatever I’m doing is safer than what I used to do.”

Mr. Crane married five times. His fourth wife was the actress Tina Louise whom he met and married while she was at the height of her popularity as the glamorous sexpot on the 1960s sitcom “Gilligan’s Island.” They divorced in 1971 after a five-year marriage. Besides his daughter, a television writer who lives in Los Angeles, he is survived by his wife of 20 years, Ginger Crane.

After the demise of his Carson challenge, in 1968 Mr. Crane had another short-lived talk show, this time on WNEW-TV in New York. He also worked as an occasional actor on television, appearing on “The Virginian,” “Burke’s Law” and “Love, American Style.”

In 1980, Mr. Crane went into the burgeoning computer software business, becoming chairman of the Software Toolworks, whose successes included “Mavis Beacon Teaches Typing.” But of all his endeavors, the most well-known was one he later wanted to forget.

In 1971, his recording of the inspirational poem “Desiderata” became a cultish hit and even won a Grammy for best spoken-word recording. A cross between flower-child naïveté and New Age dreaminess, it hit a chord at the time, but by 1987, Mr. Crane had changed his tune.

“I can’t listen to it now without gagging,” he told The Los Angeles Times.

    Les Crane, Talk-Show Host, Dies at 74, NYT, 15.7.2008, http://www.nytimes.com/2008/07/15/arts/television/15crane.html






At the Uneasy Intersection of Bloggers and the Law


July 15, 2008
The New York Times


There is no better way to get a blogger talking than by telling him what he cannot publish — although you might forgive a government prosecutor for thinking otherwise.

A grand jury subpoena sent by prosecutors in the Bronx earlier this year sought information to help identify people blogging anonymously on a Web site about New York politics called Room 8.

The subpoena carried a warning in capital letters that disclosing its very existence “could impede the investigation being conducted and thereby interfere with law enforcement” — implying that if the bloggers blabbed, they could be prosecuted.

“We were totally perplexed,” said Ben Smith, who co-founded Room 8 with Gur Tsabar. (The site calls itself an “imaginary neighbor” to the press room — Room 9 — in City Hall in New York.) The two promptly began looking for a lawyer. “We knew enough to be scared.”

This, of course, is a blogger’s nightmare: enforced silence and the prospect of jail time. The district attorney eventually withdrew the subpoena and lifted the gag requirement after the bloggers threatened to sue. But the fact that the tactic was used at all raised alarm bells for some free speech advocates.

The demand for secrecy raised the unnerving prospect that prosecutors could quietly investigate anyone who posts comments online, while the person making those comments is unaware of and unable to respond to the risk. The tactic also robs bloggers of one of their most powerful weapons: the chance to spread the word and turn the legal attack into an online cause célèbre.

Lawsuits over information posted online are usually civil, not criminal — that is, they are filed by private citizens or companies trying to keep something off the Web. Courts have developed ways to evaluate the claims, often using tests to balance the First Amendment’s protections of speech against the harm caused by whatever someone wrote or said.

Using such an analysis earlier this year, a federal judge in San Francisco reversed an order disabling a Web site that allowed the anonymous posting of documents, after he weighed concerns about the order’s effect on free speech.

In that case, efforts to block access to the Web site, called Wikileaks, ended up attracting far more attention to the documents posted there.

But there are fewer precedents explaining how courts should evaluate criminal subpoenas, according to legal experts. Perhaps that is because prosecutors are more cautious about the risk of violating the First Amendment and so issue fewer criminal subpoenas, or because the subpoenas themselves carry language prohibiting disclosure of their terms.

“In the criminal context it’s trickier because it’s the government asking for stuff, and I think it’s going to be harder to fashion a rule, especially when the government is not exactly willing to part with the reasons” for requesting the information in the first place, said Jonathan Zittrain, a law professor at Harvard.

Without knowing the motives of prosecutors, he continued, judges may be hard-pressed to balance their needs against the importance of free speech.

Bloggers concerned about possible litigation may want to check the privacy policies of their Internet service providers, to see whether they include a pledge to notify any customer whose site is the subject of a subpoena, Mr. Zittrain said.

Armed with that knowledge, a blogger could fight the subpoena in court. Software also exists that is intended to make it difficult to identify those who want to be anonymous online.

Some of the people blogging on the Room 8 site are named, but many choose to be anonymous. Mr. Smith said he called the assistant district attorney in the Bronx who had issued the subpoena to try to find out more about why prosecutors wanted the Internet Protocol, or I.P. address, of the person who blogged under the name Republican Dissident. But the prosecutors would not share any information, he said.

An I.P. address, together with the date and time of an online comment, can help identify the computer used to make that comment.

Mr. Smith said he was not opposed to helping prosecutors in all cases. “Was somebody found face-down on their keyboard and the I.P. address was going to help identify the killer?” he said. “We’re not free speech absolutists here.”

Steven R. Reed, a spokesman for the Bronx district attorney, Robert T. Johnson, said on Monday that the office had no comment on any investigation related to the subpoenas sent to Room 8. Mr. Reed, however, said it was not uncommon for subpoenas to include nondisclosure language in order to protect an investigation.

In this case, he said, “The district attorney was not aware that a subpoena was sent nor was he aware of the content of the comments, until after the subpoena was sent. The district attorney reviewed the matter, determined that a subpoena was not necessary at this time, and directed that it be withdrawn.”

Because of that withdrawal, Mr. Smith and his lawyers could share court filings in the case and talk about it openly.

In addition to Republican Dissident, prosecutors wanted to identify several other people who chose to post comments anonymously. Some of the comments cited news reports about investigations to support their criticism of Republican officials.

The prospect of helping to unmask some of the commenters on the site made Mr. Smith and Mr. Tsabar nervous.

“If our anonymous bloggers were to learn that we’d been handing out their identities to politicians whom they’ve been criticizing, I think they’d be much less likely to write on the site,” Mr. Smith said.

Mr. Smith and Mr. Tsabar found lawyers willing to represent them free at Public Citizen Litigation Group, a public interest law firm that has been active in other cases involving free speech online.

Pro bono representation was important, Mr. Smith said, because Room 8 does not generate much advertising revenue. Both founders have day jobs unrelated to the site, Mr. Smith as senior political writer at Politico, the online news site devoted to politics, and Mr. Tsabar as vice president at Ketchum, a large public relations firm.

Paul Alan Levy, a lawyer at Public Citizen Litigation Group in Washington who has played a role in many free speech cases involving technology, filed a motion to quash the subpoena and argued that the proceedings should not be secret. Filings in the case are on Public Citizen’s Web site.

“They refused to go anyplace and tell me, what are they investigating, why is this speech relevant,” Mr. Levy said. Prosecutors also opposed posting a note on the blog announcing the subpoena, though they eventually permitted Room 8 to try to send an e-mail message in May to Republican Dissident about it. No one answered, but by then, Republican Dissident had already deleted all of his or her posts from the Room 8 site.

“Generally, people post anonymously sometimes for a good reason, sometimes it’s for a bad reason,” Mr. Levy said.

“We argue for a balancing test,” he continued. “Let the discovery be had when there’s a good reason for it.”

    At the Uneasy Intersection of Bloggers and the Law, NYT, 15.7.2008, http://www.nytimes.com/2008/07/15/technology/15law.html






As Web Traffic Grows,

Crashes Take Bigger Toll


July 6, 2008
The New York Times


SAN FRANCISCO — Alex Payne, a 24-year-old Internet engineer here, has devised a way to answer a commonly asked question of the digital age: Is my favorite Web site working today?

In March, Mr. Payne created downforeveryoneorjustme.com, as in, “Down for everyone, or just me?” It lets visitors type in a Web address and see whether a site is generally inaccessible or whether the problem is with their own connection.

“I had seen that question posed so often,” said Mr. Payne, who perhaps not coincidentally works at Twitter, a Web messaging and social networking site that is itself known for frequent downtime. “Technology companies have branded the Internet as a place that is always on and where information is always available. People are disappointed and looking for answers when it turns out not to be true.”

There is plenty of disappointment to go around these days. Such technology stalwarts as Yahoo, Amazon.com and Research in Motion, the company behind the BlackBerry, have all suffered embarrassing technical problems in the last few months.

About a month ago, a sudden surge of visitors to Mr. Payne’s site began asking about the normally impervious Amazon. That site was ultimately down for several hours over two business days, and Amazon, by some estimates, lost more than a million dollars an hour in sales.

The Web, like any technology or medium, has always been susceptible to unforeseen hiccups. Particularly in the early days of the Web, sites like eBay and Schwab.com regularly went dark.

But since fewer people used the Internet back then, the stakes were much lower. Now the Web is an irreplaceable part of daily life, and Internet companies have plans to make us even more dependent on it.

Companies like Google want us to store not just e-mail online but also spreadsheets, photo albums, sales data and nearly every other piece of personal and professional information. That data is supposed to be more accessible than information tucked away in the office computer or filing cabinet.

The problem is that this ideal requires Web services to be available around the clock — and even the Internet’s biggest companies sometimes have trouble making that happen.

Last holiday season, Yahoo’s system for Internet retailers, Yahoo Merchant Solutions, went dark for 14 hours, taking down thousands of e-commerce companies on one of the busiest shopping days of the year. In February, certain Amazon services that power the sites of many Web start-up companies had a day of intermittent failures, knocking many of those companies offline.

The causes of these problems range widely: it might be system upgrades with unintended consequences, human error (oops, wrong button) or even just old-fashioned electrical failures. Last month, an electrical explosion in a Houston data center of the Planet, a Web hosting company, knocked thousands of Web businesses off the Internet for up to five days.

“It was prolonged torture,” said Grant Burhans, a Web entrepreneur from Florida whose telecommunications- and real-estate-related Web sites were down for four days, costing him thousands of dollars in lost business.

Web addicts who find themselves shut out of their favorite Web sites tend to fill blogs and online bulletin boards with angry invective about broken promises and interrupted routines.

The volatile emotions around Web downtime are perhaps most prevalent in the discussion around Twitter, on which users post updates on who they are with, where they are, and what they are doing.

According to Pingdom, a Web monitoring firm, Twitter was down for 37 hours this year through April — by far more than any other major social networking Web site.

Instead of simply dumping the service and moving on with their lives, Twitter users have responded with an endless stream of rancor, creating “Is Twitter Down?” T-shirts, blog rants and YouTube parodies, and posting copies of Twitter’s various artfully designed error messages.

“This is a free service. It’s not like anyone’s life is depending on Twitter,” said Laura Fitton, a consultant and self-described passionate Twitter user.

“Twitter is all about the things we discover we have in common, so right there, Twitter failing is a huge thing we have in common,” she said. “It’s fun to complain to each other and commiserate.”

Twitter has said its downtime is the result of rapidly growing demand and fundamental mistakes in its original architecture.

Jesse Robbins, a former Amazon executive who was responsible for keeping Amazon online from 2004 to 2006, says the outcries over failures are understandable.

“When these sites go away, it’s a sudden loss. It’s like you are standing in the middle of Macy’s and the power goes out,” he said. “When the thing you depend on to live your daily life suddenly goes away, it’s trauma.”

He says Web services should be held to the same standard of reliability as the older services they aim to replace. “These companies have a responsibility to people who rely and depend on them, just as people going over a public bridge expect that the bridge won’t suddenly collapse.”

By some measures, despite the high-profile failures, the Internet is performing better than ever.

“There are millions of Web sites and billions of Web pages around the world,” said Umang Gupta, chief executive of Keynote Systems, which monitors companies’ Web performance. “These big high-visibility problems are actually very rare.”

But perhaps they are not rare enough. One morning last month, Google App Engine, a service that lets people run interactive Web applications, was unavailable for several hours.

Among those affected was Mr. Payne, who had just shifted downforeveryoneorjustme.com over to Google’s servers. It was inaccessible as well.

    As Web Traffic Grows, Crashes Take Bigger Toll, NYT, 6.7.2008, http://www.nytimes.com/2008/07/06/technology/06outage.html






Google Told to Turn Over

User Data of YouTube


July 4, 2008
The New York Times


SAN FRANCISCO — A federal judge has ordered Google to turn over to Viacom its records of which users watched which videos on YouTube, the Web’s largest video site by far.

The order raised concerns among YouTube users and privacy advocates that the video viewing habits of tens of millions of people could be exposed. But Google and Viacom said they were hoping to come up with a way to protect the anonymity of the site’s visitors.

Viacom also said that the information would be safeguarded by a protective order restricting access to the data to outside lawyers, who will use it solely to press Viacom’s $1 billion copyright suit against Google.

Still, the judge’s order, which was made public late Wednesday, renewed concerns among privacy advocates that Internet companies like Google are collecting unprecedented amounts of private information that could be misused or fall unexpectedly into the hands of third parties.

“These very large databases of transactional information become honey pots for law enforcement or for litigants,” said Chris Hoofnagle, a senior fellow at the Berkeley Center for Law and Technology.

For every video on YouTube, the judge required Google to turn over to Viacom the login name of every user who had watched it, and the address of their computer, known as an I.P. or Internet protocol address.

Both companies have argued that I.P. addresses alone cannot be used to unmask the identities of individuals with certainty. But in many cases, technology experts and others have been able to link I.P. addresses to individuals using other records of their online activities.

The amount of data covered by the order is staggering, as it includes every video watched on YouTube since its founding in 2005. In April alone, 82 million people in the United States watched 4.1 billion clips there, according to comScore. Some experts say virtually every Internet user has visited YouTube.

Google and Viacom said they had had discussions about ways to further protect users’ anonymity, but as of Thursday evening the two companies had yet to agree on how to do that.

“We are investigating techniques, including anonymization, to enhance the security of information that will be produced,” said Michael D. Fricklas, Viacom’s general counsel.

Mr. Fricklas said Viacom would not have direct access to the data, and that its use would be strictly limited by the court order. Viacom would not, for example, chase down users who had illegally posted clips from “The Colbert Report.”

“The information that is produced by Google is going to be limited to outside advisers who can use it solely for the purpose of enforcing our rights against YouTube and Google,” Mr. Fricklas said.

In a letter sent Thursday, Google’s lawyers pressed their counterparts at Viacom to accept a more limited set of data. “We request that plaintiffs agree that YouTube may redact user names and I.P. addresses from the viewing data in the interests of protecting user privacy,” wrote David H. Kramer, a partner at Wilson Sonsini Goodrich & Rosati.

In a response, a Viacom lawyer wrote that Viacom was “committed to working with Google” on the privacy issue.

Interestingly, Google has rejected demands by privacy groups for more stringent protections for I.P. address records, saying that in most cases the addresses cannot be used to identify users. Yet Google argued that YouTube viewing data should be kept from Viacom, in part, to protect the privacy of its users.

Judge Louis L. Stanton of the Southern District of New York, who is presiding over Viacom’s lawsuit against Google and YouTube, referenced Google’s past statements on I.P. addresses to conclude that its “privacy concerns are speculative.”

“It is an ‘I told you so’ moment,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, an advocacy group in Washington.

Other privacy advocates said they welcomed Viacom’s commitment to limit its use of the information, but they remained concerned about user rights.

“Users should have the right to challenge and contest the production of this deeply private information,” said Kurt Opsahl, senior staff lawyer at the Electronic Frontier Foundation, an online civil liberties group.

That right is protected by the federal Video Privacy Protection Act, Mr. Opsahl added. Congress passed that law in 1988 to protect video rental records, after a newspaper disclosed the rental habits of Robert H. Bork, then a Supreme Court nominee.

Mr. Opsahl also said that even records that did not include a user’s login name and I.P. address might be able to be associated with specific people.

In 2006, after AOL released for research purposes the search records of thousands of anonymous users, reporters from The New York Times were able to track down one person by analyzing her search queries. Mr. Opsahl said anonymous viewing habits may similarly yield clues about the identity of viewers.

Viacom wants the viewing data in part to help it determine the extent to which YouTube’s success was built on the popularity of copyrighted clips that were illegally posted to the site. Outside experts say that without the data it would be virtually impossible to pin that down.

Judge Stanton agreed that the information could help Viacom make its case. “A markedly higher proportion of infringing-video watching may bear on plaintiff’s vicarious liability claim, and defendants’ substantial noninfringing use defense,” he wrote.

    Google Told to Turn Over User Data of YouTube, NYT, 4.7.2008, http://www.nytimes.com/2008/07/04/technology/04youtube.html






The Humans

Behind the Google Money Machine


June 2, 2008
The New York Times


MOUNTAIN VIEW, Calif. — If Google were the United States government, the data that streams onto Nicholas Fox’s laptop every day would be classified as top secret.

Mr. Fox is among a small group of Google employees who keep a watchful eye on the vital signs of one of the most successful and profitable businesses on the Internet. The number of searches and clicks, the rate at which users click on ads, the revenue this generates — everything is tracked hour by hour, compared with the data from a week earlier and charted.

“You can see very, very quickly if anything is amiss,” said Mr. Fox, director of business product management at Google.

Mr. Fox and his “ads quality” team can also quickly see whether something is working particularly well. His group’s mission, to constantly fine-tune Google’s ad delivery system, has one overriding objective: show users only the ads they are most likely to be interested in and click on.

Google runs a complex auction-based system that determines which ads will appear where, and in what order. Every time the team alters the formulas that select and rank ads, Mr. Fox can run a test and quickly see the effect of the changes on users, advertisers and Google’s revenue — which, in this year’s first quarter, came in at the rate of more than $2 million an hour.

The job has given Mr. Fox, a soft-spoken 29-year-old with an obvious affinity for nuance and numbers, a detailed understanding of the complex dynamics at work inside Google’s ad-driven economic engine.

Mr. Fox, who graduated from Harvard with a degree in economics and spent two years at the management consulting firm McKinsey & Company before joining Google in 2003, also helped organize its Revenue Force. This select group of engineers, sales and finance people, product managers and statisticians from across the company is charged with keeping top executives apprised of the forces that make Google tick.

Google reveals little of these forces to the outside world. Even on Wall Street, many experts describe Google as a giant black box that they struggle to comprehend.

In recent months, for instance, analysts and investors grew increasingly worried about reports of a decline in clicks on Google ads in the United States, which they interpreted as a sign that Google’s business could be suffering from the economic slowdown. But inside Google, Mr. Fox and others were growing confident that the company would do just fine.

“I wouldn’t quite go so far as to say we are recession-proof,” said Hal R. Varian, Google’s chief economist. “But we are recession-resistant.”

Google’s financial results for the first three months of the year surpassed expectations. Still, some analysts point out that Google’s growth is slowing, especially in the United States. The extent to which that slowdown is the fault of the economy or just the size and maturity of Google’s business remains a matter of debate on Wall Street.

Mr. Fox acknowledged that searches and clicks in some areas, like real estate and travel, have grown more slowly recently. But he noted that there is not an exact correlation between clicks and revenue: “Clicks are only part of the story.”

The idea of linking ads with search results was first developed not by Google but by GoTo.com, which later changed its name to Overture Services and then was bought in 2003 by Yahoo. Overture ranked ads based on how much advertisers were willing to bid for a certain keyword. The higher the bid, the better the placement.

As Google’s engineers developed their own search advertising system, they understood early on that giving top billing to the highest bidder would have little benefit for Google if that ad did not attract clicks. That is because advertisers typically pay Google only when a user clicks on their ads.

So Google decided to rank ads based on a combination of bid price and “click-through rate,” the frequency with which users click on a given ad. Mr. Fox’s team took things from there and gradually became better at figuring out what ads would work with users.

Yahoo tried to catch up by building a new search advertising system that works more like Google’s. It helped increase revenue, but by Yahoo’s own account, Google still earns 60 percent to 70 percent more on average than Yahoo on every search. Microsoft has also lagged, in part because it lacks enough advertisers. It acknowledged as much with its recent attempt to buy Yahoo.

Mr. Fox said Google’s ability to constantly fine-tune its operations was intricately linked with its obsession with measuring just about everything that happened on its system.

The tools to do so, however, were not always there. About four years ago, when revenue was more than doubling every year and profit was growing even faster, top executives became concerned that Google’s business could be riding a bubble in online advertising.

Traffic was growing rapidly, as was the average price that advertisers were paying for clicks. But Mr. Fox and others realized that measuring the average cost-per-click was not good enough. Users might be clicking on more high-priced ads and fewer lower-priced ads. That would cause the average cost-per-click to rise, but it would say little about the health of the overall system.

So Mr. Varian and Diane Tang, principal engineer in the ads quality group, helped devise what they call a basket of keywords. Much like the consumer price index, a basket of goods and services that economists use to track inflation, the measure is made up of a broad sample of keywords and is weighted to make it statistically accurate. This internal benchmark helps Google get a clearer picture of its performance.

As measurements improved, Mr. Fox’s team unleashed a stream of experiments meant to optimize the ad system. They evaluated changes to things like the clickable area and background color of ads, and the criteria for placing ads above search results rather than beside them.

Over time, the company also looked beyond click-through rates to rank ads. Google now takes into account the “landing page” that the ad links to, and, for example, gives low grades to pages whose sole purpose is to show more ads. Soon, the loading speed of a landing page will also be considered, Mr. Fox said.

These factors contribute to an ad’s “quality score.” The higher that score, the less the advertiser has to bid to secure top billing. For example, an advertiser who offers to pay $1 per click to attract those searching for “vacation rentals in Colorado” may receive more prominent placement than another who bids $1.50 for the same query but has a lower quality score. An advertiser with a very low quality score may have to bid so much for placement as to make it uneconomical.

Quality scores work as an incentive to advertisers to improve their ads, which benefits users and, in turn, benefits Google, Mr. Fox said.

Not all advertisers like Google’s approach. Many say that despite efforts by Google to be more transparent, they remain in the dark about what goes on inside the company’s ad machine.

“To the extent that Google is a black box, it is not a good thing for advertisers,” said Anil Kamath, co-founder and chief technology officer of Efficient Frontier, which runs search ad campaigns for marketers.

Mr. Kamath said Google still offered the most effective system for search marketers, but said many advertisers complain that the company was, in essence, deciding who can and cannot advertise on its system.

By the nature of their work, Mr. Fox and other members of the Revenue Force have a front-row seat to the sometimes peculiar relationship between world events and Google’s business.

In mid-February, for instance, the group was taken aback when they saw the number of searches drop unexpectedly. With their antennas keenly tuned for any sign that the economic slowdown could be hitting Google’s business, members of the team rushed to come up with a diagnosis. That meant poring over statistics, calling field offices and checking data centers e to ensure none were afflicted by bugs.

The team determined that Google had suffered from a series of unrelated minor ailments. Mardi Gras and the Chinese New Year kept people away from their computers, while bad weather knocked out electricity in parts of China, Mr. Varian said.

Other events have given Google unexpected increases in traffic because they kept people at home, like heavy rains and flooding in England last summer and a strike in France last fall.

“Bad weather is good for Google, as long as it is not too bad,” Mr. Varian said.

The Humans Behind the Google Money Machine, NYT, 2.6.2008, http://www.nytimes.com/2008/06/02/technology/02google.html




home Up