US Government eyeing Google’s Data: Real Privacy Concern or Just a Storm in a Tea Cup?

The net has ben buzzing with news that the US government wants data from Microsoft, AOL, Yahoo and Google to support its case in the law court for internet censorship to protect children. The first three surrendered the data while Google decided to put up a fight. The question raising the most hit around the net focus around privacy of individuals are compromised. I, instead, think everyone miss the big picture “Can companies and government compel others to give them data they would like to have simply because it is useful to them and might be able to advance their case?”

Let’s get the privacy issue out of the way first. Whether individual privacy is violated depends very heavily on the data being turned over. If it is anonymized data, i.e., no IP address, user name etc that can be traced back to an individual, it would not be a problem. To pacify people that their privacy is intact, the companies involve and the US government simply just have to disclose the nature of data turned over. With this, people can make their mind up on whether massive privacy violation take place. We have a rule of thumb at work, if the data can be trace back to a group of less than 25 persons, then we are voilating Data Protection and Privacy Rules.

A bunch of anonymized data of the searches done by a million or more people is a rich source of data for a data mining operation. The US government is effectively asking the big four search engine to turn over their data to allow them to mine the data. The size of the combined dataset is huge and is in itself, much more valuable then the total sum of the individual datasets Hence, assuming any government, or any big companies is capable or willing to pay for mining a large dataset, should anyone be compelled to give them the datasets? I do not think so. In the case of litigation, I am willing to give the defendent more leeway to ask for a large set of data from the plaintiff to allow him to make his case or vice-versa. I cannot see why a totally unrelated third party can be asked to provide data not directly related to the court case simply because the defendent or the plaintif believe it is helpful. Normally, a search of material held by third party are very narrow and can be directly linked to the court case. Here, it seems the relationship between the data asked by the government and the court case is very slim and at a very long stretch.

Why? The US Government hope to use this to support its case for Internet censorship to protect children. But the nature of the data may mean that this data mining operation is meaningless. Bottomline is that does censorhip of the internet, in the form proposed by the legislation under investigation, protect American Kids and its implication on the freedom of American Adults. It is important to note that the US government can only argue that the legislation will protect American kids, not English Boys or a French girls.

Here lies the problem, the datasets turned over probably consists of searches all over the world, the number of searches from overseas is highly likely to be significant enough to upset the conclusion derived. Then, another fundamental question is how one can distinguish between searches by American kids and searches by American adult. American government is not an idiot who do not realized it, thus raising the concern on how much detail is needed for the data to be meaningful and this give rise to the privacy concerns above. Details are the bad guys when it comes to privacy. Again, only if they disclose the nature of the data turned over, we cannot judge for ourselves.

Lets hope more information comes to light to allow us to make an informed opinion on whether this overstep the privacy mark.

Symantec use File Cloaking. Doubt casted on F-Secure trustworthiness

Back in November, as part of the Sony XCP Rootkit Fiasco, the XCP software maker, First4Internet, claims that it has Symantec’s input when designing XCP. I mentioned in my blog post that Symantec has not responded. At that time, I thought this might be true because Symantec had not denied it, eventhough I said in the blog post that “I cannot see how Symantec, a competent and reputable anti-virus company, can miss this if First 4 Internet did consult them and described fully what their Digital Restriction Mechanism works.”

Recently, there is an eWeek report that Norton SystemWork, a Symantec product, do deploy directory-cloaking. This evident, although do not conclusively proved it, supports First4Internet’s claim that it had consulted Symantec.

While it is great that Symantec comes clean on this issue, the fact that it comes after Sony Rootkit shows that Symantec did not consider this a security risk until the Sony case blow up for First4Internet. The timing of the announcement by Symantec is more PR (waiting for Sony Rootkit to die down in order not to be ‘linked’ to it) then technical (time needed to engineer a fix and distribute it). With all the delays, users of Norton SystemWork is put at risk.

I am angered by the fact that F-Secure, who claimed to had detected Symantec’s rootkit way back in March 2005, did not disclose it until Symantec comes clean, ten months later. F-Secure, as you recall, is probably the only anti-virus software provider that comes out rosy in the XCP fiasco for confirming Mark Russinovich’s account of rootkit and stands with him on saying that it is a security risk. I am sure F-Secure would argue that it was acting on everyone’s interest by staying mum on the subject until a fix is available. This argument does not wash with me, because Symantec obviously did not consider it a security risk back in March 2005, therefore, extremely unlikely to fix it. Public disclosure is probably the best way to fix for everyone, bar Symantec and F-Secure’s relationship with the company.

It is true that unlike Sony’s Rootkit, Symantec’s Rootkit was designed for the benefit of the consumer, a rootkit is a rootkit is a rootkit. Period.

According to the same eWeek article, other companies are doing the same as well. Shame to them for not even coming clean on it. It is argued that parental control software are one type of software where hiding the folder containing the controls make sense. Let me tell you it is just a smoke screen. With parental control, your kids know that you have it installed. The solution here is to make it impossible to delete. Hiding does not make it so. It simply makes it more difficult. Your software vendor should use other strategy, such as Unix style read/write/execute permissions, not rootkit.

Perhaps the most important issue highlighted by Sony and Symantec Rootkits are the trustworthiness of commercial anti-virus software providers. Here, we see the ignorance of Symantec on the risk of the rootkit and clear case of conflict of interest in Symantec as both Norton SystemWork vendor, and anti-software provider. On the part of F-Secure, one can argue it had placed its commercial interest above that of its customers, the very people who hired it to protect them.

Google Video Service and Google Pack

The much anticipated Google keynote speech at the Consumer Electronic Show did not deliver the VOW factor. However, if one look at the concepts behind the new Google Pack and Google Video Service, one can see some potential revamp of the computing landscape, something Google is really good at.

Google Pack, at the very least, have the potential to revolutionize how softwares are delivered and maintained. The central concept is to have a Trusted Party, Google in this case, to manage your software for you remotely. Microsoft, Linux and Unix’s can learn a lot from Google Pack. If Google manage to deliver as it has done with GMail, a fresh rethink of how software are maintained is inevitable.

With Google Video Service, Google is trying to build a market place for video. It stand out from other video stores in the sense that it allows almost everyone to trade in video, thus democratise video trading by giving an outlet to small producer. With the flexible pricing, it represents the best way to allow real market dynamics such as supply-and-demand forces to work its magic. However, it looks like a bazaar for video content. More accurately, a online Blockbuster that also sell video or another Amazon Video Store (sell videos, but also rent them out). This can be prove to be a fatal flow because it fails to standout from Blockbuster or Amazon. Most importantly, it means punters do not feel that they can get quality products from it.

I had a look at Google Video Store. I must say I am disappointed. The layout fails the high Google standard that I have come to expect, i.e., something that stand out from the rest, very clear and simple to use. Content-wise it is seriously short of it. Google should had call it “Video Stall Alpha”.

As for Google Media Player and Google Digital Right Management, I think the biggest archilles heel is the need to remain online to play DRM-protected content. It will be a great handicap for consumption of the content by consumer. Except for Live Events or News Bulletins, there is no real need to stay online to consume the content. An overwhelming amount of video content out there are pre-recorded content and therefore, staying online in order for the content to be “streamed” to you does not make much sense, especially if you view the content repeatedly. Here, I think Google had made a backward step.

Seeing the way Larry Page handle himself during the presentation, he should had practice more. He looks like a student who is ill-prepared for a presentation. The Google team should be sent to presentation boot camp to relearn how to present a corporate presentation.

A lot of commentators forgotten that Google is rather unproven when it comes to selling products (video) to the general public or managing software for the masses. Google Video Stall Alpha is not a good start and Google Pack does not manage all the software an average Joe Consumer needs on their computers. Other Google offerings that have the degradetory “Beta” attached to them are much better then these two final products.

In my opinion, Google rushed the Video Stall and Google Pack out and it shows. Why did Google decides to do this, I do not know. May be it is feeling the business pressure.

Overall, this reinforce my impression of Google is that it is a technologically very capable and skilled company, and one that have a lot of innovative concepts. From a business point-of-view, it still have a lot to learn.

Flaw In Patent Reexamination Procedure by USPTO

Microsoft’s FAT patents had been upheld by US Patent And Trademark Office. In this entry, I am not going to talk about the merits of the patent, but rather the procedure used to reexamine the patent.

The two quotes below are attributed toPublic Patent Foundation President Dan Ravicher ina CNet article. When reading the first quote, I would like readers to substitute “Microsoft” with “Patent Holder”:

“Microsoft has won a debate where they were the only party allowed to speak, in that the patent re-examination process bars the public from rebutting arguments made by Microsoft,”

and

“We still believe these patents are invalid and that a process that gave the public equal time to present its positions would result in them being found as such.”

Current process of patent reexamination has a potential flaw because the patent examination board only hears detail argument from one side, the patent holder. While I am sure the board will endeavour to be impartial, hearing only from one side open the board to criticism of biasness at the very minimum. I am more interested in the practical issue of having the board fighting the potential bias favouring the patent holder and do think that by openning up the reexamination to all interested party, we can eliminate this bias. One possibility is to open the proceedings to the public and have a public commentary period. Another, which I believe to be a better one, is to adopt an adversory system similar to that of the court, where the party requesting for reexamination and the patent holder both present their case to the reexamination board.

There is no denying that adversarial system do have its flaw. One serious one is its reliance on the skill of the advocate to present one’s case. However, its beauty is the difficulty in accusing the system of bias.

In fact, I will go further by emulating the criminal court by placing the burden of proof of validity of the patent on that of the patent holder. His opponent simply have to poke holes in his claims. First and formost, a valid patent can be defended. Since only a patent worth its salt is worth defending, it also have the effect of rooting out weak patent. Not to mention that since the patent holder is willing to make a claim, he must be prepare to defend the claim. Lastly but not least important, a patent is a grant of monopoly over a particular method, therefore, it is the onus of the person gaining the monopoly to make a convincing argument and to defend it for the duration of the monopoly grant.

Verizon Windows Media Player Fiasco : Bad customer practice and may be, just may be, MS performing a forbidden dealing through the back door ?

Remember that the judge overseeing Microsoft’s antitrust settlement in the US chiding Microsoft for drawing up (and later drop) a proposed contract that says that only Microsoft’s Media Player is allowed on portable audio player? Just when we thought the dust had settled, Verizon’s introduce a music service that supports only Microsoft Media Player.

Let’s get the most important fact first: It is reported that supporting only Microsoft Media Player IS Verizon’s own decision, and they have every rights to do so. However, I think it is worth investigating whether Microsoft applied pressure or illegal sweeten the deal
to drive Verizon to this decision. After all, we cannot allow a monopolist to go anywhere near the very action it is not suppose to do under the antitrust settlement. More worryingly, it is reported (but not verified) that Microsoft an agreement with Verizon for Windows Media Player to be the solo media player. If true, this is worrying.

Verizon’s action is deplorable in several ways. First, if you upgrade your phone, Verizon originally does not bother to tell you that the MP3 playback function is disabled. The lure of upgrading, as far as the customer is concerned, is about richer feature and enhancement, not the degradation of the phone as it is here. If one is to remove something as important as MP3 playback, it should be advertised. Second, it surrepticiously convert all your MP3s to WMAs format if you upload to the phone. This is bad because customers do expects MP3s to stay as MP3s or WMAs to stays as WMAs. There is nothing wrong with doing this conversion, just make it clear that the conversion take place. All in all, bad customer relation practice. There are also claims of misleading advertising (Verizon advertise that the phones involved have built-in MP3 players)

Verizon defends the action as to “enhance” user experience. I cannot see how removing MP3 playback is an “enhancement” of user experience. It looks to me as if Verizon is trying to “lock-in” their customers by putting technical hurdles when its customers attempts to play music bought from another source.

Lets see how this issue evolve. I do not think we are seeing the end of it.

Given the Sony XCP fiasco and this event, I believe we are living in interesting time. Market forces are at play shaping the future of DRM-enabled content.

More Education for Coursey

PJ of Groklaw decided to educate David Coursey over his misconceived article over OpenDocumentFormat. As Coursey’s article do appear from time to time on my radar screen, I do know that this articles are pro-Microsoft in a way beyond reasonable. As a matter of comparison, John Carroll of ZDNet is very pro-Microsoft as well, but at least in his article, there are tangile reasons for this view.

PJ is right. David Coursey’s accusations were long answered. I will refer readers to Groklaw for an explaination and “reeducation” if any of my reader needs one.

While I am not PJ’s classroom assistant, I will comment on other issues on the article that PJ did not care to comment.

First, I will like to touch on this two quotes from Coursey:

“Rather than adopt a single format for the distribution of documents, governments should support multiple formats or at least provide some means of converting from whatever format the state uses to whatever the citizen is using.”

As I understand it, if Joe Citizen file a request for document to be provided in XYZ format, the government will endeavour to provide the document in the request format, including Microsoft Office Format, the format that Coursey wants Massachusett to use. The key here is there is no regulation/legisations/rules/laws preventing the government official to do so.

Secondly, Coursey said
“If your goal is document access, selecting a format that Microsoft chooses not to support won’t accomplish your goal.”

When talking about document access, Coursey is referring to document access by citizen. My argument about XYZ format shows that he is misguided. Besides, when we speak about document access in Massachusett’s case, we are mainly referring to archiving needs. With this, it is necessary to stress mandatory use of OpenDocumentFormat is only for “internal” use only. This distinction is important. How a government store its data is the government’s internal business. If the government decides to decompose a document and store it in 100 separate databases, and then on request, reconstitute the document from these 100 separate databases for its own consumption or for its citizen, why should the citizen cares? Before I get flamed, I must say that this is only an example, and that it is on the assumption that decomposing the document to store it in 100 separate databases make sense.

Internally, insisting on only one format for data make sense. It simplify management and can safe cost by achieving economics of scale and by removing the need for converters, improve sefficiency.

Next issue. Coursey said:

“Still, I am not sure a fully interoperable read/write format is a requirement for public documents. I am satisfied if the finished documents made available to the public are in an open format, such as Adobe PDF.”

Expectation do change. Today people mostly public documents, including forms, but increasingly, people wants the ability to write to the documents as well, and to submit it electronically if possible.

As a columnist writing on technology related issue, I am suprise that Coursey is satisfied with simply reading documents.

About a year ago, when I applied for a Canadian Visa, the ability to fill in the PDF form electronically then print it out was a novelty , something refreshing and something I would like to see more. Today, when I receive a PDF form, I am dissapointed when I find that I cannot fill the form electronically but to do it the old fashion way.

My prediction is, in the future, we can write and submit forms electronically as well. This is likely to be driven by the fact that it will allow automatic processing of the form. For some government agencies, this can lead to great efficiency improvement. Thus, in this case, the ability for ALL to read AND write to documents is of paramount importance.

Now, let me says that Coursey blames the wrong person when he says:

“After all, unless Microsoft chooses to support OpenDocument, then a move to that format would make it more difficult for Microsoft Office users to access state documents than it is today.” [Implying that the State is to blame for this]

Sorry Coursey, if this is the case, then Microsoft is to be blamed for not choosing to support OpenDocumentFormat. No one in this world, including government, have the duty to ensure Microsoft Office Users is not inconvenient by any decision. Throughout this OpenDocumentFormat vs Office XML Schema debate, my stance is that Microsoft have every rights not to support OpenDocumentFormat. However, it has to take all blames and credits for its decision. So far, I use this to quash the argument Microsoft allies’ is manufacturing an argument against OpenDocumentFormat when they argue about accessibility problems with OpenDocumentFormat, (More correctly, softwares that support OpenDocumentFormat’s) because the accessibility problems will go away if Microsoft Office supports OpenDocumentFormat. But here, the arguments goes against Microsoft, unless it can prove that the decision not to support OpenDocumentFormat is not a business one but is based on sound technical/legal reasons. The “backward compatibility” issue, “Office XML Schema is better” and “Not all data we want to store in Microsoft Office can be stored in OpenDocumentFormat” are red herrings, not real arguments.

He said:

“Microsoft is here, and as the overwhelming choice of customers, it gets to make certain decisions, file formats being one of them.”

Nevermind the argument that people probably did not “overwelming” chooses Microsoft because of the lack of competition. I have enormous problem with him implying that because he is implying that Micrsoft gets to make file formats decision for others: government, corporate or individual. As Microsoft Courtsey is finding out, it does not.

Finally

“In summary, I think it was arrogant for a state department head to think he could force people to use a particular document format—one they don’t use and their applications won’t support—if they want to interact with their government.

“You’d think a top executive of the state best known for a certain Tea Party would have better understood who works for whom.”

Eh… who is the arrogant one here? The state department head did not force citizen to use particular document format. Common sense says that it is in his jurisdiction to say what document format his department use internally. If anyone think he is wrong, the onus is on him to point out why. It is arrogant for a columnist to think that he can tell anyone what he or she can do in internally in his/her department.

About the Tea Party, open standard advocate would equate Office XML Schema as the Colonial Government and OpenDocumentFormat as the rebels. The Tea Party is about government forcing something on its citizens, which is not what is happenning here.

NetBeans should NOT throw in the towel

David Berlind accepted Tim Bray‘s bet that he will change his mind in 2007 that NetBean should throw in the towel. (Event sequence : 1, 2, 3). Ian Skerett of Eclipse Foundation believe that Berlind will win. Granted, Skerett is biased, but will Berlind win? Yes, of course. The flaw in the bet is that Berlind, one party to the bet, is the solo authority that will decide whether he wins or lose. See the conflict of interest here? Since we have not invented a way to say whether he is lying, we will have to accept what he says as the truth and nothing but the truth.

Of course I have all confidence that Berlind will tell the truth come 2007. His integrity is at stake. The actual bet is whether NetBeans will be one of the IDE considered by developers beside Eclipse IDE in 2007. I was telling the half truth when I say we cannot verify that he is lying, coz if NetBeans did indeed becomes an alternative to Eclipse for most developers, he can lie through his teeth that he won and nobody will believe him, … and Bray will be happy to buy him dinner if this is the case, although I am not sure Berlind will eat it.

In my work, I use Eclipse very heavily. Even with this in mind, I do not want NetBeans to throw in the towel. By being an alternative to Eclipse, it provide competition to Eclipse and forces Eclipse to innovate to stay ahead where it has the advantage, and to catch up where it is behind. I want this competition to continue as long as I am using Eclipse (or NetBeans for that matter).

Real story, Reporter in search of a story, or PR? (Updated)

Lets have a look at this news item on Email Battles about Microsoft Employees ranting about IE6 in a negative way. The reason why I want to look at it is because I am not sure whether am I seeing a real factual account of what really happens inside Microsoft, Microsoft PR Campaign to counter the spread of Firefox 1.5, or just simply, a reporter reporting an uninteresting story because of the annual “End of Year News Drought” as everyone is on holiday.

Let’s look at the chornology of events first (All dates approximate):

1. ** December 16, 2004: Launch of Mozilla Firefox1.0
2. January 29 2005: Rory Blyth of Microsoft, in response to a comment on his blog, complains that IE6 is “horribly behind time”.
3. February 15 2005: Bill Gates announce IE7
4. ** December 08, 2005: Launch of Mozilla Firefox 1.5
5. December 19, 2005: Dare Obsasanja tell Microsoft to shake up or concede web browser development to other companies.
6. December 19, 2005: Jorg Brown revealation about a conversation he has with a Microsoft superior on Slashdot
7. Decmebr 29, 2005: The article discussed was published.

Italic items are comments quoted by the article and attributed to people close to Microsoft.

Is it a genuine story? No. Nothing worth reporting here.

A reporter filling the “end of year news drought”? Not very likely. Look at the timing of events. Events (5) and (6) is planted to path the way for the news item. At this festive season, reporters want a break too. I doubt he really spend the time to dig out Blyth’s comment in the beginning of the year.

Moreover, I am sure everyone can see that all responses from Microsoft side seems to be triggered with Mozilla Firefox launches (Items marked with **). The lack of about one-and-a-half months between (1) and (2) can be easily explained by Microsoft preparing its response to Firefox. If you need supporting evidence, there is a one month difference between the launch of Firefox 1.0 (1) and Rory Blyth’s complain (2) but Bill Gates announcement is merely two weeks away from Blyth’s complain. My money is that when Rory Blyth comments is a precursor for Bill Gate’s announcement and when Blyth makes his comments, he knows that IE7 project is a go or being finalized. Bill Gate’s announcment is delayed in search of a big conference to announce it. If you need one more reason on why this is a PR campaign at work, just remember, as employee, it is a rule of thumb not to speakout about ones work, especially one that devalues your employers product; Unless, of course, you have prior clearance from PR.

Another thing to remember is, when did you see reporter pick up something that happens almost a year ago (1)? That comment by Rory Blyth is stale by all accounts.

[Update 4 Jan 2005]
Second story on the same vein appeared. My verdict: stronger evidence that this is a PR campaign. Who in the right mind will talk about non-existing issues surrounding IE7 beta (rivalries, complains etc) instead of the IE7 product itself (reviews)?