Maybe Microsoft is taking over the world.

Windows users who use their PC’s to watch DVD’s can breathe easy for now.  Planned security upgrades for Windows Longhorn (popularly known as
Vista) are behind schedule and won’t be included in the first version of Longhorn.  Reports concerning inclusion in later versions are unclear.  These security measures, dubbed Next Generation Secure Computing Bases have some tech-guru’s worried about the future of interoperability between PC’s and outside media devices.  In laymen’s terms, say you use InterVideo Win DVD to play a DVD on your computer.  Then, you configure your video card to output the image onto your widescreen TV via an S-Video cable.  This is perfectly legal, as you paid for the DVD, PC, widescreen TV, etc.  You are even using a Windows Certified media playback device (InterVideo Win DVD) to watch your DVD. 

            Imagine now that as part of Microsoft’s Next Generation Secure Computing Base initiative, Windows Longhorn knows that you are routing video out of your computer to a device (your widescreen).  This is a violation of the NGSB and as a result, your Windows Certified media playback device shuts down.  Known as Protected Media Path, this model described above is the result of collaboration between Microsoft, the MPAA, and
Hollywood studios to control the playback of copyrighted material on questionable mediums.  Essentially, static is the end result unless every media device hooked to your computer is certified by Microsoft.  The Electronic Frontier Foundation reported on this as part of their series covering the Windows Hardware Engineering Conference.  The article continues to probe the relationship between Microsoft and the MPAA, questioning Microsoft’s reasoning behind this dramatic lockdown of public material.

            According to the article, controls such as Protected Media Path, part of the NGSB initiative, were Microsoft’s attempt to maintain a foothold in the media playback market.  Basically, Microsoft beefs up software aimed at stopping copyright infringement and the MPAA allows all “next generation” DVD’s to be playable in Windows media players.  These “next generation” DVD’s sport robust encryption and would only be playable on stand-alone players, virtually eliminating Windows from the playback market.

            This measure boosts Microsoft’s stock value, but hurts hardware manufacturers who refuse to incorporate “selectable output control” into their products.  SOC allows video and sound cards to shut off outputs when Longhorn detects an unauthorized device hookup.  Hardware manufacturers who don’t comply won’t receive the Microsoft compatibility logo, can’t sell their products in Windows-based PC’s, and might be purposely blackballed by Protected Path Media software.  Anyone who does video or media editing will want to carefully select what hardware they purchase in the future if SOC becomes mandatory under NGSB.  Machines just a few years old could be rendered useless if they are not listed on Microsoft’s “global revocation list.”

            So what does all of this mean to the average consumer?  Unless everyone converts to open-source operating systems and media playback devices, not much at all.  Most open-source advocates see this as another attempt by Microsoft to hijack how we use purchased material.  Others would see it as a side effect of competition.  Whatever your opinion, mine is that with Microsoft already the dominant entity in the IT world, these changes will be small and gradual and few will notice them.  If anything, NGSB will be hailed as the next step in information protection and the side effects mentioned above will go largely unnoticed. 

 

 

All information for this article came from:

http://www.eff.org/deeplinks/archives/003806.php

http://www.eff.org/deeplinks/archives/003804.php

 

The second article http://www.eff.org/deeplinks/archives/003804.php, contains a section devoted to what is known as the Trusted Platform Module (TPM) chip.  This TPM chip is potentially the next generation of information encryption.  I’ll skip the technical jargon and highlight the important parts…In response to the “epidemic” of stolen laptops, Wave Systems designed software that encrypts an entire hard drive with a few keystrokes and require far fewer passwords.  The software is still in the development phase, but could be rolled out with future versions of Longhorn if testing proves real world viability.  While unlikely, this could be another layer of protection against identity theft and the numerous other privacy problems encountered in the digital age.

Medicare and the Digital Divide

“December 8- don’t be late.”  These ominous words head the Medicare.gov website designed to help seniors enroll in Medicare part D prescription coverage.  I can’t say I’ve ever seen anything more ironic than the last sentence.  The WEBSITE designed to help SENIOR CITIZENS ENROLL IN MEDICARE.  This ABC News video interview with a Medicare expert tells us that 79% of seniors have never used the internet (video).  So why is our government using the most inaccessible medium to deliver the most important social service to a projected 31.5 million seniors (HHS report)?  Apparently the digital divide is just a myth to policy makers. 

            To be fair, there is an 800 number where seniors or their children can call and speak to a representative who will try to answer any questions.  But as Diane Sawyer asks in the ABC News interview, “why is it so hard…can’t this be made any easier?”  Well, apparently it can be if seniors have access to a free Medicare part D enrollment session being held by numerous medical colleges, community centers and other social centers throughout the country.  Most of these sessions offer trained medical students or volunteers who have detailed knowledge of their states’ Medicare system who assist seniors with the online application.  One session offered by the Eastern Virginia Medical School EVMS requires only 90 minutes to enroll applicants.  Another session offered in Georgia is sponsored by U.S. Congressman Phil Gingrey M.D. who invites all 19 of Georgia’s plan representatives to enroll seniors.  Social Security Admin. Representatives are also on hand to check for dual eligibility, as well as trained volunteers to assist seniors who wish to enroll using the on site computer labs (Gingrey).

            So while it looks as if another policy nightmare were brewing, concerned citizens and elected representatives are doing their best to assist seniors in this transition.  Another useful tool, but one which requires web literacy, is www.shiptalk.org.  This site contains contact information for every state health insurance assistance agency representative, usually on a county-level basis.  Again, if you can access it, this is a wonderful resource.  But proponents of the digital divide will highlight the gap in services available to the net savvy and the unplugged population. 

Courts set rules on electronic documents

Friday, December 1, 2006 was an important date in the history of digital data storage and litigation.  The new Federal Rules of Civil Procedure booklet was released, containing the FIRST set of rules governing the storage, destruction, and examination of digital data.  http://www.law.com/jsp/legaltechnology/edd.jsp  This site contains links to numerous articles on the new rules.  In the event that a company is sued and a request for digital data is made, these universal guidelines govern what data can be requested and how it must be presented during the discovery phase of a trial.  Companies must now know a lot more about what information they keep, how it is kept, and how often it is permanently deleted.

For the past decade and more, lawyers have struggled over how to handle requests for electronic information and how to submit it as evidence in courts.  Usually these decisions have been handled by individual jurisdictions, resulting in conflicting and unclear rules.  The new rules establish universal standards for the following data mediums:                        

1. web-based email systems
2. Instant Messaging
3. Voicemail
4. Internal systems and productivity tools (servers)
5. Portable devices and other media (Blackberry, Palm and Windows CE-based personal digital assistants (PDAs))

According to this Marketplace article (http://marketplace.publicradio.org/shows/2006/12/01/PM200612017.html), companies specializing in data archival systems are expected to reap huge profits from these new rules.  Companies with data on floppy disks, tapes, or other obsolete forms of storage are at the mercy of data archival companies that have the ability to preserve this information.  Data archival and preservation companies, known by the industry name “e-discovery vendors” earned over $1.6 billion in 2006 and that amount could easily double in 2007 according to this article(http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1164981804741).

Failure to preserve data can result in huge fines as well.  Even before these new rules went into effect, Morgan Stanley was fined $1.5 billion for failing to preserve digital information (see Marketplace article).  Hopefully Jeremy’s smashing of cassettes is exempt from the new rules.

Large companies face significant costs in organizing massive volumes of data to meet compliance standards.  Everything from internal emails to work site pictures saved on camera phones with removable memory cards fall under the purview of these rules.  While these costs will be significant, I am curious to see how small law firms and companies will react to these rules.  An individual tax attorney with a staff of two probably has no electronic records, but this might not always be the case as more returns are filed electronically.  The costs to individuals and small time companies with digital data might far outweigh those borne by large companies. 

What’s even more interesting is that stored audio files now have a home in the litigation arena.  Prior to these revised rules, audio files were categorized as either documents or electronic data compilations.  Now they have their own category: electronically stored information.  Innovative business leaders have capitalized on this newly created category by providing database services designed to make accessing, analyzing and producing these recordings easier and error-proof for litigation purposes.  The technology is not 100 percent reliable yet, but as enhanced voice over internet protocol services grow, the possibilities are endless.  Every work-place telephone conversation could eventually be transcribed digitally, sorted into a relevant category, and saved virtually forever.  Obviously there are some privacy issues that might arise as this technology becomes more widespread.

Milestone Ch. 7

Earning the title of “debugger” is quite easy.  Anyone who has a wireless network in their place of residence has probably experienced a “connectivity failure” at some point.  Using Synder’s checklist for debugging, resolving the connection failure can be quite simple.  My experience with home-based wireless networks has been less than enjoyable.  Consequently, I am frequently troubleshooting problems.  Usually the problem is as simple as a minor power interruption that “froze” our modem and router.  The fix is simple: unplug the power supply to both devices, wait 10 seconds, replug both devices and surf away.  However, this fix does not work 100 percent of the time and further investigation is required. 

I first try and reproduce the error as Snyder recommends, seeing if all three computers in my compartment are sans Internet.  As is usually the case, I can establish a wireless connection on two of the three machines.  Since I’ve determined that the problem resides on one machine I can begin to eliminate the obvious.  Network cards like to fall out of laptops and if I had a dollar for every time I’ve put my roommates back in, thereby correcting the problem, I would be $5 richer.  My computer has an internal antenna that is always connected, unless I manually disable it.  This is my next obvious check. 

With these steps completed, I begin to divide up the process.  Snyder has us separate the parts that work from those that don’t.  It’s pretty simple, the computer is powered on, all operations are running, just no internet signal.  Lets open the network connections utility and examine this more closely.  Encrypted home networks have two parts, a unique network ID and a passphrase.  Lets call my network “apartment 3″ and my passphrase “PIA 2100.”  Upon opening my wireless network utility, I’ve discovered that this information is missing from my utility.  Why this happens is beyond my level of expertise, but it’s safe to say that a rare software error might have occured.  Entering my network ID and passphrase into the utility activates it and tells my network card to find the network “apartment 3″ and use the passphrase “PIA 2100″ to verify the authenticity of my computer. 

This simple fix took no more than a few minutes to complete.  However, as Snyder illustrates, the most important part of troubleshooting is eliminating what is functioning properly from what isn’t.  The most difficult part is finding the real problem, fixing it is easy.  Many hours can be spent looking for an error that is so obvious, the average person might overlook it.  But following the steps Snyder lays out can prevent this embarrassing and often time consuming error. 

DoD’s DTS still flying @ $474 million…what?! no inflight movie!

This post follows up on a discussion board comment I made about false cost-savings from outsourcing government IT.  ABC News posted this November 15 article: ABC News: Pentagon’s Troubled Travel System part II in November, highlighting the shortcomings of a Northrup Grumman IT system designed to book airline flights for Pentagon personnel.  The system known as the Defense Travel System, is already four years behind schedule and $200 million over budget.  Critics of this type of outsourcing are often skeptical of the difference between the projected and real cost-savings.  And in some cases, they should be.  An earlier September 27 article about DTS by ABC News contains more evidence that cost-savings are often misleading (see ABC News: Pentagon’s Troubled Travel System).  In this article, claims are made by the Department of Defense that millions of dollars were saved by the system.  However, most of these savings cannot be proven because they were based on a news release from a credit card company and not hard facts.

            It’s no surprise however that Congress already voted on spending another $60 million on the system, raising the outsourced total to $474 million.  That is more money than Orbitz was worth when it went public in May 2003 with $317 million in publicly held stock (about Orbitz).  Senator Norm Coleman, R- Minn. is the loudest opponent of this program.  He tried to kill it last year, but lacked enough votes.  Ultimately, Congress is afraid to admit their $474 million dollar system doesn’t work and that almost half a billion dollars of taxpayer money has been wasted.  Sen. Coleman advocates using already perfected private travel agents, like Orbitz or Priceline.  These services can handle both rental car reservations and hotel reservations, something the DTS cannot do.  It appears Congress has found itself digging the proverbial hole when deciding what to do about the DTS.  With already $474 million spent and nothing to show, it could eliminate the program.  But starting over will cost even more money, on top of the $474 million already wasted.  In the words of John Cochran, author of these pieces, “it’s your money.”

Milestones Ch. 17

My “ah ha” moment for chapter 17 occurred when reading about ChoicePoint notifying California residents of a potential security violation. Snyder states that “California is the only state with a law requiring notification of security violations” (Snyder 490). However, a quick search of the Pennsylvania Legislature web site proved this assertion incorrect. SB 712, signed into law on December 22, 2005 provides “for the notification of residents whose personal information data was or may have been disclosed due to a security system breach” (SB 712).
The bill has been criticized by consumer advocates for it’s lack of effective enforcements. “The bill puts the decision about whether or not to notify consumers of a security breach in the hands of the compromised business, which may decide if the immediate economic and public relations costs of notifying its customers outweigh any risks it might face for failing to disclose a security breach, Jim Swoyer, public interest advocate for Pennsylvania Public Interest Research Group” (http://pennpirg.org/PA.asp?id2=21524).

As of October 1, 2006, 34 states have enacted similar legislation forcing any business with a computerized database of personal information to inform consumers of any security breach, see: http://www.infosec.uga.edu/policymanagement/breachnotificationlaws.php. Interestingly, Snyder does highlight a conflicting discrepancy in U.S. privacy policy. If the U.S. followed O.E.C.D. privacy guidelines (which we don’t), then ChoicePoint would have faced serious fines/penalties under the O.E.C.D.’s accountability principle. This is ironic because the U.S. plays a major role in O.E.C.D policy formulation.

Milestone Ch. 6

My “ah ha” moment occurred when reading about image searching. Chapter 5 discussed finding information on the World Wide Web and my FLAG group did a presentation on this chapter. Searching for information not only includes text, charts, PDF’s, but also pictures. I’ve never searched for a topic-related image or picture, such as the chapter 6 case study example Buckminster Fuller. Most of the online images I’ve seen have always been posted on the site and were basically the reason for the sites’ existence. To clarify, I’m an avid skier, but I’ve never searched for a picture of a ski, rather I’ve sought out the manufacturer’s site that contains a photo album or lineup of their product.

During my research for this posting I discovered that our prestigious university launched its own image archive titled “Documenting Pitt.” The site was profiled on WTAE news and hosts a number of interesting features. Anyone can access the site since it is maintained by our library service. It contains pictures ranging from the construction of the Cathedral of Learning to the demolition of Pitt Stadium. I am a native of the region and am fascinated by the transformation of Pittsburgh throughout Pitt’s existence. This digital archive is a fascinating example of 21^st century technology preserving 18^th century history. Documenting Pitt

Also archived are old university yearbooks and chancellor reports. This is an excellent primary source for historical information on the University of Pittsburgh. Site navigation is simple, but some search knowledge is a plus. Broad query searches are supported by the Basic, Boolean and Proximity search functions we learned about in chapter 5. Operating budgets for each fiscal year can be found under the “fact book” link. This is an excellent primary source for anyone interested in how their tuition money is spent. PDF files containing university demographics and other statistics provide tremendous institutional transparency. Overall, the site contains excellent information and is constantly updated as the project expands.

Big gulp…$1.29, Fritos…$2.39, Your identity…$150 (and two nerds)

The latest risk to your identity might be on your keychain.  Researchers recently announced they were able to extract vital credit card information from cards that transmit data wirelessly.  These are the next generation credit cards that do not require a signature or a physical swipe through a machine.  It’s called RFID or radio frequency identification and is used by Exxon Mobile in its “speed pass,” American Express, JP Morgan Chase, MasterCard, and Visa.

An article in the New York Times described how a graduate student and professor of computer science at the University of Massachusetts constructed a machine the size of a text book to scan the wireless information from a distance for about $150.  The pair is confident they could construct another machine about the size of a pack of gum for around $50 with the same effectiveness. 

            Armed with this tiny scanner, a person could easily enter a crowded area and collect the credit card information from anyone carrying an RFID equipped card.  Discrepancies exist over the potential range of RFID, but “but the claims range from several inches to many feet.” And, [t]hough the systems are designed to allow a card to be read only in close proximity, researchers have found that they can extend the distance.

            Each card company uses its own form of encryption, most of it 128-bit based.  The researchers tested only a small batch of cards, 20 to be exact.  However, they were all the newest next-gen cards, issued in 2006, and all were cracked by the researchers.  Disputing the researcher’s claims; Tom O’Donnell, a senior vice president at Chase, the largest issuer of the new cards, said that the attacks described in the paper would be too cumbersome in the real world. And the researchers said that other kinds of fraud, like so-called phishing scams in which criminals trick people into revealing credit card information through misleading e-mail messages and Web sites, were currently more effective.

Still, John Pescatore, vice president for Internet security at Gartner, a technology market research firm, said he was surprised by the lack of security in transmitting personal data. He said it was a mistake that companies often made in rolling out early versions of a technology.

“It’s the classic ‘Let’s depend on security through obscurity — who’s going to look?’ ” he said. “Then, whoops! As soon as somebody does look, you roll out the security.”

            Ultimately, frustration arises from the lack of oversight and regulation of a new technology.  It’s apparent that stringent testing is not part of R&D for most credit card companies.  Exxon has been accused of using “weak” encryption.  Companies should offer a choice between non RFID and RFID cards in the interest of their customers.  Until then, carry cash or invest in a lot of tin foil.

 

http://www.nytimes.com/2006/10/23/business/23card.html?pagewanted=1

Milestone Ch. 13

I dismissed this chapter as elementary and boring as I’ve had experience with spreadsheets in the past.  Most of the work I’ve done on them has been more complex than what is described in Snyder.  However, after taking a closer look, I see now that I may have rushed my judgment.  By taking time to appriciate how much information Snyder crams into one chapter, I’ve realized my error.  This realization is my “aha” moment for the week.  I was reading the chapter from the 30,000 foot level instead of from the ground-level. 

This chapter squeezes more information into 30 pages than is contained in most software manual chapters.  And on the plus-side, this chapter is more entertaining than a software manual.  Someone who has never touched a spreadsheet prior to reading this chapter should feel totally comfortable both entering and manipulating text and data.  Another detail that I feel warrants discussion is the instructions for filling rows and columns.  Snyder only gives the two easiest methods, whereas most manuals would give all three or sometimes four ways.  In my opinion, having four processes to execute the same function is redundant and can cause confusion among less adept computer users.  In an introductory chapter like this, eliminating complexity allows for greater retention and proficiency. 

Personally, I appriciated some of the practical applications of speadsheets that Snyder illustrated.  Copying a bus schedule and repackaging it into a more user-oreinted format with only the necessary routes is a great idea.  I know that opening the 8-fold bus schedule, finding the appropriate table, then reading the microscopic times at 9pm can be difficult.  Rather than commit the schedule to memory next semester, I definately plan on making my own schedule with both PAT and Pitt bus times.  However, I am worried that because PAT bus schedules are stored as .pdf files on the website, importing the text as tab-delimited might be difficult, if not impossible.  It might be necessary to use the Search/Replace function Snyder discusses to remove any formatting from the .pdf file, allowing me to import the text to Excel.

If I cannot copy and paste the text, creating a table is still possible with some extra effort.  Since I now have instructions on creating a calendar, I can simply adjust the time increments to match the bus schedules and fill down, creating my own table.  I can reproduce this table several times and make my own bus schedule.  Apparently this chapter did contain more useful information than I first thought. 

YouTube and 4th Amendment

This is somewhat of a spin-off of our discussion board, but since YouTube is now a subsidiary of Google I thought it appropriate. The New York Times had an interesting article highlighting recent censorship actions taken by YouTube in an effort to make it a more attractive purchase. Essentially, YouTube pulled video clips that were critical of radical Islam. The movie makers responded by flagging numerous Islamist “sympathizer” movies. Flagging a movie as inappropriate prompts administrator review, often resulting in removal. This method of retaliation has been used in the past by political adversaries and other interest groups trying to silence rival opinions.

http://www.nytimes.com/2006/10/09/technology/09link.html?ref=technology

But the big question here is: is this “housecleaning” a violation of free speech or a protected action by a privately owned video hosting website? There are strict terms of use on YouTube that clearly define what is and is not acceptable material…. In connection with User Submissions, you further agree that you will not: (i) submit material that is copyrighted, protected by trade secret or otherwise subject to third party proprietary rights, including privacy and publicity rights, unless you are the owner of such rights or have permission from their rightful owner to post the material and to grant YouTube all of the license rights granted herein; (ii) publish falsehoods or misrepresentations that could damage YouTube or any third party; (iii) submit material that is unlawful, obscene, defamatory, libelous, threatening, pornographic, harassing, hateful, racially or ethnically offensive, or encourages conduct that would be considered a criminal offense, give rise to civil liability, violate any law, or is otherwise inappropriate; (iv) post advertisements or solicitations of business: (v) impersonate another person.

Even though these terms are reasonably clear, several of the definitions of “inappropriate” material are open to interpretation. For example, a certain segment of the population might find Bill O’ Reilly’s reaction to a protest at Columbia University hateful, defamatory, threatening, harassing, and otherwise inappropriate. http://www.youtube.com/watch?v=QpOLvTIldMM

However, another group might agree with and even defend Bill’s comments. Does this mean that the clip should be pulled from YouTube, even though it comes from a “fair and balanced” source? Mr. O’Reilly was not censored by Fox News for his remarks describing the protestors as “fascists” and “fanatical secular progressives.” The Times article mentions several clips that were pulled for their anti-Islamic slant because they were deemed inappropriate by YouTube administrators. Apparently material is only deemed inappropriate if it is critical of a particular religion. Slander is just fodder for discussions like these.

Another point about these YouTube actions. Are we seeing an evolution of the political action committee? Let’s see how many of our opponents’ video clips we can get removed. What impact will this have on election outcomes? Surely there will be the random voter who selects a candidate based only on YouTube clips. Is the democratic process being diluted by one-minute video clips? I wonder if the swift boat vets have a myspace.com page.