And we're back...

Ok, so I took a quick birthday hiatus from posting, and then work went nuts. But now we're back on a regular posting schedule.

Thanks for hanging in there!

Cloud Computing: A cautionary tale

It was revealed last week that hackers had stolen sensitive account information from a major online payroll processing company to directly target its customers.

PayChoice, a company that provides online payroll tools to over 125,000 organizations and back-end support to 250 other payroll companies, was breached. Hackers emailed PayChoices customers directly with detailed information about their accounts to coerce them into giving up their passwords.

According to the Washington Post: Unlike typical so-called "phishing" scams -- which are sent indiscriminately to large numbers of people in the hopes that some percentage of recipients are customers of the targeted institution -- this attack addressed PayChoice customers by name in the body of the message. The missives also included reference to each recipient's onlineemployer.com user name and a portion of his or her password for the site.

PayChoice is taking appropriate steps to understand what happened and to correct any issues caused. Nevertheless, this serves as a cautionary tale as we move further down the road to decentralized cloud computing.

Into Thin Air

It’s amazing how much trouble a click of a mouse can cause. In one click, you can send that poorly considered blazing email, or submit an ill-advised comment to a blog. Through that one click, you’re creating an indelible online record that can be tracked back to you forever.

I think we’ve all probably been there. You’ve pounded out that angry email and hit send – only to think about the consequences hours or days later. You think to yourself, maybe I shouldn’t have called him a **** or brought so-and-so into this. Did he read the email yet? I wonder if I can hack his computer and delete it before anyone notices. And then, all you want to do is disappear… or better yet, have the email vanish.

Well, we’re getting close. Researchers at the University of Washington recently introduced Vanish, an open source program that allows users to completely destroy online text – like email, documents, posts, etc.

As we move further toward Web 3.0 and the use of cloud computing, private information is scattered around the Internet. Vanish allows us to regain a bit of control over any text entered into a web browser. InformationWeek describes it better than I can:

Vanish allows users to specify that all copies of any text-based data they're creating disappear in a certain amount of time. The software takes advantage of the same peer-to-peer networks that allow people to share music files online. It encrypts data, breaks the encryption key into pieces and scatters them on machines across the network. Since machines are constantly joining and leaving peer-to-peer networks, pieces of the key disappear and it can't be reconstructed.

Pretty neat. But Vanish is in its infancy and comes with some limitations. The biggest, I think, is that both the sender and the recipient must be using the program for it to work. So you still can’t quietly retract that drunken email you sent your ex last weekend. Not yet at least.

Certainly, this isn’t a sure-fire tool either. Vanish’s developers stress that it is a prototype and warn that bugs and nuances are still being worked out. So users beware.

And just because the online file may be destroyed, does not necessarily mean the text is truly gone. Copy/paste remains one of the oldest tricks in the digital book, and can thwart all the peer-to-peer document destruction software in the world. And a few steps beyond that, developers at the Universities of Texas at Austin, Princeton and Michigan have created Unvanish – basically the yin to Vanish’s yang – proving that it is possible (although difficult) to reconstruct destroyed content.

So while developers battle it out, of course Google has at least a partial solution to our dilemma of a hastily sent dilemma: Mail Goggles, which is active late Fridays and Saturdays by default, forces the sender to answer five timed math problems to ensure they’re of the right frame of mind to be sending a late-night message.

How much should the Government Control the Internet?

Last week, the Associated Press explored the issue of how much the U.S. Government should control the Internet.

Similar to how planes were ordered grounded after 9/11, should the President be able to hit the kill-switch on the Internet if there is a catastrophic online attack?

According to the AP (lol), “At least 18 bills have been introduced as Congress works carefully to give federal authorities the power to protect the country in the event of a massive cyberattack. Lawmakers do not want to violate personal and corporate privacy or squelching innovation. All involved acknowledge it isn't going to be easy.”

Online Privacy as a Generational Issue

Despite what many people will tell you, more often we’re finding that online privacy is not a generational issue.

Yesterday, I posted about a recent Annenberg-Berkley study that revealed more than half of people 18-24 object to targeted online advertising.

Today, I will point you to a great article from Wired’s GeekDad, further exploring the generational issue:

According to the Pew Internet and American Life project, both teens and adults actively manage their information online - 60% of adults and 66% of teens restrict access to information in their profile. According to the Pew study, only 6% of teens make their first and last name publicly accessible on social networks- a very telling statistic. We want our cake, and we want to eat it too- we want to share our content online, and we want to control who we share it with.

Rather than an all-or-nothing public or private paradigm, we expect to be able to choose levels of privacy and levels of exposure to the public. Most teens restrict access to their online profiles and do not think that sharing their information with a specific set of people means that the information is in the public domain. This allows them to both gain the benefits of sharing and communicating online, but also protecting their privacy and remain empowered in their choices about their own information.

Study: Americans Object to Online Tracking Government: OK, we’re on it

Nearly 70 percent of Americans object being tracked online by advertisers, according to a recent study from the University of Pennsylvania and the University of California, Berkley.

According to the New York Times, this represents the first independent study on behavioral advertising – and the results were impressive:

(Via NYT): Tailored ads in general did not appeal to 66 percent of respondents. Then the respondents were told about different ways companies tailor ads: by following what someone does on the company’s site, on other sites and in offline places like stores.

The respondents’ aversion to tailored ads increased once they learned about targeting methods. In addition to the original 66 percent that said tailored ads were “not O.K.,” an additional 7 percent said such ads were not O.K. when they were tracked on the site. An additional 18 percent said it was not O.K. when they were tracked via other Web sites, and an additional 20 percent said it was not O.K. when they were tracked offline.

The study also uncovered interesting data on teens. While heavy use of social networking sites like Facebook have been leveraged as evidence of that age group’s acceptance of advertising, more than half of respondents ages 18-24 objected to “tailored advertising.”

And the covernment is apparently listening. According to ClickZ, legislation governing online advertising and privacy could be introduced before Congress adjourns for its winter break.

Drafted by Rep. Rick Boucher (D-Va), chairman of the Subcommittee on Communications, Technology and the Internet, the legislation will include a range of pro-consumer policies that revolve mostly around transparency and choice in how users’ information is collected, used and distributed.

Rep. Boucher outlines his views in much more detail in a recent article in The Hill:

Broadband networks are a primary driver of the national economy, and it is fundamentally in the nation’s interest to encourage their expanded use. One clear way Congress can promote greater use of the Internet for access to information, e-commerce and entertainment is to assure Internet users a high degree of privacy protection, including transparency about the collection, use and sharing of information about them and to give them control over that collection, use and sharing.

Industry is to be commended for its recent advancement of self-regulatory principles. However, while proactive, these entirely voluntary principles do not go far enough, and there is no guarantee that every company that collects information from the Internet-using public will abide by them.

Again, this illustrates how the law is always a few steps behind technology – but it is heartening to see online consumer protection receiving appropriate attention, even though most consumers are largely clueless about issues surrounding privacy.

Image: Annenberg-Berkley Report, via New York Times

Google Execs Face Jail in Italy

Apparently, Google isn’t watching you as closely as some people would like.

Two senior executives from the search giant could face up to three years in prison if they’re convicted for violating Italian privacy laws.

According to the BBC, the charges stem from a 2006 YouTube posting that shows an Italian primary school student with Downs Syndrome being bullied by four classmates with at least a dozen others looking on.

The video was posted just before Google acquired the video-hosting site, but Italian officials argue that there were inadequate content filters in place to remove the post and that the video itself violates Italian law since it was uploaded without the consent of everyone involved.

Google, of course, maintains that it has broken no laws. The video was up for several months, but Google says it was removed after they received complaints. They also maintain that no laws were broken, as the video was hosted in the U.S., where privacy laws are much more relaxed.

Some people are looking at this as an opportunity to take a (potentially, but not yet) high-profile anti-American or anti-Google stance. Whether or not that's the case this underscores at least one thing: We are living in a global society where technology is outpacing the law and we need to coordinate and cooperate across boarders with a modicum of reasonability (hello Italian courts) and responsibility (looking at you, Google).

A decision is expected in December.