Happy Birthday Ringo Starr! 70!

Ringo Starr asks for his birthday today, according to this article in the New York Times, that everyone at noon their time put their fingers up and put our fingers up and say, “Peace and love.” Sure! why not? It’s in twenty minutes for me, and we certainly could use more.

The article is really quite funny, and represents a light style that Starr is famous for. Happy birthday Ringo Starr!

Facebook: the last straw

I’ve complained about Facebook before, reduced my participation, and now, I am ending it. Facebook has become what can only be described as an attractive nuisance. One of my friends clearly had their account broken into. The last time this happened it was possible for me to report the matter to Facebook, and they shut the account down in a matter of minutes. This time, they not only would not do so, but there is no longer a way to report an account break-in. The only way to send FaceBook a message is to close one’s account, and so I have done so. Done. Fini. For my friends’ and your sake.

Department of Stoopid: Virgin Airlines asks US flyers to avoid them

CNN reports that a Virgin Airlines flight diverted to Bradley International Airport in Connecticut sat on the tarmac for four hours, without so much as offering water. The excuse used is that the airport is not equipped with a suitable customs facility (Bradley has exactly one connection outside the United States – Toronto), but once again we see an inability to manage risks. What was the risk to passengers versus the risk to others by letting them sit in the terminal until appropriate customs people had arrived?

But our story doesn’t end there. As you may recall, airlines may now be fined for such behavior, but there’s a catch: the rule applies to domestic flights. A Virgin spokesman said that because they are a UK-flagged carrier they are not subject to U.S. laws. If that is indeed the correct logic, and that you’d receive the protection with a US carrier, then Virgin is encouraging you not to fly their airline. Go figure.

Net Neutrality Deal near betwen FCC and Telcos?

Today’s Wall Street Journal reports that mega-telcos Verizon and AT&T are in discussions with senior staff of the Federal Communications Commission (FCC) over a compromise for enabling legislation for the FCC to regulate access to the Internet. This is no small deal. Chairman Julius Genachowski has made very clear for quite some time that he thought there was a need to provide for some form of net neutrality to protect customers against service providers, and to insure openness. Another thing is perfectly clear to everyone: the rules of the 1980s and 1990s certainly are antiquated.

However, one problem with net neutrality is that it can mean different things to different people. To some it might mean protection from service providers charging for services that they themselves do not provide. To others it might mean an inability for service providers to manage what they deem as excessive use of a shared resource (their network) by some consumers, as their cost models are all structured on the notion of over-subscription. That is– if everyone tried to use a vast amount of bandwidth at once, we would all get very little, and not those megabits/second in the advertisement.

Here are a few facts to think about when you hear the term net neutrality:

The tools service providers might use to give themselves some sort of market advantage are the very same ones they may need to use to protect consumers against denial-of-service attacks: it is in the average consumer’s best interest that bandwidth from rogue BoTs be limited. Differentiating between protection against BoTs and protectionism may prove difficult to regulators.
Bandwidth on the Internet is not the same as a phone call. If you’ve ever been in a disaster situation, such as an earthquake or a hurricane, you’ll remember that there may have been times when you picked up the phone and got no dialtone. That is not how the Internet works. Most applications make use of Transmission Control Protocol (TCP), which is designed to share whatever bandwidth there is. While voice and video require a minimum to function properly, even modern day tools like Skype & iChat AV can step down their use of bandwidth when they see quality degrading.
Most of us weren’t born yesterday, and it’s plainly obvious that there are very few telcos in the United States. The government has, since the passing of the Sherman Act in 1890, taken the position, with good reason in my opinion, that monopolies are bad, and that high levels of concentration are not good for consumers, either. Prosecution through that act as a means of redress, however, is a last resort, because…
Such prosecutions take years if not decades, are often at the whim of administrations, and often do not succeed. Three examples of arguably failed prosecutions include IBM, AT&T, and Microsoft. In the case of IBM, the U.S. dismissed the case when Ronald Reagan became president. AT&T is arguably a failed attempt, because we are very close to right back where we started. In the case of Microsoft, European regulators have provided far more oversight than our own Justice Department, perhaps in part due to the non-European nature of the company, but also due to a lack willingness to go further by the Bush administration. Hence it is better to nip a problem in the bud. This is one reason for the FCC to have a role.
At stake is not whether or not consumers will see a choice of service providers, but whether content providers and etailers, sites like mlb.com and Amazon will have a choice. Otherwise, we get to a two-sided market, where those who own the so-called eyeball networks also own the other end, providing an enormous price control lever.
Properly considered, network neutrality as a concept protects against the idea that you have to go to a service provider to implement new applications features in the network. This is the core strength of the Internt, but it’s not clear that regulation is needed. For one thing, I would hope that providers understand that new features and applications are in their best interests, since they get to sell more bandwidth, and perhaps even offer a few such features to their, and other, customers.

That’s what all the fuss is about.

Wrap-up of this year’s WEIS

This year’s Workshop on the Economics of Information Security (WEIS2010) enlightened us about Identity, privacy, and the insecurity of the financial payment system, just to name a few presentaitons.

Every year I attend a conference called the Workshop on Economics of Information Security (WEIS), and every year I learn quite a bit from the experience. This year was no exception. The conference represents an interdisciplinary approach to Cybersecurity that includes economists, government researchers, industry, and of course computer scientists. Run by friend and luminary Bruce Schneier, Professor Ross Anderson from Cambridge University, and this year with chairs Drs. Tyler Moore and Allan Friedman, the conference includes an eclectic mix of work on topics such as the cyber-insurance (usually including papers from field leader Professor Rainer Böhme, soon of University of Münster), privacy protection, user behavior, and understanding of the underground economy, this year’s conference had a number of interesting pieces of work. Here are a few samples:

Guns, Privacy, and Crime, by Allesandro Acquisti (CMU) and Catherine Tucker (MIT), provides an insight into how addresses of gun permit applicants posted on a Tennessee website does not really impact their security one way or another, contrary to arguments made by politicians.
Is the Internet for Porn? An Insight Into the Online Adult Industry – Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel provides a detailed explanation of the technology used to support the Internet Porn industry, in which it claims provides over $3,000 a second in revenue.
The password thicket: technical and market failures in human authentication on the web – Joseph Bonneau and Sören Preibusch (Cambridge) talks about just how poorly many websites manage all of those passwords we reuse.
A panel on the credit card payment system, together with a presentation that demonstrated that even credit cards with chips and pins are not secure. One of the key messages from the presentation was that open standards are critically important to security.
On the Security Economics of Electricity Metering – Ross Anderson and Shailendra Fuloria (Cambridge) discussed the various actors in the Smart Grid, their motivations, and some recommendations on the regulatory front.

The papers are mostly available at the web site, as are the presentations. This stuff is important. It informs industry as to what behaviors are both rewarding and provide for the social good, as well as where we see gaps or need of improvement in our public policies, especially where technology is well ahead of policy makers’ thinking.