The Market Ticker
Commentary on The Capital Markets- Category [Technology]

The Stupid, it Burns.

For the most part, however, it's the sensors, locks and monitoring devices that will be the cornerstones of the smart home. Furthermore, most of the people who've ridiculed the smart home of connected things haven't personally set one up themselves.

Oh really?  Both of my last two homes (including my present one, of course) are "smart" with the expected feature set, plus what probably amounts to quite a bit more.

It's really kind of nice to have a house that adapts to you, more or less on its own.  Your path is lighted as you enter a section of it, appropriately to the time of day (no, your eyeballs are not assaulted when you have to take a leak at 3:00 AM!)  When not home the system monitors for presence and decreases energy usage, and alerts you if something odd happens (like, for instance movement where there shouldn't be!)

But -- that's not the issue.  It lies here:

Critical security and healthcare monitoring systems will also benefit greatly from integration, which is why Apple and Google are desperately trying to position themselves as the great integrators. Someday it will be natural to have your medicine cabinet remind you to take a blood pressure pill or to get a message from grandmother's house that she hasn't been down to the kitchen this morning.

Except that neither of those firms or any other large ones in the digital space today give a flying **** about your privacy and civil rights.  None of them.  Exactly zero.

How do I judge?  None of their CEOs or corporate officers will risk prison or publicly quit rather than comply with outrageous demands and actions by others, particularly our US Government.  We know this because there is a long history of them complying rather than risk a contempt action or resigning in protest.

Worse, they build infrastructure for the specific purpose of being able to get into your data!  Apple, for example, has its "back doors" into IOS.  They claim this is for "diagnostic purposes" yet the data accessible and the bypass of protections intended to secure your data is the antithesis of "diagnostics."  

Apple is not alone in this regard; those who have taken cheap shots at me over the years for pointing this out in relationship to one company or another believe that it's because I "hate" one firm and prefer a different one.  Nope; that I make an example out of someone who sticks their head up by doing something particularly stupid doesn't mean that others aren't doing the same sort of thing -- in fact, virtually all, if not all, such large US-based firms are.  I've caught a couple of them myself over the years.

Google recently admitted to doing exactly that, in fact, with regards to child pornography -- searching email without a warrant.  They have no obligation to do so, by the way; I challenge anyone to show me a statute that compels not the turnover of accidentally discovered material but intentional searches for same, automated or not.  You can't find one, because such a statute doesn't exist.

The problem with such an example is that most reasonable people, myself included, instantly react to such an event as the perpetrator "deserving it"; after all, kiddie porn involves harming real children and it's a heinous offense.  That's not the point.  The point is that what allows such an intentional search isn't limited to heinous offenses and that someone claims to only be using it for that purpose both cannot be verified and there is no penalty for lying.

And that just covers the intentional acts.  The negligent ones don't even enter into this, such as unencrypted international data links between data centers in a world where it is known that various government agencies worldwide spy on everything they can get their hands on -- including, of course, said unencrypted data links.

You want to live in a world where not only governments can see in your bedroom on a per-stroke basis as you make love, but so can voyeurs and criminals?  That's what you're being sold, but it sure as hell isn't being disclosed.

Yeah, I like my "smart home."  A lot.  But there's not a snowball's chance in Hell that I'm going to let anyone but myself program and have access to it, for the simple reason that if I'm entirely in charge of what connects to what, where and how then I am also responsible for securing it and have a shot at keeping what happens inside the walls of my home, and my property generally, mine to share only as I see fit with those who I wish to share it with, and not some group of marketers, governments or thugs.

View this entry with comments (registration required to post)
 

Once again, into the breach I go...

The Federal Communications Commission, which could soon allow phone and cable companies to block or interfere with Internet content, has been deluged with more than a million comments. Last week, President Obama offered some thoughts of his own by saying that the Internet should be left open “so that the next Google or the next Facebook can succeed.”

The F.C.C. is trying to decide whether telecommunications companies should be able to strike deals with powerful firms like Netflix and Amazon for faster delivery of videos and other data to consumers. Mr. Obama’s statement about “the next Google” highlights one of the biggest problems with such agreements: Small and young businesses will not be able to compete against established companies if they have to pay fees to telephone and cable companies to get content to users in a timely manner.

That's a hell of an assertion -- the problem is that it's not only bereft of evidence the actual evidence says exactly the opposite happens.

What evidence?  Facebook, Google, Youtube, LinkedIn, AOL and more.

In other words, pretty-much every Internet "innovation" in terms of consumer and business experience over the last 20 years.

Huh, you might say?  These are new proposals for "fast lanes"!

Nope.  This is in fact a proposal to halt how the Internet has always worked and change how it not only works today but has since I was involved in the building out access for ordinary people from the start -- specifically, from 1993 forward when NCSA Mosaic showed up.

See, there have always been "fast lanes."  We called them private interconnects, and they were a salient feature of not only the early Internet but have featured in it since.  Rick Adams and Marty Schoffstall, two founders of UUNet and PSINet respectively, put in place private interconnects between their firms to pass traffic that was coming from one and destined to the other.  They did so because it made more sense to do that in certain instances than it did to take traffic to public interchange points.

I got a few proposals over the years to privately interconnect MCSNet with others, including competitors.  We never found one to be worth it, but evaluated all of them.  Why wouldn't we?  If I can save money by doing that along with improving my customer's experience, why wouldn't I?

That's what drives such things in an open and competitive world.  You want a good experience as my customer and I want to both provide it and reduce my costs.  To the extent that privately interchanging traffic with you does that for both of us, that is, I judge that there's a reasonable benefit rather than an attempt to cost shift your operational expenses to me, I'm inclined to say yes.

By banning such things you increase costs, in some cases by a hell of a lot.  For example there were places in Chicago where I could purchase a clear-channel DS-3 or an "Ethernet" link at a very reasonable cost.  In fact it was damn cheap if you wanted to go to the right places.  The same DS3 pulled to the Ameritech NAP, the public Chicago meet point, was in many cases more expensive because I could only buy it from Ameritech and had to pay their port charge at the NAP besides, with them having a monopoly on the last foot of connection since the facility was in their building.

Now you may retort but you can exchange traffic with everyone else at the NAP if you go there, and that's true.  But whether that outweighs the price differential depends on many things, such as what current capacity I have installed and to where and whom, how much of that capacity I'm using, and whether or not on-balance I get a better-performing network and/or lower costs by going to the NAP or installing the private link.

By precluding business analysis and demanding that by law I do one rather than the other you are going to inevitably increase costs and decrease service levels for a given dollar of money spent.  The reason is simple: If it makes sense to not go to the meet point and do a public exchange instead I need no incentive to do so.  But if you force me to the public meet point all the time, precluding the private agreement by law, in those cases where that would make more sense to privately exchange traffic I now must spend more or get less, and often both.

The solution to the perceived (yet not actual) "harm" people are talking about is to enforce anti-trust laws where actual violations take place.  But one of the loudest screamers about this, Netflix, is itself attempting to use its market power in an abusive fashion to force other parties to bear its network expense.

The fact of the matter is that so-called fast lanes are why we got an Internet that was built as well, as quickly, and as cheaply for everyone as it was and is.  It is the few, most-particularly like Hastings over at Netflix, who are turning history on its ear and attempting to force others to eat their operational expenses.

The FCC should reject this attempt, as I pointed out in my public submission on their proposal.

View this entry with comments (registration required to post)
 

~30% off across the board on all the current models.  That puts the Z10 at just over $200 and the Z30 at $349.

The Passport is coming, obviously... which I am lusting after.

Good deals to be had if you want one.... all unlocked and carrier-agnostic.

Go to Store.Shopblackberry.com....

View this entry with comments (registration required to post)
 

I really wish people would pull their heads out of their asses on this, but they won't.

The massive data breach revealed this week could be even worse than initially feared, warns a cybersecurity expert.

Citing records discovered by security specialist Hold Security, The New York Times reported on Tuesday that a Russian crime ring has managed to gain access to more than a billion stolen Internet credentials. The stolen credentials include 1.2 billion password and username combinations and more than 500 million email addresses, according to Hold Security, which describes the breach as potentially the largest ever.

These thefts typically come from two places -- insecure connections that are "sniffed" and crap code that is broken into on the back end of someone's server.

The latter is distressingly common, as is storing such credentials in plain text instead of via a one-way hash, which cannot be reversed.

A one-way hash looks like this:

$2a$06$LaY/OGhUvqWkxtJA88z94uqM09cqodGxcJkrA8ag1OPmRkhNts5C.

That's a real one, by the way, for a real (and it might even be privileged) account on Tickerforum.  

Good luck figuring out the password from it.

Far too many sites stores such credentials in the clear instead.  Specifically, any site that can actually send you the password you used has it, obviously, stored somewhere in the clear (or can retrieve it.)  A one-way hash cannot be reversed; thus, were you to figure out what account that hash was for the best you could do is ask the system to send a password reset link -- and that link would go not to you, but to the account's owner.

The other problem that is being seen is "shim" code that hackers put into a site's software and literally siphon off credentials before it hits the back end software.  To do that you need to break into the host where the site is being run from.  This is frequently easier than you'd think; once you have that then you can steal credentials as the users submit them.

Security is a process, not a product.  What you have to understand is that whenever you use some site on the Internet you're not the only place that has a security risk.  The entity you trust also has one, and if their security sucks yours can be excellent and it doesn't matter since the data can be stolen from their end.

PS: No, the size of the organization does not necessarily correlate with whether they have a handle on things in this regard either......

View this entry with comments (registration required to post)
 

This story pushes a bunch of buttons for me.

HOUSTON – A cyber-tip generated by Google and sent to the National Center for Missing and Exploited Children led to the arrest of a 41-year-old Houston man who is charged with possessing child pornography.

Police say Google detected explicit images of a young girl in an email that John Henry Skillern was sending to a friend, the company then alerted authorities.

A bit of background -- I've done work for the good guys when it comes to kiddie porn before, and if asked will do so again.  When I ran MCSNet we used to get a subpoena here and there for various people's records related to that crap, and it generated zero sympathy on my part for the targets of same.  This sort of crap deserves the harshest possible punishment; polite company is not the place to discuss what I believe is an "appropriate" punishment for offenders who are caught and duly convicted.

However, that doesn't change the concern I have with this sort of scanner working on an automated and unprompted basis.

In this particular case the accused has a history of committing this sort of crime; he is a registered sex offender with a conviction for assaulting an 8 year old.  But -- there was no active warrant (or other item) disclosed that would generate a defensible reason for particular and targeted suspicion on his activity.  In other words, it appears Google examines everything that goes through it for this sort of purpose.

Is that proper?  It's hard to argue "no" in the instant case but the problem is that Google appears to not be limiting such a thing to that sort of instant case where pretty-much everyone (except the child predators, of course) would agree it's ok:

When you upload,or otherwise submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.

That is a very broad release of rights.

I wonder how many businesses, for example, have thought about the implications of this?

This is not a release that just applies to selling "relevant advertising" or "notifying authorities of apparent illegal conduct." 

It's a broad-form, all-use, worldwide release.

Now Google does say this next:

The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.

The problem is that they don't define what "our Services" encompasses, and indeed they state clearly that it includes not-yet-for-sale services.

What if one of those services (present or future) pertains to data matching of some sort for an insurance company, employers, or similar?  What if "our Services" in the future includes competitive intelligence on others in your industry?

If, while running MCSNet and in the ordinary course of maintenance and operations I came across a customer's stored data that happened to contain kiddie porn you can bet I would have reported it.  But there's a hell of a difference between reporting something that I find incidental to normal operations and designing a surveillance system to prospectively scan everything that goes through the network.

Nonetheless, even given my very public and longstanding view toward this particular criminal act and my efforts to put a stop to it where and when possible, I never did code up such an automated system.

Google, however, has, and they haven't publicly disclosed it (until now, by accident) either -- which leads me to the obvious question: What other automated scanning devices are in active use and how can you possibly know that they are all of the sort that virtually everyone (such as is the case for child pornography) would find to be non-offensive to their sensibilities?

I don't have the answer to that question but it's one that we ought to be thinking and talking about.  Further, if you or your company are using broad-form "cloud" services of any sort, or communicating with someone who is, you wind up subject to these policies and the potential for the provider(s) involved to redefine the services they offer to include something that could do you quite a bit of economic harm even if you've committed no crime.  

The bad news is that as these clauses are currently constructed you've consented to it.

View this entry with comments (registration required to post)
 

Main Navigation
Full-Text Search & Archives
Archive Access
Get Adobe Flash player
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.