Not Quite a Blog

This is cross-posted at the Technology | Academics | Policy blog.

This post is intended for lay audiences; I can only hope I did a decent job.

Last Thursday was Data Privacy Day. In recognition of this international celebration, TAP invited guest bloggers to present some of the basics of data privacy --within policy issues, the law, and of course, as individuals. Today TAP is pleased to provide an overview of how information technology changes privacy in many ways, by Joseph Lorenzo Hall, ACCURATE Postdoctoral Research Associate UC Berkeley School of Information Princeton Center for Information Technology Policy.

Privacy is the kind of thing you don't know you have until it's gone.

One minute, you're living your life, happy as pie, and all of a sudden you feel like you've been violated. Sometimes this can be a false alarm; for example, when the pizza guy on the other end of the phone knows your address because you've ordered from Luigi's before. Other times, it can feel very personal; like someone has torn down the walls while you're in the shower.

Why all this talk about privacy?

You may not have noticed it, but last Thursday, January 28, was Data Privacy Day. Data Privacy Day is a day to celebrate our ability to keep some things to ourselves. In this post, I'd like to talk in layman's terms about privacy and how technology like the Internet affects privacy.

Privacy used to be a matter of "mind your own business". That is, before our globally-connected society could scarf down any and all news instantly, things were different. What was public was mostly a matter of what things people chose to make public. Many of our elder generations still feel this: wanting to know more about another person is not something to be proud of.

This day and age is quite different. Where things were normally private in the past, they are increasingly becoming public, by default. All those cameras that record you on the subway, at your favorite lunch spot, and in the parking garage? Your Facebook profile? The view of your home from the street? More than likely each of these views are public or can be with little effort.

A lot of this is a consequence of our increased technological capability. Cameras are cheap. Storage space for images, audio and video is even cheaper. The Internet ensures that anything that can be reduced to a computer file can be shared almost instantaneously with the rest of the world.

So what, you may be thinking? You have nothing to hide. Well, ask yourself if you're comfortable walking out on the street naked. It's not that we all have something to hide; it's that we feel more comfortable when we have control over what "leaks" out about us into the world.

Technology makes taking control of your digital self cumbersome. For example, have you ever wondered how your web browser knows that you want to see stories from your 07307 zip code when you go to a news site? Well, that's because your web browser keeps a small piece of information, called a "cookie", from this news site in order for it to keep track of things you do when you visit them. Though that's a pretty tame example.

Online advertisers do something similar to build a profile of you. This includes your age, gender, location, and what you like to read, eat, buy, etc. How do you stop companies from doing this? You have to know how to turn off cookies in your browser. Even then, not accepting cookies will mean other sites who don't do these things can't remember you. My own cookie practices are too complex to go into here; suffice it to say that having total control over this kind of stuff is not easy! However, simply knowing that this is possible is often a large part of the battle.

Another hard-to-grasp aspect of how technology changes our sense of privacy is this: the internet has a hard time learning how to "forget". It used to be that pictures would fade, video would age and such. These days, it's not very hard to inadvertently cause something to last effectively forever. So, you posted that picture of the bad haircut you got on Facebook or Flickr? Don't be surprised if someone likes it so much that they save a copy. You'll forget about it until your daughter's wedding when the groom makes a joke about your family's fashion sense. The only way to anticipate these kinds of surprises is to think, each time you post something online, "How could my enemies/stalker/that-guy-who-is-suing-me use this against me?" Whether or not you have enemies and stalkers is of course not the point here. The idea is to pick something similar that you can use for a quick gut check.

Finally, the social component of how we deal with privacy can be the hardest one to navigate. I'm sure you have a friend that likes to take a lot pictures. Where do those pictures end up? How do you know that a fun picture taken on a Friday night won't end up on the internet? If you are the one that is the shutterbug, be conscious of this. Think about possible consequences of posting a particular picture or video.

This brings me to my last bit of advice: use features of websites like Facebook, MySpace and Flickr that allow you to only show certain things to your friends. If you ever have even the slightest reservation about posting something online, simply restrict it to your friends to make it not public. Of course, this means you have to be a bit careful about who you "friend" on these websites. We'll have to leave that discussion for another day.

One of the godmothers of electronic voting is Rebecca Mercuri. Her PhD dissertation introduced the concept of the voter-verified paper audit trail. I've wanted to read a copy of this thesis for a while and recently had a renewed interest in it. I paid ProQuest $37 for a PDF of Rebecca's PhD thesis, because I couldn't find it using other search tools.

Well, after looking something up in her thesis, I found that U Penn posted it. Silly me. Here it is (7.5 MB):

Electronic Vote Tabluation Checks & Balances
Rebecca Mercuri
http://www.cis.upenn.edu/grad/documents/mercuri-r.pdf

(Yes, this post is solely intended to get this document into the Google index!)

Incidentally, I noticed that if you go to the ProQuest Express Dissertation service:

http://disexpress.umi.com/dxweb#search

and type in "electronic voting", Stefan Popoveniuc's dissertation is listed with a blue little "O" next to it as an "open dissertation". I remember doing this along with danah in our quest to Creative Commons-license our dissertations. And, what d'ya know? It allows free download of Popoveniuc and other open dissertations. (although one does have to give ProQuest some information... and I didn't check if Popoveniuc's dissertation is available online too.)

I suspect mine isn't in their database because of the Creative Commons issue. We'll see!

Here at Princeton's CITP, we have a healthy interest in issues of open government and government transparency. With the release last week of the Open Government Directive by the Obama Administration, our normally gloomy winter may prove to be considerably brighter.

In addition to creating crazy-cool tools like Recap and FedThread, we’ve also been thinking deeply about the nature of open and transparent government, how system designers and architects can better create transparent systems and how to achieve sustainability in open government. Related to these questions are those of the law.gov effort—providing open access to primary legal materials—and how to best facilitate the tinkerers who work on projects of open government.

These are deep issues, so we thought it best to organize a workshop and gather people from a variety of perspectives to dig in.

If you’re interested, come to our workshop next month! While we didn’t consciously plan it this way, the last day of this workshop corresponds to the first 45-day deadline under the OGD.

Open Government: Defining, Designing, and Sustaining Transparency

January 21–22, 2010
http://citp.princeton.edu/open-government-workshop/

Despite increasing interest in issues of open government and governmental transparency, the values of “openness” and “transparency” have been undertheorized. This workshop will bring together academics, government, advocates and tinkerers to examine a few critical issues in open and transparent government. How can we better conceptualize openness and transparency for government? Are there specific design and architectural needs and requirements placed upon systems by openness and transparency? How can openness and transparency best be sustained? How should we change the provision and access of primary legal materials? Finally, how do we best coordinate the supply of open government projects with the demand from tinkerers?

Anil Dash, Director of the AAAS’ new Expert Labs, will deliver the keynote. The list of speakers is impressive and practically guaranteed to catalyze deep thinking.

The workshop is free and open to the public, although we ask that you RSVP to citp@princeton.edu so that we be sure to have a name tag and lunch for you.

(cross-posted at Freedom To Tinker)

As Ed pointed out in October, Sequoia Voting Systems, Inc. ("Sequoia") announced then that it intended to publish the source code of their voting system software, called "Frontier", currently under development. (Also see EKR's post: "Contrarianism on Sequoia's Disclosed Source Voting System".)

Yesterday, Sequoia made good on this promise and you can now pull the source code they've made available from their Subversion repository here: http://sequoiadev.svn.beanstalkapp.com/projects/

Sequoia refers to this move in it's release as "the first public disclosure of source code from a voting systems manufacturer". Carefully parsed, that's probably correct: there have been unintentional disclosures of source code (e.g., Diebold in 2003) and I know of two other voting industry companies that have disclosed source code (VoteHere, now out of business, and Everyone Counts), but these were either not "voting systems manufacturers" or the disclosures were not available publicly. Of course, almost all of the research systems (like VoteBox and Helios) have been truly open source. Groups like OSDV and OVC have released or will soon release voting system source code under open source licenses.

I wrote a paper ages ago (2006) on the use of open and disclosed source code for voting systems and I'm surprised at how well that analysis and set of recommendations has held up (the original paper is here, an updated version is in pages 11–41 of my PhD thesis).

The purpose of my post here is to highlight one point of that paper in a bit of detail: disclosed source software licenses need to have a few specific features to be useful to potential voting system evaluators. I'll start by describing three examples of disclosed source software licenses and then talk about what I'd like to see, as a tinkerer, in these agreements.

Read more »

Today, UC Berkeley Professors Philip Stark, Jasjeet Sekhon and Henry Brady, along with me, sent the California Secretary of State a brief comment about her effort to provide precinct-level elections data for all 58 California counties.

We applaud the project and are very excited about the prospects of precinct-level data from each county in near real time. In the comment, we point out how the data isn't nearly as usable as it could be and how the focus right now should be on making sure that counties can get the data out of their back-end systems and then the SoS (with help, if she wants it!) can worry about transforming the data into something more usable.

Find the PDF of the comment here:
http://josephhall.org/papers/county-data-comments-final.pdf

On October 13, Aaron Burstein and I sent a letter to the EAC's Director of Voting System Testing and Certification, Brian Hancock, signed by many of the California Top-To-Bottom Review (TTBR) investigators ("CA TTBR Investigators Send Letter to the EAC"). The letter showed that the EAC had approved a voting system test plan after a testing laboratory misunderstood the results of the California TTBR.

On October 21, The EAC replied. Today, Aaron and I responded (on behalf of ourselves).

The EAC has done a great service by making the test plan and test report available, but the substance of the documents falls short of assuring us that iBeta’s tests covered the TTBR’s findings. Taken together, these documents do not demonstrate how iBeta’s tests covered the issues raised by the TTBR.

I have an old PowerBook G4 that I want to sell, for whatever the market will bear, on eBay.

I put some thought into preparing it for sale. I wanted the hard disk wiped clean of any information I had. I also wanted the recipient to get a fresh, updated OS install but still have that new-user "Welcome to Mac!" video/music experience.

This is what I recommend:

1. Boot from the Mac OS X install disk. Select the "Utilities" Menu and then "Disk Utility". We'll want to erase "Macintosh HD" securely. I suggest clicking on "Security Options..." and selecting a 7-pass erase. Let this sucker run, it takes about 3 hours per 100GB on your drive. Quit Disk Utility when it's done.
2. Install Mac OS X. When it starts asking you questions, first, don't enter in a wifi password (you can do this when you get to a normal desktop). Then, enter in "test" wherever you can and make sure the user it sets up is simple like "test" with no password.
3. When you get to a desktop, run Software Update and update everything.
4. You might also want to run System Profiler (in the Apple menu, click "About this Mac..." and then "More Info"). You can save the system profiler information as an archive of your past Mac's stats. I just emailed it to myself.
5. Next, shutdown the computer, power back up while holding Command-S, which will boot you into single-user mode (which will be white text on black background... you'll know you're "there" when a # sign is there as a prompt).

6. Run the following commands, exactly as typed:

   mount -uw /
   rm -rf /Users/*
   cd /var/db
   rm .AppleSetupDone
   rm .com.apple.iokit.graphics
   rm -rf dhcpclient
   rm -rf samba
   shutdown -h now
   

   These commands do a few things: mounts your hard disk, removes all accounts in the /Users/ directory, removes the file that tells your Mac not to do the Apple Setup whizbang, removes a bunch of graphics, networking and printing information that should be reset when the Mac starts for the first time.

7. Done! You can boot it back up now to see that it does go to the Mac "Welcome" celebratory introduction montage.

   BTW, if you've set your Mac up such that it has a "verbose boot" (where it shows you what's happening during boot), you will see this when you start it up again. You'll want to either boot back into single-user mode or add a line to the above that resets the boot arguments to be non-verbose. To do this, type

   nvram boot-args=
   

   in single user mode (setting verbose mode is accomplished by nvram boot-args="-v" in single-user mode or sudo nvram boot-args="-v" at the terminal).

Now your old Mac is wiped clean, with a fresh updated operating system.

You might want to take a few pictures of it, find all the stuff that goes with it and prepare an auction page on eBay. I'd also recommend being very careful on eBay these days as scams abound... I use PayPal with their insurance and I watch a few items like mine to set a decent (but low) starting price

(Note: I cobbled together the single-user commands in step 6 from the following posts at Mac Guru Lounge, TUAW and post 10 by DeltaMac on this MacOSXHints thread.)

Michelle's eMac (yeah, it's old) has been doing something weird where iTunes looses all knowledge of her music library and metadata. The music is still there, but her iTunes Music Library.xml file is nowhere to be found. Luckily, we back her Mac up so we can follow these instructions for restoring iTunes Music metadata using an old version of her xml file:

1. Close iTunes.
2. Open your Music folder.
3. Drag iTunes Music Library.xml, if it exists, to the Desktop (or somewhere else). I'd change the name--like add a date--so that you know which xml file it is.
4. Drag any file like iTunes Library or iTunes 4 Music Library (with no file extension or .itl) to the trash.
5. Open iTunes. Do Nothing!
6. Select File > Library > Import Playlist and choose the version of iTunes Music Library.xml that you've last backed up.
7. It will take a while to do a number of things.

The following is a letter I just sent to supervisors in the Comcast Twitter support team:

To: doug_xxxxxx@cable.comcast.com, frank_xxxxxxx@cable.comcast.com

Hello,

I'm a Comcast Cable customer in New Jersey and a bit of a geek. I'm very impressed by the Twitter-savvy customer support Comcast engages in, and especially @ComcastBonnie.

About two weeks ago, I started experiencing extremely frustrating network drops in my apartment. The only recourse was to cycle power on the modem and NAT device. This would happen at extremely frustrating times, while downloading tarballs (read: ZIP files) or right before critical deadlines. In my helplessness, I posted an update to Twitter lamenting about how my network connection was dropping out at home. I think I included the "#" symbol before "comcast" mostly as an afterthought to create a Twitter hashtag so that I could see who else was frustrated.

Little did I know that Comcast has a twitter-enabled and -savvy support team. @ComcastBonnie responded and helped me troubleshoot the problem. I thought it was my surfboard POS modem, but diagnostics on her end (or something) didn't seem to support that. Finally, she showed me to point my browser to 192.168.100.1 and check the upstream power, which was 53.2 dBmV (bad!). Turns out I had about three splitters between the wall and the modem and eliminating even just the first one brought it up to 36.9 dBmV.

And now I have plans to simply run a direct connection from the wall to the modem, as I should have realized with all my education in the first place.

So, thanks to Comcast and @ComcastBonnie for embracing a new technology and staffing it with people that speak geek and know their stuff.

Sincerely, Joe

PS: And @ComcastGeorge helped me too... I couldn't opt-out of the Domain Helper Service using comcast.net as it doesn't let me "edit the device" to opt-out on my own. He was able (via Grand Central or something equally mysterious to me) to get me opted-out.

--
Joseph Lorenzo Hall
ACCURATE Postdoctoral Research Associate
UC Berkeley School of Information
Princeton Center for Information Technology Policy
http://josephhall.org/

The iPhone Dev Team is on it!

The skinny: updating to 3.1.2 is as simple as creating a custom firmware file and then Option+Restore via iTunes. It's that simple.

Here is the more verbose version of what I did:

1. Grab PwnageTool 3.1.4 and the iPhone 3.1.2 IPSW.
2. Use PwnageTool to create a custom firmware but be sure "enable baseband update" is unchecked in the "General" tab. Also, now is the time for your custom boot logo. (If you update your baseband, you could face a problem that might result in your needed to start from a virgin unlock+jailbreak. I think... just don't do it!)
3. Open iTunes, connect your iPhone, let it back up and then hold down Option while clicking on Restore. Point it to the firmware you just created. It will restore the phone and you'll be prompted to restore your data from a recent backup (choose the most recent). Do that. Then it will resync your AppStore Apps and your music and contacts, etc.
4. Finally, install all your Cydia Apps, or use AptBackup if you aren't still pissed off at it for fucking up a previous iPhone upgrade.
5. Make sure to change the default passwords and redo the Cycorder symbolic link (more here).