Current Berkman People and Projects

Keep track of Berkman-related news and conversations by subscribing to this page using your RSS feed reader. This aggregation of blogs relating to the Berkman Center does not necessarily represent the views of the Berkman Center or Harvard University but is provided as a convenient starting point for those who wish to explore the people and projects in Berkman's orbit. As this is a global exercise, times are in UTC.

The list of blogs being aggregated here can be found at the bottom of this page.

March 06, 2015

Bruce Schneier
Now Corporate Drones are Spying on Cell Phones

The marketing firm Adnear is using drones to track cell phone users:

The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns.

"Let's say someone is walking near a coffee shop," Kataria said by way of example.

The coffee shop may want to offer in-app ads or discount coupons to people who often walk by but don't enter, as well as to frequent patrons when they are elsewhere. Adnear's client would be the coffee shop or other retailers who want to entice passersby.


The system identifies a given user through the device ID, and the location info is used to flesh out the user's physical traffic pattern in his profile. Although anonymous, the user is "identified" as a code. The company says that no name, phone number, router ID, or other personally identifiable information is captured, and there is no photography or video.

Does anyone except this company believe that device ID is not personally identifiable information?

by Bruce Schneier at March 06, 2015 06:43 AM

Friday Squid Blogging: Humboldt Squid Communicate by Flashing Each Other

Scientists are attaching cameras to Humboldt squid to watch them communicate with each other.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at March 06, 2015 04:32 AM

The Democratization of Cyberattack

The thing about infrastructure is that everyone uses it. If it's secure, it's secure for everyone. And if it's insecure, it's insecure for everyone. This forces some hard policy choices.

When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection--basically, a technology that allows the agency to hack into computers.

Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well.

All of these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the internet's defenses, the NSA has worked to ensure that anyone can use packet injection to hack into computers.

This isn't the only example of once-top-secret US government attack capabilities being used against US government interests. StingRay is a particular brand of IMSI catcher, and is used to intercept cell phone calls and metadata. This technology was once the FBI's secret, but not anymore. There are dozens of these devices scattered around Washington, DC, as well as the rest of the country, run by who-knows-what government or organization. By accepting the vulnerabilities in these devices so the FBI can use them to solve crimes, we necessarily allow foreign governments and criminals to use them against us.

Similarly, vulnerabilities in phone switches--SS7 switches, for those who like jargon--have been long used by the NSA to locate cell phones. This same technology is sold by the US company Verint and the UK company Cobham to third-world governments, and hackers have demonstrated the same capabilities at conferences. An eavesdropping capability that was built into phone switches to enable lawful intercepts was used by still-unidentified unlawful intercepters in Greece between 2004 and 2005.

These are the stories you need to keep in mind when thinking about proposals to ensure that all communications systems can be eavesdropped on by government. Both the FBI's James Comey and UK Prime Minister David Cameron recently proposed limiting secure cryptography in favor of cryptography they can have access to.

But here's the problem: technological capabilities cannot distinguish based on morality, nationality, or legality; if the US government is able to use a backdoor in a communications system to spy on its enemies, the Chinese government can use the same backdoor to spy on its dissidents.

Even worse, modern computer technology is inherently democratizing. Today's NSA secrets become tomorrow's PhD theses and the next day's hacker tools. As long as we're all using the same computers, phones, social networking platforms, and computer networks, a vulnerability that allows us to spy also allows us to be spied upon.

We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.

As long as criminals are breaking into corporate networks and stealing our data, as long as totalitarian governments are spying on their citizens, as long as cyberterrorism and cyberwar remain a threat, and as long as the beneficial uses of computer technology outweighs the harmful uses, we have to choose security. Anything else is just too dangerous.

This essay previously appeared on Vice Motherboard.

EDITED TO ADD (3/4): Slashdot thread.

by Bruce Schneier at March 06, 2015 04:21 AM

Everyone Wants You To Have Security, But Not from Them

In December, Google's Executive Chairman Eric Schmidt was interviewed at the CATO Institute Surveillance Conference. One of the things he said, after talking about some of the security measures his company has put in place post-Snowden, was: "If you have important information, the safest place to keep it is in Google. And I can assure you that the safest place to not keep it is anywhere else."

The surprised me, because Google collects all of your information to show you more targeted advertising. Surveillance is the business model of the Internet, and Google is one of the most successful companies at that. To claim that Google protects your privacy better than anyone else is to profoundly misunderstand why Google stores your data for free in the first place.

I was reminded of this last week when I appeared on Glenn Beck's show along with cryptography pioneer Whitfield Diffie. Diffie said:

You can't have privacy without security, and I think we have glaring failures in computer security in problems that we've been working on for 40 years. You really should not live in fear of opening an attachment to a message. It ought to be confined; your computer ought to be able to handle it. And the fact that we have persisted for decades without solving these problems is partly because they're very difficult, but partly because there are lots of people who want you to be secure against everyone but them. And that includes all of the major computer manufacturers who, roughly speaking, want to manage your computer for you. The trouble is, I'm not sure of any practical alternative.

That neatly explains Google. Eric Schmidt does want your data to be secure. He wants Google to be the safest place for your data ­ as long as you don't mind the fact that Google has access to your data. Facebook wants the same thing: to protect your data from everyone except Facebook. Hardware companies are no different. Last week, we learned that Lenovo computers shipped with a piece of adware called Superfish that broke users' security to spy on them for advertising purposes.

Governments are no different. The FBI wants people to have strong encryption, but it wants backdoor access so it can get at your data. UK Prime Minister David Cameron wants you to have good security, just as long as it's not so strong as to keep the UK government out. And, of course, the NSA spends a lot of money ensuring that there's no security it can't break.

Corporations want access to your data for profit; governments want it for security purposes, be they benevolent or malevolent. But Diffie makes an even stronger point: we give lots of companies access to our data because it makes our lives easier.

I wrote about this in my latest book, Data and Goliath:

Convenience is the other reason we willingly give highly personal data to corporate interests, and put up with becoming objects of their surveillance. As I keep saying, surveillance-based services are useful and valuable. We like it when we can access our address book, calendar, photographs, documents, and everything else on any device we happen to be near. We like services like Siri and Google Now, which work best when they know tons about you. Social networking apps make it easier to hang out with our friends. Cell phone apps like Google Maps, Yelp, Weather, and Uber work better and faster when they know our location. Letting apps like Pocket or Instapaper know what we're reading feels like a small price to pay for getting everything we want to read in one convenient place. We even like it when ads are targeted to exactly what we're interested in. The benefits of surveillance in these and other applications are real, and significant.

Like Diffie, I'm not sure there is any practical alternative. The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it. We want strong security, but we also want companies to have access to our computers, smart devices, and data. We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices.

Those "someones" will necessarily be able to violate our privacy, either by deliberately peeking at our data or by having such lax security that they're vulnerable to national intelligence agencies, cybercriminals, or both. Last week, we learned that the NSA broke into the Dutch company Gemalto and stole the encryption keys for billions ­ yes, billions ­ of cell phones worldwide. That was possible because we consumers don't want to do the work of securely generating those keys and setting up our own security when we get our phones; we want it done automatically by the phone manufacturers. We want our data to be secure, but we want someone to be able to recover it all when we forget our password.

We'll never solve these security problems as long as we're our own worst enemy. That's why I believe that any long-term security solution will not only be technological, but political as well. We need laws that will protect our privacy from those who obey the laws, and to punish those who break the laws. We need laws that require those entrusted with our data to protect our data. Yes, we need better security technologies, but we also need laws mandating the use of those technologies.

This essay previously appeared on

Edited to add: French translation.

by Bruce Schneier at March 06, 2015 01:07 AM

March 05, 2015

Bruce Schneier
Google Backs Away from Default Lollipop Encryption

Lollipop device encryption by default is still in the future. No conspiracy here; it seems like they don't have the appropriate drivers yet. But while relaxing the requirement might make sense technically, it's not a good public relations move.

Android compatibility document. Slashdot story.

by Bruce Schneier at March 05, 2015 10:29 PM

metaLAB (at) Harvard
The Cave


During the summer of 2014, the Getty Trust launched an important new initiative in digital art history designed to help art historians and museum professionals to explore the opportunities and challenges of new and emergent technologies. Along with George Mason and UCLA, metaLAB hosted one of the workshops devised for this purpose: ours was entitled Beautiful Data and involved some 23 scholars, curators, technologists, and designers. The program has been renewed, so a new and improved Beautiful Data II is now in preparation, along with analogous workshops at George Mason and UCLA. As a token of the importance that the Getty attributes to the digital turn in art history and cultural history writ large, the Trust invited Johanna Drucker and myself to contribute brief prefatory essays to its 2014 Annual Report. These have now been published at also available in a downloadable pdf.

My contribution is entitled “The Scale of the Human Record.” It begins with a rumination on Werner Herzog’s Cave of Forgotten Dreams, the 2010 documentary in which,under difficult conditions, the German director set out to explore the remarkable complex of Aurignacian paintings discovered in the Chauvet-Pont-d’Arc cave in 1994. It then moves on to consider questions of cognitive scale:

In the wake of this vicarious journey to the beginnings of human culture, I was left reflecting on a question of scale that informs much of my current speculative thinking and experimental practice in the domain of digital art and humanities. The stories that the Chauvet parietal paintings tell, like the story that unfolds in frame after frame of Cave of Forgotten Dreams, is closely tied to the scale of the human body and its perceptual apparatus. Both traffic in objects and events that fall within the framework of ordinary, possible, or plausible human experience; objects and events that humans can somehow see, hear, smell, taste, or touch; animals that can eat others or be eaten; tools by means of which such creatures can be subdued from a safe distance; corridors available to the ancient hunter or modern spelunker; image arrays that, no matter how big or small, remain readily graspable by human eyes. Whether as individuals or collectivities, we typically find meaning in what is available to us as experience and, accordingly, it is on this very scale that human experience and the cultural record of human experience have been shaped. One might say that, in this one regard, little has changed from the Aurignacian era to our own, despite the many ways in which our perceptual faculties have been extended by instruments such as telescopes, microscopes, microphones, and sensors.

The essay goes on to show how even an apparently simple site such as Chauvet-Pont-d’Arc can contain spatial, temporal, and material complexities that defy our cognitive abilities unless these are aided by tools and techniques that expand their powers. It concludes by extending this lesson to the data rich caverns of our own era:

In the immersive data caves of the twenty-first century, the same sorts of complexities and opportunities abound that made this ice age database the worthy subject of Herzog’s probing eye. They arise at the level of understanding large systems in all of their sometimes overwhelming intricacy; and they arise alike at the level of grappling with the beauty and significance of individual objects as well as the particulars that make them up. This is not an either/or proposition with respect to traditional practices of art-historical inquiry, but rather an expansion of their scope, reach, and even audience. As open content initiatives like those undertaken by the Getty expose ever vaster portions of the cultural record to public view, the tools and tasks of storytelling must themselves expand to meet the challenges and seize the opportunities of the Digital Age.

by jschnapp at March 05, 2015 08:49 PM

Bruce Schneier
Data and Goliath Book Tour

Over the next two weeks, I am speaking about my new book -- Data and Goliath, if you've missed it -- in New York, Boston, Washington, DC, Seattle, San Francisco, and Minneapolis. Stop by to get your book signed, or just to say hello.

by Bruce Schneier at March 05, 2015 07:19 PM

Berkman Center front page
[UPCOMING] Intelligence² Debate: Should the US Adopt "The Right to be Forgotten?"


featuring Berkman Co-founder Jonathan Zittrain


Berkman Co-founder Jonathan Zittrain and former Berkman fellow Andrew McLaughlin join public radio's Intelligence Squared US for a debate on the European Union's "Right to be Forgotten" rule, and whether it should be adopted in the US.

Thumbnail Image: 

March 11, 2015
6:45-8:30 PM EDT

Berkman Co-founder Jonathan Zittrain and former Berkman fellow Andrew McLaughlin join public radio's Intelligence Squared US for a debate on the European Union's "Right to be Forgotten" rule, and whether it should be adopted in the US. 

Additional panelists include: Paul Nemitz, Director of Fundamental Rights & Citizenship, DG Justice & Consumers, EU Commission, and Eric Posner, Professor of Law, University of Chicago

In 2014, the European Union’s Court of Justice determined that individuals have a right to be forgotten, “the right—under certain conditions—to ask search engines to remove links with personal information about them.” It is not absolute, but meant to be balanced against other fundamental rights, like freedom of expression. In a half year following the Court’s decision, Google received over 180,000 removal requests. Of those reviewed and processed, 40.5% were granted. Largely seen as a victory in Europe, in the U.S., the reaction has been overwhelmingly negative. Was this ruling a blow to free speech and public information, or a win for privacy and human dignity?

More about the event
More about Intelligence Squared US


Watch the livestream here

About Jonathan Zittrain

Jonathan Zittrain is the George Bemis Professor of Law at Harvard Law School and the Kennedy School of Government, co-founder and faculty director of the Berkman Center for Internet & Society, and professor of computer science at the School of Engineering and Applied Sciences. His research interests include battles for control of digital property and content, cryptography, electronic privacy, the roles of intermediaries within Internet architecture, and human computing. He performed the first large-scale tests of Internet filtering in China and Saudi Arabia, and, as part of the OpenNet Initiative, co-edited a series of studies of Internet filtering by national governments. He holds board positions at the Electronic Frontier Foundation and Scientific American, and was a trustee of the Internet Society, a forum fellow of the World Economic Forum, and a distinguished scholar-in-residence at the FCC, where he chaired the Open Internet Advisory Committee. He is the author of The Future of the Internet -- And How to Stop It (2009).

About Andrew McLaughlin

Andrew McLaughlin is currently CEO of Digg and Instapaper and a partner at betaworks. From 2009-11, he was a member of Obama's senior White House staff, serving as deputy chief technology officer of the U.S., responsible for advising the president on Internet, technology, and innovation policy. Previously, he was director of global public policy at Google, leading the company's work on issues like freedom of expression and censorship, surveillance and law enforcement, privacy, and Internet regulation. McLaughlin has lectured at Stanford Law and Harvard Law, and held fellowships at Stanford’s Center for Internet & Society, Princeton's Center for IT Policy, and Harvard’s Berkman Center for Internet & Society. He helped launch and manage ICANN, the Internet's technical coordinating organization, and has worked on Internet and telecom law reform projects in a number of developing countries. After clerking on the U.S. Court of Appeals for the 8th Circuit, he started his career as a lawyer in D.C., where he focused on appellate and constitutional litigation.

Illustration by Thomas James

by djones at March 05, 2015 07:18 PM

Bruce Schneier
Tom Ridge Can Find Terrorists Anywhere

One of the problems with our current discourse about terrorism and terrorist policies is that the people entrusted with counterterrorism -- those whose job it is to surveil, study, or defend against terrorism -- become so consumed with their role that they literally start seeing terrorists everywhere. So it comes as no surprise that if you ask Tom Ridge, the former head of the Department of Homeland Security, about potential terrorism risks at a new LA football stadium, of course he finds them everywhere.

From a report he prepared -- paid, I'm sure -- about the location of a new football stadium:

Specifically, locating an NFL stadium at the Inglewood-Hollywood Park site needlessly increases risks for existing interests: LAX and tenant airlines, the NFL, the City of Los Angeles, law enforcement and first responders as well as the citizens and commercial enterprises in surrounding areas and across global transportation networks and supply chains. That risk would be expanded with the additional stadium and "soft target" infrastructure that would encircle the facility locally.

To be clear, total risk cannot be eliminated at any site. But basic risk management principles suggest that the proximity of these two sites creates a separate and additional set of risks that are wholly unnecessary.

In the post 9/11 world, the threat of terrorism is a permanent condition. As both a former governor and secretary of homeland security, it is my opinion that the peril of placing a National Football League stadium in the direct flight path of LAX -- layering risk -- outweigh any benefits over the decades-long lifespan of the facility.

If a decision is made to move forward at the Inglewood/Hollywood Park site, the NFL, state and local leaders, and those they represent, must be willing to accept the significant risk and the possible consequences that accompany a stadium at the location. This should give both public and private leaders in the area some pause. At the very least, an open, public debate should be enabled so that all interests may understand the comprehensive and interconnected security, safety and economic risks well before a shovel touches the ground.

I'm sure he can't help himself.

I am reminded of Glenn Greenwald's essay on the "terrorist expert" industry. I am also reminded of this story about a father taking pictures of his daughters.

On the plus side, now we all have a convincing argument against development. "You can't possibly build that shopping mall near my home, because OMG! terrorism."

by Bruce Schneier at March 05, 2015 06:23 PM

Data and Goliath: Reviews and Excerpts

On the net right now, there are excerpts from the Introduction on Scientific American, Chapter 5 on the Atlantic, Chapter 6 on the Blaze, Chapter 8 on Ars Technica, Chapter 15 on Slate, and Chapter 16 on Motherboard. That might seem like a lot, but it's only 9,000 of the book's 80,000 words: barely 10%.

There are also a few reviews: from Boing Boing, Booklist, Kirkus Reviews, and Nature. More reviews coming.

Amazon claims to be temporarily out of stock, but that'll only be for a day or so. There are many other places to buy the book, including Indie Bound, which serves independent booksellers.

Book website is here.

by Bruce Schneier at March 05, 2015 01:59 PM

March 04, 2015

Berkman Center front page
Upcoming Events: Distributed and Digital Disaster Response (3/10); National Security Cyber Operations and Policy (3/11); More Science Behind Shaping Behaviors in Online Games (3/13)


A preview of our upcoming events calendar and recently archived digital media

Upcoming Events / Digital Media
March 4, 2015
berkman luncheon series

Distributed and Digital Disaster Response

Tuesday, March 10, 12:00pm ET, Berkman Center for Internet & Society, 23 Everett St, 2nd Floor. This event will be webcast live.


Berkman Fellow Willow Brugh will present at the Berkman Center luncheon series.

Willow Brugh, known as willowbl00 works with Aspiration Technology, and as a professor of practice of Professor of Practice at Brown University. She’s also affiliated with the Center for Civic Media at MIT’s Media Lab, the New England Complex Systems Institute, and a fellow at Harvard's Berkman Center for Internet and Society. RSVP Required. more information on our website>

co-sponsored event

National Security Cyber Operations and Policy Event

Wednesday, March 11, 12:00pm ET, Harvard Law School, Pound Hall, Room 102. Co-sponsored by the Journal of Law and Technology.


Please join Luke Dembosky, the newest Deputy Assistant Attorney General of the Justice Department's National Security Division, for a discussion on economic espionage, protecting national assets in the digital age, and cyber-based security threats. He has previously worked as the Deputy Chief for Litigation in DOJ's Computer Crimes and Intellectual Property Section and the DOJ representative on matters of transnational crime at the U.S. Embassy in Moscow, Russia. He has been involved in some of the largest and most groundbreaking cybercrime prosecutions in U.S. history, including the recent GameOver Zeus botnet disruption, coordination of the Silk Road takedown, and U.S. v. Max Ray Butler.

more information on our website>

co-sponsored event

More Science Behind Shaping Behaviors in Online Games

Friday, March 13, 12:00pm ET, Harvard Graduate School of Education, Larsen 106. Co-sponsored by HarvardX, MIT Office of Digital Learning, HGSE TIE Program, and the Berkman Center.


From Jeffrey: When online communities first emerged on the internet, they developed without structure--there were no consequences so users “grew up” thinking that certain behaviors (such as being racist, homophobic or sexist) were an accepted norm online. As society spends more and more of their time online, we believe that the next evolution of online society is to give the online citizen the tools to build and shape their own community--to believe in users and players and their ability to do the right thing. To show the impact of this philosophy, we’ll start by using social network analysis to map out how player behavior (both positive and negative) spreads in League of Legends, an online game with over 67 million players a month. By combining the latest research techniques from social and cognitive psychology with machine learning and game design, you can reduce online negative behaviors by multiple factors, reset and re-create online cultural norms and create an online future that users and players can be proud of. Critically, these systems are all driven directly by feedback and contributions from the users and players of League of Legends.

Registration required. more information on our website>

berkman luncheon series

America's Complicated Relationship with Civic Duty: Understanding Everyday Americans at the Core of Civic Innovation

Tuesday, March 24, 12:00pm ET, Berkman Center for Internet & Society, 23 Everett St, 2nd Floor. This event will be webcast live.


Kate Krontiris will discuss "America's Complicated Relationship with Civic Duty: Understanding Everyday Americans at the Core of Civic Innovation". Description forthcoming.

Kate Krontiris is a researcher, strategist, and facilitator working to transform civic life in America. In pursuit of a society where more people assert greater ownership over the decisions that govern their lives, she uses ethnographic tools to design products, policies, and services that enable a more equitable democratic future. During her fellowship with the Berkman Center, Kate will explore two topics: 21st century girlhood, and Americans' awareness of their government's presence in their lives. RSVP Required. more information on our website>


Workshopping Ideas: Presentations from the Digital Problem-Solving Initiative (DPSI) Teams


The Digital Problem-Solving Initiative (DPSI, or "dip-see") at Harvard University, is an innovative and collaborative project, hosted through the Berkman Center. DPSI brings together a diverse group of learners (students, faculty, fellows, and staff) to work on projects to address challenges and opportunities across the university. In this talk DPSI participants showcase: a smartphone app to reduce campus assault; a method statisticians can use to protect the anonymity of their subjects; and an innovative, immersive documentary project. video/audio on our website>

Other Events of Note

Local, national, international, and online events that may be of interest to the Berkman community:

You are receiving this email because you subscribed to the Berkman Center's Weekly Events Newsletter. Sign up to receive this newsletter if this email was forwarded to you. To manage your subscription preferences, please click here.

Connect & get involved: Jobs, internships, and more iTunes Facebook Twitter Flickr YouTube RSS

See our events calendar if you're curious about future luncheons, discussions, lectures, and conferences not listed in this email. Our events are free and open to the public, unless otherwise noted.

The Berkman Center for Internet & Society at Harvard University was founded to explore cyberspace, share in its study, and help pioneer its development. For more information, visit

Berkman Center for Internet & Society

by ashar at March 04, 2015 08:18 PM

Berkman Buzz: March 4 2015


Cybersecurity, saying goodbye to tech companies, games as assessments, identifying villains online and more... in this week's Buzz.

Thumbnail Image: 

The Berkman Buzz is a weekly collection of work, conversations, and news from around the Berkman community.

Everyone Wants You To Have Security, But Not From Them

Quotation mark

by Bruce Schneier

In December Google's Executive Chairman Eric Schmidt was interviewed at the CATO Institute Surveillance Conference. One of the things he said, after talking about some of the security measures his company has put in place post-Snowden, was: "If you have important information, the safest place to keep it is in Google. And I can assure you that the safest place to not keep it is anywhere else."

The surprised me, because Google collects all of your information to show you more targeted advertising. Surveillance is the business model of the Internet, and Google is one of the most successful companies at that. To claim that Google protects your privacy better than anyone else is to profoundly misunderstand why Google stores your data for free in the first place.

From Forbes | @schneierblog

More from Bruce this week:
Cyberweapons have no allegiance (Vice)
How to Mess With Surveillance (Slate)

Why I'm Saying Goodbye to Apple, Google and Microsoft

Quotation mark

by Dan Gillmor

I've moved to these alternative platforms because I've changed my mind about the politics of technology. I now believe it's essential to embed my instincts and values, to a greater and greater extent, in the technology I use.

Those values start with a basic notion: We are losing control over the tools that once promised equal opportunity in speech and innovation—and this has to stop.

Control is moving back to the center, where powerful companies and governments are creating choke points. They are using those choke points to destroy our privacy, limit our freedom of expression, and lock down culture and commerce. Too often, we give them our permission-trading liberty for convenience-but a lot of this is being done without our knowledge, much less permission.

From Backchannel | @dangillmor

More from Dan this week:
When Tech Companies Betray Consumers, Why Don't They Own Up to It? (Slate)

New Research on Games and Classroom Assessment Practices


by Justin Reich

Over recent years, advocates of games in classroom settings have argued that games have great features for assessing student learning. Games present students with a series of challenges, and they can be instrumented to capture richly detailed data about how students deal with those challenges and how successful they are. What if instead of having students take tests, we had them play games with "stealth assessments" embedded within them that captured similar data about student learning.

From Education Week | @bjfr

Following the Digital Breadcrumbs: How to distinguish online nutcases from honest-to-God villains.


by Josephine Wolff

When news of a mass shooting breaks, do you try to find the alleged perpetrator on Twitter? Perusing the social media accounts and online activity of murderers and terrorists has become one of the strangest and most immediate rituals of post-tragedy news analysis. In the aftermath of the Boston Marathon bombings, we read Dzhokhar Tsarnaev's tweets; following the 2012 movie theater shooting in Aurora, Colorado, we analyzed shooter James Holmes' online dating profiles; after Adam Lanza killed 26 people at Sandy Hook Elementary School, we learned about his online alter ego, "Kaynbred," and penchant for violent video games and editing Wikipedia articles about mass murderers. We latch on to these details because they are some of the most immediately available information in the aftermath of inexplicable tragedies about the people who perpetrated them and why they would do such things.

From | @josephinecwolff

What Happens After College


a new infographic from Alison Head

Project Information Literacy (PIL) released a new infographic this week from their large-scale lifelong learning research study. The infographic features preliminary findings about information-seeking practices for continued learning after college, based on survey responses from a sample of recent grads (n=1,651) from 10 US colleges and universities.

Based on key trends and preliminary findings from Alison Head's latest report for Project Information Literacy (PIL)

Fact Checking the Conflict in Eastern Ukraine

Quotation mark

by Aric Toler

Amid the ongoing conflict in eastern Ukraine, an information war between Russia and Ukraine has raged online and in the media. Much of the information warfare revolves around framing the conflict itself and arguing about its origins and implications, both historical and geopolitical, but some of the mud-slinging is a little more down to earth.

According to Russian state-controlled media outlets, the Kremlin hasn't sent a single piece of military equipment to the rebels in eastern Ukraine. Moscow's narrative is that all vehicles and weapons controlled by separatists were seized from the Ukrainian military. On the other side of the conflict, Kyiv regularly states that an overwhelming number of the separatists' vehicles and weapons are provided by Russia, saying the Ukrainian military has lost relatively minimal supplies of equipment throughout the war.

From Global Voices | @globalvoices

More Berkman in the News

Manage subscription preferences

by gweber at March 04, 2015 05:15 PM

March 03, 2015

David Weinberger
[liveblog] David Sanger on cybersecurity. And Netanyahu

David Sanger of the NY Times is giving a Shorenstein Center lunchtime talk about covering security.

NOTE: Live-blogging. Getting things wrong. Missing points. Omitting key information. Introducing artificial choppiness. Over-emphasizing small matters. Paraphrasing badly. Not running a spellpchecker. Mangling other people’s ideas and words. You are warned, people.

David begins by honoring Alex Jones, the retiring head of the Shorenstein Center with whom he worked at the Times.

David tells us that he wrote his news analysis of the Netanyahu speech to Congress last night, before the talk, because people now wake up and expect it to read about it. His articles says that a semantic difference has turned into a strategic chasm: we’ve gone from preventing Iran from having the capability of building a weapon to preventing Iran from building a weapon. Pres. Obama dodged this question when David asked him about it in 2010. If the Iran deal goes through, says David, it will be the biggest diplomatic step since Nixon went to China.

Probably six years ago David had just come back from writing The Inheritance, which disclosed that GW Bush had engaged in the first computer attacks on Iran. He came back to the newsroom saying that we need to start thinking about the strategic uses of cyber as a weapon, beyond worrying about kids in a basement hacking into your bank account. This was an uphill struggle because it’s extremely difficult to get editors to think about a nontraditional form of warfare. Drones we understand: it’s an unmanned aircraft with familiar consquences when it goes wrong. We all understand nuclear weapons because we saw Hiroshima. Cyber is much harder to get people to understand. To make matters worse, there are so many different kinds of cyber attacks.

When you think about cyber you have to think about three elements, he says. 1. Cyber for espionage, by states or by thieves. 2. Cyber for economic advantage, on the cusp between business and govt. E.g., Chinese steal IP via operations run out of the Chinese Army. The US thinks that’s out of bounds but the Chinese think “What’s more important to our national interest than our economy? Of course we’ll steal IP!” 3. Cyber for political coercion, e.g. Stuxnet. This tech is spreading faster than ever, and it’s not just in the hands of states. We have no early concept of how we’re going to control this. We now claim Iran was behind cyberattacks on Las Vegas casinos. And, of course, the Sony hack. [He recounts the story.] “This was not a little drive-by attack.”

He says he would have predicted that if we got into a cyber war with another country, it would be an attack on the grid or some such, not an attempt to stop the release of a “terrible” commercial movie. “We’re in a new era of somewhat constant conflict.” Only now is the govt starting to think about how this affects how we interact with other companies. Also, it’s widened the divide Snowden has opened between Silicon Valley and the govt. Post-Snowden, companies are racing to show that they’re not going to cooperate with the US govt for fear that it will kill their ability to sell overseas. E.g., iPhone software throws away the keys that would have enabled Apple to turn over your decrypted data if the FBI comes along with a warrant. The head of the FBI has objected to this for fear that we’re entering a new era in which we cannot get data needed to keep us secure.

The govt itself can’t decide how to deal with the secrecy around its own development of cyber weapons. The Administration won’t talk about our offensive capabilities, even though we’re spending billions on this. “We can’t have a conversation about how to control them until you admit that you have them and describe the circumstances under which you might use them.”


Q: [alex jones] Laypeople assume that there are no secrets and no privacy any more. True?

A: By and large. There’s no system that can’t be defeated. (Hillary Clinton must have come to be so suspicious of the State Dept. email system that she decided to entrust it to gmail.) There’s no guaranteed system. We’d have to completely redesign the Internet to make it secure.

Q: [alex] What’s the state of forensics in this situation?

A: It’s not a sure thing. All govts and law enforcement agencies are putting a lot of money into cyber forensics. In the nuclear age, you could see where the missiles are coming from. Cybercrime is more like terrorism: you don’t know who’s responsibile. It’s easy to route a cyberattack through many computers to mask where it’s coming from. When the NYT was hacked by the Chinese govt, the last hop came from a university in the South. It wouldn’t have been so nice to have assumed that that little university was actually the source.

The best way to make forensics work is to have implants in foreign computing systems that are like little radar stations. This is what the NSA spends a lot of its time doing. You can use the same implant for espionage, to explore the computer, or to launch an attack. The US govt is very sensitive about our questions about implants. E.g., suppose the NSA tells the president that they’ve seen a major attack massing. The president has to decide about reacting proactively. If you cyber-attack a foreign computer, it looks like you struck first. In the Sony case, the President blamed North Korea but the intelligence agencies wouldn’t let him say what the evidence was. Eventually they let out a little info and we ran a story on the inserts in NK. An agency head called and officially complained about this info being published but said more personally that releasing the fact that the govt can track attacks back to the source has probably helped the cause of cybersecurity.

Q: Are there stories that you’re not prepared to publish yet?

A: We’ve held some stuff back. E.g., e were wondering how we attacked Iran computers that were disconnected from the Net (“air gap”). If you can insert some tech onto the motherboard before the product has been shipped you can get access to it. A Snowden document shows the packaging of computers going to Syria being intercepted, opened, and modified. Der Spiegel showed that this would enable you to control an off-line computer from 7 miles away. I withheld that from the book, and a year or two later all that info was in the Snowden docs.

Q: [nick sinai] Why haven’t the attacks on the White House and State Dept. been a bigger story?

A: Because they were mainly on the unclassified side. We think it was a Russian attack, but we don’t know if was state-sponsored.

Q: How does the Times make tradeoffs between security and openness?

A: I’m not sure we get it right. We have a set of standards. If it would threaten a life or an imminent military or intelligence operation we’re likely not to publish it. Every case is individual. An editor I know says that in every case he’s withheld info, he’s sorry that he did. “I don’t blame the government” for this, says David. They’re working hard to prevent an attack, and along comes a newspaper article, and a program they’ve been working on for years blows up. On the other hand, we can’t debate the use of this tech until we know what it can do. As James Clapper said recently, maybe we’re not headed toward a cyber Pearl Harbor but toward a corrosive series of attacks, institution by institution.

Q: At what point do cyberattacks turn into cyberwarfare?

“Cyberwarfare” is often an overstated term. It implies that it might turn into a real-world war, and usually they don’t. Newspapers have to decide which ones to cover, because if you tried to cover them all, that’s all you’d cover. So the threshold keeps going up. It’s got to be more than stealing money or standard espionage.

Q: Will companies have to create cyber militias? And how will that affect your coverage?

A: Most companies don’t like to report cyber attacks because it drives down their stock market valuation. There’s a proposed law that would require a company to report cyber attacks within a month. The federal govt wants cybersecurity to come from private companies. E.g., JP Morgan spends half a billion dollars on cyber security. But there are some state-sponsored attacks that no private company could protect itself against.

Q: How does US compare with our enemies? And in 30 yrs how will we remember Snowden?

A: The usual ranking puts US on top, the British, the Israelis. The Chinese are very good; their method seems to be: attack everyone and see what you get. The Russians are stealthier. The Iranians and North Koreans are further down the list. A year ago if you’d told me that the NKs would have done something as sophisticated as the Sony attack, I would have said you’re crazy.

I have no problem believing both that Snowden violated every oath he took and multiple laws, and that the debates started by the docs that he released is a healthy one to have. E.g., Obama had authorized the re-upping of the collection of metadata. After Snowden, the burden has been put on private companies, none of which have taken it up. Also, Obama didn’t know we were listening in on Angela Merkel. Now all those programs are being reviewed. I think that’s a healthy kind of tradeoff.

Q: What enduring damage has Snowden done?

A: The damage lies between immediate to enduring. Immediately, there were lots of intelligence programs that had to be redone. I don’t see any real damage outside of a 5 year frame.

Q: Might there be a deal that lets Snowden come home?

A: A year ago there was interest in this in order to find out what Snowden knows. But now the intelligence services feel they have a handle on this.

Q: Netanyahu speech?

A: Politically he probably did a little more damage to his cause than good. Some Dems feel coerced. On the substance of it, I think he made the best case you can make for the two biggest weaknesses in the deal: 1. It doesn’t dismantle very much equipment, so when the deal’s term is over, they’ll be up and running. 2. We’re taking a bet that the Iranian govt will be much easier to deal with in 10-15 yrs, and we have no idea if that’s true. But Netanyahu has not put forward a strategy that does not take you down the road to military confrontation.

by davidw at March 03, 2015 07:11 PM

Bruce Schneier
"Surreptitiously Weakening Cryptographic Systems"

New paper: "Surreptitiously Weakening Cryptographic Systems," by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart.

Abstract: Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses taxonomy. This allows comparing different approaches to sabotage. We categorize a broader set of potential avenues for weakening systems using this taxonomy, and discuss what future research is needed to provide sabotage-resilient cryptography.

EDITED TO ADD (3/3): News article.

by Bruce Schneier at March 03, 2015 05:58 PM

Willow Brugh
NECSI Salon: First Day Celebration

NECSI’s action-based 4th Wednesday Salon focused on First Day. This is an event which provides the resources, framing, and impetus to take personal responsibility for community health. It is not a fix-all, but is it an important, missing piece in the US health care debate, and a fulcrum for connected shifts to a healthier society.

On Wednesday, March 11th, we will hear talks from Deb Roy from the MIT Media Lab, Devin Belkind from OccupySandy, and Sam Klein from Wikimedia on Distributed Organizations. Register here.

First Day is about taking personal responsibility for your own wellbeing at personal and global level. Inspired from the idea of regeneration and new year resolutions, First Day wants to create a community level engagement at a personal level and community level.


Deck created by Catalina Butnaru

Deck created by Catalina Butnaru

We assumed those attending would be both in a position to, and have a desire to, act. The Wednesday before had provided space for folk to ramp up to this state, including review of readings about a similar Wal-Mart initative. We were additionally inspired by Boston’s own First Night and City Awake.

After very short reminders of what we were there to accomplish for the day, each person introduced themselves and what they were interested in specific to First Day. From these, we pulled out a few break-out sessions tasked with creating an actionable list or guidelines for organizers to work with. The overarching points we ended with were an appreciation of the need of safe space for people to ask questions which might otherwise be taboo (especially around health), comfort in complex problems having interventions (especially with a light hearted attitude!), an appreciation for existing cultural events (Days of the Dead as well as Chinese, Tibetian, and Indian celebrations of new cycles and health), and holistic approaches to mental and physical health.

Slightly curated notes follow:

Refining the Message

learn + care + act: as leitmotif for everyone there.
First Day for partners, participants, sponsors: to learn, care, and act

about yourself, your family, about your network or patients, about particular communities or conditions

make this informal and welcoming. not a sale, no marketing. focused on topics, not on selling a solution

Existing networks focused on outreach and some of the above:

  • health service initiatives (startups, tools)
  • charities, publicity campaigns (often by condition)

Topics for the Fair: areas of most uncertainty, people need reassurance

  • old age : alzheimer’s, self care, company
  • insurance: finding doctors
  • getting regular care: what is available; insurers: in position to ensure people go to the doctor
  • intervention: what is possible, appropriate [mental health, &c]
  • maternity: starting a family, childbirth,
  • chronic pain: exercise, rehabilitation

Stakeholders, defining motivation for each community

  • Business
  • Academic
  • Public

Something the community wants to give, or to solve. A reason to meet together, around what subject. Totally open, or guided topic.
If you have a different parts of the community get together and decide on the community level about commitments.

A topic that you care about is more attractive than a generic health fair; which is more attractive than a topic you don’t care about. A celebration is more attractive than an informational event.

So – Invite people to ‘come find your health problem’ at a gathering? Have something like this founded in games and science and discovery?

We focused on ‘Health’ rather than personal resolutions and commitments (compare WalMart’s annual event). What if this broadened to personal improvement?

How to make the event actionable in the moment

Optimize for games and Aha! moments. Fun, Groups, Feedback. How we provide value to the community: value as an outcome, fun as a driver.

Creating a network – Learn and Connect. Make friends.

  • example of phones off in class – bigger reward when the group acts in a certain way (Minority Problem).
  • community or neighborhood paired to itself. Not just an aggregation of individuals, but something you participate in together. Collective.

Gamifying the event + identification with a group + finding incentives to do more given group identification
It’s empowering to make it feel comforting, so we can break the barriers of shame, taboo, to actually address serious problems in a comforting way
FUN is the reason to bring them together, and the outcome is learning, value and community building

Working through one Topic

This group discussed if we’d like to focus down on one topic. Topics that impact people’s lives, but action can be taken from prevention to treatment at community level based on how far along a condition is. Possibilities included chronic inflammation, lack of sleep, water, allergies/intolerance, addiction.


Distributed component in addition to central fair?

Checklists for different levels of society

  • for cities: checklist for things to do on First Day: walk in clinics, talk about collective obligations, &c
  • for community leaders: checklist for your flock, events and outreach
  • for individuals: checklist for self, talk to your close family (and friends)
  • for organizations: send people to learn, reflect on what you can improve
  • for sponsors: ways to reflect, amplify this community process (compare WalMart day of health & resolution)

Things to worry about

How to vet organizational participants.
Choosing a date that makes sense. First day makes sense;

Deck created by Catalina Butnaru

Deck created by Catalina Butnaru

also considered existing health related holiday things that we might plug into.
Boston: marathon! Chinese / Tibetan New Year. (Tie in with each community)

Avoiding duplication, can we build, augment, etc? Or is redundancy ok?
Preventing across co-option. Trademark transmission

Closing Comments

Thanks to everyone who came out and made the event amazing. We look forward to building First Day with you!

by bl00 at March 03, 2015 03:44 PM

March 02, 2015

Berkman Center front page
Berkman Community Newcomers: Monica Bulger


Meet Monica Bulger, Berkman fellow studying the implications of technology use for youth.

Thumbnail Image: 

This post is part of a series featuring interviews with some of the fascinating individuals who joined our community for the 2014-2015 year. Conducted by our 2014 summer interns (affectionately known as "Berkterns"), these snapshots aim to showcase the diverse backgrounds, interests, and accomplishments of our dynamic 2014-2015 community.

Q&A with Monica Bulger

Berkman fellow and educational researcher
interviewed in summer 2014 by Berktern Gabriela Dumancela

What is an example of digital media literacy?

I often use Zack Kopplin's case as an example. He is a student from the US living in a state where schools were going to be required to teach creationism, in parallel with teaching evolution. This student felt that religious beliefs should not be taught in science courses. So, he organized groups of people to protest through Facebook, Twitter, blogs, and the national media. I felt that he demonstrated strong digital media literacy because he knew which groups to address in which media and how to use the different media to get his message across.

From your recent study about the development of indicators for measuring digital literacy, how can they continue to be applied in the future? Technology changes so fast, and the risk and ways of using technology change so frequently.

If you focus just on the technologies, you are going to be constantly jumping from one to another and be behind. But, what tends to be consistent is people. While we might have more information or might be facing information presented in different formats, there are some fundamentals to how we process information. When we try to figure out how to measure digital or media literacy, we need to look at people’s practices. What does not change? That includes how we bring information together, how we make sense of it and develop our own understanding. That is happening whether we are looking at Twitter, Facebook or Instagram - We are still taking information in and then processing it.

What type of intervention can be developed in order to empower children through the use of technology?

I do not think that there is just one intervention, but rather quite a few interventions. Returning to Kopplin, he had to have scientific knowledge, the ability to argue, the ability to effectively communicate verbally and in writing. All of these are skills that are already being taught in schools. It is just a matter of incorporating how each technology can be used to better communicate a message. It also takes practice and time to develop digital literacy, like any other expertise.

Why do you think that government bodies from developing countries make poor decisions in their choices to incorporate technologies in learning settings?

Unfortunately, there has been a lot of overpromising the potential for technology as a fix for education. If those promises were true, it would be very attractive to have something that is inexpensive and that can quickly solve some of the perceived problems in education. Oftentimes, politicians are under pressure to provide quick ‘fixes’, facing unreasonable expectations in terms of timing and costs. The type of long-term attention necessary to fix the broader social and economic challenges facing education are often beyond the scope of these quick fixes, are expensive, and require the coordination of multiple facets of government. Researchers and educators can improve this process by developing a strong evidence base to inform decision making and make clear recommendations for interventions to promote change.

Since there is not a common understanding of privacy, how do you think that schools should provide advice to their students about this subject, should they regulate certain practices?

I think schools need to guide students’ use. When I was in junior high we were learning how to trust or not trust media messages, discerning on television shows what might be factual, rather than entertainment or for commercial purposes. So those lessons can also be applied to Internet use. Being able to distinguish between trustworthy sites and not trustworthy sites; what are the signals and the cues for that? Also, when students encounter upsetting materials, they should learn how to protect themselves, how to protect their information and how to avoid certain sites. Basically, what schools can do is teach kids to be critical users of the internet.

Why did you decide to study digital literacy?

I was teaching undergraduate composition just as students were increasingly using the Internet for course-related research. As the Internet became easier to use, assignments were changing too. I was interested in seeing how students were using the information, whether they were overwhelmed, what strategies they were using to understand the information, and how they were bringing that together in writing their academic papers. I looked at it from a college student's perspective. Later, I studied scholars’ use of digital resources. I tried to look at their experience and identify best practices. In studying physicists’ use of Internet resources, I found information sharing occurring on a much larger scale. Then, questions started coming up about teens sharing private information through Facebook and different means, almost violating their own privacy. So, I started to work with people studying children’s use of the Internet. Once we look at children’s use of different technologies, we can see that there are opportunities for empowerment and there are also chances of harm. Neither of those are happening in a vacuum. Digital literacy is not the sole tool for empowering, and it is also not the sole tool for protecting. So, I wanted to look at what aspects of child protection can be enhanced by digital literacy and how we can minimize harms occurring to children online. This is the work that I am developing now.

In your experience as a scholar, what have been the major challenges you have overcome?

Addressing issues that do not easily lend themselves to quantification has been a challenge. If you ask different scholars about digital literacy, there is not going to be a quick agreement on the definition. Figuring out how to quantify those type of things has been challenging. I love trying to quantify difficult topics and I love working in an interdisciplinary environment, but both are very challenging. Becoming more familiar with policy dimensions and how policy happens has been a challenge to me as someone with more of a focus on learning and cognition. Finally, learning the Computer Science dimensions, and generally learning all the time, is something I love, but definitely a challenge.

At the Berkman Center, what is going to be your area of focus?

It is a little bit unusual to have someone with a PhD in Education working at Berkman, since it is based in a law school. But learning and using the Internet do not happen in a vacuum. In order to understand the context in which they are happening, you really need to have people who can speak outside of their disciplinary silos. That is one of the major accomplishments of Berkman, to connect people from different disciplines who can speak with each other on these issues. For the upcoming year, I will be looking at children’s rights in a digital context. What Sonia Livingstone and I have found is that globally, children’s rights are often overlooked. This happened before the Internet and continues. So there is a lot of space here for improvement. My main work is going to be mapping and better understanding children's rights in a global and digital context. In analyzing the harms that are occurring through digital use, I would like to explore what can be reduced by digital literacy interventions and what type of digital literacy interventions will best work.

Q&A with Monica Bulger986.23 KB

by ctian at March 02, 2015 07:24 PM

March 01, 2015

February’s Most Played Stories

Here are the stories that got the most plays on last month. These stories stood out to people, got shared between friends and made their mark in the marketplace.

Take a listen, and if you like them, signup for our Storytime newsletter to get great stories like these in your inbox on the regular.

The post February’s Most Played Stories appeared first on PRX.

by Audrey at March 01, 2015 02:46 PM

Bruce Schneier
Snowden-Greenwald-Poitras AMA

Glenn Greenwald, Laura Poitras, and Edward Snowden did an "Ask Me Anything" on Reddit.

Point out anything interesting in the comments.

And note that Snowden mentioned my new book:

One of the arguments in a book I read recently (Bruce Schneier, "Data and Goliath"), is that perfect enforcement of the law sounds like a good thing, but that may not always be the case.

by Bruce Schneier at March 01, 2015 03:01 AM

Justin Reich
New Research on Games and Classroom Assessment Practices
A new report on the classroom uses of games describes promising practices for games and formative assessments.

by Justin Reich at March 01, 2015 12:58 AM

February 28, 2015

Bruce Schneier
AT&T Charging Customers to Not Spy on Them

AT&T is charging a premium for gigabit Internet service without surveillance:

The tracking and ad targeting associated with the gigabit service cannot be avoided using browser privacy settings: as AT&T explained, the program "works independently of your browser's privacy settings regarding cookies, do-not-track and private browsing." In other words, AT&T is performing deep packet inspection, a controversial practice through which internet service providers, by virtue of their privileged position, monitor all the internet traffic of their subscribers and collect data on the content of those communications.

What if customers do not want to be spied on by their internet service providers? AT&T allows gigabit service subscribers to opt out -- for a $29 fee per month.

I have mixed feelings about this. On one hand, AT&T is forgoing revenue by not spying on its customers, and it's reasonable to charge them for that lost revenue. On the other hand, this sort of thing means that privacy becomes a luxury good. In general, I prefer to conceptualize privacy as a right to be respected and not a commodity to be bought and sold.

EDITED TO ADD: It's actually even more expensive.

by Bruce Schneier at February 28, 2015 08:54 PM

Friday Squid Blogging: Squid Can Recode Their Genetic Makeup

This is freaky:

A new study showcases the first example of an animal editing its own genetic makeup on-the-fly to modify most of its proteins, enabling adjustments to its immediate surroundings.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at February 28, 2015 05:48 AM

February 27, 2015

Bruce Schneier
NSA/GCHQ Hacks SIM Card Database and Steals Billions of Keys

The Intercept has an extraordinary story: the NSA and/or GCHQ hacked into the Dutch SIM card manufacturer Gemalto, stealing the encryption keys for billions of cell phones. People are still trying to figure out exactly what this means, but it seems to mean that the intelligence agencies have access to both voice and data from all phones using those cards.

Me in The Register: "We always knew that they would occasionally steal SIM keys. But all of them? The odds that they just attacked this one firm are extraordinarily low and we know the NSA does like to steal keys where it can."

I think this is one of the most important Snowden stories we've read.

More news stories. Slashdot thread. Hacker News thread.

by Bruce Schneier at February 27, 2015 09:19 PM

Berkman Center front page
Berkman Community Newcomers: Francesco Marconi


Meet Francesco Marconi, Berkman affiliate and AP strategist studying innovation in media and journalism.

Thumbnail Image: 

This post is part of a series featuring interviews with some of the fascinating individuals who joined our community for the 2014-2015 year. Conducted by our 2014 summer interns (affectionately known as "Berkterns"), these snapshots aim to showcase the diverse backgrounds, interests, and accomplishments of our dynamic 2014-2015 community.

Profile of Francesco Marconi

Berkman affiliate and strategist at the Associated Press

interviewed in summer 2014 by Berktern Tijana Milosevic

It was the interest in reverse innovation that took Francesco Marconi on a long journey from the Portuguese city of Coimbra, where he got his BA degree, to Missouri, New York City and eventually the Berkman Center.

Francesco, an economist focusing on media and technology, describes reverse innovation as something that “first takes place in the developing world before spreading to the industrialized world.” Low-cost medical devices, cell-phones and clean energy solutions are prime examples of this phenomenon. These innovations are born from the need of finding solutions for local problems while keeping in mind the limited availability of resources. The result is often a product that “solves 80% of the problem using 20% of the capital,” Francesco explains. Their less restrictive prices make these products virtually accessible to anyone in the developing countries. These products are then distributed to developed economies, allowing companies to capitalize on mass market. More information about reverse innovation can be found in Francesco’s TEDx talk as well as in his book on innovation, for now only available in Portuguese.  

This idea of aligning business goals with social problems takes us away from the capitalism where “greed is good,” and towards what Francesco calls a new form of capitalism where companies can leverage “greed for good.” Taking the lessons learned from his past research and using “greed for good” - in the context of democratizing information- is what he will be exploring as a Berkman affiliate while researching and conceptualizing new tools aimed at providing context for news.

“My goal as a Berkman affiliate is to learn how new mobile and data technology can fundamentally change the way news content is created. Today, if someone witnesses a newsworthy event, e.g., a plane crash, that person can rapidly share that information through photos, video or text. But while the distribution of the content happens immediately via social and mobile media, the context for the event will only come later, usually through the hard work of journalists. As professionals, journalists provide an explanation of events that allows people to understand the forces at work behind those events. This requires research, validation and editorial oversight. It also creates a lag between when content is shared and [when] context is provided. But if we start from the assumption that all information in the world is already available for anyone to use, then why can’t context be distributed alongside breaking news?”

Francesco believes that this imbalance between content and context will pave the way towards a new generation of technology tools for both journalists and citizens reporting from the field. “A successful businessperson will identify and/or develop the tool that will help journalists, citizens and organizations create original content that can be reported and read in context in real time. That is using ‘greed for good,’” he explains. Francesco’s work at Berkman, to be conducted under the guidance of Harvard Business School Professor Felix Oberholzer-Gee who has studied media companies including BuzzFeed and The New York Times, should inform the first steps towards imagining new tools for journalists. Since Francesco is only at the beginning stages of his research, he is not yet sure what such tool might look like, although it should be based on data analysis and content recognition. “Think of a journalist snapping a picture of a newsworthy event on a mobile device -- such as a politician making an important announcement. Now imagine a system that automatically identifies the context and collates additional information already available about that politician, the issue he is discussing and his past posts. In that scenario the journalist could create contextualized breaking news in real time,” Francesco says. While it may seem that such technology already exists, the value added of such an approach is that content can be validated and contextualized even before it is distributed. His work at Berkman will take place in three stages: 1. Studying underlying issues impacting the news ecosystem to better understand how to shrink the delay between the dissemination of content and context; 2. Building a conceptual model of what he calls “the perfect news creation and distribution tool.” 3. Applying research to potentially develop a product concept. He is planning to collaborate with other researchers and practitioners that might be interested in the endeavor; he is not yet sure which company might be interested in sponsoring the development of the product in the future.

Francesco is a corporate strategist at the Associated Press (AP) news agency in New York City, where, using big data analysis, he looks into major forces affecting the news industry: digital disruption, data, and mobile technology. While working at the AP, he also completed a graduate degree as a Chazen Scholar at Columbia University Business School’s Media Program, as Prof. Miklos Sarvary’s advisee. His focus there was on data and user-generated content and their implications for the transparency of information.

Prior to working at AP, Francesco got his BA in economics at what he describes as a quiet Portuguese city of Coimbra, housing one of the oldest universities in Europe, founded in 1290. This peace and tranquility, he observes, left him “hungry for something more innovative and cutting edge.” He moved to Universita Cattolica in Milan, which eventually landed him a job at the United Nations in New York City, where he first researched hidden opportunities for innovation in media and technology within emerging economies.

His interest in exploring innovation as it applies to media and journalism led Francesco to pursue graduate school in business and journalism at the University of Missouri (MU). One of his mentors there was Professor Randall Smith, an innovator himself and former Kansas City Star Business Editor who managed a Pulitzer Prize-winning team. Professor Smith brought Francesco on board for several applied research projects that involved solving “old media” problems with new technology innovations. Francesco led a small team of students from the University of Missouri’s Reynolds Journalism Institute to produce a content recommendation tool for Hearst Corporation, which won them the Hearst Media Design Competition. With Prof. Smith, he also started Missouri Business Alert, a digital-only publication that filled the previously existing gap in state-focused business news. The Alert also allows journalism students to employ content management systems for more effective business news reporting. The project won funding from MU and became a training ground for students in new media and business journalism classes.

In the next five to ten years, he hopes to contribute to a more democratic society through increased transparency in information flow.

by ctian at February 27, 2015 08:21 PM

Bruce Schneier
Man-in-the-Middle Attacks on Lenovo Computers

It's not just national intelligence agencies that break your https security through man-in-the-middle attacks. Corporations do it, too. For the past few months, Lenovo PCs have shipped with an adware app called Superfish that man-in-the-middles TLS connections.

Here's how it works, and here's how to get rid of it.

And you should get rid of it, not merely because it's nasty adware. It's a security risk. Someone with the password -- here it is, cracked -- can perform a man-in-the-middle attack on your security as well.

Since the story broke, Lenovo completely misunderstood the problem, turned off the app, and is now removing it from its computers.

Superfish, as well, exhibited extreme cluelessness by claiming its sofware poses no security risk. That was before someone cracked its password, though.

Three Slashdot threads.

EDITED TO ADD (2/20): US CERT has issued two security advisories. And the Department of Homeland Security is urging users to remove Superfish.

EDITED TO ADD (2/23): Another good article.

EDITED TO ADD (2/24): More commentary.

by Bruce Schneier at February 27, 2015 06:59 AM

David Weinberger
[liveblog] Data & Technology in Government

I’m at a discussion at the Harvard Kennedy School listening to an awesome panel of Obama administration technologists. Part of the importance of this is that students at the Kennedy School are agitating for a much strong technology component to their education on the grounds that these days policy makers need to be deeply cognizant of the possibilities technology offers, and of the culture of our new technology development environment. Tomorrow there is an afternoon of discussions sponsored by the student-led Technology for Change group. I believe that tonight’s panel is a coincidence, but it is extraordinarily well-timed.

Here are the participants:

  • Aneesh Chopra, the first federal CTO (and a current Shorenstein Center fellow)

  • Todd Park, White House Technology Advisory

  • DJ Patil, the first US Chief Data Science, five days into his tenure

  • Lynn Overmann – Deputy Chief Data Officer, US Dept. of Commerce

  • Nick Sinai – former US Deputy Chief Technology Officer (and a current Shorenstein Center fellow)

NOTE: Live-blogging. Getting things wrong. Missing points. Omitting key information. Introducing artificial choppiness. Over-emphasizing small matters. Paraphrasing badly. Not running a spellpchecker. Mangling other people’s ideas and words. PARTICULARLY LOOSE PARAPHRASING even when within quotes; these are geeks speaking quickly.
You are warned, people.

Todd Park: I’m now deeply involved in recruiting. The fundamental rule: “If you get the best people, you win.” E.g., the US Digital Service: “A network of elite technology development teams.” They want to address problems like improving veteran’s care, helping immigrants, etc. “If you go to the best talent in the country and ask them to serve, they will,” he says, pointing to DJ and Lynn.

DJ Patil: We’re building on the work of giants. I think of this as “mass times velocity.” The velocity is the support of the President who deeply believes in open data and technology. But we need more mass, more people. “The opportunity to have real world impact is massive.” Only a government could assemble such a talented set of people. And when people already in the govt are given the opportunity to act and grow, you get awesome results. Data scientists are force multipliers.

Lynn Overmann: “I’m a serial public servant.” She was a public defender at first. “There is literally no serious problem you’re concerned about that you can’t tackle from within the federal government.” The Commerce Dept. has huge amounts of data and needs help unlocking it. [In a previous session, Lynn explained that Commerce offers almost no public-facing servies except gathering and releasing data.]

Nick Sinai: Todd, you were the brains behind the Presidential Innovation Fellows Program

Todd: The government is not a lean start up but that approach applied to may problems work much better than if you apply traditional the waterfall approach to computing. Round 1 went well. In Round 2, they brought in about 40 people. There was a subset of the Round 2 who found the program “addictive.” So the Whitehouse used 18F, a digital consulting service provided by the GSA. Demand has now gone off the chart for these new style of consultants. Some of those folks then helped grow the new US Digital Sesrvice. It all started with the Innovation Fellows and grew organically. “The more people we attract people who are amazing into government, the more we energize amazing people already in government, the more air cover we give them” the more awesomeness there will be. Let them create results at 10x what anyone expected. “That methodology is the only replicable, reliable way to change government at scale, at speed, in a way that’s permanent.” “I can’t tell you how much fun this is.”

DJ Patil: My first encounters with the CIOs of existing agencies and departments have been amazing. They’re so open, so eager for disruption.

Aneesh Chopra: The line between public and private sector is becoming very porous. That means that the products of the teams being described are a new form of information that in the hands of entrepreneurs and innovators can be transformative. E.g., Uber wanted their drivers to make better healthcare choices. There’s now a hose of data about the healthcare signups. A startup — Stride Health — took that hose and customized it for Uber drivers; maybe drivers want better back care options. There’s an increasing portfolio of institutions extending these services. A handshake makes more and more of this datea interoperable, and there’s a hand off to entrepreneurs and innovators. “They may not be stamped .gov” but they’ll powered by data from the govt.

Nick: We have an opportunity to do smart wholesaling of data, as well as retailing it: Great services, but also enabling non-governmental groups to build great end-user services.

Lynn: At Commerce we’re trying to do Open Data 2.0. How do we get our data experts out into the world to talk with users ? How do we share data better? How do we create partnerships with the public sector? E.g., Uber shared its data on traffic patterns with the city of Boston.

Lynn: In the departments Todd has led, he has worked on the gender balance. Women were in the majority by the end of his HHS appointment. [I couldn’t hear all of this.]

Todd: I’ve learned that the more diverse the team is, the better the team is. We made it a real priority for the US Digital Service to have a team that looks like America. It’s also our hope that we’ll be minting people who become superstars in the tech world and will encourage more youths to enter STEM.

Aneesh: There were a few places we thought we could have done better. 1. Rethinking the role and nature of the infrastructure. Human capital is the infrastructure for the digital economy. 2. We make rules of the road — e.g., Net Neutrality today — that give people a more fair shot to compete. There are foundational investments to be made in the infrastructure and creating rules of the road. That’s part of how we affect policy.

Nick: What about the President’s new precision medicine initiative?

Todd: It’s a new way of thinking about how you get medical service. Increasingly Web sites provide tailored experiences. Why not with science? Should your aspirin dose be the same for someone with a different genetics, exposed to different things in your environment, etc.? Where it gets really phenomenal: The cost of genetic sequencing is dropping quickly. And tons of data are coming from sensors (e.g., FitBit). How do you start getting a handle on that to start getting better treatment? Another side of it: Bioinfomatics has been amazing at understanding genes. Combine that with clinical knowledge and we can begin to see that maybe that people who live near docks with diesel fumes have particular symptoms. We’ll be able to provide cohorts for test studies that look like America.

Nick: Aneesh and Todd, you both quote Joy’s Law: Most of the smartest people in the world work for someone else.

Aneesh: In many ways, the lessons learned from the innovation philosophy have had great effect in the public sector. The CEO of P&G said 50% of ideas will come from outside of P&G. This liberated him to find innovations in the military that resulted in $1B in cash flow for P&G. Also, we’ve learned from platform effects and what the team at Facebook has done. Sheryl Sandberg: There are 3,000 developers at FB, but a query at Google found 35,000 people with the title “FB developer,” because other companies were using the FB platform.

Todd: It’s important to remember Joy’s Law, and the more you can get those people in the world to care about what you do, the more successful you’ll be. I was asked what I would do with the vast amount of data that the govt has. My first thought was to build some services. But about 17 seconds later I realized that’s entirely the wrong approach. Rather, open it up in machine readable form. We invited four innovators into a room. At first they were highly skeptical. But then we showed them the data, and they got excited. Ninety days later we had a health care datapalooza, and it caught fire. Data owners were there who thought that opening up their data could only result in terribleness. At the end of the datapalooza they flipped. Within two years, the Health Datapalooza became a 2,000 person event, with thousands of people who couldn’t get tickets. Hundreds of new applications that could help individuals, hospitals, healthcare providers were created. But you have to have the humility to acknowledge that you don’t know the answer. And you have to embrace the principle that the answer is likely to come from someone who aren’t you. That’s the recipe for awesomeness to be released.

Aneesh: When Secty Sibelius saw the very first presentation, her jaw dropped. The question was what are the worst communities in the America for obesity and who can they talk to about improving it. In seven minutes they had an answer. She said that when she was Governor, it would have taken her staff seven months to come up with that answer.

Q: [a self-identified Republican technologist] President Obama got the right team together. What you do is awesome. How can we make sure what you’ve built stays a permanent part of the government?

Aneesh: Eric Cantor was doing much the same in Congress. These ideas of opening up data and engaging entrepreneurs, lean startups, open innovation have been genuinely bipartisan.

Todd: Mike Bracken from the UK Digital service says: The strategy is delivery. What will change govt is a growing set of precedents about how govt really should work. I could write an essay, but it’s more effective if I point to datapalooza and show the apps that were written for free. We have to create more and more examples. These examples are done in partnership with career civil servants who are now empowered to kick butt.

DJ: We can’t meet the demand for data scientists. Every agency needs them. We have to not only train those people up, but also slot them into the whole stack. A large part of our effort will be how to train them, find them great homes at work, and give them ways to progress.

Nick: It’s really hard to roll back transparency. There are constituencies for it, whether it’s accountability orgs, the press, etc.

Lynn: Civil servants are the most mission driven people I’ve met. They won’t stop.

Q: Everyone has talked about the need for common approaches. We need identities that are confidential and interoperable. I see lots of activities, but not a plan. You could do a moonshot here in the time you have left. It’d be a key part of the infrastructure.

Aneesh: When the precision medical provision was launched, a critical provision was that they’ll use every regulatory tool they have to connect consumers to their own data. In 2010 there was a report recommending that we move to healthcare APIs. This led to a privately funded initiative called Project Argonaut. Two days ago we held a discussion here at Harvard and got commitments for public-private efforts to create an open source solution in healthcare. Under Nick, the same went on for connecting consumers to their energy info. [I couldn’t capture all this. I’m not sure the above is right. And Aneesh was clear that he was speaking “as an outsider.”]

DJ: If you check the update to the Podesta Big Data report, it outlines the privacy aspects that we’ll be pushing on. Energy is going into these issues. These are thorny problems.

Q: Cybersecurity has become a high profile issue. How is the govt helping the private sector?

Aneesh: Early on the President offered a framework for a private-public partnership for recognigizing digital fingerprints, etc. This was the subject of a bipartisan effort. Healthcare has uniform data-breach standards. (The most common cause of breaches: bad passwords.) We need an act of Congress to [he went too fast … sorry].

Lynn: Cybersecurity requires an international framework for privacy and data security. That’s a major challenge.

Q: You talked about the importance of STEM. Students in astronomy and astrophysicists worry about getting jobs. What can I say to them?

DJ: I was one of those people. I lot of people I went to school with went on to Wall Street. If you look at the programs that train data scientists, the ones who are super successful in it are people who worked with a lot of messy data: astrophysicists, oceanographers, etc. They’re used to the ambiguity that the data starts with. But there’s a difference in the vocabulary so it’s hard for people to hit the ground running. With 4-6 weeks of training, these people crush it. Tell your students that there are great opportunities and they shouldn’t be dissuaded by having to pound the pavement and knock on doors. Tell them that they have the ability to be game changers.

Q: How many of us are from the college? [surprisingly few hands go up] Your msg about joining the govt sounds like it’s tailored for young professional, not for students. The students I know talk about working for Google or FB, but not for the govt.

Todd: You’re right. The US Digital Service people are young professionals who have had some experience. We will get to recruiting in college. We just haven’t gotten there yet.

Lynn: If you’re interested in really hard problems and having a direct impact on people’s lives, govt service is the best thing you can do.

Q: When you hire young tech people, what skills do they typically not have that they need?

Lynn: Problem solving. Understanding the problems and having the tech skills to solve them. Understanding how people are navigating our systems now and asking how we can leverage tech to make that process much much easier.

DJ: In Sillicon Valley, we’re training people via internships, teaching them what they don’t learn from an academic environment. We have to figure out how govt can do this, and how to develop the groups that can move you forward when you don’t know how to do something.

Aneesh: There is a mindset of product development, which is a muscle that we haven’t worked enough in the policy arena. Policy makers too often specify what goal they want and allocate money for it. But they don’t think about the product that would achieve that goal. (Nice shout out to Karim Lakhani. “He’s in the mind set.”)

Q: [leaders of the Kennedy School Tech for Change] Tech for Change has met with administrators, surveyed students, etc. Students care about this. There’s a summit tomorrow. [I’m going!] What are the three most important things a policy school could do to train students for this new ecosystem. How can HKS be the best in this field?

DJ: Arts and humanities, ethics, and humility.

Todd: One expression of humility is to learn the basics of lean startup innovation. These principles apply broadly

DJ: There’s nothing more humbling than putting your first product out there and watching what people say on Twitter.

Lynn: We should be moving to a world in which technology and policy aren’t separate. It’s a problem when the technologists are not at the table. E.g., we need to be able to track the data we need to measure the results of programs. This is not a separate thing. This is a critical thing that everyone in the school should learn about.

Todd: It’s encouraging that the geeks are being invited into the rooms, even into rooms where no one can imagine why tech would be possibly relevant. But that’s a short term hack. The whole idea that policy makers don’t need to know about tech is incredibly dangerous. Just like policy makers need a basic understanding of economics; they don’t have to be economists.If you don’t have that tech knowledge, you don’t graduate. There will be a direct correlation between the geek quotient and the efficiency of policy.

Nick: Panel, whats your quick actionable request of the Harvard JFK community?

Lynn: We need to make our laws easier to understand.

Todd: If you are an incredibly gifted, patriortic, high EQ designer, dev, devops, data scientists, or you know someone who is, go to where you can learn about the Digital Service and apply to join this amazing band.

DJ: Step up by stepping in. And that doesn’t have to be at the federal level. Share ideas. Contribute. Help rally people to the cause.

by davidw at February 27, 2015 03:36 AM

February 26, 2015

Berkman Center front page
Score Another One for the Internet? The Role of the Networked Public Sphere in the U.S. Net Neutrality Policy Debate


A new paper from the Media Cloud team concludes that a diverse set of actors working in conjunction through the networked public sphere played a central, arguably decisive, role in turning around the Federal Communications Commission policy on net neutrality. 

Publication Date

10 Feb 2015


Thumbnail Image: 

Media Cloud is pleased to announce the publication of Score Another One for the Internet? The Role of the Networked Public Sphere in the U.S. Net Neutrality Policy Debate: 

In this paper we study the public debate over net neutrality in the United States from January through November 2014.  We compiled, mapped, and analyzed over 16,000 stories published on net neutrality, augmented by data from Twitter,, and Google Trends. Using a mixed-methods approach that combines link analysis with qualitative content analysis, we describe the evolution of the debate over time and assess the role, reach, and influence of different media sources and advocacy groups in setting the agenda, framing the debate, and mobilizing collective action. We conclude that a diverse set of actors working in conjunction through the networked public sphere played a central, arguably decisive, role in turning around the Federal Communications Commission policy on net neutrality

About Media Cloud

Media Cloud, a joint project of the Berkman Center for Internet & Society at Harvard University and the Center for Civic Media at MIT, is an open source, open data platform that allows researchers to answer complex quantitative and qualitative questions about the content of online media. Using Media Cloud, academic researchers, journalism critics, and interested citizens can examine what media sources cover which stories, what language different media outlets use in conjunction with different stories, and how stories spread from one media outlet to another.

by ashar at February 26, 2015 07:07 PM

David Weinberger
Literature and Medicine: The syllabus

The superb novelist and teacher Meredith Sue Willis, who is also my sister-in-law, is teaching a course at a local Veterans Administration hospital on literature and medicine. It’s taught to hospital staff after work in the hospital.

Here’s the syllabus, which Sue has put under a Creative Commons license (which is where all syllabi belong, amirite?). It looks like a great set of readings organized around important topics. Isn’t it awesome that we can get curated collections like these from which we can learn and explore?

In fact, it prompted me to start reading The Young Lions, which so far I’m glad I’m doing. Thanks, Sue!

(Ack. I forgot that Sue told me about this because she’s using in the course something I wrote. So I am inadvertently logrolling. But sincerely!)

by davidw at February 26, 2015 02:44 PM

Bruce Schneier
Cell Phones Leak Location Information through Power Usage

New research on tracking the location of smart phone users by monitoring power consumption:

PowerSpy takes advantage of the fact that a phone's cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says.

One of the machine-learning tricks the researchers used to detect that "noise" is a focus on longer-term trends in the phone's power use rather than those than last just a few seconds or minutes. "A sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise," the researchers write. "We show that measuring the phone's aggregate power consumption over time completely reveals the phone's location and movement."

Even so, PowerSpy has a major limitation: It requires that the snooper pre-measure how a phone's power use behaves as it travels along defined routes. This means you can't snoop on a place you or a cohort has never been, as you need to have actually walked or driven along the route your subject's phone takes in order to draw any location conclusions.

I'm not sure how practical this is, but it's certainly interesting.

The paper.

by Bruce Schneier at February 26, 2015 12:22 AM

February 25, 2015

Radiotopia by the Numbers

A year ago this month, PRX launched Radiotopia. It has been a year full of incredible growth and lessons learned for all of our shows as well as for the network itself.

In terms of measuring success, we know that not all metrics are equal – some metrics we measure over different periods of time while other metrics are episode specific. We also always monitor things that are less quantifiable like actions our listeners take, fan love, and also fan disappointment.

Here’s a look at some of the numbers we pay attention to:

  • $620,412 raised through our Kickstarter campaign, (248% of the goal)
  • 21,818 backers of the Kickstarter campaign
  • 54% of the money raised through Kickstarter was in donations under $50
  • Our aggregate monthly downloads in January 2014 (right before launch) were 936,928
  • We added three new shows in January 2015 and topped 5,781,240 monthly downloads/streams. We also added a fourth show this month.
  • The most significant growth for one of our shows was 545%
  • There were $34,884 in donations outside of the Kickstarter campaign
  • There were 29 unique sponsors supporting Radiotopia
  • 150+ “best of” podcast articles mentioned Radiotopia shows
  • We launched Radiotopia with 7 shows (now 11)
  • 5 out of 11 Radiotopia shows are produced and hosted by women
  • We are proud of our 14 hard-working PRX staff members (10 FT, 2 PT, 2 long term contracts), each of whom devotes some of their time to supporting Radiotopia.
  • 100% of Radiotopia shows are owned by the producers
Image via Shutterstock.Image via Shutterstock.

Numbers aside, we also pay attention to another metric…the love:

  • “They transport me to another place.”
  • “The only good thing to ever come out of Spotify ads is my discovery of @radiotopiafm”
  • “They cover a wide scope of topics and ideas. I have enjoyed everyone one of them and look forward to listening to them all”

Image via Shutterstock.Image via Shutterstock.

All feedback is welcome – we pay attention to the less-than-love too:

  • “I hope this hideous trend in self-indulgent, precious cuteness runs it€™s course soon so I can enjoy the great stories and information underneath all the silliness”
  • “Oh my god what the fuck is Radiotopia, wait I don’t care”

At the end of the day, regardless of the love, the hate, the lists and the downloads, our mission is to bring great content to more and more listeners. Onward!

The post Radiotopia by the Numbers appeared first on PRX.

by kerri at February 25, 2015 08:04 PM

Development in the Digital Age: The Role of Online Platforms & Payments in Enabling Entrepreneurship in Emerging Markets [AUDIO]
The Internet is democratizing access to the global marketplace for millions of people around the world. Thanks to online platforms, payment systems and logistics services, companies, nonprofits and individuals can embark on global journeys like never before. In this conversation, Usman Ahmed — Policy Counsel for eBay Inc — and Jake Colvin — Executive Director […]

by Berkman Center for Internet & Society at Harvard Law School ( at February 25, 2015 08:00 PM

The Digital Problem-Solving Initiative (DPSI) at Harvard [AUDIO]
The Digital Problem-Solving Initiative (DPSI, or “dip-see”) at Harvard University, is an innovative and collaborative project, hosted through the Berkman Center. DPSI brings together a diverse group of learners (students, faculty, fellows, and staff) to work on projects to address challenges and opportunities across the university. In this talk DPSI participants showcase: a smartphone app […]

by Berkman Center for Internet & Society at Harvard Law School ( at February 25, 2015 07:49 PM

David Weinberger
Seriously? Who would donate to this?
pancake day

In the booths there’s a small notice that the money will be donated to Children’s Miracle Network. But there’s nothing about that on the freestanding kiosk.

by davidw at February 25, 2015 07:08 PM

Bruce Schneier
IRS Encourages Poor Cryptography

I'm not sure what to make of this, or even what it means. The IRS has a standard called IDES: International Data Exchange Service: "The International Data Exchange Service (IDES) is an electronic delivery point where Financial Institutions (FI) and Host Country Tax Authorities (HCTA) can transmit and exchange FATCA data with the United States." It's like IRS data submission, but for other governments and foreign banks.

Buried in one of the documents are the rules for encryption:

While performing AES encryption, there are several settings and options depending on the tool used to perform encryption. IRS recommended settings should be used to maintain compatibility:

  • Cipher Mode: ECB (Electronic Code Book).
  • Salt: No salt value
  • Initialization Vector: No Initialization Vector (IV). If an IV is present, set to all zeros to avoid affecting the encryption.
  • Key Size: 256 bits / 32 bytes ­ Key size should be verified and moving the key across operating systems can affect the key size.
  • Encoding: There can be no special encoding. The file will contain only the raw encrypted bytes.
  • Padding: PKCS#7 or PKCS#5.

ECB? Are they serious?

by Bruce Schneier at February 25, 2015 06:24 PM

Berkman Center front page
Berkman Buzz: February 25, 2015


Reflections on youth experiences with online news, tales of early encounters with the Internet, thoughts on China's "Cyberspace Spirit" and more... in this week's Buzz.

Thumbnail Image: 

The Berkman Buzz is a weekly collection of work and conversations from around the Berkman community.


Youth and Online News: Reflections and Perspectives

Quotation mark

Youth and Media is pleased to announce the publication of "Youth and Online News: Reflections and Perspectives," a series of short essays written by friends and colleagues that offer insightful, provoking, and out-of-the-box reflections and observations at the intersection of news, digital media, and youth.

The contributions in this publication reflect the diversity of ideas and perspectives that form the core and spirit of the Berkman community. Some of the essays are closely connected to specific research and publications conducted by the Youth and Media team at the Berkman Center for Internet & Society at Harvard University, others reflect more generally on personal observations and/or opinions, or highlight and discuss insights and learnings from other studies or concrete projects.


Download the series

The Keys to the Internet


by Maggie Koerth-Baker

"I want to get on the Internet," I tell the librarian. She is an old lady with a face set in a permanent state of disapproval. She already doesn't like me; the result of unsavory habits like trying to check out Portnoy's Complaint after the aforementioned Newsweek named it one of the best books of the 20th century. It's probably unsurprising, then, that she views this request as another step in my burgeoning juvenile delinquency.

"You're underage. You can't use the Internet without a parent," she says.


From My First Internet, a series of stories collected by Sara M. Watson about our first encounters with the Internet

Something Is Going Right: Net Neutrality and the FCC


by Lawrence Lessig

Defenders of the status quo are now frantically filling the tubes with FUD about the FCC's decision. But as you work through this FUD, keep one basic fact clear. Relative to practically every other comparable nation, America's broadband sucks. Seriously, sucks. Even France beats us in cost and quality. And as the genius Yochai Benkler established in the monumental report by the Berkman Center commissioned by the FCC after Obama was elected, the single most important reason our broadband sucks is the sell-out regulatory strategy of the prior decade at least. Nations that imposed neutrality-like rules beat us, in cost and quality. They have more competition, faster growth, and better access. So for anyone remotely connected to reality-based policy making, it has been clear forever that America made a wrong turn in its regulatory strategy, and that we needed an about face.


From the Huffington Post | @lessig

Smells Like Cyberspace Spirit: Don't laugh at China's ham-fisted attempt to praise its Internet in song


by Josephine Wolff

...But writing theme songs for secretive government agencies isn't the exclusive domain of parodists, as we learned last week when the Cyberspace Administration of China released its earnest musical number, "Cyberspace Spirit." According to the Wall Street Journal's English translation of the Chinese lyrics, the administration's well-rehearsed chorus, costumed in tuxedoes and matching red dresses and arranged in orderly rows at the center of a brightly lit stage, trumpets the "clarity and brightness" of the Chinese Internet as a "beam of incorruptible sunlight," reminding listeners that "the Web is where glorious dreams are!" To reiterate: This is not a parody.


From | @josephinecwolff

The Lifelong Learning Study: Preliminary Trends from the Online Survey


a new report by Alison Head

In our survey of recent college graduates and their lifelong learning information practices, a small percentage of respondents reported using e-learning sites in the past year such as Stackoverflow (12%), Codecademy (10%), or Lynda (7%). Despite widespread assumptions about the growing use of interactive education platforms for learning coding and a range of other marketable skills, these findings suggest otherwise. We found far more graduates surveyed relied on mainstream sites, like YouTube videos (79%) and Pinterest (51%) to pick up new skills and 'how to' information.


From Alison Head's latest trends report for Project Information Literacy (PIL)

Data is the New "___"

Quotation mark

by Sara M. Watson

How we think about data-and more importantly what we do with it-will depend on the value systems that our conceptual metaphors capture and reify. Reframing metaphors for data in a more personal and embodied context will give us a better way to think of ourselves as information organisms, or "inforgs," as philosopher Luciano Floridi suggests we are becoming. Our data profiles will act on our behalf, and we must be able to interact with and grasp their agency. Embodied data metaphors put more control in our hands as individuals, capable of interpreting and intervening in our own personal data management.


From DIS Magazine | @smwat

The Equation Group's Sophisticated Hacking and Exploitation Tools

Quotation mark

by Bruce Schneier

This week, Kaspersky Labs published detailed information on what it calls the Equation Group - almost certainly the NSA - and its abilities to embed spyware deep inside computers, gaining pretty much total control of those computers while maintaining persistence in the face of reboots, operating system reinstalls, and commercial anti-virus products. The details are impressive, and I urge anyone interested to read the Kaspersky documents, or this very detailed article from Ars Technica.


From Lawfare | @schneierblog

Cameroon Bloggers Rally Behind #StopBokoHaram Campaign

Quotation mark

by Dibussi Tande

In reaction to the persistent and increasingly macabre Boko Haram attacks on Cameroon and neighboring countries, the Cameroon Bloggers Association recently launched a #StopBokoHaram campaign. According to the AfrIct blog:

The goal of the campaign is threefold: highlight the threat posed by the terrorist group in Cameroon, show support for Cameroonian troops who have so far held back the Boko Haram onslaught, and express solidarity with the people of the North region who have been hardest hit by Boko Haram.


From Global Voices | @globalvoices

More Berkman in the News

Manage subscription preferences

by gweber at February 25, 2015 03:03 PM

Bruce Schneier
The Obsolescence of Submarines

Interesting article on the submarine arms race between remaining hidden and detection. It seems that it is much more expensive for a submarine to hide than it is to detect it. And this changing balance will affect the long-term viability of submarines.

by Bruce Schneier at February 25, 2015 02:57 PM

Berkman Center front page
Upcoming Events: We Break Things...Hackers Fight for Freedom (2/26); Lawyering for Social Justice in the Age of Digital Media (3/3)


A preview of our upcoming events calendar and recently archived digital media

Upcoming Events / Digital Media
February 25, 2015
film screening

We Break Things...Hackers Fight for Freedom

Thursday, February 26, 6:00pm ET, Harvard Law School, Wasserstein Hall, Room B10. Co-sponsored by the Harvard Journal of Law and Technology and the Harvard Law Documentary Film Studio.


A pre-release screening with filmmaker Rebecca Wexler. WE BREAK THINGS pulls back the curtain on one of society’s increasingly powerful political forces, which to most people remains a mystery. Meet the hackers who build and break technology to defend civil liberties worldwide. Featuring intimate personal stories from deep inside the hacker community, this film showcases gender, sexual orientation, socioeconomic, and other kinds of diversity among tech activists. Hacker culture, technology, and wit fuse in an electrified movement for digital freedom, as obscure figures behind the screens come forward for the first time to share their loves, losses, and deepest motivations.

Director/Producer Rebecca Wexler is a fellow of the Information Society Project at Yale Law School where she is currently a J.D. candidate writing on speech, privacy, Internet and democracy issues. She has produced, directed, shot and edited documentaries for the Yale Art Gallery and the Long Wharf Theater, and has worked as an Associate Producer and Archivist for PBS WETA and PBS American Experience. Rebecca recently completed work as a Fulbright Senior Research Scholar in Sri Lanka, where she collaborated with a post-war media collective and taught documentary film production at the Eastern University of Sri Lanka, Trincomalee. more information on our website>

berkman luncheon series

Lawyering for Social Justice in the Age of Digital Media

Tuesday, March 3, 12:00pm ET, Berkman Center for Internet & Society, 23 Everett St, 2nd Floor. Please note this Tuesday luncheon will not be live webcast or recorded.


Twenty years ago, effective legal advocacy required some fluency with press releases and mainstream media -- but today's digital media tools require a different sort of training. These tools enable lawyers to bring the voices of their clients directly to policymakers and mass audiences; to create new and richer ways to present evidence and expert reports; to expose government and corporate corruption; to crowdsource the documentation of law violations; to gather and authenticate visual evidence on mobile phones; to enhance public understanding of the law, to give legal information to unrepresented litigants en masse; and so much more. How do we teach today’s young advocates to integrate rich, multi-platform media campaigns into their legal work?

Rebecca Richman Cohen has been a Lecturer on Law art Harvard Law School since 2011. She is an Emmy Award nominated documentary filmmaker with experience in international human rights, criminal defense, and drug policy reform. Rebecca was profiled in Filmmaker Magazine's 25 New Faces in Independent Film as an "up-and-comer poised to shape the next generation of independent film." She has taught classes at the Rhode Island School of Design (RISD), American University's Human Rights Institute, and most recently at Columbia University. Rebecca graduated from Brown University with a B.A. in Portuguese and Brazilian Studies and with a Juris Doctor from Harvard Law School. She was a 2012-2013 Soros Justice Fellow. RSVP Required. more information on our website>

berkman luncheon series

Willow Brugh

Tuesday, March 10, 12:00pm ET, Berkman Center for Internet & Society, 23 Everett St, 2nd Floor. This event will be webcast live.


Berkman Fellow Willow Brugh will present at the Berkman Center luncheon series. Topic TBA.

Willow Brugh, known as willowbl00 works with Aspiration Technology, and as a professor of practice of Professor of Practice at Brown University. She’s also affiliated with the Center for Civic Media at MIT’s Media Lab, the New England Complex Systems Institute, and a fellow at Harvard's Berkman Center for Internet and Society. RSVP Required. more information on our website>


Aimee Corrigan on #StopEbola: What Nigeria Did Right


On July 20, 2014 the Ebola outbreak landed in Nigeria, Africa's most populous country. Public health officials warned that an outbreak could be catastrophic in Lagos, a densely populated city of 21 million. 19 confirmed cases left 11 dead from the disease, but Nigeria’s nightmare scenario never occurred. Within three months, the World Health Organization declared Nigeria Ebola-free, deeming the nation's efforts to contain the disease a "spectacular success story”. In a country with 130 million mobile-phone users and active social networks, social media and mobile technology played a central role in Nigeria’s Ebola containment. In this talk Aimee Corrigan -- Co-Director of Nollywood Workshops, a hub for filmmakers in Lagos, Nigeria -- discusses how viral video, SMS, and social media were used to sensitize audiences, manage fear and myths, and reduce stigma around Ebola. And how these strategies might be utilized in public health challenges in Africa and beyond. video/audio on our website>

Other Events of Note

Local, national, international, and online events that may be of interest to the Berkman community:

You are receiving this email because you subscribed to the Berkman Center's Weekly Events Newsletter. Sign up to receive this newsletter if this email was forwarded to you. To manage your subscription preferences, please click here.

Connect & get involved: Jobs, internships, and more iTunes Facebook Twitter Flickr YouTube RSS

See our events calendar if you're curious about future luncheons, discussions, lectures, and conferences not listed in this email. Our events are free and open to the public, unless otherwise noted.

The Berkman Center for Internet & Society at Harvard University was founded to explore cyberspace, share in its study, and help pioneer its development. For more information, visit

Berkman Center for Internet & Society

by ashar at February 25, 2015 02:57 PM

Claire McCarthy
Should Cupcakes Be Banned From School Parties?

CMcCarthy1When my older children were in elementary school, I sent in cupcakes for their birthdays or for class parties.

My youngest is in elementary school now, and for his birthday, I sent in pencils and temporary tattoos for classmates — because the school doesn’t allow us to send in sweets anymore.

When the change was first made, my reaction was: For real? Banning sweets? Since when did some cupcakes at a birthday party become so dangerous and a big deal? Even as a pediatrician, I thought it was silly. There’s nothing wrong with eating sweets as long as your diet is overall a healthy one.

But therein lies the problem. Not all kids’ diets are healthy. And, as I’ve thought about this more, I’ve decided that there’s something to be said for setting standards — and an example.

The American Academy of Pediatrics recently released a policy statement on snacks and sugary foods and drinks in school. In it, they point out that more than 55 million children attend public schools — and get about 35 to 40 percent of their daily calories there. It’s not only important that the food they get in school be as healthy as possible, it’s important to use the opportunity (any opportunity, these days) to teach children and families about eating healthy.

Let’s face it: Junk food and sweets are crowd pleasers — I mean kid-pleasers. They are also generally inexpensive and often pre-packaged, making it very easy to throw them into snack bags and lunch boxes. So lots of parents do. Not only do they send them to school, they stock the cabinets and refrigerator with them. I can’t tell you how many parents and kids look at me like I have two heads when I suggest sending fruit and a water bottle for snack instead of chips and juice. (“He won’t eat that,” they say. “He will if he gets used to it, and if you try out different fruits,” I say, but it’s clear they don’t buy it.)

Now, I get that banning sweets from school parties or fundraisers or whatever isn’t going to make all parents feed their children healthy foods and thereby end childhood obesity. But it does force families to think together about alternatives — and gives kids a chance to eat healthy foods with their friends, which sometimes is exactly what’s needed to break through the resistance. And when kids bring in non-food treats like those tattoos, it reinforces the idea that celebrations don’t always have to include food (so un-American, but true).

So, I’ve moved from thinking, “They need to get over themselves!” to thinking, “Hey, this just might be a good idea.” It’s not about being the cupcake police. You can always feed your kid cupcakes at home. And besides, cupcakes can be a pain to make (especially when there are lots of kids in the class) and get into school (I lost my favorite cupcake container when I drove off after the party with it still on the roof of my minivan). Pencils or strawberries are so much easier.

That’s the thing: People get so up in arms about this (there were plenty of upset folks at our school) that they don’t always stop to think about the advantages.

And when it comes to advantages, improving the health of children is one of the very best ones out there.

This blog post was originally published on Huffington Post.

The post Should Cupcakes Be Banned From School Parties? appeared first on Thriving Blog.

by Claire McCarthy at February 25, 2015 02:46 PM

Bruce Schneier
The Equation Group's Sophisticated Hacking and Exploitation Tools

This week, Kaspersky Labs published detailed information on what it calls the Equation Group -- almost certainly the NSA -- and its abilities to embed spyware deep inside computers, gaining pretty much total control of those computers while maintaining persistence in the face of reboots, operating system reinstalls, and commercial anti-virus products. The details are impressive, and I urge anyone interested to read the Kaspersky documents, or this very detailed article from Ars Technica.

Kaspersky doesn't explicitly name the NSA, but talks about similarities between these techniques and Stuxnet, and points to NSA-like codenames. A related Reuters story provides more confirmation: "A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it."

In some ways, this isn't news. We saw examples of these techniques in 2013, when Der Spiegel published details of the NSA's 2008 catalog of implants. (Aside: I don't believe the person who leaked that catalog is Edward Snowden.) In those pages, we saw examples of malware that embedded itself in computers' BIOS and disk drive firmware. We already know about the NSA's infection methods using packet injection and hardware interception.

This is targeted surveillance. There's nothing here that implies the NSA is doing this sort of thing to every computer, router, or hard drive. It's doing it only to networks it wants to monitor. Reuters again: "Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said." A map of the infections Kaspersky found bears this out.

On one hand, it's the sort of thing we want the NSA to do. It's targeted. It's exploiting existing vulnerabilities. In the overall scheme of things, this is much less disruptive to Internet security than deliberately inserting vulnerabilities that leave everyone insecure.

On the other hand, the NSA's definition of "targeted" can be pretty broad. We know that it's hacked the Belgian telephone company and the Brazilian oil company. We know it's collected every phone call in the Bahamas and Afghanistan. It hacks system administrators worldwide.

On the other other hand -- can I even have three hands? -- I remember a line from my latest book: "Today's top-secret programs become tomorrow's PhD theses and the next day's hacker tools." Today, the Equation Group is "probably the most sophisticated computer attack group in the world," but these techniques aren't magically exclusive to the NSA. We know China uses similar techniques. Companies like Gamma Group sell less sophisticated versions of the same things to Third World governments worldwide. We need to figure out how to maintain security in the face of these sorts of attacks, because we're all going to be subjected to the criminal versions of them in three to five years.

That's the real problem. Steve Bellovin wrote about this:

For more than 50 years, all computer security has been based on the separation between the trusted portion and the untrusted portion of the system. Once it was "kernel" (or "supervisor") versus "user" mode, on a single computer. The Orange Book recognized that the concept had to be broader, since there were all sorts of files executed or relied on by privileged portions of the system. Their newer, larger category was dubbed the "Trusted Computing Base" (TCB). When networking came along, we adopted firewalls; the TCB still existed on single computers, but we trusted "inside" computers and networks more than external ones.

There was a danger sign there, though few people recognized it: our networked systems depended on other systems for critical files....

The National Academies report Trust in Cyberspace recognized that the old TCB concept no longer made sense. (Disclaimer: I was on the committee.) Too many threats, such as Word macro viruses, lived purely at user level. Obviously, one could have arbitrarily classified word processors, spreadsheets, etc., as part of the TCB, but that would have been worse than useless; these things were too large and had no need for privileges.

In the 15+ years since then, no satisfactory replacement for the TCB model has been proposed.

We have a serious computer security problem. Everything depends on everything else, and security vulnerabilities in anything affects the security of everything. We simply don't have the ability to maintain security in a world where we can't trust the hardware and software we use.

This article was originally published at the Lawfare blog.

EDITED TO ADD (2/17): Slashdot thread. Hacker News thread. Reddit thread. BoingBoing discussion.

EDITED TO ADD (2/18): Here are are two academic/hacker presentations on exploiting hard drives. And another article.

EDITED TO ADD (2/23): Another excellent article.

by Bruce Schneier at February 25, 2015 06:12 AM

Berkman Center front page
Youth and Online News: Reflections and Perspectives


Youth and Media is pleased to announce the publication of "Youth and Online News: Reflections and Perspectives," a series of short essays written by friends and colleagues that offer insightful, provoking, and out-of-the-box reflections and observations at the intersection of news, digital media, and youth.

Publication Date

17 Feb 2015


Thumbnail Image: 

Youth and Media is pleased to announce the publication of "Youth and Online News: Reflections and Perspectives," a series of short essays written by friends and colleagues that offer insightful, provoking, and out-of-the-box reflections and observations at the intersection of news, digital media, and youth.

The contributions in this publication reflect the diversity of ideas and perspectives that form the core and spirit of the Berkman community. Some of the essays are closely connected to specific research and publications conducted by the Youth and Media team ( at the Berkman Center for Internet & Society at Harvard University, others reflect more generally on personal observations and/or opinions, or highlight and discuss insights and learnings from other studies or concrete projects.

Contributiors include: Sarah Genner, Erhardt Graeff, Paulina Haduong, Rey Junco, Luis Felipe R. Murillo, Dalia Othman, Geanne Perlman Rosenberg, Emily Robinson, Mayte Schomburg, Brittany Seymour, Hasit Shah, and Sara M. Watson.

About Youth and Media
Led by Principal Investigator Urs Gasser and Youth and Media Director Sandra Cortesi, in cooperation with Berkman board member John Palfrey and colleagues, Youth and Media encompasses an array of research, advocacy, and development initiatives around youth and digital technology. By understanding young people‘s interactions with digital media such as the Internet, cell phones, and video games, this highly collaborative project aims to gain detailed insights into youth practices and digital fluencies, harness the associated opportunities, address challenges, and ultimately shape the evolving regulatory and educational framework in a way that advances the public interest.

by gweber at February 25, 2015 12:40 AM

February 24, 2015

David Weinberger
[shorenstein] CNN Digital’s New Rules for Modern Journalists

Meredith Artley , editor in chief of CNN Digital, is s giving a Shorenstein Center talk on “new rules for modern journalists.” [Disclosure: I sometimes write for I don’t know Meredith and she doesn’t know me.]

NOTE: Live-blogging. Getting things wrong. Missing points. Omitting key information. Introducing artificial choppiness. Over-emphasizing small matters. Paraphrasing badly. Not running a spellpchecker. Mangling other people’s ideas and words. You are warned, people.

Meredith started at where most of the work was copying and pasting into online. She left as second in charge. Then she spent five hears in Paris for the International Herald Tribune. Then exec. ed of She’s been at CNN for 5 years. Digital CNN includes, CNN Money on desktops and mobile, and more. There are 300 people on the digital team. Part of her remit is also to tap into the rest of CNN.

Rule #1: Slow down a bit.

For journalists, there’s more to consider than ever: writing, choosing images, building your personal brand across media. You need the discipline to be the best at what you’re doing.

For example, CNN had a story about this relentless winter. At first the headline was “Boston braces for more snow.” But that headline didn’t do very well; CNN tracks the clicks and other online responses. That headline tells you “Boston: More of the same.” So they came up with the headline “Boston would wave a white flag if it could see it.” That story went straight through the roof. A little emotion, a little wink.

#2: The best and brightest modern journalists pick a measure of success that matters to them.

Some video journalists pick completion rates: how many people make it through the entire 3-4 min video. Or time-spent on text stories. People viewed the story about the woman luring three young women into ISIS for an average of 6.5 minutes, which is a lot. “That’s powerful.” That tells CNN that maybe they can go long on that story. “We’re using the audience data to help steer us into our assignments.”

Another example: CNN gets a lot of reports of what posts are doing well. They had a lede that explained what’s at stake in the clash of powers in Ukraine rather than starting with that day’s developments. That got people into the story far more effectively

#3 Pick a social platform that suits you and suits your story — those are two separate things.

Facebook is good for several kinds of stories: for video, for evening publishing. Twitter is really good at reaching an influencer audience and having a connection to TV. Certain stories lend themselves to certain platforms.

Example: A correspondent was in a beseiged city. He did a Reddit AMA. The numbers weren’t astronomical, but the quality and caliber of the conversation was fantastic.

#4: Publishing is not the end.

The old model was that you hope your story gets posted prominently, and once it’s out, you’re done. The best and brightest rockstar journalists now know that publishing is the moment where you start to engage audiences, look at how it’s performing, thinking about how you might reach out to social media to get it seen, listen to the conversation around the story to see if there are followups….

E.g. At CNN Money they pore through data and find the best jobs in America based on particular criteria. Being a dentist made the list one year. CNN tweeted this out to the American Dental Association. “This is a great way to reach the people you’re talking about.” “It really isn’t enough these days to put it on a site, or tweet it and walk away.”

#5: Beware of the big and shiny objects.

There’s a lot of conversation about Snowfall. There’s a temptation to do big and beautiful things like that. But you have to pick and choose carefully. You can start slow: publish a little bit and see if there’s interest, and then add to it.

Example: A columnist, John Sutter, asked audiences to vote on the issues that matter to them. From child poverty to climate change, etc. He said they’d find stories to cover the top five. They thought about doing big multimedia productions. He did a story on the most endangered river. He tweeted during the process — very casual and low cost, not at all like a major multimedia production. “I like that iterative approach.”


Q: [alex jones] Your points #2-4, and maybe #5, are contrary to #1. Do you really want people to slow down?

A: I don’t find them contradictory at all. The point is to pick and choose. Otherwise there’s too much to do. Discipline is key. Otherwise it all becomes overwhelming.

Q: CNN on air’s strategy seems very different from On air the strategy is to pick one or two things and beat the hell out of them. Why doesn’t CNN make you the editor of the broadcast portion and have it be more reflective of what’s happening on the digital side?

A: Give me a few years. [laughter] At every morning’s meeting for all of CNN, we start with digital. When we framed the Ukraine story as an East-West proxy war, that becomes the on-air approach as well. CNN Air is a linear thing. That’s the nature of the medium. Most people watch CNN on air a bit at a time. So there was an intentional strategy to cover 4-5 stories and go deep. But because of the digital, we can go broader.

Q: How do you avoid feeling like you’re pandering when you make data so integral to the process? Not everything important is going to get the clicks, and not everything that gets clicks is important.

A: What’s important is what we’re going to do. We wouldn’t drop the Ukraine story if it didn’t get clicks. We use the data to make the story as strong as possible.

Q: Are there differences in how international audiences consumer digital news?

A: We’re seeing that the international audiences use social differently, and more actively. They share more. We’re not sure why. And, we see a lot of video usage in certain parts of Asia Pacific.

Q: How do you create synergies with traditional news media? Or do you?

A: You can’t keep TV separate from digital. Even within DNN Digital we have different pockets these days.

Q: Isn’t there some danger in media outlets sensationalizing headlines, turning them into clickbait? How can you best tread that line?

A: Clickbait is the scourge of the Internet. We don’t do it. We shouldn’t simplify into “Data bad, journalism good.” These are people who have training and instincts. We use data to help guide you to what resonates with the audience. We do it in service of the story.

Q: Can you talk about A/B testing of headlines? And we’re seeing software that turns structured data into stories. Is that the future?

A: We do A/B test headlines, all in service of the story, especially across the home pages. At CNN Money we’re A/B testing a photo with a headline above or below it. I’ve seen some examples of automated writing, but, meh. Maybe around a box score at this point.

Q: How do you see the relation between professionals and amateur journalists/bloggers?

A: CNN was early into this with I-reports. We also have the biggest social media footprint. (We check submitted reports.)

Q: The Ukraine report’s lede is more like what a newsmagazine would have done than like a newspaper lede.

A: Strategically that’s a shift we’re making. For any event there are a lot of stories that sounds the same. Commoditized news.So I’ve been asking our team to go deeper on the color and the context. We try to put it together and frame it a bit.

Q: Facebook has been emphasiszing native video. How you feel about that as opposed to linking to your page?

A: Its an ongoing discussion with Facebook.

by davidw at February 24, 2015 09:04 PM

Tim Davies
2015 Open Data Research Symposium – Ottawa

There are a few days left to submit abstracts for the 2015 Open Data Research Symposium due to take place alongside 3rd International Open Government Data Conference in Ottawa, on May 27th 2015.

Registration is also now open for participants as well as presenters.

Call for Abstracts: (Deadline 28th Feb 2015; submission portal)

As open data becomes firmly cemented in the policy mainstream, there is a pressing need to dig deeper into the dynamics of how open data operates in practice, and the theoretical roots of open data activities. Researchers across the world have been looking at these issues, and this workshop offers an opportunity to bring together and have shared dialogue around completed studies and work-in-progress.

Submissions are invited on themes including:

  • Theoretical framing of open data as a concept and a movement;
  • Use and impacts of open data in specific countries or specific sectors, including, but not limited to: government agencies, cities, rural areas, legislatures, judiciaries, and the domains of health, education, transport, finance, environment, and energy;
  • The making, implementation and institutionalisation of open data policy;
  • Capacity building for wider availability and use of open data;
  • Conceptualising open data ecosystems and intermediaries;
  • Entrepreneurial usage and open data economies in developing countries;
  • Linkages between transparency, freedom of information and open data communities;
  • Measurement of open data policy and practices;
  • Critical challenges for open data: privacy, exclusion and abuse;
  • Situating open data in global governance and developmental context;
  • Development and adoption of technical standards for open data;

Submissions are invited from all disciplines, though with an emphasis on empirical social research. PhD students, independent and early career researchers are particularly encouraged to submit abstracts. Panels will provide an opportunity to share completed or in-progress research and receive constructive feedback.

Submission details

Extended abstracts, in French, English, Spanish or Portuguese, of up to two pages, detailing the question addressed by the research, methods employed and findings should be submitted by February 28th 2015. Notifications will be provided by March 31st. Full papers will be due by May 1st. 

Registration for the symposium will open shortly after registration for the main International Open Government Data Conference.

Abstracts should be submitted via Easy Chair

Paper format

Authors of accepted abstracts will be invited to submit full papers. These should be a maximum of 20 pages single spaced, exclusive of bibliography and appendixes. As an interdisciplinary and international workshop we welcome papers in a variety of formats and languages: French, English, Spanish and Portuguese. However, abstracts and paper presentations will need to be given in English. 

Full papers should be provided in .odt, .doc, or .rtf or as .html. Where relevant, we encourage authors to also share in a repository, and link to, data collected as part of their research. 

We are working to identify a journal special issue or other opportunity for publication of selected papers.


Contact or for more details.

Programme committee

About the Open Data Research Network

The Open Data Research Network was established in 2012 as part of the Exploring the Emerging Impacts of Open Data in Developing Countries (ODDC) project. It maintains an active newsletter, website and LinkedIn group, providing a space for researchers, policy makers and practitioners to interact. 

This workshop will also include an opportunity to find out how to get involved in the Network as it transitions to a future model, open to new members and partners, and with a new governance structure. 

by Tim at February 24, 2015 08:53 PM

Exploring the Open Data Barometer

[Summary: ODI Lunchtime lecture about the Open Data Barometer]


Screen Shot 2015-02-24 at 20.39.15

Just over a month ago, the World Wide Web Foundation launched the second edition of the Open Data Barometer to coincide with BBC Democracy Day. This was one of the projects I was worked on at the Web Foundation before I completed my projects there at the end of last year. So, on Friday I had the opportunity to join with my successor at Web Foundation, Savita Bailur, to give an ODI Friday lunchtime talk about the methods and findings of the study.

A recording of the talk and slides are embedded below:

Friday lunchtime lecture: Exploring the Open Data Barometer: the challenges ahead for an open data revoluti…

And, as the talk mentions – all the data from the Open Data Barometer is available in the interactive report at

by Tim at February 24, 2015 08:42 PM

Unpacking open data: power, politics and the influence of infrastructures

[Summary: recording of Berkman Centre Lunch Talk on open data]

Much belatedly, below you will find the video from the Berkman Centre Talk I gave late last year on ‘Unpacking open data: power, politics and the influence of infrastructures

You can find a live-blog of the talk from Matt Stempeck and Erhardt Graff over on the MIT Media Lab blog, and Willow Brugh drew the fantastic visual record of themes in the talk shown below:


The slides are also up on Slideshare here.

I’m now in the midst of trying to make more sense of the themes in this talk whilst in the writing up stage for my PhD… and much of the feedback I had from the talk has been incredibly valuable in that – so comments are always welcome.

by Tim at February 24, 2015 08:31 PM

Berkman Center front page
Berkman Community Newcomers: Heather Whitney


Meet Heather Whitney, Berkman faculty associate studying the intersection of labor and employment law and innovation.

Thumbnail Image: 

This post is part of a series featuring interviews with some of the fascinating individuals who joined our community for the 2014-2015 year. Conducted by our 2014 summer interns (affectionately known as "Berkterns"), these snapshots aim to showcase the diverse backgrounds, interests, and accomplishments of our dynamic 2014-2015 community.

Q&A with Heather Whitney

Berkman faculty associate and Lecturer in Law at UChicago Law
interviewed in summer 2014 by Berktern Tatum Lindsay

You’re interested in how innovation is changing the nature of work and play for Americans. What are you working on now?

My current project centers on the enforceability of promises made by companies to both consumers and their workforce (current and potential) about the company’s mission (e.g., “organize and make useful the world’s information”) and the company’s treatment of its employees (“our employees have a voice in the direction of this company,” “we see ourselves as a family,” etc.). I’m specifically looking at whether those promises have teeth in the face of two major shifts happening to work today:

  • the “fissuring” of the workplace - i.e., the process by which a company sheds most direct employment and instead outsources entire functions to smaller business entities that compete in more highly competitive markets. e.g., Apple using Foxconn to manufacture its devices, Google hiring temp workers to scan in books, and FedEx’s legal battle to classify its drivers as independent contractors. (“Fissuring” is a term I borrow from David Weil’s most interesting book)
  • job polarization - i.e., employment growth at the top and bottom of the wage distribution spectrum and a hollowing out of the middle-wage jobs. (David Autor at MIT has written on this issue). 

Tentatively, I argue that these major shifts in the nature of jobs and employer-employee relations have made it more challenging to make good on such promises. There are a variety of reasons for this; I’ll simply mention a few here.
First, on the fissuring front, I suspect consumers often do not understand that just because someone is wearing a company t-shirt does not, in fact, mean they are one of the company’s direct employees (and therefore, eligible to receive all the benefits the company promises to its “employees”). As a result, consumers who make purchases based in part on a company’s commitment to treat its employees a particular way may be misled.

Second, almost no individual employee has the influence necessary to effectively challenge their employer to make good on its workplace-cultural promises. Employers tend to listen to the aggregated views of its workforce. Now, some will say this shows that workers should unionize. But, as I discuss in an article I am currently working on, unionization is particularly unlikely (and, I argue, not a good fit) in many of these workplaces, especially when dealing with the high-end side of the polarized workforce. Thus, the remainder of this article looks at different mechanisms by which employers and those who work for them (under whatever label) can work together to ensure their promises are kept and goals better reached.

In your talk you mentioned that “no collar” companies like Facebook and Google are reverting back to the 12-hour workday. Do you think that this workday model is inherent to the nature of tech companies? Does the real-time, instant, and constant nature of technology require its employees to spend more hours in the buildings? Is innovation best sown from these environments? Are more hours with colleagues required to make technology better?

There’s a lot built into that question! I’ll try and go through the pieces I can speak to. First, it’s not the case that everybody at Google and Facebook work 12+ hour days. I certainly did not average hours like that and most of the people I know who are still there do not either. Sometimes, sure. And there is wide variability among teams.

As for whether there is anything inherent in the nature of tech companies that requires long hours, I think the answer is plainly no. We’ve seen more recent experimentation with work hours, even in start-ups, which are notorious for brutal hours. For instance, you read about 32-hour weeks (four days, eight hours a day), 40-hour weeks compressed into four days (10 hours a day), and even all but mandatory vacations. Innovative companies that hire smart employees know those employees are in limited supply – burning through them is not a very good long-term strategy. 

As for face-time, it’s an interesting issue. I suspect the ultimate question that innovative companies ask themselves is whether having people together makes the creative juices flow more freely than if everybody works remotely. Of course, there is never a one-size-fits-all answer – workers themselves differ. But, I’ll just say that I suspect we will continue to see innovative companies doing what they can to create physical spaces where people enjoy coming together and exchanging ideas.

Where do you think the “high-trust” attitude of employees at places like Facebook and Google come from? Is it Gen-Y? A cultural shift?

Trust is a quality that companies cultivate, through the creation of trustworthy cultures. Think about all of your relationships – they progress (for better or worse) based on a combination of things like reputation and lived experiences. The same holds true for companies. Part of why I am interested in whether companies make good on their brand image and employee-directed sales pitch stems from that fact that when the company repudiates, that repudiation is very costly. To everyone. Consumers go elsewhere, and employees feel betrayed, perhaps quit, and are less likely to be trusting in future workplaces. It is also much harder for that company to recruit and retain top employees in the future. Some might argue that perhaps employees shouldn’t trust their employers and employers shouldn’t try to foster the same. That is certainly a view, but the evidence I’ve seen suggests that employees are happier when their employers are trustworthy; they are also more productive. So, it certainly seems like trust is something we should value.

As to the historical question, I mentioned in my earlier talk that while the Googles and Facebooks out there, with “free” food and a collegial atmosphere, seem radically new, they are not. Starting primarily in the 1920s, employers began reframing the employee-employer relationship as one of a “big family” and embraced a “do well by doing good for employees” ethos. During this time of what is known as “welfare capitalism” we see company picnics, additional perks, and the first instances of employees having a direct financial stake in their employer’s success through profit sharing and stock bonuses. Now, that is not to say today is a total repeat of the past. While a large amount of the 1920s welfare capitalism appeared in industries that were strongly anti-union (suggesting welfare capitalism was used as a [very effective] union-avoidance technique), today we see its closest analog in industries where competition for the best employees is fiercest and the risk of unionization seems incredibly low.

Moreover, the resources that companies put into researching and developing their own workplace and employees are astounding. Those interested can see one such article, about Google’s Project Oxygen, here. For more on the history of welfare capitalism, I highly recommend Sanford Jacoby’s work.

Any areas of tech and employment you’ve got on the backburner? 

I’m fascinated by the public (especially the younger, more liberal public) response to Uber, Lyft, Airbnb, TaskRabbit, and other companies that somehow got lumped into the “sharing economy.” (A very misleading term, I might add. Uber drivers “share” their car with me as much as a taxi driver does.) In particular, while the young and left have hugely embraced these companies, the companies themselves embody a deeply deregulatory and arguably libertarian philosophy. What this will mean for the political views and future modes of association these young people embrace (Unions? Guilds? No organizations at all?) is a question I’m quite interested in. For those interested about Uber and libertarianism, Salon had a great article about this.

Along those same lines, I am also always interested in hearing about alternative labor-like organizations people are creating and the roles those organizations play in workers lives. With a large number of people unable to secure fulltime employment, we see an increase in both part-time and freelance work. These people are creating associations that work for them and it is important we understand the functions their organizations play, as I suspect more workers will be forced to join their ranks in the future.

by ctian at February 24, 2015 08:21 PM

Bruce Schneier
Database of Ten Million Passwords

Earlier this month, Mark Burnett released a database of ten million usernames and passwords. He collected this data from already-public dumps from hackers who had stolen the information; hopefully everyone affected has changed their passwords by now.

News articles.

by Bruce Schneier at February 24, 2015 02:45 PM

Berkman Center front page
Workshopping Ideas: Presentations from the Digital Problem-Solving Initiative (DPSI) Teams


#DPSI teams will be workshopping their work @berkmancenter.

Parent Event

Berkman Luncheon Series

Event Date

Feb 24 2015 12:00pm to Feb 24 2015 12:00pm
Thumbnail Image: 

Tuesday, February 24, 2015 at 12:00 pm

The Digital Problem-Solving Initiative (DPSI, or "dip-see") at Harvard University, is an innovative and collaborative project, hosted through the Berkman Center. DPSI brings together a diverse group of learners (students, faculty, fellows, and staff) to work on projects to address challenges and opportunities across the university. DPSI offers participants a novel opportunity to engage with research, design, and policy relating to the digital world. Student teams will be presenting their work (see link below) and seeking feedback from the Berkman community.


by candersen at February 24, 2015 02:17 PM

February 23, 2015

Cyberlaw Clinic - blog
The (Non)Finality of a Fair Use Opinion

Today marks the beginning of Fair Use Week, a celebration of the doctrine of fair use in copyright law. Fair use allows a judge to decide – using a set of four factors articulated by the Copyright Act to guide the analysis – that a person can use another’s copyrighted work without permission or payment, despite the copyright holder’s normal ability to control the use.

If you chat about fair use these days, the word that gets tossed around more than any other is “transformativeness.” The word scarcely exists outside of copyright, but has overtaken discussions of fair use, and in particular the “first factor” of the statutory four-factor analysis, following a landmark law review article by Judge Pierre Leval from 25 years ago, where he wrote:

I believe the answer to the question of justification [in fair use] turns primarily on whether, and to what extent, the challenged use is transformative. The use must be productive and must employ the quoted matter in a different manner or for a different purpose from the original. A quotation of copyrighted material that merely repackages or republishes the original is unlikely to pass the test; in Justice Story’s words, it would merely “supersede the objects” of the original. If, on the other hand, the secondary use adds value to the original – if the quoted matter is used as raw material, transformed in the creation of new information, new aesthetics, new insights and understandings – this is the very type of activity that the fair use doctrine intends to protect for the enrichment of society.

(Citations omitted, hyperlink added.) The Supreme Court adopted Judge Leval’s approach in the 1994 case Campbell v. Acuff-Rose, which remains the last word from the Court on the substance of fair use. It took some time to take root, but today courts seem especially enamored by the “transformativeness” heuristic when deciding fair use cases. Prof. Neal Netanel published an article a few years ago that analyzed current fair use caselaw, built upon three earlier studies of fair use opinions from Profs. Barton Beebe, Pamela Samuelson, and Matthew Sag. In his article, Netanel notes an earlier period where courts focused predominantly on the “fourth factor” of the four-factor test, inspired by an article by Prof. Wendy Gordon and best represented by the Supreme Court’s Harper & Row decision, but that this approach has now been largely replaced:

[F]air use doctrine today is overwhelmingly dominated by the Leval–Campbell transformative use doctrine. … [J]udicial adoption of the transformative use paradigm increased measurably during 2006–2010, even if it was already high previous to that period. During 2006–2010, 85.5% of district court opinions and 93.75%, or all but one, of appellate opinions [that considered fair use] considered whether the defendant’s use was transformative.

He later went on to add that, “in contrast to the Harper & Row regime in which the fourth factor was undoubtedly the most important, today it is largely the first factor, particularly whether the use is held to be transformative, that drives fair use analysis.” Netanel notes that of the cases he surveyed, when a use was found to be transformative, the defendant won 89% of the time from 1995–2000, and every time from 2001–2010.

The dramatic rise of “transformativeness” has lead to concern amongst some scholars (and judges) that this consideration has improperly reduced the traditional multi-factor balancing of fair use to a simple yes/no test. If one is being true to the doctrine, not all fair uses should have to be transformative, and not all transformative uses should be fair. And so there’s a certain hunger amongst scholars to find contemporary examples of nontransformative fair uses. (Precisely what counts as a “transformative” use is a whole other discussion; see Anthony Reese’s article on that.)

The Second Circuit had such a case last January in Swatch Management v. Bloomberg. The facts of the case are straightforward: the Swiss watch and jewelry company Swatch held a conference call with about a hundred investor financial analysts to discuss its annual earnings report. The conversation was recorded at Swatch’s behest, and shortly after the call was complete the news company Bloomberg obtained a copy of the recording and posted it on the website for its “Bloomberg Professional” service, so that potential investors could hear how Swatch was describing its own financial situation. Swatch sued Bloomberg for infringement of its sound recording.

The Southern District of New York found this to be a fair use, but not a transformative one. In its short discussion of transformativeness, the court noted that the presence or absence of a transformative use is not dispositive, and despite a lack of transformation Bloomberg’s use was still favored under the first factor because it is purpose. Bloomberg “advanced the public interest of furthering full, prompt and accurate dissemination of business and financial news.” The court noted that Swatch sought additional discovery as to whether the use was transformative, but it rejected this request, stating “any such issues of fact are irrelevant to my analysis of Defendant’s use for I accepted that Defendant’s use was not transformative.”

On January 27, 2014, the Second Circuit issued an opinion agreeing with the district court. The court held that Bloomberg clearly intended to communicate this to the investing public, that securities law strongly encourages this communication (and requires it of American companies), and that “this important public purpose underlying Bloomberg’s use overcomes the countervailing weight we would otherwise give to Bloomberg’s clandestine methods and the commercial, nontransformative nature of its use.” The court went on to argue that a nontransformative use was, perhaps, preferred when considering the use of a work in a news reporting context:

In the context of news reporting and analogous activities … the need to convey information to the public accurately may in some instances make it desirable and consonant with copyright law for a defendant to faithfully reproduce an original work rather than transform it. In such cases, courts often find transformation by emphasizing the altered purpose or context of the work, as evidenced by surrounding commentary or criticism. [Citing two cases where uses of marginally-modified works were found fair.] Here, Bloomberg provided no additional commentary or analysis of Swatch Group’s earnings call. But by disseminating not just a written transcript or article but an actual sound recording, Bloomberg was able to convey with precision not only what Swatch Group’s executives said, but also how they said it. This latter type of information may be just as valuable to investors and analysts as the former, since a speaker’s demeanor, tone, and cadence can often elucidate his or her true beliefs far beyond what a stale transcript or summary can show. … [I]n light of the independent informational value inherent in a faithful recording of the earnings call, the fact that Bloomberg did not transform Swatch’s work through additional commentary or analysis does not preclude a finding that the [first factor] favors fair use.

So while there was social value added by the use and the use was ultimately found fair, in the eyes of the Second Circuit the use was not transformative.

Or at least the court thought that if you read the opinion in the winter of 2014. If you waited and read the opinion that summer, you would find that the use was held to be both fair and transformative. The court amended its opinion in late May, and changed its analysis of this factor substantially. Many small and large edits to this section shifted it towards this finding. For example, the court previously defended nontransformative uses in news reporting by saying “the need to convey information to the public accurately may in some instances make it desirable and consonant with copyright law for a defendant to faithfully reproduce an original work rather than transform it.” That sentence now ends “…to faithfully reproduce an original work without alteration,” suggesting that the lack of alteration can still transform a work in the fair use sense of the term. Whole new paragraphs to the opinion are added, including:

Furthermore, a secondary work “can be transformative in function or purpose without altering or actually adding to the original work.” [Citing two additional cases where such a use was found that were not in the original opinion.] Here, notwithstanding that the data disseminated by Bloomberg was identical to what Swatch Group had disseminated, the two works had different messages and purposes. To begin with, while Swatch Group purported to convey true answers to the analysts’ questions and to justify the propriety and reliability of its published earnings statement, Bloomberg made no representation one way or another as to whether the answers given by Swatch Group executives were true or reliable. Nor did Bloomberg purport to support the propriety or reliability of Swatch Group’s earnings statement. Bloomberg was simply revealing the newsworthy information of what Swatch Group executives had said. Bloomberg’s message— “This is what they said”—is a very different message from Swatch Group’s— “This is what you should believe.”

Analytically, I think the amended opinion is in better harmony with transformativeness doctrine to the extent that it bases its decision on the fact that physical alternation is not necessary to find transformation. There were times in the original opinion where a reader could get the impression that “transform” was used strictly in a physical sense, instead of the transformation of purpose contemplated by Leval and Campbell. But even under that proper framing it is a bit of stretch to say that Bloomberg’s use actually recontextualized Swatch’s recording in a notable way, when Bloomberg does not seem to do more than present Swatch’s recording without challenge or context. The court is absolutely right to point out that providing such primary sources is an important part of how the public consumes news today, but I can’t help but wonder whether the Second Circuit had the better approach the first time: the use doesn’t transform the work much, but it still has great public value, and on balance it should be allowed. (I find all three Swatch opinions to have the better side of the argument than their counterpart case from the Ninth Circuit, Monge v. Maya Magazines, which rejected a broader “public interest” consideration in fair use.)

What accounts for the Second Circuit’s change of heart? It’s not clear. The public docket of the case doesn’t shed any light, though there are some missing document numbers between the January judgment and the May amended opinion. Perhaps in those missing entries there was a motion for reconsideration or en banc petition that prompted a change, but searches online find no mention of it, and its undisclosed existence would raise more questions than it would answer. There’s no dissent or concurring opinion that suggests a January strife between the judges that is resolved by May. A quick search reveals no discussion in the media about the change – in fact, most of the posts about the case online were published before the amended opinion.

There’s a deeper question here, and that is the change itself. Fair use is an area of law that is especially dependent upon the dozen-or-so cases that come out each year further defining and reforming the doctrine to new types of uses and new sets of facts. Lawyers advising clients on fair use matters are put at a tremendous disadvantage if their building blocks are made out of shifting material. This is compounded by the fact that revisions in opinions are often released without any fanfare or news coverage at all. I only learned of this change thanks to David Hansen at UNC, who discovered it a little over a week after it happened and shared his finding on a copyright listserv. Though I’m not sure if this is where he found it, the Second Circuit decision in Authors Guild v. HathiTrust came out that day, and cited to the freshly-revised Swatch opinion – ironically, in a section where the court found a nontransformative fair use.

The surprising impermanence of judicial opinions received very little discussion until last year, when Prof. Richard Lazarus released a draft of his article The (Non)Finality of Supreme Court Opinions, and Adam Liptak covered it in the New York Times. In his article, Lazarus goes into considerable depth about the history of the Supreme Court and its reporter of authority, the United States Reports, from the early days where decisions were declared orally and documented by individual reporters working with the Justices (such as Henry Wheaton and Richard Peters, of the first Supreme Court copyright case Wheaton v. Peters, a case that Peters both won and reported) to the modern, elaborate system of publication and revision we have today.

Lazarus notes innumerable examples where changes to Supreme Court opinions were made – the overwhelming of which are small, but with some notable exceptions – and how many of these changes occur without any observable record-keeping or public scrutiny. Some of the examples he cites are quite substantive, although few are as long as the numerous new paragraphs in Swatch. And as Lazarus notes, the long-term effects of this system of revision can be severe:

[S]erious practical problems arise when the version of the Court’s opinion upon which lower courts, other branches of government, and scholars and teachers rely can change, without notice, as many as five years after initial publication. Not only do those relying on the Court’s opinions not know of the need to correct their own work, let alone have any practical way to discover the changes made, but their own writings — whether a judicial opinion, casebook, or treatise — can unwittingly perpetuate the error, long after the Court itself has changed its opinion.

The damage in Swatch appears to be contained. The original decision was cited in two cases before the amended report was issued, in the Second Circuit’s Wadsworth v. Allied Professionals Insurance Co. and the District of Connecticut’s Garcia v. Hebert, and both cite it for unrelated points. And Prof. Lazarus’s work may help usher in greater transparency for this often-overlooked part of the development of a judicial opinion. It’s already inspiring tools to help detect these changes, and there’s signs that the Supreme Court may be modifying its behavior.

But the Swatch story serves as an important reminder for lawyers that work in areas of law, like copyright, where opinions get considerable public attention and discussion the week they’re released. Our attitudes toward the outcomes in these cases may form in January, but before citing the case in May, it’s probably a good idea to make sure the opinion still says what you think it does.

by Andy Sellars at February 23, 2015 06:30 PM

David Weinberger
The library-sized hole in the Internet

Sarah Bartlett of OCLC interviewed me at some length about the future of libraries. You can read it here.

At some point I will write up the topic of my talk at the OCLC’s EMEA Regional Council Meeting in Florence: libraries as community centers…of meaning.

by davidw at February 23, 2015 03:58 PM

February 20, 2015

Bruce Schneier
Friday Squid Blogging: Tentacle Utensils


As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at February 20, 2015 09:44 PM

Sara M. Watson
“But Ferguson was Trending in my Feed”

This essay appeared in the Berkman Center's Youth and Media essay collection, “Youth and Online News: Reflections and Perspectives,” which is available for download through SSRN. My contribution is among a great set of pieces that offer insightful, provoking, and out-of-the-box reflections at the intersection of news, digital media, and youth. 

I was at a journalism conference recently where the topic of algorithmic curation came up. One of the speakers cited the comparison between Ferguson trending on Twitter while the Ice Bucket Challenge was all the rage on Facebook. It was held up as an example of how platforms influence and shape news and shape sharing behaviors of their users.

One student in the audience raised her hand, piping up that she contested the premise that Ferguson hadn’t trended on Facebook. “She was originally from St. Louis and all her friends from home had been talking about it, about race, about police violence, about protests. Ferguson was all over her Facebook newsfeed.”

The discrepancy provided an illustrative moment. One the one hand, opinion and data had made claims about how algorithmic filtering practices of platform affect access to news on Facebook. “On the other hand”, a personal experience of the same news event had differed drastically from the larger collective narrative about how news spreads online, and how politically sensitive topics are discussed within youth peer networks on Facebook.

That one student, away from home at school in Milwaukee, hadn’t felt distant from the activities in Ferguson. She was deep in it in her feed. The news was blowing up within her situated sphere of influence. This is how she experienced Ferguson.

Still, she had a hard time conceiving how Ferguson hadn’t made it into the feeds of others on Facebook. She contested the speaker’s claim with her own, situated and personal experience of the algorithmic curation.

Digital Literacy in Context

The greatest challenge we face in addressing the technical platforms that shape our information experiences is in demonstrating the effects between inputs and outputs in the system. Just as news literacy aims to develop skills to “understand a source’s agendas, motivations and backgrounds,” digital literacy needs to do the same of the platforms and their business models and motivations for providing value to consumers. We need tools that not only build diversity and solve for homophily problems, but also introduce us to the underlying editorial structures of these novel information platforms.

Digital news literacy ought to be taught by example and in context. Youth need to understand how algorithms affect their unique experience, not just how they influence everyone’s experience abstractly and in principle. We need more tools that allow youth to interact with the algorithm and see the micro effects of subtle changes from various inputs, like who you follow, what posts you comment on or re-share, and what things you like and click through.

Tools like Floodwatch’s ad tracking database allow us to compare our personal experience to that of others in a shared demographic profile. We could use still more technical interventions to help show variation in personalization.

What can youth learn about the way technical platforms work by comparing and contrasting the trending topics they see on Facebook and Twitter with peers in their network, and with others outside their network? What will they learn about what newsworthiness is in these personalized contexts?

If we take into account the personal, contextual experience of youth in teaching news literacy, we can help them to understand their place in a larger civic discourse around news and access to information by making it grounded, personal and real in the contexts where they get information today.

Ethnography in Youth and Media Research

News literacy goes beyond the sources that youth get information from, and how social media influences their filter bubble. It’s also about developing algorithmic literacy, for understanding the curatorial and editorial role of the platforms they interact with in their media environments.

Ethnographic interview work has vastly expanded our understanding of youth media practices by meeting them where they are and elevating their voices and concerns. Youth news experiences are inherently personalized now, and research methods for understanding those technical experiences must be as well.

Ethnography in Technology Journalism

Ethnographic approaches to knowledge and experience of algorithms should also expand to the media outlets covering our evolving relationship to technology. Journalists can play a role in developing digital literacy for access to information for their audiences by paying attention to and covering grounded, individual interactions with these systems.

That has been my methodological approach to “Living with Data,” the series I developed for Al Jazeera America. In it I examine encounters that illustrate our personal, situated experience of these tools, following reader submissions about our expectations about how these systems work or should work, and what is actually technically happening. The series aims to teach critical digital literacy through examples.

In part, this series was designed to refute the common argument that “I have nothing to hide” or that privacy concerns are too abstract for people to understand their effects. My aim is to illustrate through real experiences how autonomy and privacy are influenced by these sociotechnical systems that govern our access to information. A mission to develop critical digital literacies becomes especially important for a generation that takes Facebook and other social media platforms for granted.

This grounded approach makes the harms, or the surprises of data more personal, and more relatable. So while your experience may be very different from mine, I can begin to understand the inner workings of these algorithmic curatorial decisions because I can grasp the effects at a personal scale. I can compare my experience of Ferguson on Facebook against everyone else’s experience of the Ice Bucket Challenge.

Grounding coverage of these technical stories makes technical subjects more accessible, but also helps to make the individual stakes more present and clear. 

by Sara M. Watson at February 20, 2015 05:56 PM

danah boyd
Why I Joined Dove & Twitter to #SpeakBeautiful

I’ve been online long enough to see a lot of negativity. I wear a bracelet that reads “Don’t. Read. The. Comments.” (a gift from Molly Steenson) to remind myself that going down the path of negativity is not helpful to my soul or sanity. I grew up in a geeky environment, determined to prove that I could handle anything, to stomach the notion that “if you can’t stand the heat, get out of the kitchen.” My battle scars are part of who I am. But why does it have to be this way?

Over the last few years, as the internet went from being a geeky subculture to something that is truly mainstream, I started watching as young women used technology to demean themselves and each other. It has broken my heart over and over again. Women are hurting themselves in the process of hurting each other with their words. The answer isn’t to just ask everyone out there to develop a thick skin. A world of meanness and cruelty is destructive to all involved and we all need to push back at it, especially those of us who have the strength to stomach the heat.

I’m delighted and honored to partner with Dove and Twitter to change the conversation. In an effort to better understand what’s happening, Dove surveyed women and Twitter analyzed tweets. Even though only 9% of women surveyed admit to posting negative comments on social media, over 5 million negative tweets about beauty and body image were posted in 2014 alone and 4 out of 5 of those tweets appeared to come from women. Women know that negative comments are destructive to their self-esteem and to those around them and, yet, the women surveyed reported they are 50% more likely to say something negative than positive. What is happening here?

This weekend, we will watch celebrities parade down the red carpet wearing gorgeous gowns as they enter a theater to celebrate the pinnacle of film accomplishments. Yet, if history serves, the social media conversation around the Oscar’s will be filled with harsh commentary regarding celebrities’ beauty and self-loathing.

We live in a world in which self-critique and ugliness is not only accepted, but the norm. Especially for women. Yet, so many women are unable to see how what they say not only erodes their own self-worth, but harms others. Every time we tear someone down for what they’re wearing or how they’re acting – and every time that we talk badly about ourselves – we contribute to a culture of cruelty in which women are systemically disempowered. This has to change.

It’s high time that we all stop and reflect on what we’re saying and posting when we use our fingers to talk in public. It’s time to #Speak Beautiful. Negative commentary has a domino effect. But so does positive commentary.

In an effort to change the norm, Dove and Twitter have come together to try to combat negativity with positive thoughts. Beyond this video, they are working together to identify negative tweets and reach out to women who might not realize the ramifications of what they say. Social media and self-esteem experts will offer advice in an effort to empower women to speak with more confidence, optimism, and kindness.

Will this solve the problem? No. But the modest goal of this campaign is to get more women to step back and reflect about what they’re saying. At the end of the day, it’s us who need to solve the problem. We need to all collectively make a conscious decision to stop the ugliness. We need to #SpeakBeautiful.

I am honored to be able to contribute to this effort and I invite you to do the same. Spend some time today and over the weekend thinking about the negativity you see around you on social media and push back against it. If your instinct is to critique, take a moment to say something positive. An effort to #SpeakBeautiful is both selfish and altruistic. You help others while helping yourself.

I know that I will spend the weekend thinking about my grandmother, a beautiful woman in her 90s who grew up being told that negative thoughts were thoughts against God. As a teenager, I couldn’t understand how she could stay positive no matter what happened around her but as I grow older, I’m in awe of her ability to find the beauty in everything. I’ve watched this sustain her into her old age. I only wish more people could find the nourishment of such positivity. So let’s all take a moment to #SpeakBeautiful, for ourselves and for those around us.

by zephoria at February 20, 2015 02:28 PM

Cyberlaw Clinic - blog
Cyberlaw Clinic Contributes to Report on Intermediary Liability

Case StudyThe Clinic is pleased to have played a role in preparing a far-reaching new report released by the Global Network of Internet and Society Research Centers and the Berkman Center for Internet & Society at Harvard University, addressing questions about intermediary liability around the world.  The report is a first output of a larger initiative on the governance of online intermediaries.  It consists of:  (a) a case study series exploring online intermediary liability frameworks and issues in Brazil, the European Union, India, South Korea, the United States, Thailand, Turkey, and Vietnam; and (b) a synthesis paper that seeks to distill key observations and provide a high-level analysis of some of the structural elements that characterize varying governance frameworks, with a focus on intermediary liability regimes and their evolution.  Clinical Fellow Andy Sellars helped to support the project overall, and he — along with the Clinic’s Managing Director Chris Bavitz and two summer 2014 Cyberlaw Clinic interns, Nick DeCoster and Michael Lambert – helped to craft the US case study.

by Clinic Staff at February 20, 2015 11:02 AM

Bruce Schneier
New Book: Data and Goliath

After a year of talking about it, my new book is finally published.

This is the copy from the inside front flap:

You are under surveillance right now.

Your cell phone provider tracks your location and knows who's with you. Your online and in-store purchasing patterns are recorded, and reveal if you're unemployed, sick, or pregnant. Your e-mails and texts expose your intimate and casual friends. Google knows what you're thinking because it saves your private searches. Facebook can determine your sexual orientation without you ever mentioning it.

The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we're offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.

Much of this is voluntary: we cooperate with corporate surveillance because it promises us convenience, and we submit to government surveillance because it promises us protection. The result is a mass surveillance society of our own making. But have we given up more than we've gained? In Data and Goliath, security expert Bruce Schneier offers another path, one that values both security and privacy. He shows us exactly what we can do to reform our government surveillance programs and shake up surveillance-based business models, while also providing tips for you to protect your privacy every day. You'll never look at your phone, your computer, your credit cards, or even your car in the same way again.

And there's a great quote on the cover:

"The public conversation about surveillance in the digital age would be a good deal more intelligent if we all read Bruce Schneier first." --Malcolm Gladwell, author of David and Goliath

This is the table of contents:

Part 1: The World We're Creating
Chapter 1: Data as a By-Product of Computing
Chapter 2: Data as Surveillance
Chapter 3: Analyzing our Data
Chapter 4: The Business of Surveillance
Chapter 5: Government Surveillance and Control
Chapter 6: Consolidation of Institutional Surveillance
Part 2: What's at Stake
Chapter 7: Political Liberty and Justice
Chapter 8: Commercial Fairness and Equality
Chapter 9: Business Competitiveness
Chapter 10: Privacy
Chapter 11: Security
Part 3: What to Do About It
Chapter 12: Principles
Chapter 13: Solutions for Government
Chapter 14: Solutions for Corporations
Chapter 15: Solutions for the Rest of Us
Chapter 16: Social Norms and the Big Data Trade-off

I've gotten some great responses from people who read the bound galley, and hope for some good reviews in mainstream publications. So far, there's one review.

You can buy the book at Amazon, Amazon UK, Barnes & Noble, Powell's, Book Depository, or IndieBound -- which routes your purchase through a local independent bookseller. E-books are available on Amazon, B&N, Apple's iBooks store, and Google Play.

And if you can, please write a review for Amazon, Goodreads, or anywhere else.

by Bruce Schneier at February 20, 2015 09:40 AM

Samsung Television Spies on Viewers

Earlier this week, we learned that Samsung televisions are eavesdropping on their owners. If you have one of their Internet-connected smart TVs, you can turn on a voice command feature that saves you the trouble of finding the remote, pushing buttons and scrolling through menus. But making that feature work requires the television to listen to everything you say. And what you say isn't just processed by the television; it may be forwarded over the Internet for remote processing. It's literally Orwellian.

This discovery surprised people, but it shouldn't have. The things around us are increasingly computerized, and increasingly connected to the Internet. And most of them are listening.

Our smartphones and computers, of course, listen to us when we're making audio and video calls. But the microphones are always there, and there are ways a hacker, government, or clever company can turn those microphones on without our knowledge. Sometimes we turn them on ourselves. If we have an iPhone, the voice-processing system Siri listens to us, but only when we push the iPhone's button. Like Samsung, iPhones with the "Hey Siri" feature enabled listen all the time. So do Android devices with the "OK Google" feature enabled, and so does an Amazon voice-activated system called Echo. Facebook has the ability to turn your smartphone's microphone on when you're using the app.

Even if you don't speak, our computers are paying attention. Gmail "listens" to everything you write, and shows you advertising based on it. It might feel as if you're never alone. Facebook does the same with everything you write on that platform, and even listens to the things you type but don't post. Skype doesn't listen -- we think -- but as Der Spiegel notes, data from the service "has been accessible to the NSA's snoops" since 2011.

So the NSA certainly listens. It listens directly, and it listens to all these companies listening to you. So do other countries like Russia and China, which we really don't want listening so closely to their citizens.

It's not just the devices that listen; most of this data is transmitted over the Internet. Samsung sends it to what was referred to as a "third party" in its policy statement. It later revealed that third party to be a company you've never heard of -- Nuance -- that turns the voice into text for it. Samsung promises that the data is erased immediately. Most of the other companies that are listening promise no such thing and, in fact, save your data for a long time. Governments, of course, save it, too.

This data is a treasure trove for criminals, as we are learning again and again as tens and hundreds of millions of customer records are repeatedly stolen. Last week, it was reported that hackers had accessed the personal records of some 80 million Anthem Health customers and others. Last year, it was Home Depot, JP Morgan, Sony and many others. Do we think Nuance's security is better than any of these companies? I sure don't.

At some level, we're consenting to all this listening. A single sentence in Samsung's 1,500-word privacy policy, the one most of us don't read, stated: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition." Other services could easily come with a similar warning: Be aware that your e-mail provider knows what you're saying to your colleagues and friends and be aware that your cell phone knows where you sleep and whom you're sleeping with -- assuming that you both have smartphones, that is.

The Internet of Things is full of listeners. Newer cars contain computers that record speed, steering wheel position, pedal pressure, even tire pressure --- and insurance companies want to listen. And, of course, your cell phone records your precise location at all times you have it on -- and possibly even when you turn it off. If you have a smart thermostat, it records your house's temperature, humidity, ambient light and any nearby movement. Any fitness tracker you're wearing records your movements and some vital signs; so do many computerized medical devices. Add security cameras and recorders, drones and other surveillance airplanes, and we're being watched, tracked, measured and listened to almost all the time.

It's the age of ubiquitous surveillance, fueled by both Internet companies and governments. And because it's largely happening in the background, we're not really aware of it.

This has to change. We need to regulate the listening: both what is being collected and how it's being used. But that won't happen until we know the full extent of surveillance: who's listening and what they're doing with it. Samsung buried its listening details in its privacy policy -- they have since amended it to be clearer -- and we're only having this discussion because a Daily Beast reporter stumbled upon it. We need more explicit conversation about the value of being able to speak freely in our living rooms without our televisions listening, or having e-mail conversations without Google or the government listening. Privacy is a prerequisite for free expression, and losing that would be an enormous blow to our society.

This essay previously appeared on

ETA (2/16): A German translation by Damian Weber.

by Bruce Schneier at February 20, 2015 07:43 AM

Ford Proud that "Mustang" Is a Common Password

This is what happens when a PR person gets hold of information he really doesn't understand.

"Mustang" is the 16th most common password on the Internet according to a recent study by SplashData, besting both "superman" in 21st place and "batman" in 24th

Mustang is the only car to appear in the top 25 most common Internet passwords

That's not bad. If you're a PR person, that's good.

Here are a few suggestions for strengthening your "mustang" password:

  • Add numbers to your password (favorite Mustang model year, year you bought your Mustang or year you sold the car)

  • Incorporate Mustang option codes, paint codes, engine codes or digits from your VIN

  • Create acronyms for modifications made to your Mustang (FRSC, for Ford Racing SuperCharger, for example)

  • Include your favorite driving road or road trip destination

Keep in mind that using the same password on all websites is not recommended; a password manager can help keep multiple Mustang-related passwords organized and easy-to-access.

At least they didn't sue users for copyright infringement.

by Bruce Schneier at February 20, 2015 05:12 AM

Wayne Marshall
The Amplification of Souls (review)

Gilles Aubry’s The Amplification of Souls is a meticulously composed and conceived “audio-essay” (Aubry’s term) on Kinshasa’s charismatic churches and the broader soundscape they inhabit and inflect. I reviewed the CD, along with its 80 page booklet, in Issue 371 of The Wire (January 2015).

As usual, I am posting the final draft I sent my editor, or what I like to call the “director’s cut.” You can see the piece as it ran c/o Aubry’s website. Special thanks to David Font-Navarrete — ethnomusicolleague, friend, artist, and author of the incisive “File Under ‘Import': Musical Distortion, Exoticism, and Authenticité in Congotronics” — for helping me think aloud here.

Gilles Aubry
The Amplification of Souls
ADOCS Verlag CD+8K

As speaker hum and empty plosives congeal into a stuttered mic-check for Jesus, a slight squeal suggests the looming threat of feedback. Because so many of Kinshasa’s churches are open-air affairs, the rumble of motorcycles and automobiles accompany the ambience of a band slowly tuning up and worshippers gathering. Preachers punch through the din with bursts of noise louder than anything else, the flat lines of distortion making palpable the power of their authority. Handmade PAs hit their limits as microphones bear witness to the possession of souls and of space. And then, sudden quiet save for the faint buzz of the sound system. Speakertowers of Babel from the Heart of Darkness, respectfully recorded and remixed for headphones and museums thousands of miles away.

The jump cuts are jarring, reminding that this is no straightforward documentary. The voice of the artist, Gilles Aubry, resounds here too. The Amplification of Souls is, according to its careful and copious framing, Aubry’s “audio-essay” on Kinshasa’s religious soundscape. Congolese charismatic churches are a laudable focus given the immensity of the phenomenon and the general indifference to it in the wider world, perhaps because megachurches and prosperity gospel seem more essentially American than African. Attempting what the artist contends is “a material-based form of cultural interpretation” the work stands as a studious, self-aware approach to sonic ethnography. Aubry’s project is so steeped in reflexivity and rigorous attention to the sounds and their contexts and meanings, it clearly seeks to pre-empt perfunctory charges of appropriation. “He doesn’t even understand what we’re saying,” says a churchgoer quoted in the liner notes, “Them, the whites, they record anything.”

What constitutes understanding here is a crucial, vexing point. A dozen minutes in, the tongues begin. The glossolalia is striking in itself, alien and arresting and enjoying an undistorted sonic clarity in contrast to the punchy preachers. It also seems to mirror the varied textures of the audio-essay itself, composed of multiple sound sources created by different people with different objectives: church services and evangelical street campaigns, radio and video, cooking and football. At one point, a burst of traditional music, full of clapping and ululation, points more toward continuities than contrasts, while the appearance of local rap and meandering Hawaiian guitar suggest other Others to be heard. All the while, Aubry’s own voice emerges in the layering of samples, their stereo spatialization, and the inevitable narrative arc that emerges from his rearrangement of such disparate sonic documents.

Presented as academic sound art, The Amplification of Souls comes with an 80 page booklet including an interview with Aubry that contains the phrase “neo-colonial representation” in its subtitle. It also boasts an essay on “The Sonic Materialities of Belief” by a musicologist and cultural anthropologist which notes, among other things, that Congolese charismatic movements themselves “appropriated” the patina, and hence the power, of noise and distortion from Pentecostal missionaries. Performed previously as a sound installation and now as an ongoing set of public performances, Aubry’s remixed recordings stand at once as an impressionistic refraction of Kinshasa’s soundscape and as the material embodiment of sounds that he would like to let speak for themselves. One way that Aubry does so is to pair his collage with a 34 minute excerpt of a spiritual deliverance service that provides a great deal more context and less composerly initiative, though the profound act of framing remains. In another show of transparency, Aubry’s original recordings of the service in full have been archived online.

Even so, what makes this anything other than churchy Congotronics? Why choose Kinshasa instead of Kansas City? Or, for that matter, Berlin? Not only does the city that Aubry calls home play host to numerous charismatic churches itself, some are even Congolese. Obviously, the specific site of these recordings is crucial to their circulation as art in Europe and the US, but it is deeply ironic that, against the coolness of Kinshasa trance traditionalists like Konono No 1, Aubry must seek out possessed Christians to locate the hot exoticism Western audiences expect. How would Kinshasa’s charismatic communities receive this project? Would it sound like understanding? Should that guide the way audiences elsewhere experience it? The emphasis on sound as material culture suggests that we’re not meant to attend to the content so much as the deracinated affects of the audio. Perhaps glossolalia itself offers an answer. Does the lexical register matter when all that we’re waiting for is the outbreak of the unintelligible?

Wayne Marshall

[listen to excerpts at]

by wayneandwax at February 20, 2015 04:38 AM

February 19, 2015

David Weinberger
The joy of the public domain

When Doc Searls and I published our New Clues, we put it into the public domain. Even two months later, it feels good. In fact, seeing it reprinted in its entirety on someone else’s site fills me with an irrational exuberance.

Normally we would have put it under a Creative Commons BY license that entitles anyone to reuse it in whole or in part so long as they attribute it to us. CC BY is great. It takes the “#1. Ask permission” step out of the process by which what you write can be absorbed by your culture. Or anyone’s culture.

The public domain is different. A CC-BY license keeps a work copyrighted, but permits use without first asking permission. Works in the public domain are not copyrighted. Ok, so it’s more complex than that, but that’s basically it. A work in the public domain is like a folk song: you can sing it, you can change the words, you can record it and charge for the recording, you can print the lyrics on the front of your ice cream containers. You can even claim that you wrote it, although that would be wrong of you.

In practical terms, putting New Clues into the public domain [here’s how] really doesn’t do much that CC BY doesn’t do. Yes, someone could reprint our public domain document without crediting Doc and me, but they could do that with CC BY also — we’d have the right to insist that they provide attribution, but Doc and I are likely to use moral suasion in either case, by which I mean that we’d write a polite email to the evil doer. So, pragmatically, there isn’t much difference.

So why does putting it into the public domain make me happier? I get as close to smiling as my stony visage permits when I see a site that’s copied and pasted the whole thing. It makes it feel that what Doc and I wrote was really about what it says and less about what the writing says about Doc and me. The focus is where it should be.

And it feels deeply good to know that we have created something that can spread as far and deeply into the culture — and thus into people’s lives — as our culture wants. The only barriers are those of interest. And we’re not going to try to tease you with a snippet, with a taste. Not interested? Fine. It’s still there for anyone who is.

I expressed this to Peter Suber, who is dedicated full time to expanding the sphere and influence of Open Access works. Peter pointed out that my reaction rests in part on the privileged position I occupy: I can do some writing for free, and because Doc and I are known a bit within the domain of people who blab about the Internet, there’s a disincentive for people who might want to pass off our words as our own. If we were, say, unknown high school students it’d be easier for someone to get away with crudely plagiarizing our work. True enough.

Even so, putting work into the public domain feels good. I recommend you try it.


Peter Hirtle points out that Creative Commons 0 isn’t exactly the same as public domain, although functionally it’s identical. The whole question of trying to eliminate all copyright interests in a work is vexed. Peter points here for details and evidence of the complexity of the issue. Thanks, Peter!

by davidw at February 19, 2015 07:47 PM

Aimee Corrigan on #StopEbola: What Nigeria Did Right [AUDIO]
On July 20, 2014 the Ebola outbreak landed in Nigeria, Africa’s most populous country. Public health officials warned that an outbreak could be catastrophic in Lagos, a densely populated city of 21 million. 19 confirmed cases left 11 dead from the disease, but Nigeria’s nightmare scenario never occurred. Within three months, the World Health Organization […]

by Berkman Center for Internet & Society at Harvard Law School ( at February 19, 2015 02:51 PM

Bruce Schneier
Co3 Systems Changes Its Name to Resilient Systems

Today my company, Co3 Systems, is changing its name to Resilient Systems. The new name better reflects who we are and what we do. Plus, the old name was kind of dumb.

I have long liked the term "resilience." If you look around, you'll see it a lot. It's used in human psychology, in organizational theory, in disaster recovery, in ecological systems, in materials science, and in systems engineering. Here's a definition from 1991, in a book by Aaron Wildavsky called Searching for Safety: "Resilience is the capacity to cope with unanticipated dangers after they have become manifest, learning to bounce back."

The concept of resilience has been used in IT systems for a long time.

I have been talking about resilience in IT security -- and security in general -- for at least 15 years. I gave a talk at an ICANN meeting in 2001 titled "Resilient Security and the Internet." At the 2001 Black Hat, I said: "Strong countermeasures combine protection, detection, and response. The way to build resilient security is with vigilant, adaptive, relentless defense by experts (people, not products). There are no magic preventive countermeasures against crime in the real world, yet we are all reasonably safe, nevertheless. We need to bring that same thinking to the Internet."

In Beyond Fear (2003), I spend pages on resilience: "Good security systems are resilient. They can withstand failures; a single failure doesn't cause a cascade of other failures. They can withstand attacks, including attackers who cheat. They can withstand new advances in technology. They can fail and recover from failure." We can defend against some attacks, but we have to detect and respond to the rest of them. That process is how we achieve resilience. It was true fifteen years ago and, if anything, it is even more true today.

So that's the new name, Resilient Systems. We provide an Incident Response Platform, empowering organizations to thrive in the face of cyberattacks and business crises. Our collaborative platform arms incident response teams with workflows, intelligence, and deep-data analytics to react faster, coordinate better, and respond smarter.

And that's the deal. Our Incident Response Platform produces and manages instant incident response plans. Together with our Security and Privacy modules, it provides IR teams with best-practice action plans and flexible workflows. It's also agile, allowing teams to modify their response to suit organizational needs, and continues to adapt in real time as incidents evolve.

Resilience is a lot bigger than IT. It's a lot bigger than technology. In my latest book, Data and Goliath, I write: "I am advocating for several flavors of resilience for both our systems of surveillance and our systems that control surveillance: resilience to hardware and software failure, resilience to technological innovation, resilience to political change, and resilience to coercion. An architecture of security provides resilience to changing political whims that might legitimize political surveillance. Multiple overlapping authorities provide resilience to coercive pressures. Properly written laws provide resilience to changing technological capabilities. Liberty provides resilience to authoritarianism. Of course, full resilience against any of these things, let alone all of them, is impossible. But we must do as well as we can, even to the point of assuming imperfections in our resilience."

I wrote those words before we even considered a name change.

Same company, new name (and new website). Check us out.

by Bruce Schneier at February 19, 2015 12:13 AM

Feeds In This Planet