Current Berkman People and Projects

Keep track of Berkman-related news and conversations by subscribing to this page using your RSS feed reader. This aggregation of blogs relating to the Berkman Center does not necessarily represent the views of the Berkman Center or Harvard University but is provided as a convenient starting point for those who wish to explore the people and projects in Berkman's orbit. As this is a global exercise, times are in UTC.

The list of blogs being aggregated here can be found at the bottom of this page.

October 13, 2015

Bruce Schneier
European Court of Justice Rules Against Safe Harbor

The European Court of Justice ruled that sending personal data to the US violates their right to privacy:

The ruling, by the European Court of Justice, said the so-called safe harbor agreement was flawed because it allowed American government authorities to gain routine access to Europeans' online information. The court said leaks from Edward J. Snowden, the former contractor for the National Security Agency, made it clear that American intelligence agencies had almost unfettered access to the data, infringing on Europeans' rights to privacy.

This is a big deal, because it directly affects all the large American Internet companies. If this stands, expect much more pressure on the NSA to stop their indiscriminate spying on everyone.

The judgment. The court's press release. A good summary of the decision and the issues involved. Intercept article.

EFF blog post. Commentary by Henry Farrell.

Commentary by Max Schrems, who started this proceeding. More commentary by someone involved with the proceedings.

Even more commentary.

EDITED TO ADD (10/13): Quick explanation.

by Bruce Schneier at October 13, 2015 11:55 PM

Libraries: the Next Generation [AUDIO]
In 2013, the Berkman Center helped to launch the Digital Public Library of America (DPLA), which brings together the riches of America’s libraries, archives, and museums, and makes them freely available to the world. This online portal delivers incredible resources and artifacts from all over America to the fingertips of students, teachers, scholars, and the […]

by Berkman Center for Internet & Society at Harvard Law School ( at October 13, 2015 07:22 PM

State of the Podcast, 2015 [AUDIO]
Less than 15 years after the RSS 2.0 standard was developed (by Berkman Center fellows!), paving the way for the subscribe-able audio medium we know as “Podcasts,” four leading figures in the invention and re-invention of podcasting come together to discuss the past, present, and future of serialized audio content. Chris Lydon (Radio Open Source), […]

by Berkman Center for Internet & Society at Harvard Law School ( at October 13, 2015 07:22 PM

Bruce Schneier
I'm a Guest on "Adam Ruins Everything"

The show is about security theater. I am a disembodied head on a scooter.

Here's a teaser. Here's the full episode (for pay, but cheap).

The scooter idea was a hack when I couldn't find the time to fly to LA for live filming. The whole thing was a lot of fun.

by Bruce Schneier at October 13, 2015 06:58 PM

David Weinberger
Games as art

Naomi Alderman makes a compelling case in The Guardian for looking at video games to find the first examples of digital literature.

Authors of articles don’t get to write their own headlines, and the Guardian’s headline goes too far: Naomi doesn’t claim that games yet have turned out “great works of digital literature.” Her own claim is more modest:

…are there video games experimenting with more interesting storytelling than any “digital literature” project I’ve seen? Yes, certainly. And if you want to think of yourself as well read, or well cultured, you need to engage with them.

I agree. There are many video games I enjoyed but am embarrassed about; these are what we mean by “guilty pleasures.” But the best of them deserve to be taken seriously. “Games are where digital art will emerge. And has emerged.”Games are where digital art will emerge. And has emerged.

I don’t know that we have examples of digital “high art” yet. Perhaps we do and I don’t know about them or don’t appreciate them. Perhaps it’s a silly concept. Or perhaps we won’t think we’re playing a game when we experience it. But it’s likely at least to come out of the rhetorical forms games have already created:

  • It will be a space in which the user dwells, not simply an object or experience unfolding in front of the user.

  • It will be interactive.

  • It will require the user to make choices that affect it in significant ways.

  • It won’t be the same for everyone.

It is a sign of the originality and importance of games that it’s not always clear what to compare them with.

For example, most digital games lend themselves to comparisons with movies. After all, they are composed of sound, flat visuals, and movement. That’s the apt comparison for Portal 2. (Naomi cites Portal, but I think the sequel is a better example.) Portal 2 is loads of fun to play. But it is more than that. The story that unfolds is as clever and well worked out as any movie’s. The characters are broad, yet reveal subtleties. We care about them. Most famously, we care about a particular inanimate cube. The “set design” is stunning. The voice acting is world class, and in fact includes JK Simmons who went on to went a Best Actor Oscar. “…the details are fully imagined, right down to gun turrets that coo.”Perhaps most remarkable is the extent to which the details are fully imagined, right down to gun turrets that coo plaintively. (You can see them rehearsing in this Easter egg.)

Naomi doesn’t mention Bioshock, but I’d count it as a hybrid movie and novella. The premise is original and political. The setting is beautifully done. The science fiction is well-imagined. And the plot contains some meta moments that reflect on its form as a video game. (Those who have played the game will recognize how non-spoilery I’m being :) The third and last in the series, Bioshock Infinite, has a premise, characters, plot, and setting that could make a successful movie, but the movie is unlikely to be as good as the game. For one thing, we get to play the game.

Other games work as reflections on the medium itself, a sign of the forming of an artistic sensibility. Naomi mentions The Stanley Parable and Gone Home. I’d add Spec Ops: The Line and even the Saints Row series. These are all successful, well-known games. All, except the last, can be taken seriously as statements inspired by artistic intentions. (Saints Row is self-aware, bad-taste burlesque.) The ferment in the indie game field is quite spectacular.

If movies can be an art form, then why not digital games? And all this is before virtual reality headsets are common. I have no doubt that digital games as immersive worlds in which users have agency will blow past movies as the locus of popular art. And from this will emerge what we will call serious art as well. We’re already well on our way.

by davidw at October 13, 2015 02:30 PM

Bruce Schneier
Friday Squid Blogging: Japanese Squid Recipe

Delicious recipe of squid with cabbage, bean sprouts, and noodles.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

EDITED TO ADD (10/9): Posted a day early by mistake....

by Bruce Schneier at October 13, 2015 12:58 PM

Dan Gillmor - Mediactive
Mediactive now in Armenian

Mediactive_amArmenia-based “Journalists For The Future” has led a project to translate Mediactive into Armenian, and I visited there last week to help launch the new edition. I met some extraordinary people and learned a lot about the media scene there.

As with the original, the book is freely available online, in an interactive edition. You can find it at this link.

Special thanks to the U.S. Embassy in Yerevan for funding the project, and for covering the costs of my trip there.


by Dan Gillmor at October 13, 2015 11:56 AM

October 12, 2015

Tom Junod Hosts AMA for Esquire Classic Podcast Series

Writer Tom Junod hosted an AMA on Reddit this week to promote the first episode, “Falling Man“, from the new Esquire Classic podcast series in partnership with PRX. The AMA had a ton of great engagement from Reddit users and generated a number of insightful thoughts on the 9/11 story, Junod’s career, and the journalism profession in general.

Screen Shot 2015-10-09 at 11.24.36 AM

Here are some of the most interesting and powerful quotes from Junod:

On the photo itself:
“[The falling man photo] seemed a portrait not just of a man about to die, but also of a world about to be born. And so it was.”

On Donald Trump:
“He doesn’t sound like a politician, so he can get away with stuff people think that politicians shouldn’t say. But a lot of journalists want to sound like journalists. A lot of journalists want to sound like everybody else. Trump speaks to the advantage of having your own voice…he’s flat out the most insincere person I’ve ever met. That he’s ridiculously needy, and responds to everything situationally and by instinct, doesn’t make him a truth teller.”

On women and Esquire magazine:
“I think we ought to write about women more, and write about them as we write about men. I mean, Esquire’s a men’s magazine, and so there are always going to be “appreciations” of female beauty. But we write about men, without thinking, Oh, this is a story about a man. We ought to do the same about women. Above all, I’d like to see us develop more female voices, and use more women as writers.”

On journalism and our storytelling culture:
“You tell stories all day long, and then you close your eyes at night you STILL tell yourself stories, in the form of dreams. It’s just who we are. The narrative animal. We just have to make the narratives better.”

On professional risk taking and experimentation:
“Innovation and experimentation are situational in nature. It’s what I love about my job — it matters very little what you’ve done in the past, and every story is a new start. Sometimes, you take risks because you have to.”

On fact vs. fiction
“You can mess with style, you can mess with point of view, you can take virtually any liberty you want to in the storytelling, but if you’re going to make up “the facts” you should alert the reader, as we did with the Stipe profile. 3. I definitely look at my work as an argument. I’m a frustrated lawyer. And the debate with myself comes in the form of the stories themselves.”

On objectivity in reporting:
“Objectivity is an impossibility… fairness is a much better goal. But how do you stay fair, when you’re not being objective? For me, the answer is admitting that you have a personal stake in the story, even to oneself. Journalism is a very human transaction, with fallible people on all sides, in every part of there process. We might as well make that clear up front.”

On favorite movies:
“I’m a Godfather guy, 1 and 2. But I also have a place in my heart for Point Break, Goodfellas, Dazed and Confused, Spinal Tap, and Pee Wee.”

The post Tom Junod Hosts AMA for Esquire Classic Podcast Series appeared first on PRX.

by Maggie Taylor at October 12, 2015 05:16 PM

Bruce Schneier
Soviet Spying on US Selectric Typewriters

In the 1980s, the Soviet Union bugged the IBM Selectric typewriters in the US Embassy in Moscow. This NSA document discusses how the US discovered the bugs and what we did about it. Codename is GUNMAN.

Is this the world's first keylogger? Maybe.

by Bruce Schneier at October 12, 2015 01:19 PM

October 10, 2015

Helping publishers and advertisers move past the ad blockade


Those are the three market conversations happening in the digital publishing world. Let’s look into what they’re saying, and then what more they can say that’s not being said yet.

A: Publisher-Reader

Publishing has mostly been a push medium from the start. One has always been able to write back to The Editor, and in the digital world one can tweet and post in other places, including one’s own blog. But the flow and power asymmetry is still push-dominated, and the conversation remains mostly a one-way thing, centered on editorial content. (There is also far more blocking of ads than talk about them.)

An important distinction to make here is between subscription-based pubs and free ones. The business model of subscription-supported pubs is (or at least includes) B2C: business-to-customer. The business model of free pubs is B2B: business-to-business. In the free pub case, the consumer (who is not a customer, because she isn’t paying anything) is the product sold to the pub’s customer, the advertiser.

Publishers with paying subscribers have a greater stake — and therefore interest — in opening up conversation with customers. I believe they are also less interested in fighting with customers blocking ads than are the free pubs. (It would be interesting to see research on that.)

B. Publisher-Advertiser

In the offline world, this was an uncomplicated thing. Advertisers or their agencies placed ads in publications, and paid directly for it. In the online world, ads come to publishers through a tangle of intermediaries:


Thus publishers may have no idea at any given time what ads get placed in front of what readers, or for what reason. In service to this same complex system, they also serve up far more than the pages of editorial content that attracts readers to the site. Sight unseen, they plant tracking cookies and beacons in readers’ browsers, to follow those readers around and report their doings back to third parties that help advertisers aim ads back at those readers, either on the publisher’s site or elsewhere.

We could explore the four-dimensional shell game that comprises this system, but for our purposes here let’s just say it’s a B2B conversation. That it’s a big one now doesn’t mean it has to be the only one. Many others are possible.

C. Reader-Advertiser

In traditional offline advertising, there was little if any conversation between readers and advertisers, because the main purpose of advertising was to increase awareness. (Or, as Don Marti puts it, to send an economic signal.) If there was a call to action, it usually wasn’t to do something that involved the publisher.

A lot of online advertising is still that way. But much of it is direct response advertising. This kind of advertising (as I explain in Separating Advertising’s Wheat and Chaff) is descended not from Madison Avenue, but from direct mail (aka junk mail). And (as I explain in Debugging adtech’s assumptions) it’s hard to tell the difference.

Today readers are speaking to advertisers a number of ways:

  1. Responding to ads with a click or some other gesture. (This tens to happen at percentages to the right of the decimal point.)
  2. Talking back, one way or another, over social media or their own blogs.
  3. Blocking ads, and the tracking that aims them.

Lately the rate of ad and tracking blocking by readers has gone so high that publishers and advertisers have been freaking out. This is characterized as a “war” between ad-blocking readers and publishers. At the individual level it’s just prophylaxis. At the group level it’s a boycott. Both ways it sends a message to both publishers and advertisers that much of advertising and the methods used for aiming it are not welcome.

This does not mean, however, that making those ads or their methods more welcome is the job only of advertisers and publishers. Nor does it mean that the interactions between all three parties need to be confined to the ones we have now. We’re on the Internet here.

The Internet as we know it today is only twenty years old: dating from the end of the NSFnet (on 30 April 1995) and the opening of the whole Internet to commercial activity. There are sand dunes older than Facebook, Twitter — even Google — and more durable as well. There is no reason to confine the scope of our invention to incremental adaptations of what we have. So let’s get creative here, and start by looking at, then past, the immediate crisis.

People started blocking ads for two reasons: 1) too many got icky (see the Acceptable Ads Manifesto for a list of unwanted types); 2) unwelcome tracking. Both arise from the publisher-advertiser conversation, which to the reader (aka consumer) looks like this:


Thus the non-conversation between readers blocking ads and both publishers and advertisers (A and C) looks like this:


So far.

Readers also have an interest in the persistence of the publishers they read. And they have an interest in at least some advertisers’ goods and services, or the marketplace wouldn’t exist.

Thus A and C are conversational frontiers — while B is a mess in desperate need of cleaning up.

VRM is about A and C, and it can help with B. It also goes beyond conversation to include the two other activities that comprise markets: transaction and relationship. You might visualize it as this:


From Turning the customer journey into a virtuous cycle:

One of the reasons we started ProjectVRM is that actual customers are hard to find in the CRM business. We are “leads” for Sales, “cases” in Support, “leads” again in Marketing. At the Orders stage we are destinations to which products and invoices are delivered. That’s it.

Oracle CRM, however, has a nice twist on this (and thanks to @nitinbadjatia of Oracle for sharing it*):

Oracle Twist

Here we see the “customer journey” as a path that loops between buying and owning. The blue part — OWN, on the right — is literally the customer’s own-space. As the text on the OWN loop shows, the company’s job in that space is to support and serve. As we see here…

… the place where that happens is typically the call center.

Now let’s pause to consider the curb weight of “solutions” in the world of interactivity between company and customer today. In the BUY loop of the customer journey, we have:

  1. All of advertising, which Magna Global expects to pass $.5 trillion this year
  2. All of CRM, which Gartner pegs at $18b)
  3. All the rest of marketing, which has too many segments for me to bother looking up

In the OWN loop we have a $0trillion greenfield. This is where VRM started, with personal data lockers, stores, vaults, services and (just in the last few months) clouds.

Now look around your home. What you see is mostly stuff you own. Meaning you’ve bought it already. How about basing your relationships with companies on those things, rather than over on the BUY side of the loop, where you are forced to stand under a Niagara of advertising and sales-pitching, by companies and agencies trying to “target” and “acquire” you. From marketing’s traditional point of view (the headwaters of that Niagara), the OWN loop is where they can “manage” you, “control” you, “own” you and “lock” you in. To see one way this works, check your wallets, purses, glove compartments and kitchen junk drawers for “loyalty” cards that have little if anything to do with genuine loyalty.

But what if the OWN loop actually belonged to the customer, and not to the CRM system? What if you had VRM going there, working together with CRM, at any number of touch points, including the call center?

So here are two questions for the VRM community:

  1. What are we already doing in those areas that can help move forward in A and B?
  2. What can we do that isn’t being done now?

Among things we’re already doing are:

  • Maintaining personal clouds (aka vaults, lockers, personal information management systems, from which data we control can be shared on a permitted basis with publishers and companies that want to sell us stuff, or with which we already enjoy relationships.
  • Employing intelligent personal assistants of our own.
  • Intentcasting, in which we advertise our intentions to buy (or seek services of some kind).
  • Terms individuals can assert, to start basing interactions and relationships on equal power, rather than the defaulted one-way take-it-or-leave-it non-agreements we have today.

The main challenge for publishers and advertisers is to look outside the box in which their B2B conversation happens — and the threats to that box they see in ad blocking — and to start looking at new ways of interacting with readers. And look for leadership coming from tool and service providers representing those readers. (For example, Mozilla.)

The main challenge for VRM developers is to provide more of those tools and services.

Bonus links for starters (again, I’ll add more):

by Doc Searls at October 10, 2015 09:46 PM

David Weinberger
My morning paranoia: Bernie’s scream moment

My fear is that Bernie Sanders is going to have a bad moment during the upcoming debate, and the media will seize on it to make him look unfit for the presidency.

I fear this because I’ve seen it happen before. Remember the 2004 Dean Scream?

CNN has the nerve to title its posting of this video “2004: The scream that doomed Howard Dean.” But ’twasn’t the scream that killed Howard Dean’s campaign. It was the news media running it over and over and over:

…the cable and broadcast news networks aired Dean’s Iowa exclamation 633 times and that doesn’t include local news or talk shows in the four days after it was made, according to the Hotline, a Washington-based newsletter. [source

I believe I heard at the time that CNN played it almost 200 times in that first weekend.

The pattern has become familiar: the media seize on something irrelevant, play it over and over, trying to fathom why the nation is so obsessed with it. This is “…the media’s equivalent of a bully’s “Why do you keep hitting yourself?” routine.”the media’s equivalent of a bully’s “Why do you keep hitting yourself?” routine. (Not to mention that the clip under-mic’ed the cheering of the crowd that Dean was yelling over. Here’s what it sounded like from the audience’s point of view.)

Bernie Sanders’s position in the Democratic Party is much like Howard Dean’s was. The Party doesn’t know what to make of him and his success. It worries that he can’t win. And, not insignificantly, both Bernie and Dean have greatly loosened the grip of the Party’s purse strings. That makes them “wildcards” and “uncontrollable.”

So, I am waiting in fear for the media to seize on something small or on nothing at all, and loop it under titles that tell us over and over that we think he’s unfit for office.

Why don’t we stop hitting ourselves? Why don’t we stop hitting ourselves? Why don’t we stop hitting ourselves?

So here’s a grim game: What will the title be under the moment the media manufacture to bring Bernie down?

  • Is Bernie too erratic?

  • Bernie Sanders’ temper tantrm

  • Bernie’s fake laugh: too serious for public life?

  • Does Bernie love Denmark more than America?

  • Why can’t Bernie connect?

  • Bernie’s Creepy Uncle moment

What do you think?

by davidw at October 10, 2015 02:15 PM

Willow Brugh
…and yet…

At Cascadia.JS in 2014, I picked up a tshirt from the freebie pile. It’s pink. I know — I was also shocked about this, but the quote on the front was so good I had to go for it. “We don’t know what we’re doing either.” On the back is a subtle “&yet” which I learned was an open source consulting company (ish). Neat! — humility, a culture that accepts shirts which are both pink and comfortable, and a nuanced logo. I especially love wearing this shirt in academic and tech-centric situations.

A few months ago, Case asked my consent to be put in touch with someone on the &yet team — they had a conference coming up, and had suggested I speak. Our phone conversation was brief, but it sounded both fun and values-based, so I said yes (a rarer and rarer thing for me these days), and so I spent Wed/Thurs/Fri of last week in Richland, Washington. If interested, here are my drawings of others’ talks, my slide deck, and the paper I referenced.

It is now easily one of my favorite large social experiences. Music, art, and story were woven throughout the conference, all evoking self-reflection on our role in the path the world takes. It was already populated by some of my favorite people in this space (the aforementioned case, plus ben, jden, kawandeep, etc), and the textcapade starting weeks in advance, recieving letters from another character in the story by mail, all playing through these struggles, had me jazzed up long before the event.

The talks were a beautiful mix of art demonstrations, hopeful distribution structures, empathy arcs, and design philosophies. Inclusion was constantly present, and never for its own sake, but rather from a deep understanding that these are the voices that make up the world. The care &yet took of attendees (and encouraged us to take for each other) opened space for some rather heart-wrenching moments. Please, check out the talks when they go up.

While all of this is amazing, I want to talk about the trust and responsibility that &yet placed in the attendees. The storyline was a surprisingly nuanced version of one of my own ongoing internal battles — burn it all down, or patch to save what we can. (The mixed-mode system work is my attempt at making these transitions graceful, by the by). At no point was a clear value judgement imposed upon the story, or implied to the players. The textcapade transitioned into a sort of backchannel for actors in the parts of those sending the messages at points during the conference, and this archetypical internal battle continued to be played out there as well as by stage actors between talks.

We got comfortable with being shuffled around a bit and constantly delighted… a walk along the river to the venue, a soundtrack written specifically for the event, surprise pour-over coffee… so we were enthusiastically on board when we picked up some bag lunches and got on a tour bus. Once on, we were handed some envelopes containing a framing challenge to the “changing the world” rhethoric of much of tech… as well as the letter from Einstein to Roosevelt about turning Fermi’s nuclear fission idea into a bomb. It also included safety guidelines for B Reactor tours. As in, where the plutonium for one of the atomic bombs was refined. As in, where people joyfully pursued science, engineering, and design for its own secret sake until after many of them, horrified by the actualities, apologized for their involvement.

This framing in surrounding story structure and in the handout from &yet was the only self-reflexive provocation of the tour — the guide, video, and signage for B Reactor were all cheerful, upbeat celebrations of engineering, science, and design without any hints to remorse, conflict, or nuance. So much so that I broke out in rageful tears in public for maybe the first time in my life.

Many parts around the Manhattan Project were not ok. Here are just a few.

  • The locals of Hanford, WA and the surrounding small towns were displaced, often for less compensation than the value of the crops left in their fields.
  • American Natives were no longer allowed to pass through the land, something historically available.
  • The contractors didn’t know what they were building, and were fired if they spoke to each other.
  • The waste left behind is STILL hugely problematic (and they keep finding surprise buckets).
  • Oh, and we killed 129-246k people across two events on August 6th and 9th, the Nagasaki portion of which was with plutonium created at B Reactor. There is still ongoing debate as to whether or not this was “necessary.”

The memorials of Japan and Germany (and perhaps others, but I continue to be in a heightened emotional state and I can’t handle researching more right now) carry with them a deep sense of loss, of responsibility, and even of shame. That the US plant that generated the material and contributed to the methods by which to kill so many doesn’t hint at one iota of remorse causes such deep cognitive dissonance in myself that I literally can’t even. And that on the return trip, the tour guide again pontificated with forceful joy on the engineering components, answering questions about why buildings were placed as far apart as they were, etc, rather than leaving us enough time to sit and think, was just a further indicator of this problem.

Once everyone was back, we took time to reflect together, and I indicated both a deep respect for the &yet team for trusting the attendees to take whatever message we are going to take with us (here are two excellent other take aways from the conf), as well as vesting the drive and connection to enact our responsibilities based on those lessons. More importantly, we heard from Hanford locals as to what it was like to grow up imbued with the rhetoric and history. Good people are proud of the amazing science and collaboration. We heard from those from Japan (and who had visited Japan) about their experiences in the difference of understanding of fault and responsibility. It’s a stunningly difficult space to handle, but we were provided safe space to do so.

but the sunrise was beautiful even here, so that’s a thing to ponder

I write this now from an airport, as always and forever, wearing a “we decide” shirt and listening to Hamza al Din. I’m reflecting on how beautiful this instigation was, how deep the trust and responsibility. I’m also tempering a phrase like “we decide” with my understanding of where a sense of exceptionalism can lead us afoul (every villain sees themselves as the savior), and do-ocracy as bleeding into fascism. But these nuances and responsibilities are harder yet to impart, and require a sound foundation. This conference has made me consider it possible.

Deep thanks to: the &yet team for the experience, to Jenn for considering accountability with me, to Case for extending and complimentary safeties and support, to Ben for the dice, to Kawandeep for sitting with me on the bus on the way back, to Gar for sharing tears of outrage and love, to Kyle for the flower, to Simeon for continued conversation, to a different Ben for stirring music, to Adam for bearing his soul so we might join him on this journey.

by bl00 at October 10, 2015 07:10 AM

October 09, 2015

Jeffrey Schnapp
The Shape of Things to Come

As many friends are aware, since June 2015 I have been leading a new venture that seeks to pioneer smart approaches to the mobility of people and things: Piaggio Fast Forward. Based in Cambridge, Massachusetts, near MIT and Harvard, the startup is a development partner of the Piaggio Group, the largest European manufacturer of two-wheel motor vehicles and one of the world leaders in its sector. The Piaggio Group product range includes e-bikes, scooters, and motorcycles, as well as the three- and four-wheel light commercial vehicles. The Piaggio Group brand portfolio contains some of the most distinguished and historic names in the two-wheeler industry, from Gilera® and Moto Guzzi® to Aprilia® and Vespa®, the extraordinary two-wheeler that has come to be regarded as “the” scooter, with more than 18 million vehicles produced to date.

To celebrate the launch of Piaggio Fast Forward, an event was held on October 2 in Milan entitled The Shape of Things to Come before an audience of 1,200 students, journalists, and entrepreneurs. The event title evokes H.G. Wells’s speculative/dystopian history of the future extending from the time of his novel’s publication (1933) to 2016 (as well as Max Frost and the Troopers’ 1968 anthem from the film Wild in the Streets. Of course, 2016 is no longer in the future. It is now. And The Shape of Things to Come sought to reinvigorate the challenge of imagining and shaping a future that enhances the quality of life, provides solutions for humanity’s pressing problems, and inspires new forms of leisure, delight, and satisfaction. The video recording of the entire event is available below, as well as on event webpage.

The speakers are: Roberto Colaninno (IMMSI), Jeffrey Schnapp (metaLAB [at] Harvard), Greg Lynn (Greg Lynn Form, UCLA, Vienna), Beth Altringer (SEAS, Harvard), Sasha Hoffman (Fuzzy Compass), Doug Brent (Trimble), Nicholas Negroponte (MIT Media Lab). The moderator is Marco Montemagno. The stage set, sound, lighting, and video work is by our friends at Piano B (thanks Mario, Guido, and the whole team!).

Our logo is by Daniele Ledda at XY communications in Milan.


by jeffrey at October 09, 2015 01:38 PM

David Weinberger
My morning D’oh slap

The Mac’s character palette has been driving me crazy. I poke around it vainly looking for the accented character or superscripted punctuation mark that I need at the moment, but it’s all symbols, no labels, which might strike Apple as appropriate but strikes me as maddening since as time goes on I understand fewer and fewer of the new symbols. Amirite, emoji1, Yellow Face Puking Up a Heart It Just Ate ?

Well, it turns out that there’s been a bug in my palette so that it has displayed itself like this:

It turns out that if I scroll all the way to the tippy-top, a magic icon comes into view:

icon appears

And if I click on that, I get this:

full display

I say this is a bug because I cannot now get the window to go back to the state in which it has been since an OS X upgrade or two ago. So perhaps I and the cause of this anomaly should be D’oh-slapping each other.

Amirite, emoji2, Needs a Butt Flap?

by davidw at October 09, 2015 12:54 PM

James Losey
Lights Over Riddarholmen by James Losey Via Flickr: The...

Lights Over Riddarholmen by James Losey
Via Flickr:
The Northern Lights dance over Stockholm in October. Prints

October 09, 2015 11:50 AM

Center for Research on Computation and Society (Harvard SEAS)
Privacy and Security

As private and sensitive data are increasingly collected and handled by computer systems, and as computer systems increasingly pervade our society, the privacy of personal data and the security of computer systems is critical to the smooth functioning of society. Many CRCS members have strong interests in privacy and security, and active research projects ranging from privacy tools for sharing research data, to the use of programming languages to define and enforce system security, to designing the new tools and techniques required for the Internet of Things.

by kmavon at October 09, 2015 03:29 AM

October 08, 2015

Ana Enriquez
Surface design copyright

It’s such a rare thing for a sewing blog to point me to a copyright story (albeit one with a misleading headline—I don’t think you can be a patent troll if you are enforcing a copyright) that I feel compelled to post about Fortune’s recent article on surface-design copyright suits. The past decade, Fortune reports, has seen a surge in lawsuits by textile companies, evidently mostly represented by a single L.A. firm.

On the one hand, I’m happy to hear this. I’ve worried in the past that advocates for greater copyright protection of fashion benefit from the blurring the line between the design of a print (protectable under current law) and the design of a pattern (not protectable under current law).

A few years ago, I was at a lecture on copyright protection for fashion and witnessed a definite gasp of outrage from the audience when the pro-design protection speaker, Jeannie Suk, showed the image below. (These dresses are also the opening anecdote in Kal Raustiala and Christopher Sprigman’s book, The Knockoff Economy, which argues against design protection.)

Side-by-side photographs of two similar empire-waisted maxi dressed made from cream fabric with floral panel print and trimmed in black

The dress on the left is by Foley & Corinna and the dress on the right by Forever 21.

I’ve done a moderate amount of digging (e.g., this NYT article), and I don’t think the case of these dresses was ever litigated. If it had been, I wouldn’t have been surprised by a victory for the plaintiffs, one that would avenge the outrage of that lecture audience.

The dress’s style lines are dictated by utilitarian concerns and thus not protectable. In my opinion, that is a clear case. (And even if this argument fails, the maxi-dress-with-black-outline design is either scènes à faire or an unprotectable infringing derivative work.)

However, the surface design seems to me to be conceptually separable and thus protectable. If it is, then a court would have to compare the two, filtering out unprotectable elements (e.g., the leaflike stuff is green). From these photographs, I think it’s clear that the print is not a mechanical reproduction, but I also think there’s a colorable infringement case (not too different from Boisson, for example). Of course, it’s tough to get into the substantial similarity tests with this quality of photograph.

I think this similarity is what accounts for the outrage the two pictures above might excite, and I’ve counted this as a rare instance where copyright law agrees with my instincts. I’ve also, until now, assumed that the scènes à faire doctrine and filtration would prevent overuse of this line of attack in cases where the original print is unprotectably basic or the two prints don’t share protectable elements. Thanks to Fortune, I’m now aware of a goldmine of cases on this topic, perhaps even enough to make some broader conclusions.

Unfortunately, most of the goldmine is caged up inside PACER. It would be quite a project (and quite an investment, even with very careful querying) to RECAP them all. Several of the cases have been reported in California Apparel News, others on the the firm’s blog, but these are the cases that go furthest along the litigation path, hardly a fair sample.

Here are a few lovely fabrics from Mood showcasing long-time classics of textile design. Here’s hoping no one is suing over this sort of thing:

Fabric with tan circles packed in hexagon-type design on black background Black jacquard with small light gray triangles arranged in grid pattern Fuschia netting woven to resemble gingham Crepe with medium vertical stripes in black, navy, and gray Fabric with black and white crosshatch design resembling plain-woven fabric Medium gray fabric with dark gray windowpane checks

I’ll close with the resources I have found on a small set of the cases:

Finally, here’s an interesting (but very salesy) article with a lot of the raw numbers on fashion copyright litigation.

by anaenriquez at October 08, 2015 06:51 PM

Bruce Schneier
SHA-1 Freestart Collision

There's a new cryptanalysis result against the hash function SHA-1:

Abstract: We present in this article a freestart collision example for SHA-1, i.e., a collision for its internal compression function. This is the first practical break of the full SHA-1, reaching all 80 out of 80 steps, while only 10 days of computation on a 64 GPU cluster were necessary to perform the attack. This work builds on a continuous series of cryptanalytic advancements on SHA-1 since the theoretical collision attack breakthrough in 2005. In particular, we extend the recent freestart collision work on reduced-round SHA-1 from CRYPTO 2015 that leverages the computational power of graphic cards and adapt it to allow the use of boomerang speed-up techniques. We also leverage the cryptanalytic techniques by Stevens from EUROCRYPT 2013 to obtain optimal attack conditions, which required further refinements for this work. Freestart collisions, like the one presented here, do not directly imply a collision for SHA-1.

However, this work is an important milestone towards an actual SHA-1 collision and it further shows how graphics cards can be used very efficiently for these kind of attacks. Based on the state-of-the-art collision attack on SHA-1 by Stevens from EUROCRYPT 2013, we are able to present new projections on the computational/financial cost required by a SHA-1 collision computation. These projections are significantly lower than previously anticipated by the industry, due to the use of the more cost efficient graphics cards compared to regular CPUs. We therefore recommend the industry, in particular Internet browser vendors and Certification Authorities, to retract SHA-1 soon. We hope the industry has learned from the events surrounding the cryptanalytic breaks of MD5 and will retract SHA-1 before example signature forgeries appear in the near future. With our new cost projections in mind, we strongly and urgently recommend against a recent proposal to extend the issuance of SHA-1 certificates by a year in the CAB/forum (the vote closes on October 16 2015 after a discussion period ending on October 9).

Especially note this bit: "Freestart collisions, like the one presented here, do not directly imply a collision for SHA-1. However, this work is an important milestone towards an actual SHA-1 collision and it further shows how graphics cards can be used very efficiently for these kind of attacks." In other words: don't panic, but prepare for a future panic.

This is not that unexpected. We've long known that SHA-1 is broken, at least theoretically. All the major browsers are planning to stop accepting SHA-1 signatures by 2017. Microsoft is retiring it on that same schedule. What's news is that our previous estimates may be too conservative.

There's a saying inside the NSA: "Attacks always get better; they never get worse." This is obviously true, but it's worth explaining why. Attacks get better for three reasons. One, Moore's Law means that computers are always getting faster, which means that any cryptanalytic attack gets faster. Two, we're forever making tweaks in existing attacks, which make them faster. (Note above: "...due to the use of the more cost efficient graphics cards compared to regular CPUs.") And three, we regularly invent new cryptanalytic attacks. The first of those is generally predictable, the second is somewhat predictable, and the third is not at all predictable.

Way back in 2004, I wrote: "It's time for us all to migrate away from SHA-1." Since then, we have developed an excellent replacement: SHA-3 has been agreed on since 2012, and just became a standard.

This new result is important right now:

Thursday's research showing SHA1 is weaker than previously thought comes as browser developers and certificate authorities are considering a proposal that would extend the permitted issuance of the SHA1-based HTTPS certificates by 12 months, that is through the end of 2016 rather than no later than January of that year. The proposal argued that some large organizations currently find it hard to move to a more secure hashing algorithm for their digital certificates and need the additional year to make the transition.

As the papers' authors note, approving this proposal is a bad idea.

More on the paper here.

by Bruce Schneier at October 08, 2015 05:07 PM

Information in Your Boarding Pass's Bar Code

There's a lot of information, including the ability to get even more information.

by Bruce Schneier at October 08, 2015 11:22 AM

James Losey
Lights Over Stockholm by James Losey Via Flickr: A rare...

Lights Over Stockholm by James Losey
Via Flickr:
A rare disply of the Northern Lights over Stockholm, Sweden. Prints are available.

October 08, 2015 09:54 AM

October 07, 2015

David Weinberger
[liveblog] The future of libraries

I’m at a Hubweek event called “Libraries: The Next Generation.” It’s a panel hosted by the Berkman Center with Dan Cohen, the executive director of the DPLA; Andromeda Yelton, a developer who has done work with libraries; and Jeffrey Schnapp of metaLab

NOTE: Live-blogging. Getting things wrong. Missing points. Omitting key information. Introducing artificial choppiness. Over-emphasizing small matters. Paraphrasing badly. Not running a spellpchecker. Mangling other people’s ideas and words. You are warned, people.

Sue Kriegsman of the Center introduces the session by explaining Berkman’s interest in libraries. “We have libraries lurking in every corner…which is fabulous.” Also, Berkman incubated the DPLA. And it has other projects underway.

Dan Cohen speaks first. He says if he were to give a State of the Union Address about libraries, he’d say: “They are as beloved as ever and stand at the center of communities” here and around the world. He cites a recent Pew survey about perspectives on libraries:“ …libraries have the highest approval rating of all American institutions. But, that’s fragile.” libraries have the highest approval rating of all American institutions. But, he warns, that’s fragile. There are many pressures, and libraries are chronically under-funded, which is hard to understand given how beloved they are.

First among the pressures on libraries: the move from print. E-book adoption hasn’t stalled, although the purchase of e-books from the Big Five publishers compared to print has slowed. But Overdrive is lending lots of ebooks. Amazon has 65% of the ebook market, “a scary number,” Dan says. In the Pew survey a couple of weeks ago, 35% said that libraries ought to spend more on ebooks even at the expense of physical books. But 20% thought the opposite. That makes it hard to be the director of a public library.

If you look at the ebook market, there’s more reading go on at places like the DPLA. (He mentions the StackLife browser they use, that came out of the Harvard Library Innovation Lab that I used to co-direct.) Many of the ebooks are being provided straight to a platform (mainly Amazon) by the authors.

There are lots of jobs public libraries do that are unrelated to books. E.g., the Boston Public Library is heavily used by the homeless population.

The way forward? Dan stresses working together, collaboration. “DPLA is as much a social, collaborative project as it is a technical project.” It is run by a community that has gotten together to run a common platform.

And digital is important. We don’t want to leave it to Jeff Bezos who “wants to drop anything on you that you want, by drone, in an hour.”

Andromeda: She says she’s going to talk about “libraries beyond Thunderdome,” echoing a phrase from Sue Kriegman’s opening comments. “My real concern is with the skills of the people surrounding our crashed Boeing.” Libraries need better skills to evaluate and build the software they need. She gives some exxamples of places where we see a tensions between library values and code.

1. The tension between access and privacy. Physical books leave no traces. With ebooks the reading is generally tracked. Overdrive did a deal so that library patrons who access ebooks get notices from Amazon when their loan period is almost up. Adobe does rights management, with reports coming page by page about what people are reading. “Unencrypted over the Internet,” she adds. “You need a fair bit of technical knowledge to see that this is happening,” she says. “It doesn’t have to be this way.” “It’s the DRM and the technology that have these privacy issues built in.”

She points to the NYPL Library Simplified program that makes it far easier for non-techie users. It includes access to Project Gutenberg. Libraries have an incentive to build open architectures that support privacy. But they need the funding and the technical resources.

She cites the Library Freedom Project that teaches librarians about anti-surveillance technologies. They let library users browse the Internet through TOR, preventing (or at least greatly inhibit) tracking. They set up the first library TOR node in New Hampshire. Homeland Security quickly suggested that they stop. But there was picketing against this, and the library turned it back on. “That makes me happy.”

2. Metadata. She has us do an image search for “beautiful woman” at Google. They’re basically all white. Metadata is sometimes political. She goes through the 200s of the Dewey Decimal system: 90% Christian. “This isn’t representative of human knowledge. It’s representative of what Melvil Dewey thought maps to human knowledge.” Libraries make certain viewpoints more computationally accessible than others.“ Our ability to write new apps is only as good as the metadata under them.” Our ability to write new apps is only as good as the metadata under them. “As we go on to a more computational library world — which is awesome — we’re going to fossilize all these old prejudices. That’s my fear.”

“My hope is that we’ll have the support, conviction and empathy to write software, and to demand software, that makes our libraries better, and more fair.”

Jeffrey: He says his peculiar interest is in how we use space to build libraries as architectures of knowledge. “Libraries are one of our most ancient institutions.” “Libraries have constantly undergone change,” from mausoleums, to cloisters, to warehouses, places of curatorial practice, and civic spaces. “The legacy of that history…has traces of all of those historical identities.” We’ve always faced the question “What is a library?” What are it’s services? How does it serve its customers? Architects and designers have responded to this, assuming a set of social needs, opportunities, fantasies, and the practices by which knowledge is created, refined, shared. “These are all abiding questions.”

Contemporary architects and designers are often excited by library projects because it crystallizes one of the most central questions of the day: “How do you weave together information and space?” We’re often not very good at that. The default for libraries has been: build a black box.

We have tended to associate libraries with collections. “If you ask what is a library?, the first answer you get is: a collection.” But libraries have also always been about the making of connections, i.e., how the collections are brought alive. E.g., the Alexandrian Librarywas a performance space. “What does this connection space look like today?” In his book with Matthew Battles, they argue that while we’ve thought of libraries as being a single institution, in fact today there are now many different types of libraries. E.g., the research library as an information space seems to be collapsing; the researchers don’t need reading rooms, etc. But civic libraries are expanding their physical practices.

We need to be talking about many different types of libraries, each with their own services and needs. The Library as an institution is on the wane. We need to proliferate and multiply the libraries to serve their communities and to take advantage of the new tools and services. “We need spaces for learning,” but the stack is just one model.


Dan: Mike O’Malley says that our image of reading is in a salon with a glass of port, but in grad school we’re taught to read a book the way a sous chef guts a fish. A study says that of academic ebooks, 75% of scholars read less than 50 pages of them. [I may have gotten that slightly wrong. Sorry.] Assuming a proliferation of forms, what can we do to address them?

Jeffrey: The presuppositions about how we package knowledge are all up for grabs now. “There’s a vast proliferation of channels. ‘And that’s a design opportunity.’”There’s a vast proliferation of channels. “And that’s a design opportunity.” How can we create audiences that would never have been part of the traditional distribution models? “I’m really excited about getting scholars and creative practitioners involved in short-form knowledge and the spectrum of ways you can intersect” the different ways we use these different forms. “That includes print.” There’s “an extraordinary explosion of innovation around print.”

Andromeda: “Reading is a shorthand. Library is really about transforming people and one another by providing access to information.” Reading is not the only way of doing this. E.g., in maker spaces people learn by using their hands. “How can you support reading as a mode of knowledge construction?” Ten years ago she toured Olin College library, which was just starting. The library had chairs and whiteboards on castors. “This is how engineers think”: they want to be able to configure a space on the fly, and have toys for fidgeting. E.g., her eight year old has to be standing and moving if she’s asked a hard question. “We need to think of reading as something broader than dealing with a text in front of you.”

Jeffrey: The DPLA has a location in the name — America &#8212. The French National Library wants to collect “the French Internet.” But what does that mean? The Net seems to be beyond locality. What role does place play?

Dan: From the beginning we’ve partnered with Europeana. We reused Europeana’s metadata standard, enabling us to share items. E.g., Europeana’s 100th anniversary of the Great War web site was able to seamlessly pull in content from the DPLA via our API, and from other countries. “The DPLA has materials in over 400 languages,” and actively partners with other international libraries.

Dan points to Amy Ryan (the DPLA chairperson, who is in the audience) and points to the construction of glass walls to see into the Boston Public Library. This increases “permeability.” When she was head of the BPL, she lowered the stacks on the second floor so now you can see across the entire floor. Permeability “is a very smart architecture” for both physical and digital spaces.

Jeff: Rendering visible a lot of the invisible stuff that libraries do is “super-rich,” assuming the privacy concerns are addressed.

Andromeda: Is there scope in the DPLA metadata for users to address the inevitable imbalances in the metadata?

Dan: We collect data from 1,600 different sources. We normalize the data, which is essential if you want to enable it for collaboration. Our Metdata Application Profile v. 4 adds a field for annotation. Because we’re only a dozen people, we haven’t created a crowd-sourcing tool, but all our data is CC0 (public domain) so anyone who wants to can create a tool for metadata enhancement. If people do enhance it, though, we’ll have to figure out if we import that data into the DPLA.

Jeffrey: The politics of metadata and taxonomy has a long history. The Enlightenment fantasy is for a universal metadata school. What does the future look like on this issue?

Andromeda: “You can have extremely crowdsourced metadata, but then you’re subject to astroturfing”You can have extremely crowdsourced metadata, but then you’re subject to astroturfing and popularity boosting results for bad reasons. There isn’t a great solution except insofar as you provide frameworks for data that enable many points of view and actively solicit people to express themselves. But I don’t have a solution.

Dan: E.g., at DPLA there are lots of ways entering dates. We don’t want to force a scheme down anyone’s throat. But the tension between crowdsourced and more professional curation is real. The Indianapolis Museum of Art allowed freeform tagging and compared the crowdsourced tags vs. professional. Crowdsourced: “sea” and “orange” were big, which curators generally don’t use.


Q: People structure knowledge differently. My son has ADHD. Or Nepal, where I visited recently.

A: Dan: It’s great that the digital can be reformatted for devices but also for other cultural views. “That’s one of the miraculous things about the digital.” E.g., digital book shelves like StackLife can reorder themselves depending on the query.

Jeff: Yes, these differences can be profound. “Designing for that is a challenge but really exciting.”

Andromeda: This is a why it’s so important to talk with lots of people and to enable them collaborate.

me: Linked data seems to resolve some of these problems with metadata.

Dan: Linked Data provides a common reference for entities. Allows harmonizing data. The DPLA has a slot for such IDs (which are URIs). We’re getting there, but it’s not our immediate priority. [Blogger’s perogative: By having many references for an item linked via “sameAs” relationships can help get past the prejudice that can manifest itself when there’s a single canonical reference link. But mainly I mean that because Linked Data doesn’t have a single record for each item, new relationships can be added relatively easily.]

Q; How do business and industry influence libraries? E.g., Google has images for every place in the world. They have scanned books. “I can see a triangulation happening. Virtual libraries? Virtual spaces?

Andromeda: (1) Virtual tech is written outside of libraries, almost entirely. So it depends on what libraries are able to demand and influence. (2) Commercial tech sets expectations for what users experiences should be like, which libraries may not be able to support. (3) “People say “Why do we need libraries? It’s all online and I can pay for it.” No, it’s not, and no, not everyone can.”People say “Why do we need libraries? It’s all online and I can pay for it.” No, it’s not, and no, not everyone can. Libraries should up their tech game, but there’s an existential threat.

Jeffrey: People use other spaces to connect to knowledge, e.g. coffee houses, which are now being incorporated into libraries. Some people are anxious about that loss of boundary. Being able to eat, drink, and talk is a strong “vision statement” but for some it breaks down the world of contemplative knowledge they want from a library.

Q: The National Science and Technology Library in China last week said they have the right to preserve all electronic resources. How can we do that?

Dan: Libraries have long been sites for preservation. In the 21st century we’re so focused on getting access now now now, we lose sight that we may be buying into commercial systems that may not be able to preserve this. This is the main problem with DRM. Libraries are in the forever business, but we don’t know where Amazon will be. We don’t know if we’ll be able to read today’s books on tomorrow devices. E.g., “I had a subscription to Oyster ebook service, but they just went out of business. There go all my books. ”I had a subscription to Oyster ebook service, but they just went out of business. There go all my books. Open Access advocacy is going to play a critical role. Sure, Google is a $300B business and they’ll stick around, but they drop services. They don’t have a commitment like libraries and nonprofits and universities do to being in the forever business.

Jeff: It’s a huge question. It’s really important to remember that the oldest digital documents we have are 50 yrs old which isn’t even a drop in the bucket. There’s far from universal agreement about the preservation formats. Old web sites, old projects, chunks of knowledge, of mine have disappeared. What does it mean to preserve a virtual world? We need open standards, and practices [missed the word] “Digital stuff is inherently fragile.”

Andromeda: There are some good things going on in this space. The Rapid Response Social Media project is archiving (e.g., #Ferguson). Preserving software is hard: you need the software system, the hardware, etc.

Q: Distintermediation has stripped out too much value. What are your thoughts on the future of curation?

Jeffrey: There’s a high level of anxiety in the librarian community about their future roles. But I think their role comes away as reinforced. It requires new skills, though.

Andromeda: In one pottery class the assignment was to make one pot. In another, it was to make 50 pots. The best pots came out of the latter. When lots of people can author lots of stuff, it’s great. That makes curation all the more critical.

Dan: the DPLA has a Curation Core: librarians helping us organize our ebook collection for kids, which we’re about to launch with President Obama. Also: Given the growth in authorship, yes, a lot of it is Sexy Vampires, but even with that aside, we’ll need librarians to sort through that.

Q: How will Digital Rights Management and copyright issues affect ebooks and libraries? How do you negotiate that or reform that?

Dan: It’s hard to accession a lot of things now. For many ebooks there’s no way to extract them from their DRM and they won’t move into the public domain for well over 100 years. To preserve things like that you have to break the law — some scholars have asked the Library of Congress for exemptions to the DMCA to archive films before they decay.

Q: Lightning round: How do you get people and the culture engaged with public libraries?

Andromeda: Ask yourself: Who’s not here?

Jeffrey: Politicians.

Dan: Evangelism

by davidw at October 07, 2015 05:29 PM

James Losey
City Beach in Stockholm by James Losey Via...

City Beach in Stockholm by James Losey
Via Flickr:
Smeduddsbadet, Kungsholmen’s beach in the heart of Stockholm.

October 07, 2015 01:47 PM

The Mozilla Delphi Cybersecurity Study: Towards a User Centric Cybersecurity Policy Agenda [AUDIO]
Researcher Camille François leads a discussion of the “Mozilla Delphi Cybersecurity 1.0. Study: Towards A User Centric Policy Framework” with Berkman community members Josephine Wolff, Andy Ellis, and Bruce Schneier, who participated in the study. More than 30 leading cybersecurity experts from a wide variety of backgrounds – including academia, civil liberties, government and military, security, and technology […]

by Berkman Center for Internet & Society at Harvard Law School ( at October 07, 2015 01:45 PM

October 06, 2015

Berkman Center front page
Welcome New Fellows: Shannon Dosemagen and Maria Paz Canales


By Won Woo Kim and Rod Ghaemmaghami


This post is part of a series featuring interviews with some of members of the 2015-2016 class of Berkman Fellows. Conducted by our 2015 summer interns (affectionately known as "Berkterns"), these snapshots aim to showcase the diverse backgrounds, interests, and accomplishments of our dynamic community.

Thumbnail Image: 

Profile of Shannon Dosemagen​

by Won Woo Kim

Shannon Dosemagen enjoys kayaking on the unexplored waterways of Louisiana, where she occasionally spends time away from her busy, urban life. Shannon has always been in love with the outer world, and the unequivocal serenity that nature brings to its visitors.

When the 2010 Deepwater Horizon Oil Spill occurred, Shannon took action. She noticed a clear divide between the public and the information regarding how the spill was progressing. “We could physically smell oil being burned on the Gulf miles away in New Orleans,” Shannon says.

She soon partnered with several other soon-to-be co-founders of Public Lab and launched a full-scale aerial mapping of the Gulf using big red balloons and $40 digital cameras tied to kite strings. The question of “What are you doing?” raised by BP contractors and representatives of the coast guard and other governmental agencies, came about with interest, rather than with the intent of shutting them down. Civic technology, in this event, became a friendly and visually-engaging mode of collecting information in a “Do It Yourself” way, which encouraged many environmental activists around the Gulf region to take action.

Oftentimes, environmental monitoring tools are created for corporations, government agencies, and research institutions to gather information about natural disasters and public health concerns, but not so much for the people who might be the most directly affected by these environmental burdens. Shannon Dosemagen sees this problem as grounds for the public to gather information on their own, create alternative forms of data, and directly engage with the environmental hazards and public health issues that have been increasingly affecting the lives of many around the world.

 Shannon wanted the Public Lab to be a space where people could bring different sets of experience, knowledge, and expertise to the table and create something together. This may include a scientist working with a community organizer and a designer to build a project together. In terms of how members of the Public Lab create, it is similar to how people in physical makerspaces get together and create projects, but a lot of the initial work done at the Public Lab is through online platforms. Twice every year, Shannon and members of the Public Lab host Barnraisings, an event that originated from the 1800s where communities would gather and build a barn structure. The work that the Public Lab is doing is not much different; they believe in the empowerment and entrepreneurial spirit that community-driven activities promote.

Shannon is putting in as much time as possible into considering the end results of what it means for people to collect data, and then using that data on behalf of their goals and objectives. Her primary research and work at the Berkman Center will involve the know-hows of using information, and putting together standards and norms that people can use as guidelines for future research. In the field of environmental monitoring, according to Shannon, “there is not really a clear sense of how community members can work with government agencies or other stakeholders to create changes for the betterment of environmental boards.”

Shannon, who is the Co-Founder and Executive Director of Public Lab and an Ashoka Fellow, looks forward to engaging with the interactive family environment at Berkman. She sees this opportunity as way for her to put aside some of her time at the Public Lab to delve deeper into bigger questions of scientific reasoning that she has had before starting her work at Public Lab.


Q&A with Maria Paz Canales

Maria Paz Canales is a Chilean antitrust lawyer and UC Berkeley Master of Laws with a Certificate of Specialization in Law & Technology. She will research and analyze the design of regulations and technologies that break traditional cultural industries online and create new markets and models in which creators and users may exercise digital freedoms.

Do the approaches to technology differ in Chile from the approaches in the U.S.?

The approaches differ and intersect in several different aspects. The most notorious point of difference between both countries approaches is related to the level of development of each one. Chile as a developing country is still more a consumer of technology produced by developed countries, among them prominently technology coming from the U.S. That fact also has an impact in the accessibility to technology that is high in Chile for some high-income groups of Chilean population, but still relatively low for the vast majority of the society (given Chile’s high inequality rates). There are some technologies that have been increasingly available in recent years spurred by the regulatory market framework developed by the authority that has provided incentive to investment and competition. This is the case of telecommunications services, particularly mobile telephone services and wired and mobile Internet access. However, engagement with technology is still mainly associated with the use and consumption of technology, rather than innovation development within the country.

On the other hand, in terms of technology regulation and technology uses there are a lot of similarities. Like the U.S., Chile is a member of the main international treaties related to the protection of Intellectual Property (TRIPS, Berne Convention, PCT, among others). In 2003, Chile also signed a Trade Agreement with the U.S. with an extensive Intellectual Property chapter that established several obligations in order to homologate intellectual property regulation to provide equivalent level of protection in both countries. Furthermore, even if the reality of technology dissemination differs, as I have pointed out, the uses for those that can have access are not so different. Internet use is increasingly intensive in education and business environments. Users are confronted with the same questions related to fair access to information, protection of their privacy, and respect of their human rights in general in the context of technology services use.

Chile has implemented the latest technologies in telecommunications, financial services, private health services and mining. In recent years, it has spurred local technology innovation to provide support to more efficient mining exploitation, given the relevance of this activity for Chile’s GDP. The government also has developed a digital agenda to try to offer services, information and assistance of different governmental agencies through Internet. This public effort to provide access to technology services to the whole population also fostered the creation of the Telecommunications Development Fund (FDT) to support Internet access for schools, and broadband access and broadband backbones for rural and remote areas.

It is possible to identify two clear future challenges for Chile in relation to technology (which are intimate connected): making technology available to an increasing number of people and moving from consuming technology to fostering local technology innovation production.      

What kinds of digital innovation do you expect to be most influential to how we process technology?

This is not an easy question to answer, given the constant change in technology status. A lawyer is probably not the best situated to foresee what will be the most revolutionary field, but if I have to name a few, there are a number of recent digital innovations that are generating increasingly new challenges for traditional markets and traditional regulations: cloud computing services, big data processing, the “Internet of things”, (especially for healthcare services), the new platform of services offered in the so called “sharing economy”, and crypto currency initiatives.

What all these innovations have in common is that they all are technologies that are trying to customize services to be more accurate to each user’s needs. In several of these cases, as shared services or crypto currencies, we can see the eroding of the traditional intermediation of services, putting users directly in touch, which is having a tremendous disruptive effect on the traditional market by remodeling relevant markets and market sharing. In others cases, like cloud computing services and Internet of things, we can see the substitution of physical equipment to provide more flexible (hopefully more affordable services) that can serve in better way and lead to more people taking advantage of scale economies in the use of technology equipment. Big data mining has proven to have a tremendous impact in the development of better products and services and more efficient production of them. All of these different technologies present particular challenges for traditional regulations that were crafted for a more “physical” reality. Some of these technologies would need regulatory intervention to set frameworks that balance the protection of the innovation benefits with the risk of abuse against consumers.

What are the biggest challenges to incorporating innovative and new technologies into laws and regulations?

The first big challenge is understand technology and understand the markets where that technology plays a relevant role. My experience shows that in this field there are a lot of advantages in creating space for discussion that includes companies, experts, regulators and civil society organizations. There are so many times when regulations are drafted with the best intentions to foster innovation and protect users, but the misunderstanding of what are the characteristics of what is intended to be regulated deceives that purpose, or even worst, ends with a regulation that does not make sense for the pursued goals and that could damage innovations, markets and users. Regulators need to be educated and supported in the understanding of new technology.

There is also a huge risk for some countries to cut and copy legislation crafted for foreign realities. I truly believe that any regulation should be crafted after a careful understanding of the regulated object and the characteristics of the market in which that regulation would operate. Of course taking a look at foreign models can be useful as reference of goals and regulatory tools design, but a plain copy of regulation is a poor and ineffective method of regulation. After the process of technology assessment and studying existing models, the definition of regulation goals should be clearer for the regulators. It would also allow more effective design of the regulatory tools to address those goals.   

Then, there is a final challenge of designing regulation that can be technologically neutral enough to survive a technological change that will continue occurring. Of course it is always possible to update regulation, yet regulatory process is costly and subject to a political prioritization. Furthermore, the certainty of a clear regulatory framework favors innovation, to avoid distracting valuable resources in legal evaluation and defense. A regulatory framework with clear bright lines and broad definitions that provides general guidelines in the form of principles pursued by the regulatory framework are very useful for the purpose of maintaining the efficiency of regulation in a technologically changing environment. A flexible framework for specialized agencies to interpret according the principles and clear rules provided by legislation is a stable and efficient combination for regulations in technology fields.

While the United States has a significant number of privacy laws, other countries often have more comprehensive and fewer privacy laws. For lawyers, researchers, or practitioners in any field trying to apply the many United State privacy laws, it may not always be easy to know which laws may apply or how to properly comply with the laws (if they are written broadly). What is the state of privacy laws in Chile and in other parts of the world that you have worked with?

The trend in the vast majority of the world is having data privacy laws that apply in general to any field of activity that involve collection and processing of personal data. There are also some activities, like financial services and healthcare, which commonly have specific regulations in order to reinforce user protection, given the sensitivity of the data collected.

Chile has a personal data protection law that follows in gross lines the European model of data protection. Data collection requires specific consent from consumers and can only be used for the purpose listed by the consent given and cannot be shared with third non-affiliated parties without consumer consent. Although this regulation sounds very protective in the wording, there is a serious lack of enforcement in Chile because there is no specific authority on charge of verifying compliance, and the claims under data protection law have to be made to common civil law jurisdiction judges that many times lack the knowledge about how to handle claims made in a highly technological context. There is a lot of uncertainty in general in the application of the law, but in my experience many national and international companies in the country try to address the lack of guidelines by implementing the best practices in international standards. 

The constant tension in this matter is based on how much regulation is needed to protect consumers in the proper way and at the same time allow companies to take advantage of information collection to improve their services and products offer. Highly protective laws can have an unintended effect of harming the ability of companies to compete and innovate. Low levels of protection for users can minimize the ability to exercise human rights. In an international context, the level of protection of each country can determine the flux of investment and the allocation of data processing facilities.

The European models of general protection for data privacy, with their requirement of equivalent protection to share European data with foreign entities, have been successful in the spread of their regulation beyond boarders to protect personal data. That regulation, however, has not proven been equality effective in some cases for the compliance of the established protections. Today, there is an increasing frustration in consumers about the vulnerability of their data collected by different private and public entities and a general sense of lack of protection against data breaches or illegal use of their data for the collection entities. This reality probably requires the review of laws, but also the engagement of private companies in social responsible review of their own policies to address users’ legitimate concerns.

Interview by Rod Ghaemmaghami, a third year law student in Washington, D.C. at the George Washington University Law School. Rod is fascinated by Privacy Law and is excited to watch the balancing act between innovative technologies and laws regulating technologies. In his free time, Rod writes poetry unironically.


by gweber at October 06, 2015 06:11 PM

Justin Reich
New Research Aims to Promote High-Quality Civic and Political Engagement
A $2 million dollar grant from the Spencer Foundation extends our capacity to measure the quality of students' civic and political learning.

by Justin Reich at October 06, 2015 02:48 PM

David Weinberger
Doc Searls’ "The Adblock War" series

Adblocking is, as Doc Searls claims, “the biggest boycott in human history.” Since August 12, Doc’s been posting what I can only call an in-depth, analytical, evidence-based rant. It is not to be missed.

  1. Separating advertising’s wheat and chaff (12 August 2015)
  2. Apple’s content blocking is chemo for the cancer of adtech (26 August 2015)
  3. Will content blocking push Apple into advertising’s wheat business? (29 August 2015)
  4. If marketing listened to markets, they’d hear what ad blocking is telling them (8 September 2015)
  5. Debugging adtext assumptions (18 September 2015)
  6. How adtech, not ad blocking, breaks the social contract (23 September 2015)
  7. A way to peace in the adblock war (21 September 2015, on the ProjectVRM blog)
  8. Beyond ad blocking — the biggest boycott in human history (28 Septemper 2015)
  9. Dealing with Boundary Issues (1 October 2015 in Linux Journal)

Doc says (in an email) he is “building the case for what ProjectVRMCustomer Commons and Mozilla (notably its Content Services group) are quietly doing to disable surveillance capitalism.”

by davidw at October 06, 2015 01:14 PM

October 05, 2015

Bruce Schneier
Automatic Face Recognition and Surveillance

ID checks were a common response to the terrorist attacks of 9/11, but they'll soon be obsolete. You won't have to show your ID, because you'll be identified automatically. A security camera will capture your face, and it'll be matched with your name and a whole lot of other information besides. Welcome to the world of automatic facial recognition. Those who have access to databases of identified photos will have the power to identify us. Yes, it'll enable some amazing personalized services; but it'll also enable whole new levels of surveillance. The underlying technologies are being developed today, and there are currently no rules limiting their use.

Walk into a store, and the salesclerks will know your name. The store's cameras and computers will have figured out your identity, and looked you up in both their store database and a commercial marketing database they've subscribed to. They'll know your name, salary, interests, what sort of sales pitches you're most vulnerable to, and how profitable a customer you are. Maybe they'll have read a profile based on your tweets and know what sort of mood you're in. Maybe they'll know your political affiliation or sexual identity, both predictable by your social media activity. And they're going to engage with you accordingly, perhaps by making sure you're well taken care of or possibly by trying to make you so uncomfortable that you'll leave.

Walk by a policeman, and she will know your name, address, criminal record, and with whom you routinely are seen. The potential for discrimination is enormous, especially in low-income communities where people are routinely harassed for things like unpaid parking tickets and other minor violations. And in a country where people are arrested for their political views, the use of this technology quickly turns into a nightmare scenario.

The critical technology here is computer face recognition. Traditionally it has been pretty poor, but it's slowly improving. A computer is now as good as a person. Already Google's algorithms can accurately match child and adult photos of the same person, and Facebook has an algorithm that works by recognizing hair style, body shape, and body language ­- and works even when it can't see faces. And while we humans are pretty much as good at this as we're ever going to get, computers will continue to improve. Over the next years, they'll continue to get more accurate, making better matches using even worse photos.

Matching photos with names also requires a database of identified photos, and we have plenty of those too. Driver's license databases are a gold mine: all shot face forward, in good focus and even light, with accurate identity information attached to each photo. The enormous photo collections of social media and photo archiving sites are another. They contain photos of us from all sorts of angles and in all sorts of lighting conditions, and we helpfully do the identifying step for the companies by tagging ourselves and our friends. Maybe this data will appear on handheld screens. Maybe it'll be automatically displayed on computer-enhanced glasses. Imagine salesclerks ­-- or politicians ­-- being able to scan a room and instantly see wealthy customers highlighted in green, or policemen seeing people with criminal records highlighted in red.

Science fiction writers have been exploring this future in both books and movies for decades. Ads followed people from billboard to billboard in the movie Minority Report. In John Scalzi's recent novel Lock In, characters scan each other like the salesclerks I described above.

This is no longer fiction. High-tech billboards can target ads based on the gender of who's standing in front of them. In 2011, researchers at Carnegie Mellon pointed a camera at a public area on campus and were able to match live video footage with a public database of tagged photos in real time. Already government and commercial authorities have set up facial recognition systems to identify and monitor people at sporting events, music festivals, and even churches. The Dubai police are working on integrating facial recognition into Google Glass, and more US local police forces are using the technology.

Facebook, Google, Twitter, and other companies with large databases of tagged photos know how valuable their archives are. They see all kinds of services powered by their technologies ­ services they can sell to businesses like the stores you walk into and the governments you might interact with.

Other companies will spring up whose business models depend on capturing our images in public and selling them to whoever has use for them. If you think this is farfetched, consider a related technology that's already far down that path: license-plate capture.

Today in the US there's a massive but invisible industry that records the movements of cars around the country. Cameras mounted on cars and tow trucks capture license places along with date/time/location information, and companies use that data to find cars that are scheduled for repossession. One company, Vigilant Solutions, claims to collect 70 million scans in the US every month. The companies that engage in this business routinely share that data with the police, giving the police a steady stream of surveillance information on innocent people that they could not legally collect on their own. And the companies are already looking for other profit streams, selling that surveillance data to anyone else who thinks they have a need for it.

This could easily happen with face recognition. Finding bail jumpers could even be the initial driving force, just as finding cars to repossess was for license plate capture.

Already the FBI has a database of 52 million faces, and describes its integration of facial recognition software with that database as "fully operational." In 2014, FBI Director James Comey told Congress that the database would not include photos of ordinary citizens, although the FBI's own documents indicate otherwise. And just last month, we learned that the FBI is looking to buy a system that will collect facial images of anyone an officer stops on the street.

In 2013, Facebook had a quarter of a trillion user photos in its database. There's currently a class-action lawsuit in Illinois alleging that the company has over a billion "face templates" of people, collected without their knowledge or consent.

Last year, the US Department of Commerce tried to prevail upon industry representatives and privacy organizations to write a voluntary code of conduct for companies using facial recognition technologies. After 16 months of negotiations, all of the consumer-focused privacy organizations pulled out of the process because industry representatives were unable to agree on any limitations on something as basic as nonconsensual facial recognition.

When we talk about surveillance, we tend to concentrate on the problems of data collection: CCTV cameras, tagged photos, purchasing habits, our writings on sites like Facebook and Twitter. We think much less about data analysis. But effective and pervasive surveillance is just as much about analysis. It's sustained by a combination of cheap and ubiquitous cameras, tagged photo databases, commercial databases of our actions that reveal our habits and personalities, and ­-- most of all ­-- fast and accurate face recognition software.

Don't expect to have access to this technology for yourself anytime soon. This is not facial recognition for all. It's just for those who can either demand or pay for access to the required technologies ­-- most importantly, the tagged photo databases. And while we can easily imagine how this might be misused in a totalitarian country, there are dangers in free societies as well. Without meaningful regulation, we're moving into a world where governments and corporations will be able to identify people both in real time and backwards in time, remotely and in secret, without consent or recourse.

Despite protests from industry, we need to regulate this budding industry. We need limitations on how our images can be collected without our knowledge or consent, and on how they can be used. The technologies aren't going away, and we can't uninvent these capabilities. But we can ensure that they're used ethically and responsibly, and not just as a mechanism to increase police and corporate power over us.

This essay previously appeared on

EDITED TO ADD: Two articles that say much the same thing.

by Bruce Schneier at October 05, 2015 04:14 PM

David Weinberger
Enabling JavaScript to read files on your drive via Dropbox: A “Where I went wrong” puzzle.

Ermahgerd, this was so much harder than I thought it would be. In fact, what follows is best approached as a puzzler in which your task is to find the earliest place where I’ve gone horribly wrong. The winning comment will be of the form, “You’re such an idiot! All you had to do was____!” Second place, because less satisfying but no less humiliating, will be comments of the form, “OMFG, why are you writing this? How can you get the simplest thing wrong???”

I know. Forgive me.

So, let’s say you’re writing, oh, an outliner for your own personal use because the one you’ve been using for seven years or so no longer supports Dropbox: If you save an OmniOutliner file to a Dropbox folder, it only gets one of the sub-files. You poke around with alternatives but none of have exactly the set of minimal features you want. (Dave Winer’s Fargo gets damn close to my peculiarities, and it saves outlines in Dropbox…but in only one special folder. I’m picky. And I was looking for a programming project.) So, you decide to write your own. Sure, it’ll be under-featured, and it’ll break. But it’ll be yours.

It’s going to run in a browser because you can’t find any other way to write an app for your Mac except Objective C and Swift, both of which require three days of tutorials and a hundred pushups to get to “Hello, world.” So, you’re using JavaScript and jQuery, JavaScript’s smarter older brother. (Hi, Andy.) And PHP.

Now, you can try as hard as you want, but “The browser is going to insist on protecting you from accessing files on anyone’s hard drive, even your own”the browser is going to insist on protecting you from being able to access files on anyone’s hard drive, even your own, because otherwise Malefactors are going to install apps that will suck your brains out through your smallest aperture and take your credit card numbers with it. For real.

I tried many of the things the Internet recommends to circumvent this well-meaning rule. I wouldn’t have even tried, but I’m running my outliner on my local hard drive, using the Apache2 web server that comes with MAMP. So, I understand why there’s a wall around the files that are not part of what the web server considers to be its home, but those files are mind. So close, yet so far.

I tried figuring out how to set up a virtual directory, but the initial efforts failed and monkeying with apache files scares me. Likewise for changing the server’s document root.

I put a symbolic link to my Dropbox folder into the JavaScript project’s folder (actually in the “php” sub-folder), and was able to write a file into it via PHP. But I couldn’t figure out a way to read the Dropbox folder, which means that if I wanted to switch from loading an outline from




I’d have to type in the entire pathname. No directory browsing for you!

(To create a symbolic link, in your Mac terminal type: “ln -s /Users/YOUR_NAME/Dropbox”. )

So, I had a brainstorm. I use outlines in almost everything I do, but virtually everything I do is in Dropbox. “ has a perfect mirror of my files and folder structure. ” therefore has a perfect mirror of my files and folder structure. Perhaps Dropbox has an API that would let me browse its mirror of my local disk.

It does! With lots of documentation, almost none of which I understand! I’m sure it’s terrific for people who know what they’re doing, but won’t someone please think of the people who need a For Dummies book to read a For Dummies book?

What I’d like to do is to browse the file structure at so I can identify the file I want to open, and have tell me via its API what that file’s path is. Then I could use PHP or even JavaScript (I think) to directly open that file on my own disk via the Dropbox symbolic link in my PHP folder. Right?

Guess what the API doesn’t tell you. Which is too bad because I want to use the same info later to save a file to a pathname inside that symbolic link.

But Dropbox does make it easy for you to drop a magic button into your HTML that will launch a Dropbox mini-file-browser. The version called the “Chooser” downloads files. The version called “Saver” uploads them. Just what I need.

Sort of. What I’d really like to do is:

  • Browse my Dropbox folders using the Chooser.

  • Click to download my chosen file.

  • Read the content of that file into my app, so I can display the outline contained within.

“As a matter of principle, I want to be able to have a user choose it, and read the contents programmatically. Thus did I lose, oh, two days of my life.”As a matter of principle, I want to be able to have a user choose it, and read the contents programmatically. Thus did I lose, oh, two days of my life.

I will not bore you with the many ways I tried to do this basic thing. I am sure that someone is going to read this and give me the one line of code I need. Instead, here is the complex way I managed to accomplish this basic task.

Register your app

First, you have to register your app with Dropbox in order to get a key that will let you access their API. This is relatively simple to do. Go to their App Console, and click on the “Create App” button. When asked, say you want to use the Dropbox API, not the Dropox for Business API, unless you have a business account with Dropbox. It will ask if you want to access a particular folder or all of the user’s folders. It will ask you to give your app a name; it has to be unique among all apps registered there.

On the next page, the fourth line is your app key. Copy it. Click on the “app secret” and copy it too. For OAuth redirect, use “localhost” if you’re hosting your app locally. Or put in the URL of where you’re hosting if it’s going to be out on the Web. Likewise for “Chooser/Saver domains.”

Now, into your HTML file place the line:

<script type=”text/javascript” src=”” id=”dropboxjs” data-app-key=”YOUR_KEY”></script>

Obviously, insert your Dropbox key (see above) appropriately.

Ok, let’s create the app.

The app

Into your HTML document create an empty div where the Dropbox button will go:

<style>.row{border: 1px solid blue; padding: 0px;margin-top: 0px;margin-bottom: :0px;;}.numbcell{background-color:#355DB2;color: #FFFFFF;text-align: right;font-family: 'Helvetica Neue', Helvetica, Arial, Verdana;}.cell{padding:0px;background-color: #FFF6A6;}.cellp{line-height: 110%;color: #05007E;padding: 0px;margin-top:0px;margin-bottom: 0px;font-family: Courier, 'Courier New';}.comment{color:#A1A1A1;}</style>

<div id=”DBbutton”></div>

In the header of your HTML document make sure you’ve included jQuery:

<style>.row{border: 1px solid blue; padding: 0px;margin-top: 0px;margin-bottom: :0px;;}.numbcell{background-color:#355DB2;color: #FFFFFF;text-align: right;font-family: 'Helvetica Neue', Helvetica, Arial, Verdana;}.cell{padding:0px;background-color: #FFF6A6;}.cellp{line-height: 110%;color: #05007E;padding: 0px;margin-top:0px;margin-bottom: 0px;font-family: Courier, 'Courier New';}.comment{color:#A1A1A1;}</style>

<script src=””></script>

Of course, if you prefer to download your own copy of jQuery instead of using Google’s, go ahead. But at this point so much of what I do goes through Google that avoiding using it for jQuery seems foolish.

Also in your header, after the jQuery line, place the following:

<style>.row{border: 1px solid blue; padding: 0px;margin-top: 0px;margin-bottom: :0px;;}.numbcell{background-color:#355DB2;color: #FFFFFF;text-align: right;font-family: 'Helvetica Neue', Helvetica, Arial, Verdana;}.cell{padding:0px;background-color: #FFF6A6;}.cellp{line-height: 110%;color: #05007E;padding: 0px;margin-top:0px;margin-bottom: 0px;font-family: Courier, 'Courier New';}.comment{color:#A1A1A1;}</style>

<script src="//"></script>


<script type=”text/javascript” src=”./js/Your_File_Name.js”></script>

Create a subfolder in the directory where your HTML file is and name it “js”. Using your favorite text editor create a file called whatever you want to call it, with a “js” extension. Obviously make sure that the file’s name is exactly the one in the line above. That .js file is where you’ll put your JavaScript…although in this example I’m including it all in the HTML file itself because all I’m going to do is going to occur in the script that loads immediately after the file loads. So never mind.

Here’s the rest of what should go into the head section of your HTML file.

<style>.row{border: 1px solid blue; padding: 0px;margin-top: 0px;margin-bottom: :0px;;}.numbcell{background-color:#355DB2;color: #FFFFFF;text-align: right;font-family: 'Helvetica Neue', Helvetica, Arial, Verdana;}.cell{padding:0px;background-color: #FFF6A6;}.cellp{line-height: 110%;color: #05007E;padding: 0px;margin-top:0px;margin-bottom: 0px;font-family: Courier, 'Courier New';}.comment{color:#A1A1A1;}</style>

<script type=”text/javascript”>





var opts= {


success: function(files) {


var filename = files[0].link;


filename = filename.replace(“dl=0″,”dl=1”);






url: “./php/downloadDropboxContents.php”,


data: “src=” + filename,


success: function(cont){






error: function(e){










extensions: [“.txt”,”.opml”],


multiselect: false,


linkType: “download”




var button = Dropbox.createChooseButton(opts);







Line 2 is a very handy jQuery function that gets executed after the entire page has been downloaded into the browser. That means all the bits and pieces are there before the code in the function is executed.

In this case, the code is going to create a Dropbox button for the user to press. The options for that button are expressed in lines 2-22. Let’s start with the last lines.

Line 19 lists the extensions I want to let users (= me) select for download. There are only two: files that end with .txt and ones that end with .opml. OPML is the standard format for outlines. (Thank you, Dave Winer.)

Line 20 says that I don’t want users to be able to open more than one file at a time.

On line 21 we specify that we want Dropbox to give us back the downloaded file. The alternative is “preview,” which will provide a preview.

By the way, note that each option line ends with a comma, except for the last one. This whole option statement is actually a JSON set of key:value pairs, each delimited by a comma. In some cases, as in Dreaded Line 4, the values are multi-line and complex. Nevertheless, they’re still just values of the keyword to the left of the colon.

But I’m just putting off talking about the “success” option, lines 4-18, that set what happens if the download operation is successful.

Line 4 creates a function that will get passed an array of downloaded files, which unimaginatively I am capturing in the variable “files.”

Line 5 gets the link to the first file in the array. The array is files[]. The appended “.link” gets the URL to the Dropbox file, but it’s a funky link that, alas, doesn’t express the pathname, but some seemingly arbitrary set of characters. For example:


If you were instead to say “files[0].name”, you’d get the file’s name (“A History of the Philosophy of Time.txt”). And if you say “.path” you — damn their eyes — get an error. Aargh. This could have been so much easier! Anyway.

“Line 6 is something I discovered on my own, i.e., I didn’t read the documentation carefully enough.”Line 6 is something I discovered on my own, i.e., I didn’t read the documentation carefully enough. Notice the “dl=0” at the end of the file link above. I’m going to guess the “dl” stands for “download.” If you leave it at 0, you get the user interface. But — aha! — if you replace it with 1, it downloads the actual damn file into your normal download folder, which defaults on the Mac to the Download folder. So, line 6 does the search and replace. (If line 7 weren’t commented out, it’d pop up the file link.)

So now we have a link that will download the file. Excellent!

Lines 8-17 use that URL to actually download it and read it. This requires (i.e., it’s the only way I know how to do it) executing a PHP script. For that we use AJAX, which JavaScript makes hard but jQuery makes easy.

Line 9 points to the PHP file. It lives in a folder called “php.” The “./” is redundant — it says “that folder is in the current directory” but I’m superstitious. We’ll write the PHP file soon.

Line 10 is the dumb way of saying what data we’re going to pass into the PHP script. We’re using the variable “src” and we’re passing the path to the downloadable Dropbox file. The better way to express this data would be to use JSON, but I never remember whether you put the key in quotes or not, so I’d rather do it this way (which in essence simply writes out the appendage to the basic PHP’s script URL) than look it up. But, I just did look it up, and, no, you don’t quote the keys. So line 10 should really be:

data: {src : filename},

but I’m too lazy to do that.

Now in line 11 we get to what we do with the results of the PHP script’s processing of the content it’s going to receive. The commented-out line would post the content into a dialogue box so you can confirm you got it, but what I really want to do is turn the content of that file into a outline displayed by my app. So, my real line 12 will be something like “displayOutline(cont)”, a function that I’ll stick elsewhere in my JavaScript. But that’s not what we’re here to talk about.

Lines 14-6 get invoked if the PHP fails. It displays a human-readable version of the error code. You’ll also want to be looking at your console’s error log. If you’re using MAMP, look at php_error.log, which you’ll find in MAMP/logs.

At line 23, we’re outside of the options declaration. Line 23 uses Dropbox to create a Chooser button that when pressed will pop up the Chooser with the right options set. “With luck, when you load it, you’ll see a Dropbox button sitting there.”

The button exists but not on your page. For that to happen, you need line 24 to tell your page to find the div with the id of “DBbutton” and to insert the button into it as a new last element. (Since there are no elements in that div, the button becomes its only element.)

All this happens before your page becomes visible. With luck, when you load it, you’ll see a Dropbox button sitting there.

Now onto the PHP.


Create a folder named “php” in the same directory as your HTML file. In it create a file called “downloadDropboxContents.php”.

Here it is:

<style>.row{border: 1px solid blue; padding: 0px;margin-top: 0px;margin-bottom: :0px;;}.numbcell{background-color:#355DB2;color: #FFFFFF;text-align: right;font-family: 'Helvetica Neue', Helvetica, Arial, Verdana;}.cell{padding:0px;background-color: #FFF6A6;}.cellp{line-height: 110%;color: #05007E;padding: 0px;margin-top:0px;margin-bottom: 0px;font-family: Courier, 'Courier New';}.comment{color:#A1A1A1;}</style>




$src = $_REQUEST[‘src’]; // url


$filename = basename($src); // get the file’s name


error_log(“SRC; $src – FILENAME: $filename”);


$dir=”Downloads”; // set the folder to download into


// create the pathname for the downloaded file


$downloads = $dir . “/” . $filename; // md5($src);


// get the contents of the download — YAY!


$out = file_get_contents($src);




// put the downloaded file there


file_put_contents($downloads, $out);


// repeat the contents out loud


echo $out;




The comments should tell the story. But just in case:

Line 2 picks up the data we’ve passed into it. $src now should have the URL to the Dropbox file.

Line 3 gets the file name from the pathname. We’re going to need that when we save the file into our designated folder (which is “Downloads,” which you may recall, we created a symbolic link to in our php folder.)

Line 4 optionally writes the Dropbox URL and the filename into the console (see above), just to see where we’ve gone wrong this time.

Line 5 specifies what folder to put the downloaded file into. Remember that it has to be within the realm your web server counts as document root. Hence the symbolic link to Downloads in the php folder.

Line 7 creates the path name to that download folder by appending the file name to the path, with a “/” in between them.

Line 9 copies the actual damn contents of the downloaded file into a variable I’ve called “$out”. Line 10 checks the content. You probably want to comment that line out.“Line 14 reports the contents back to the “success” function…”

Line 12 writes the content into the download directory.

Line 14 reports those contents back to the “success” function in the JavaScript. It will there be captured by the variable “cont” in line 11.

That’s it. I know this is sub-optimal at best, and probably far more fragile than I think. But it works for now, at least with simple text files. And I couldn’t find anything at this level of beginnerness online.

I’m sorry.


by davidw at October 05, 2015 04:10 PM

PRX Partners with Esquire to Launch Esquire Classic Podcast

PRX is excited to announce a partnership with Esquire on their new Esquire Classic podcast. The series explores some of Esquire‘s most popular past articles and thoroughly examines both the content and the context with host David Brancaccio and a number of famous guests. Esquire Classic kicks off today with the release of episode one, “Falling Man”.  It details an article written by Tom Junod in 2003, which revolved around a photo of a man forced to jump from the World Trade Center on 9/11. Junod discusses why the magazine’s most-read story of all time was so controversial and important.

You can listen to the full episode at . Subscribe to the podcast in iTunes to listen to the second episode, which will launch two weeks from today.

Read the full details of the podcast launch below:

Series sheds new light on groundbreaking work by writers
Nora Ephron, F. Scott Fitzgerald, and Tom Junod

Cambridge, MA (October 5, 2015) – To celebrate its 1000th issue this month, Esquire has joined forces with PRX, the award-winning public media company, to launch a podcast deconstructing classic non-fiction stories from the vault of the 82-year-old magazine that continues to push the boundaries of narrative journalism.

Hosted by public radio’s David Brancaccio, the new podcast dissects iconic Esquire stories by writers such as F. Scott Fitzgerald, Nora Ephron, and Tom Junod, and reveals the cultural currents that make them as lasting and timely today as when they were first published. Guests will include Esquire writers and editors, along with authors, academics, comedians and actors.

The Esquire Classic podcast launches today with an episode showcasing the magazine’s most-read story of all time: Junod’s 2003 article “Falling Man.” Inspired by the famous and infamous photograph of one of the people forced to jump from the World Trade Center, captured by Richard Drew on 9/11, Junod reveals why he felt it was his responsibility to bring the photo – and the anonymous falling man pictured – to light.

The Esquire Classic podcast episodes will be published every two weeks starting Monday October 5. It is produced by audio veteran Curtis Fox.

The Esquire Classic Podcast joins a select roster of signature shows from PRX, including The Moth Radio HourReveal, and Snap Judgment. PRX is also the home of Radiotopia, a podcast network of the world’s best story-driven shows anchored by 99% Invisible, the popular design show from Roman Mars.

“PRX is dedicated to bringing audiences the most engaging stories from the world’s best storytellers,” said Jake Shapiro of PRX. “For more than 80 years, Esquire has set the standard for publishing work that shapes our culture and conversation. We are thrilled to join Esquire in shedding new light on these fascinating and timeless stories.”

“It is amazing how deftly PRX and David Brancaccio explore and exploit what can make a story into something that stands the test of time,” said David Granger, the editor-in-chief of Esquire. “With the launch of Esquire Classic, the complete digital archive of the magazine, we’ve been working to make the past not just present but urgent. PRX is the best partner we could have in this venture.”

You can download and stream the podcast via iTunes and at

The other two installments in the 3-episode pilot podcast series are:

The Crack-Up (1936) – In 1936 F. Scott Fitzgerald, then a struggling writer battling depression and alcoholism, published a radical series of essays in Esquire about his mental breakdown. Celebrated poet and memoirist Nick Flynn discusses Fitzgerald’s mindset at the time, the ridicule he faced from friends like Ernest Hemingway, and how his essays set off a genre of confessional writing that persists and thrives today.

A Few Words About Breasts (1972) – Nora Ephron’s comic lament about how her late onset of puberty and earliest sexual experiences gave her a lifelong obsession with her breasts. Jessi Klein, head writer for “Inside Amy Schumer,” joins David Brancaccio to discuss Ephron’s story and its lasting influence on the way women perceive and voice themselves in writing and comedy.

About Esquire
Esquire (, published by Hearst Magazines, is the most-honored monthly magazine in America. Over the past 15 years, it has won a total of 16 National Magazine Awards. Its Web site and e-reader applications have been similarly honored – Esquire won the first-ever National Magazine Award for iPad applications. In addition to its U.S. flagship, Esquire publishes 27 editions around the world. Esquire Classic (, the magazine’s new digital archive of every issue from 1933 to today, features over 50,000 stories from the authors such as Ernest Hemingway, F. Scott Fitzgerald, Tom Wolfe, Gloria Steinem, Cormac McCarthy, and David Foster Wallace. Follow Esquire on Twitter at @Esquiremag and @EsquireClassic.

About PRX
PRX is an award-winning nonprofit public media company, harnessing innovative technology to bring compelling stories to millions of people. operates public radio’s largest distribution marketplace, offering tens of thousands of audio stories for broadcast and digital use, including This American Life, The Moth Radio Hour, Sound Opinions, State of the Re:Union, Snap Judgment, and WTF with Marc Maron. PRX Remix is PRX’s 24/7 channel featuring the best independent radio stories and new voices. PRX was created through a collaboration of the Station Resource Group and Atlantic Public Media, and receives support from public radio stations and producers, The Corporation for Public Broadcasting, the National Endowment for the Arts, the Ford Foundation, the John D. and Catherine T. MacArthur Foundation, the Wyncote Foundation, and Knight Foundation. Follow us on Twitter at @prx.

About David Brancaccio
David Brancaccio is the host of American Public Media’s Marketplace Morning Report. His reporting has focused on the future of the economy, financial and labor markets, technology, the environment and social enterprises. In the early 1990s, Brancaccio was Marketplace’s European correspondent based in London, and hosted Marketplace’s evening program from 1993 to 2003. He co-anchored the PBS television news magazine program NOW with journalist Bill Moyers from 2003 to 2005, before taking over as the program’s solo anchor in 2005. His feature-length documentary film, Fixing the Future, appeared in theaters nationwide in 2012. David is author of the book Squandering Aimlessly, an exploration of how Americans apply their personal values to their money. Among his awards for broadcast journalism are the Peabody, the DuPont-Columbia, the Cronkite, and the Emmy.

The post PRX Partners with Esquire to Launch Esquire Classic Podcast appeared first on PRX.

by Maggie Taylor at October 05, 2015 02:27 PM

October 04, 2015

David Weinberger
This blog has gone spamtacular

In August, the comment section of this blog was hit with 13,000 spam messages, which was at the low end of its normal 25k-35k range. At least this is what Akismet tells me. The number of actual comments is usually in 30-50/month range, I think.

In September, my comment sectionss got 186,998 spams. This has driven up my hosting costs rather spectacularly.

My host, — very reasonably priced, a little geeky to use, which is not a bad thing — pointed this out to me. I started checking my WordPress plugins and only then found out that my Akismet API key was no longer valid. I have no idea why it stopped being valid, or when that happened, but I’m hoping it was at the beginning of September. I have reenlisted in Akismet.

Being a dolt, I don’t know if using a comment spam filter like Akismet will reduce the hits on my site, or whether it will simply lower the number of bogus comments I have to manually wade through. I will check tomorrow.

I am also willing to accept ideas today.

(I have temporarily closed comments on posts older than 14 days. Sorry. But it’s not like I get a lot of those.)

UPDATE, that afternoon: The support person at MediaTemple suggested replacing Akismet with WP-Spamshield, and adding WordPress Spam Cleaner to get rid of existing spam. He also suggested this helpful article: Hardening WordPress. Thanks, Media Temple support person!

UPDATE, two days later: My comments traffic has dropped down to its usual trickle. Whew! I’m now going to turn back on the ability to comment on posts older than two weeks, and will see what happens.

by davidw at October 04, 2015 02:38 PM

October 02, 2015

Bruce Schneier
Resilient Systems News

Former Raytheon CEO Bill Swanson has joined our board of directors.

For those who don't know, Resilient Systems is my company. I'm the CTO, and we sell an incident-response management platform that...well...helps IR teams to manage incidents. It's a single hub that allows a team to collect data about an incident, assign and manage tasks, automate actions, integrate intelligence information, and so on. It's designed to be powerful, flexible, and intuitive -- if your HR or legal person needs to get involved, she has to be able to use it without any training. I'm really impressed with how well it works. Incident response is all about people, and the platform makes teams more effective. This is probably the best description of what we do.

We have lots of large- and medium-sized companies as customers. They're all happy, and we continue to sell this thing at an impressive rate. Our Q3 numbers were fantastic. It's kind of scary, really.

by Bruce Schneier at October 02, 2015 10:45 PM

Friday Squid Blogging: Bobtail Squid Keeps Bacteria to Protect Its Eggs

The Hawaiian Bobtail Squid deposits bacteria on its eggs to keep them safe.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at October 02, 2015 09:11 PM

danah boyd
Join me at the Parker Lecture on Oct. 20 in Washington DC

Every year, the media reform community convenes to celebrate one of the founders of the movement, to reflect on the ethical questions of our day, and to honor outstanding champions of media reform. This annual event, called the Parker Lecture, is in honor of Dr. Everett C. Parker, who is often called the founder of the media reform movement, and who died last month at the age of 102. Dr. Parker made incredible contributions from his post as the Executive Director of the United Church of Christ’s Office of Communication, Inc.. This organization is part of the progressive movement’s efforts to hold media accountable and to consider how best to ensure all people, no matter their income or background, benefit from new technology.

I am delighted to be part of this year’s events as one of the honorees. My other amazing partners in this adventure are:

  • Joseph Torres, senior external affairs director of Free Press and co-author of News for All the People: The Epic Story of Race and the American Media, will receive the Parker Award which recognizes an individual whose work embodies the principles and values of the public interest in telecommunications.

  • Wally Bowen, co-founder and executive director of the Mountain Area Information Network (MAIN), will receive the Donald H. McGannon Award in recognition of his dedication to bringing modern telecommunications to low-income people in rural areas.

The 33rd Annual Parker Lecture will be held Tuesday, October 20, 2015 at 8 a.m. at the First Congregational United Church of Christ, 945 G St NW, Washington, DC 20001. I will be giving a talk as part of this celebration and joined by Clayton Old Elk of the Crow Tribe who will offer a praise song.

Want to join us? Tickets are available here.

by zephoria at October 02, 2015 05:37 PM

Berkman Center front page
Welcome New Fellows: Griffin Boyce and Olivier Alais


By Michael Rosenbloom and Loren Newman


This post is part of a series featuring interviews with some of members of the 2015-2016 class of Berkman Fellows. Conducted by our 2015 summer interns (affectionately known as "Berkterns"), these snapshots aim to showcase the diverse backgrounds, interests, and accomplishments of our dynamic community.

Thumbnail Image: 

Q&A with Griffin Boyce​

Griffin Boyce works on a variety of anti-censorship projects, including Satori, a tamper-resistant distribution project for circumvention tools, and Cupcake Bridge, a Chrome add-on that allows web browsers to expand access to the Tor network. He is a Fellow with X-Lab and a Senior Censorship Researcher for the Open Internet Tools Project.

What interests you the most now about the interactions between open tech, privacy, surveillance, and censorship? Is this different from your interests when you first entered this area?

I'm still quite fascinated by the interplay between surveillance systems and censorship.  To effectively censor someone, you must first invade their privacy to find out what they are saying.  So surveillance and censorship go hand-in-hand in most countries. When I first started working on censorship in earnest, I was mostly focused on helping people individually and in small groups.  As time has gone on, my interests have been slowly leaning towards projects that scale better and which aim to have a larger impact. Training people one-on-one is still extremely important, but not everyone has access to trainers.  

In many cases, it seems like efforts to make a system more private and secure can hinder usability, to the point of being counterproductive. Do you think that there are effective means of avoiding the security v. usability conflict for the general public, or is digital privacy reserved for the dedicated and/or tech-savvy?

I've always found Security vs. Usability to be a false dichotomy.  For a security application to be useful at all, the developers must take human factors into account.  After all, if someone can't use security software, they can't be protected by it.

What, in your view, is the greatest contemporary threat to an open Internet?  

On balance, the greatest threat to an open internet is politicians and policymakers who don't have an in-depth understanding of technology, and who do not trust scientists who create the technology that we use every day. This becomes all the more clear when one listens to the debate over 'golden key' backdoors in security software. Because politicians want it to exist, they assume that it must be possible – and even preferable to people having private conversations.  More work is needed to build relationships between technical communities and politicians to bridge this gap.

In what direction do you feel that the general responses to digital surveillance and censorship are going? Is there a different direction you would prefer them to be going?

There seems to be a rush of initial shock, strong statements by technology companies, and then no real accountability or follow-up.  PRISM partners like Skype (and parent company Microsoft) survived the scandal mostly unscathed and unchanged.  Most Gmail users unnerved by ongoing surveillance revelations continue to use the service.  I feel that the emphasis has been too much on shock, but with surprisingly little emphasis on behavior change for average people.  There also seems to be a bit of an “all or nothing” attitude towards security.  This is the wrong approach for the vast majority of internet users, as people really can take small steps and greatly improve their privacy without completely changing their lifestyle.

What do you hope to accomplish during your fellowship?

My hopes are to obtain enough measurements to build a well-rounded picture of digital censorship in Eastern Europe, and to surpass one million downloads for Satori (my project around circumvention and user education).


Q&A with Olivier Alais​

Olivier Alais is a senior Information and Communications Technology (ICT) specialist with deep expertise in both business and technology solutions. He pursued numerous governmental ICT projects in developing countries, including serving as an Advisor in New Technology for the French Embassy in Burkina Faso and as the Program Director for Geekcorps in Mali to increase connectivity and bring eGovernment services in remote areas. Currently, Olivier is involved in the development of digital economy reference policy documents for Burkina Faso, the improvement of the international Internet connectivity in Comoros and the global promotion of the Frogans technology.

In bringing innovation and technical capacity to the developing world, how do you manage the challenge of teaching communities to be technically independent while implementing solutions that may be beyond the abilities of local populations. That is, how do you address the tension between capacity building in the developing world and allowing products and services to grow organically or sustainably?

I have been working for a couple of years on the challenge of teaching communities to be technically independent, and a good way to go is to build solutions with communities. That means we have to spend time with them to understand their needs, to identify leaders, to understand the context, to frame a problem then to bring an adapted solution. A good approach is to mix local and international specialists to design technical solutions adapted to the local populations. Somehow, this is what I did when I was based in West Africa. My first job there was teaching Computer Science in the public university in Burkina Faso. I spent two years teaching there and I had to adapt my courses to the local context where I had to deal with a sporadic Internet connection, frequent power cuts and a poor job market. 

I worked on developing the first website for the university with my students and we faced technical challenges such as adapting web pages to a poor Internet connection or setting up the first local web server. I also spent a lot of energy pushing content creation and transparency. Indeed, it took 18 months, with my team, to build the first university website. Today, most of my former students are working for the government or left Burkina Faso to work in the West but some of them are starting to come back. West Africa is more and more dynamic, and attracts investors and entrepreneurs.

My second long-term experience in Africa was in Mali with Geekcorps to bring innovation and technical capacity. I was lucky enough to manage the office in Bamako where we had a lab and an apartment for foreign volunteers. By mixing Malians and Westerners, we were able to create an Open FM transmitter able to broadcast in the Sahara desert, a CanTV to share TV cables in remote villages of Mali, an offline Wikipedia to bring information to remote communities, a DIY Wi-Fi antenna, a DIY solar panel, a rural information center named Cybertigi or a digital kiosk named la Source. My years with Geekcorps were an amazing experience. We had carte blanche to create adapted solutions for remote Malian communities. We were able to start several companies in Mali from the Geekcorps program, the offline Wikipedia project is still alive, and we trained a couple of Malians who are proactive in the African IT communities.

About products and services, it is quite challenging to allow them to grow organically or sustainably but I saw successful experiences. To be effective, we need to be practical by adapting capacity building to specific needed services and building a proper business model adapted to the communities. They express needs such as having access to information, photocopying documents, taking ID pictures or having a local radio station and we need to start from those needs. From this context, we are trying to be creative by bringing adapted technical solutions, giving proper workshops and create appropriate business models.

Currently, I am following with interest an Internet Service Provider project where a Wi-Fi connection could be available for free for the end-users who will have to watch a video on their smartphones before accessing the Internet. NGOs and private organizations are ready to pay to advertise their messages and the money can be used to maintain the network and fund the Internet connection. To my point of view, it is a good business model while there is a real demand for broadband connectivity in the developing world.

You took an incredible overland adventure across Turkey, Iran, Pakistan, Kyrgyzstan, Pakistan, India, Nepal, Bangladesh, and China in 2004. How has that experience changed you, and how does it shape your interests and goals in international development? Especially with regards to your firm's branch in Burkina Faso.

I traveled quite extensively when I was younger, and I took a 10-month trip right after my graduation through Asia. It was one of my dream trips to go from Europe to Asia, and to feel the continuity between the different populations and cultures. I learned from this trip to follow my feelings, to understand other points of view, to be amazed by the beauty of our world, to talk truly to others, to share, to be thankful, and to be in love with the richness of our world. Travelling provides the opportunity to learn and discover everyday because you are far from your comfort zone and you need to readapt continuously. I knew a bit about Asia before taking that long journey while I did two internships in India during my study. It took me 4 months to go from Istanbul to New Delhi with one of my friends, then I kept going by myself for 6 months. Actually, I was never alone, I was meeting fellow travelers on the road and I was constantly sharing with the local people.

This kind of trips opens a door to international development because you want to stay in touch with the world, you want to keep exploring and learning. After this trip when I came back to France, the French Government offered me two job opportunities, one in London and the other one in Africa. I went to Africa while it was the most exciting to me at that time.

If you had to forecast how technology and relevant policy will evolve in the developing world over the next ten years, what would you predict? What do good and bad scenarios look like, and do you incorporate these predictions into your projects with various organizations worldwide?

It is a bit difficult to predict the future but I can try. I have the feeling that the governments of developing nations are going to turn to Open Source. I worked last year on the Open Source policy, strategy and action plan for Mauritius. It was a big step for them, and Mauritius is a strategic influencer for Africa. South Africa also has its own Open Source policy, as do Malaysia and Venezuela. Open Data is becoming an important movement in the developing world while the World Bank has been pushing it for years. Policies need to be adapted to sharing and open economies, and Open Data is going to have a central rule. Some people in the developing world, as in the West, are starting to realize the power of a sharing economy and we need to design proper policies, strategies and action plans to boost local markets and empower citizens.

Another current challenge is to build Internet infrastructures in the developing world and especially in Africa. Today, we still need to adapt solutions because the connectivity is poor in a number of developing nations but it is going to change. Indeed, sub-marine cables are reaching most of the coastal countries in Africa and the next challenge is to bring connectivity inside the continent.

The best scenario could be installing proper Internet infrastructures covering major cities in Africa with a proper regulation benefiting the end-users. The private sector could be boosted by the dynamism of this digital economy and create more jobs as a result. The worst case could be to face some difficulties in installing proper Internet infrastructures because of instabilities, wars and conflicts. It is sadly what we can see in South Sudan or Democratic Republic of the Congo. Political stability is a prerogative for development and a good policy can change the future of a nation. Mauritius is a good example of successful country where they had a clear political vision and they were able to develop their economy.

I am incorporating these predictions in my various projects supporting public sector reforms by pushing the creation of an open and sharing economy based on the philosophy of Open Source. Indeed, the Open Source Software movement, through the development of GNU/Linux, has launched a new way of collaboration able to build cathedrals in a record time and we need to pursue and adapt this movement in order to guarantee transparency, participation and accountability.

As your roles have straddled the public and private sectors, what are the strengths of each, and does that familiarity allow you to be more effective across disciplines?

Public and private sectors are two different worlds even if they are trying more and more to work together. Public sector, in the international development field, focuses on its political interests and expects to control everything. Private sector expects to make money by exploring new markets. We learned from the last decade that the private sector can be very creative and launched huge companies such as Facebook, Google and Amazon. We also learned that the public sector takes more time to organize itself but they have been able to take the control back from private companies. From my point of view, we need to have distributed control between the private and the public sectors to make them work together. This is what I am pushing through my work. I am always trying to distribute power and find room for private sector, public administration, NGO, civil society, etc. In a more and more connected world, we cannot allow having a central power, we need to distribute authorities and the Internet is a magic tool and a good way to do it.

What's next for you and for Soukeina? (And where in the world?)

About Soukeina, I would like to develop the African office and propose new services, especially focuing on security engineering. Few companies in Africa are able to monitor their network and they need the right tools and workshops.

About me, I am looking for new challenges, perhaps in Southeast Asia. I spent a couple of weeks in Indonesia and Malaysia last June, and it is quite exciting what is going on there. Connectivity is pretty good, they are all connected through smartphones and there are still tons of services to create locally. I am also thinking about visiting South America and improving my Spanish one of these days!

Anything else you'd like to share with the Berkman community and the world?

I am very glad to be part of the Berkman community and I am looking forward to working with my new teammates to explore and develop cyberspace. I am also quite into meditation and I think that mindfulness could be an interesting subject to share with the Berkman Center. Indeed, I discovered meditation when I was living and working in India 15 years ago in the IT industry. At that time, most of my coworkers were meditating in the morning before going to the office and the atmosphere was relaxed and peaceful. Today, meditation sounds to be a growing subject in the tech industry, some labs in Harvard are working on the topic and I will be interested to learn more about the effects of mindfulness on creativity.

Loren Newman is working on his Masters degree in public policy at the Harvard Kennedy School.


by gweber at October 02, 2015 05:35 PM

Bruce Schneier
Stealing Fingerprints

The news from the Office of Personnel Management hack keeps getting worse. In addition to the personal records of over 20 million US government employees, we've now learned that the hackers stole fingerprint files for 5.6 million of them.

This is fundamentally different from the data thefts we regularly read about in the news, and should give us pause before we entrust our biometric data to large networked databases.

There are three basic kinds of data that can be stolen. The first, and most common, is authentication credentials. These are passwords and other information that allows someone else access into our accounts and -- usually -- our money. An example would be the 56 million credit card numbers hackers stole from Home Depot in 2014, or the 21.5 million Social Security numbers hackers stole in the OPM breach. The motivation is typically financial. The hackers want to steal money from our bank accounts, process fraudulent credit card charges in our name, or open new lines of credit or apply for tax refunds.

It's a huge illegal business, but we know how to deal with it when it happens. We detect these hacks as quickly as possible, and update our account credentials as soon as we detect an attack. (We also need to stop treating Social Security numbers as if they were secret.)

The second kind of data stolen is personal information. Examples would be the medical data stolen and exposed when Sony was hacked in 2014, or the very personal data from the infidelity website Ashley Madison stolen and published this year. In these instances, there is no real way to recover after a breach. Once the data is public, or in the hands of an adversary, it's impossible to make it private again.

This is the main consequence of the OPM data breach. Whoever stole the data -- we suspect it was the Chinese -- got copies the security-clearance paperwork of all those government employees. This documentation includes the answers to some very personal and embarrassing questions, and now opens these employees up to blackmail and other types of coercion.

Fingerprints are another type of data entirely. They're used to identify people at crime scenes, but increasingly they're used as an authentication credential. If you have an iPhone, for example, you probably use your fingerprint to unlock your phone. This type of authentication is increasingly common, replacing a password -- something you know -- with a biometric: something you are. The problem with biometrics is that they can't be replaced. So while it's easy to update your password or get a new credit card number, you can't get a new finger.

And now, for the rest of their lives, 5.6 million US government employees need to remember that someone, somewhere, has their fingerprints. And we really don't know the future value of this data. If, in twenty years, we routinely use our fingerprints at ATM machines, that fingerprint database will become very profitable to criminals. If fingerprints start being used on our computers to authorize our access to files and data, that database will become very profitable to spies.

Of course, it's not that simple. Fingerprint readers employ various technologies to prevent being fooled by fake fingers: detecting temperature, pores, a heartbeat, and so on. But this is an arms race between attackers and defenders, and there are many ways to fool fingerprint readers. When Apple introduced its iPhone fingerprint reader, hackers figured out how to fool it within days, and have continued to fool each new generation of phone readers equally quickly.

Not every use of biometrics requires the biometric data to be stored in a central server somewhere. Apple's system, for example, only stores the data locally: on your phone. That way there's no central repository to be hacked. And many systems don't store the biometric data at all, only a mathematical function of the data that can be used for authentication but can't be used to reconstruct the actual biometric. Unfortunately, OPM stored copies of actual fingerprints.

Ashley Madison has taught us all the dangers of entrusting our intimate secrets to a company's computers and networks, because once that data is out there's no getting it back. All biometric data, whether it be fingerprints, retinal scans, voiceprints, or something else, has that same property. We should be skeptical of any attempts to store this data en masse, whether by governments or by corporations. We need our biometrics for authentication, and we can't afford to lose them to hackers.

This essay previously appeared on Motherboard.

by Bruce Schneier at October 02, 2015 03:57 PM

David Weinberger
Reason #2,645 to love the Web

Back in the early 1980s—yes, children, it’s time for an anecdote from the Dark Ages—WordPerfect was my writing tool. I was a power user and was quite attached to it. But there were some things I thought they could do better. So, I wrote a four page letter that was (as I recall) very appreciative of the program overall — not a set of gripes, but a fan’s notes. I sent it to the WordPerfect corporation.

I never heard anything back. Not even the form letter I expected.

That was back then.

On my Mac I frequently use Sync2Folders “its techie rawness is one of the reasons I like it”to, well, sync two folders. It does exactly what I want, and it’s free, although donations are suggested. (I’ve donated the suggested €6 more than once.)

In terms of the look and feel, Sync2Folders isn’t slick, and in its functionality it tends towards the techie. But it’s simple enough that I can do the basic things that I want to do. In fact, its techie rawness is one of the reasons I like it: It does a job that’s not trendy, and it does it without gussying itself up.

Also, and perhaps more important, it looks like something that a developer created and put out in the world for free. Which is exactly what it is.

A couple of days ago I got an automated email from the developer, Thomas Robisson when I donated for the third time. I’d like to pretend that I’m just that generous, but the truth is that I’m just that forgetful. So, I appreciated that the developer noted the duplication, told me how to avoid the app’s request for fiscal aid, and reminded me that a single license can be used on multiple computers.

I responded by email to thank Thomas, and also to point out a feature that I’d like and that I’d thought was in an earlier version. I was confident that this was going to turn out to be a DUM— a dumb user mistake — and at least I was right about that.“ The Net occasions the generosity of people like Thomas” Over the course of a couple of emails in which Thomas asked for some basic debugging info, it turned out that, yes, I had simply missed the button that did what I was asking for. D’oh.

I know that the Internet is the defiler of youth and the death of civilization. But it also occasions the generosity and creativity of people like Thomas.

Further, before the Net, there was only the slightest chance that a user and a product creator could engage. And if they did it was likely to be in the stilted, inhuman voice of the Marketing department.

So, thank you, Thomas. And thank you, Internet.

by davidw at October 02, 2015 12:55 PM

Bruce Schneier
Existential Risk and Technological Advancement

AI theorist Eliezer Yudkowsky coined Moore's Law of Mad Science: "Every eighteen months, the minimum IQ necessary to destroy the world drops by one point."

Oh, how I wish I said that.

by Bruce Schneier at October 02, 2015 01:25 AM

October 01, 2015

Bruce Schneier
Identifying CIA Officers in the Field

During the Cold War, the KGB was very adept at identifying undercover CIA officers in foreign countries through what was basically big data analysis. (Yes, this is a needlessly dense and very hard-to-read article. I think it's worth slogging through, though.)

by Bruce Schneier at October 01, 2015 12:00 PM

September 30, 2015

John Palfrey
Introduction of George H.W. Bush at All School Meeting, Phillips Academy

This morning, President George H.W. Bush and Mrs. Barbara Bush surprised our student body by joining us for All School Meeting in Cochran Chapel at Phillips Academy.  The All School Meeting featured Mary Kate Cary and the film she produced, “41 on 41,” about the life of President Bush.

Good morning, Andover.

This morning we gather to reflect, as we often do, on Phillips Academy’s motto, non sibi: not for oneself. We have many role models among those who have gone before us at Andover. Some of them have generously presented at All School Meetings, sharing with us in this chapel their stories of what it was about their time at Andover that motivated them to live a life embodying the non sibi credo. Last year Dr. Vanessa Kerry ’95, founder of the non-profit SEED Global Health, encouraged you to consider how you might make a difference. Next month author Julia Alvarez ’67 will talk about how she employs storytelling to ignite awareness and activism for humanitarian causes.

Today, in celebration of non sibi, we welcome Mary Kate Cary who has created a film assembling the voices of 41 people describing an Andover alumnus who has dedicated his life to public service in a remarkable career spanning seven decades, in multiple roles, culminating in serving in our nation’s highest office. That alumnus is George Herbert Walker Bush, Andover class of 1942.

As a White House speechwriter from 1988 to 1992, Mary Kate Cary authored over 100 domestic and international addresses by President Bush. She is a member of the advisory board to the George Bush Presidential Library and Museum. She has remained in close contact with the President, collaborating with him on book projects, including Speaking of Freedom, a collection of the President’s favorite speeches. Mary Kate is a contributing editor and columnist at US News and World Report and a regular political commentator on National Public Radio. Still a speechwriter, she works with a variety of political and corporate clients and has taught speechwriting at Georgetown, American, and Texas A&M Universities. Mary Kate’s relationship with the President gave her unique insights as the executive producer of the film 41 on 41. The film captures the words of the President’s family and colleagues to portray George Bush’s deep commitment to service and leadership and his generous capacity for friendship and humor.

Before Mary Kate begins her presentation, I’d like to welcome some special guests who have joined us today:

• President Bush’s sister, Nancy Ellis, mother of Alexander Ellis, Andover class of 1967

• Dick Phelps, Andover class of 1942, the President’s close friend and baseball teammate at Yale

• Dick’s wife, Sally Phelps, mother of Andover alumni in the classes of 1973 and 89, and grandmother of Matthew Jacobs ’14

In addition, we have the privilege of welcoming to the chapel this morning one of the 41 storytellers featured in the film. In fact, she is the chief story teller. Please join me in welcoming to the stage of Cochran Chapel, Mrs. Barbara Bush, and her husband, the 41st President of the United States, George Herbert Walker Bush, Andover class of 1942.

Welcome back, President Bush, and thank you, Mrs. Bush, for joining us here today. We are honored by your presence – and by the lifetime of good choices you have made to serve others, in the spirit of non sibi.

George Herbert Walker Bush, you arrived at Andover as a twelve year old boy and graduated six years later as a young man, immediately immersing yourself in service to your country during World War II.

During your Andover years, you demonstrated a commitment to leadership, involved in community service and student government, serving as a proctor and captain of the soccer and baseball teams. You won your first Presidential election here – you served Andover as Senior Class President. You were known as “Poppy” Bush, renowned for your ability to rally others and to encourage your peers to engage in The Big Ideas of the Day. As President of the Society of Inquiry you organized lectures on world affairs and religious topics.

During your senior year, on Sunday, December 7, 1941, you and your schoolmates heard the news of the attack on Pearl Harbor. The following June, on your 18th birthday, you deferred your acceptance to Yale and instead were sworn in to the Navy as a Seaman Second Class. The following year you became the nation’s youngest Naval aviator and served with distinction in the Pacific arena, flying 58 combat missions, earning the Distinguished Flying Cross for bravery.

After the war, you earned your degree from Yale Phi Beta Kappa, embarked on a career in the petroleum sector, and entered a life of public service in 1966. You have served in Congress as a member of the House of Representatives, from Texas. Other leaders recognized your acumen and people skills, appointed you as Ambassador to the United Nations, Ambassador to the People’s Republic of China and Director of the Central Intelligence Agency. You were elected Vice-President in 1981 and, in 1988, became the 41st President of the United States.

Throughout this illustrious career, you remained loyal and close to Andover. You served as a trustee from 1963 – 1979 and then as honorary chair of Campaign Andover, the most successful capital campaign in independent school history when it closed at $208.9M in 2003. In recognition of your public service and global leadership, you received Phillips Academy’s two highest honors: the Claude Moore Fuess Award in 1981 and the Andover Alumni Award of Distinction in 2012.

During your Presidency you offered inspired leadership during an era of great change in the world order: the unification of Germany, the collapse of the Soviet Union and the end of the Cold War. You led efforts to improve global wellbeing through the Strategic Arms Reduction Treaty, to improve environmental wellbeing through significant amendments to the Clean Air Act, and to personal wellbeing through the creation of the American with Disabilities Act.

You consistently encouraged American citizens to inspire and mobilize each other to take action to change the world through “service to neighbor, service to nation.” In your words, ”What government alone can do is limited, but the potential of the American people knows no bounds.” You called your fellow citizens to action as volunteers. Your vision for “a thousand points of light” lives on through the foundation of the same name. You twice joined with former political opponent, now friend, former President Bill Clinton to lead major humanitarian fundraising efforts in response to natural disasters after Hurricane Katrina and the 2004 Indian Ocean tsunami.

In 2010 President Obama awarded you the Presidential Medal of Freedom, the nation’s highest civilian award, citing your life as a “testament that public service is a noble calling. His humility and decency reflects the very best of the American spirit.”

Mr. President, you reflect the very best of Andover’s non sibi spirit. Today we have seven Bush scholars among us. These students were chosen for their outstanding character and leadership potential. Their Andover career is underwritten by a scholarship fund set up by the trustees to “honor and encourage the example George Bush’s life represents – a model of civic commitment, loyalty, and social responsibility embodying the best of both America and Andover.”  We thank you for your example – a life of non sibi – and for the inspiration that you provide to every new generation of Andover students.

by jgpalfrey at September 30, 2015 06:21 PM

Bruce Schneier
Spoofing Fitness Trackers

The website has a series of instructional videos on how to spoof fitness trackers, using such things as a metronome, pendulum, or power drill. With insurance companies like John Hancock offering discounts to people who allow them to verify their exercise program by opening up their fitness-tracker data, these are useful hacks.

News article.

by Bruce Schneier at September 30, 2015 05:02 PM

How GCHQ Tracks Internet Users

The Intercept has a new story from the Snowden documents about the UK's surveillance of the Internet by the GCHQ:

The mass surveillance operation ­ code-named KARMA POLICE­ was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom's electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.


One system builds profiles showing people's web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on "suspicious" Google searches and usage of Google Maps.


As of March 2009, the largest slice of data Black Hole held -- 41 percent -- was about people's Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people's use of tools to browse the Internet anonymously.

Lots more in the article. The Intercept also published 28 new top secret NSA and GCHQ documents.

by Bruce Schneier at September 30, 2015 03:12 PM

Volkswagen and Cheating Software

For the past six years, Volkswagen has been cheating on the emissions testing for its diesel cars. The cars' computers were able to detect when they were being tested, and temporarily alter how their engines worked so they looked much cleaner than they actually were. When they weren't being tested, they belched out 40 times the pollutants. Their CEO has resigned, and the company will face an expensive recall, enormous fines and worse.

Cheating on regulatory testing has a long history in corporate America. It happens regularly in automobile emissions control and elsewhere. What's important in the VW case is that the cheating was preprogrammed into the algorithm that controlled cars' emissions.

Computers allow people to cheat in ways that are new. Because the cheating is encapsulated in software, the malicious actions can happen at a far remove from the testing itself. Because the software is "smart" in ways that normal objects are not, the cheating can be subtler and harder to detect.

We've already had examples of smartphone manufacturers cheating on processor benchmark testing: detecting when they're being tested and artificially increasing their performance. We're going to see this in other industries.

The Internet of Things is coming. Many industries are moving to add computers to their devices, and that will bring with it new opportunities for manufacturers to cheat. Light bulbs could fool regulators into appearing more energy efficient than they are. Temperature sensors could fool buyers into believing that food has been stored at safer temperatures than it has been. Voting machines could appear to work perfectly -- except during the first Tuesday of November, when it undetectably switches a few percent of votes from one party's candidates to another's.

My worry is that some corporate executives won't interpret the VW story as a cautionary tale involving just punishments for a bad mistake but will see it instead as a demonstration that you can get away with something like that for six years.

And they'll cheat smarter. For all of VW's brazenness, its cheating was obvious once people knew to look for it. Far cleverer would be to make the cheating look like an accident. Overall software quality is so bad that products ship with thousands of programming mistakes.

Most of them don't affect normal operations, which is why your software generally works just fine. Some of them do, which is why your software occasionally fails, and needs constant updates. By making cheating software appear to be a programming mistake, the cheating looks like an accident. And, unfortunately, this type of deniable cheating is easier than people think.

Computer-security experts believe that intelligence agencies have been doing this sort of thing for years, both with the consent of the software developers and surreptitiously.

This problem won't be solved through computer security as we normally think of it. Conventional computer security is designed to prevent outside hackers from breaking into your computers and networks. The car analog would be security software that prevented an owner from tweaking his own engine to run faster but in the process emit more pollutants. What we need to contend with is a very different threat: malfeasance programmed in at the design stage.

We already know how to protect ourselves against corporate misbehavior. Ronald Reagan once said "trust, but verify" when speaking about the Soviet Union cheating on nuclear treaties. We need to be able to verify the software that controls our lives.

Software verification has two parts: transparency and oversight. Transparency means making the source code available for analysis. The need for this is obvious; it's much easier to hide cheating software if a manufacturer can hide the code.

But transparency doesn't magically reduce cheating or improve software quality, as anyone who uses open-source software knows. It's only the first step. The code must be analyzed. And because software is so complicated, that analysis can't be limited to a once-every-few-years government test. We need private analysis as well.

It was researchers at private labs in the United States and Germany that eventually outed Volkswagen. So transparency can't just mean making the code available to government regulators and their representatives; it needs to mean making the code available to everyone.

Both transparency and oversight are being threatened in the software world. Companies routinely fight making their code public and attempt to muzzle security researchers who find problems, citing the proprietary nature of the software. It's a fair complaint, but the public interests of accuracy and safety need to trump business interests.

Proprietary software is increasingly being used in critical applications: voting machines, medical devices, breathalyzers, electric power distribution, systems that decide whether or not someone can board an airplane. We're ceding more control of our lives to software and algorithms. Transparency is the only way verify that they're not cheating us.

There's no shortage of corporate executives willing to lie and cheat their way to profits. We saw another example of this last week: Stewart Parnell, the former CEO of the now-defunct Peanut Corporation of America, was sentenced to 28 years in jail for knowingly shipping out salmonella-tainted products. That may seem excessive, but nine people died and many more fell ill as a result of his cheating.

Software will only make malfeasance like this easier to commit and harder to prove. Fewer people need to know about the conspiracy. It can be done in advance, nowhere near the testing time or site. And, if the software remains undetected for long enough, it could easily be the case that no one in the company remembers that it's there.

We need better verification of the software that controls our lives, and that means more -- and more public -- transparency.

This essay previously appeared on

EDITED TO ADD: Three more essays.

by Bruce Schneier at September 30, 2015 02:13 PM

David Weinberger
The miracle of the one network

The Open University of Catalania just posted a very brief article of mine about the importance of the fact that Big Data is also Networked Big Data. Upon reading it in “print” I see that I buried the lede.

The amazing thing is that the same network that connects our machines also connects us. This enables a seamless conversation: “if you can get at the data, you can get at people talking about the data”if you can get at the data, you can get at people talking about the data.

Not only does the same network connect the data and the people making sense of the data, but layers of interoperability have grown on top of it. Increasingly the data is accessible in ways that make it easier and easier for humans to mash it up. And, of course, the sense that humans make of those mashups gets expressed in ways that are interoperable for humans: in language, with links.

That we take this awesomeness for granted makes that awesomeness awesome.

by davidw at September 30, 2015 01:47 PM

Cyberlaw Clinic - blog
Massachusetts SJC Ruling Protects Cellphone Location Privacy

coverIn a strong affirmation of the privacy interests of cellphone users, the Massachusetts Supreme Judicial Court (SJC) ruled unanimously earlier this week that law enforcement agencies in the Commonwealth must obtain a warrant to access anything more than a minimal amount of the cell-site location information (CSLI) that telecommunications companies collect about their users. The Cyberlaw Clinic filed an amicus brief in Commonwealth v. Estabrook on behalf of the American Civil Liberties Union of Massachusetts (ACLUM) and the Electronic Frontier Foundation (EFF) in support of privacy protection for CSLI.

As explained in a previous blog post on this case:

Cellular service providers must know where their subscribers are at any given time to provide them with service. Providers therefore collect vast quantities of location information, tracking the movements of customers wherever they go. Last year, in Augustine, 467 Mass. 230 (2014), the Supreme Judicial Court ruled that, in general, the police must get a search warrant to obtain location information from a cellular service provider. The ruling left open the possibility, however, that the police might be able to obtain a “brief period” of “six hours or less” of location information without a warrant but, instead, with a court order that is considerably easier to obtain.

At issue in Estabrook was whether law enforcement could obtain two weeks of CSLI with a mere court order, and yet take advantage of the Augustine exception, since it would only use six hours of this data in prosecuting the defendant. In rejecting this proposition, the SJC agreed with the position advocated by amici that the government cannot remedy the constitutional violation caused by conducting an unlawful, warrantless search by promising after the fact to use only what it might have lawfully obtained under the “six-hour” exception.

Although the SJC did not adopt the blanket warrant requirement for CSLI urged by amici, it did significantly limit the scope of the “six-hour” exception by clarifying that it applies only to “telephone call CSLI.” This form of CSLI is generated only when a user makes or answers a voice call, in contrast to the “registration CSLI” that records the location of a powered cellphone every seven seconds and can now only be obtained pursuant to a warrant.

This result leaves open some questions. To be sure, “[r]egistration CSLI obviously generates a more complete and revealing picture of users’ movements than call CSLI,” notes Andrew Crocker of the EEF, “[b]ut that’s hardly enough to serve as the basis for a constitutional rule.” “Why,” he asks, “should you have more protection when you walk around playing Words with Friends than when you actually exchange some words with a friend over the phone?”

Even so, “[t]he Supreme Judicial Court’s decision in Commonwealth v. Estabrook confirms Massachusetts’ role as a leader in protecting our location information from unreasonable government intrusion” said Jessie Rossman, a Staff Attorney with the ACLU of Massachusetts. “Reaffirming Augustine, today’s holding is a victory for individuals throughout the Commonwealth and their reasonable expectations of privacy in their location information,” she added.

HLS Cyberlaw Clinic students Abigail Colella (’16), Sandra Hanian (’15), and Travis West (’16) worked closely with Vivek Krishnamurthy and Andy Sellars of the Clinic, along with the amici, to prepare and file the brief.

by Clinic Staff at September 30, 2015 01:27 PM

Justin Reich
What Was Your Most Challenging Classroom and How Did You Turn It Around?
Building Community, Seeking out Feedback, and Remembering that it's always "very nice...." Strategies for dealing with your most challenging classrooms.

by Beth Holland at September 30, 2015 12:11 PM

September 29, 2015

Berkman Center front page
The Mozilla Delphi Cybersecurity Study: Towards a User Centric Cybersecurity Policy Agenda


with Camille François, Josephine Wolff, Andy Ellis, and Bruce Schneier


Join us to learn more about the methodology and findings behind The Mozilla Delphi Cybersecurity study.

Parent Event

Berkman Luncheon Series

Event Date

Sep 29 2015 12:00pm to Sep 29 2015 12:00pm
Thumbnail Image: 

Tuesday, September 29, 2015, at 12:00 pm
Berkman Center for Internet & Society at Harvard University

Harvard Law School campus, Wasserstein Hall, Milstein East C

Researcher Camille François leads a discussion of the "Mozilla Delphi Cybersecurity 1.0. Study: Towards A User Centric Policy Framework" with Berkman community members Josephine Wolff, Andy Ellis, and Bruce Schneier, who participated in the study.

Camille worked for several months with the Mozilla Foundation to orchestrate the study and resulting report. The study used a modified version of the Delphi research technique. More than 30 leading cybersecurity experts from a wide variety of backgrounds – including academia, civil liberties, government and military, security, and technology – participated in the study. Using a pseudonymous format to encourage candid feedback and open dialogue on the issues, the study tackles the following questions: what is the role of policy in cybersecurity? How consensual is the definition of cybersecurity? What are the current priorities for cybersecurity policy? Which issues get too little or too much attention? What are measures that a diverse set of cybersecurity actors can agree on as being both feasible and desirable? 

The study produced a map of priorities, issues, and solutions for cybersecurity that highlights consensus and dissensus in the space. Join us to discuss the lessons learned in this process and the report's findings. 


About Camille

Camille François is a researcher and consultant on cyber policy, with a focus on questions relating to cybersecurity, human rights and state interactions in cyberspace. 

A Fellow at the Harvard Berkman Center for Internet & Society from 2013-2015, Camille focuses her work on the building of norms for cyber peace and rights-respecting cybersecurity policies, and related questions in the robotics field.

She has led initiatives with institutions such as the French Prime Minister Office Task Force on Open Data & Open Government; the Mozilla Foundation; the U.S. Defense Advanced Research Projects Agency (DARPA); as well as Google, the French-American Foundation & the Software Freedom Law Center. 

She serves as a member of the Freedom Online Coalition international Working Group on An Internet Free and Secure. Camille has also been involved in a wide range of free culture advocacy projects and serves as a Digital Advisor for Libraries Without Borders and on the Scientific Committee of the French Wikimedia Foundation. 

A Fulbright Fellow, Camille holds a Masters Degree in Human Rights from the French Institute of Political Sciences (Sciences-Po) & a Masters Degree in International Security from the School of International and Public Affairs at Columbia University, where she won first prize at the Atlantic Council Cyber 9/12 National Challenge in Cyber Policy and later held a Visiting Scholarship at the Arnold A. Saltzman Institute of War and Peace Studies. She completed her Bachelor at Sciences-Po Paris, with a year as a visiting student at Princeton University, and received legal education at Paris II - Sorbonne Universités. 


by candersen at September 29, 2015 04:11 PM

David Weinberger
BREAKING NEWS: The New Republic runs an article that does not bash the Internet!

Stop the presses!

The good news is that the New Republic seems to be making an effort to include articles about race that are not by white liberals — not that I have anything general against white liberals since I am one . The even better news is that that article credits the Internet with enabling a flowering of African American intellectual thought, rather than the magazine once again (and again and again and again) thinking it’s being oh-so-daring by criticizing the Net as the source of all that is dumb and crass.

In “Think Out Loud,” Michael Eric Dyson argues:

Along with [Ta-Nehisi] Coates, a cohort of what I would like to call the “black digital intelligentsia” has emerged. They wrestle with ideas, stake out political territory, and lead, very much in the same way that my generation did, only without needing, or necessarily wanting, a home in the Ivy League—and by making their name online.

He describes how “the Net enables these voices to be heard”the Net enables these voices to be heard, and how it helps them to form and pursue their ideas through community and social engagement. (It’s a great example of what some of us would describe as the networking of knowledge.)

And, in a generous way that embodies the best of the Net, Dyson in this article is using his position as a well-established voice to give a boost to the upcoming cohort—one that notably includes many women.

Nicely done all around.

by davidw at September 29, 2015 02:23 PM

September 28, 2015

Stuart Shieber - The Occasional Pamphlet
Whence function notation?

I begin — in continental style, unmotivated and, frankly, gratuitously — by defining Ackerman’s function \(A\) over two integers:

\[ A(m, n) = \left\{ \begin{array}{l}
n + 1 & \mbox{ if $m=0$ } \\
A(m-1, 1) & \mbox{ if $m > 0$ and $n = 0$ } \\
A(m-1, A(m, n-1)) & \mbox{ if $m > 0$ and $n > 0$ }
\end{array} \right. \]

… drawing their equations evanescently in dust and sand…
…drawing their equations evanescently in dust and sand…
Image of “Death of Archimedes” from Charles F. Horne, editor, Great Men and Famous Women, Volume 3, 1894. Reproduced by Project Gutenberg. Used by permission.

You’ll have appreciated (unconsciously no doubt) that this definition makes repeated use of a notation in which a symbol precedes a parenthesized list of expressions, as for example \(f(a, b, c)\). This configuration represents the application of a function to its arguments. But you knew that. And why? Because everyone who has ever gotten through eighth grade math has been taught this notation. It is inescapable in high school algebra textbooks. It is a standard notation in the most widely used programming languages. It is the very archetype of common mathematical knowledge. It is, for God’s sake, in the Common Core. It is to mathematicians as water is to fish — so encompassing as to be invisible.

Something so widespread, so familiar — it’s hard to imagine how it could be otherwise. It’s difficult to un-see it as anything but function application. But it was not always thus. Someone must have invented this notation, some time in the deep past. Perhaps it came into being when mathematicians were still drawing their equations evanescently in dust and sand. Perhaps all record has been lost of that ur-application that engendered all later function application expressions. Nonetheless, someone must have come up with the idea.

… that ur-application…
…that ur-application…
Photo from the author.

Surprisingly, the origins of the notation are not shrouded in mystery. The careful and exhaustive scholarship of mathematical historian Florian Cajori (1929, page 267) argues for a particular instance as originating the use of this now ubiquitous notation. Leonhard Euler, the legendary mathematician and perhaps the greatest innovator in successful mathematical notations, proposed the notation first in 1734, in Section 7 of his paper “Additamentum ad Dissertationem de Infinitis Curvis Eiusdem Generis” [“An Addition to the Dissertation Concerning an Infinite Number of Curves of the Same Kind”].

The paper was published in 1740 in Commentarii Academiae Scientarium Imperialis Petropolitanae [Memoirs of the Imperial Academy of Sciences in St. Petersburg], Volume VII, covering the years 1734-35. A visit to the Widener Library stacks produced a copy of the volume, letterpress printed on crisp rag paper, from which I took the image shown above of the notational innovation.

Here is the pertinent sentence (with translation by Ian Bruce.):

Quocirca, si \(f\left(\frac{x}{a} +c\right)\) denotet functionem quamcunque ipsius \(\frac{x}{a} +c\) fiet quoque \(dx − \frac{x\, da}{a}\) integrabile, si multiplicetur per \(\frac{1}{a} f\left(\frac{x}{a} + c\right)\).
[On account of which, if \(f\left(\frac{x}{a} +c\right)\) denotes some function of \(\frac{x}{a} +c\), it also makes \(dx − \frac{x\, da}{a}\) integrable, if it is multiplied by \(\frac{1}{a} f\left(\frac{x}{a} + c\right)\).]

There is the function symbol — the archetypal \(f\), even then, to evoke the concept of function — followed by its argument corralled within simple curves to make clear its extent.

It’s seductive to think that there is an inevitability to the notation, but this is an illusion, following from habit. There are alternatives. Leibniz for instance used a boxy square-root-like diacritic over the arguments, with numbers to pick out the function being applied: \( \overline{a; b; c\,} \! | \! \lower .25ex {\underline{\,{}^1\,}} \! | \), and even Euler, in other later work, experimented with interposing a colon between the function and its arguments: \(f : (a, b, c)\). In the computing world, “reverse Polish” notation, found on HP calculators and the programming languages Forth and Postscript, has the function symbol following its arguments: \(a\,b\,c\,f\), whereas the quintessential functional programming language Lisp parenthesizes the function and its arguments: \((f\ a\ b\ c)\).

Finally, ML and its dialects follow Church’s lambda calculus in merely concatenating the function and its (single) argument — \(f \, a\) — using parentheses only to disambiguate structure. But even here, Euler’s notation stands its ground, for the single argument of a function might itself have components, a ‘tuple’ of items \(a\), \(b\), and \(c\) perhaps. The tuples might be indicated using an infix comma operator, thus \(a,b,c\). Application of a function to a single tuple argument can then mimic functions of multiple arguments, for instance, \(f (a, b, c)\) — the parentheses required by the low precedence of the tuple forming operator — and we are back once again to Euler’s notation. Clever, no? Do you see the lengths to which people will go to adhere to Euler’s invention? As much as we might try new notational ideas, this one has staying power.


Florian Cajori. 1929. A History of Mathematical Notations, Volume II. Chicago: Open Court Publishing Company.

Leonhard Euler. 1734. Additamentum ad Dissertationem de Infinitis Curvis Eiusdem Generis. In Commentarii Academiae Scientarium Imperialis Petropolitanae, Volume VII (1734–35), pages 184–202, 1740.

by Stuart Shieber at September 28, 2015 06:28 PM

Berkman Center front page
Welcome New Fellows: Dariusz Jemielniak and Rebecca Richman Cohen


By Sandra Rubinchik and Muira McCammon


This post is part of a series featuring interviews with some of members of the 2015-2016 class of Berkman Fellows. Conducted by our 2015 summer interns (affectionately known as "Berkterns"), these snapshots aim to showcase the diverse backgrounds, interests, and accomplishments of our dynamic community.

Thumbnail Image: 

Q&A with Dariusz Jemielniak

Dariusz Jemielniak is a professor of management at Kozminski University in Warsaw. He heads the Center for Research on Organizations and Workplaces (CROW) and founded the New Research on Digital Societies (NeRDS) group at Kozminski. Jemielniak’s interests include open collaboration communities, so it’s no surprise that he is an active participant in, as well as critic of, the Wikimedia movement. Jemielniak is currently working on a study about the professional identity of LL.M. graduates, and he also created and runs, the largest and most popular Polish online dictionary.

This interview was conducted by Berkman summer intern Sandra Rubinchik. When Sandra wasn’t working on the Privacy Tools project, she was researching Cambridge coffee shops and subsequently funding the ones with the best oatmeal chocolate chunk cookies.

What are some of the environmental and other factors that are necessary for an open collaboration community to thrive? Are there certain projects that are not well suited for open collaboration?

First of all, the minimal contribution that is required to participate must be really small - that is, escalation of commitment must progress gradually. Also, there cannot be too much collaboration in "collaboration" required - all cross-dependencies increase the risk of failure. Additionally, we know from experience that people prefer projects that do not rely on external credentials and allow people to take the role of experts in different fields.

In your studies, what is the most interesting or unexpected thing you have learned about the Wikipedia community?

I was actually surprised by the level of conflict and aggression present on Wikipedia - even though I have to proudly admit that we, Wikipedians, are taking large steps to change that!

What are some of the differences between the Polish and the U.S. Wikipedia communities?

Polish Wikipedia is a much smaller community, practically all admins know each other, at least virtually. As a result, there is much less careless and uncontrolled actions from them, which is good, as any hostility or injustice, especially towards newcomers, is detrimental to user acquisition. Also, the Polish Wikipedia community appears to be a bit more flexible about rules, when needed, yet both suffer from extreme bureaucratization (which is surprising for a movement so ostensibly anti-establishment and anti-structural).

Could you give us a little glimpse into your study on LL.M. students and the professional identity of a lawyer?

My findings show that LL.M. lawyers, quite universally, suffer from the same time pressures and deskilling practices of large corporations all over the world. Time, rather than quality of work, often becomes the more important performance indicator. Interestingly, lawyers share strong commitment to their clients, and even if they unanimously complain on the conditions of work they have to face, they are highly dedicated (which is characteristic of many other professions).

What sparked your interest in creating an extensive online Polish dictionary?

It was the most natural impulse in the world - I needed one! At the time there was no good online dictionary, especially aggregating results from many different dictionaries all together. So I started one and currently it is by far the largest database of this sort in Poland.

And this might be the hardest question, so apologies in advance — what is your favorite word in any language, and what does it mean?

Haha, a tough one indeed! I like the word "pundit", as it has nice origins and I use it as a jocular nick on Wikipedia. I also like "denouement", as even when people know how to spell it correctly, they often mispronounce it. It is also a good word to check dictionaries for - many will not contain it. But I'll have to go with "jejune shenanigans" as my favorite phrase in English, not just because I enjoy the way it sounds, but also because I enjoy what it denotes.


Q&A with Rebecca Richman Cohen

Rebecca Richman Cohen has been a Lecturer on Law at Harvard Law School since 2011.  She is an Emmy Award nominated documentary filmmaker and graduated from Harvard Law School and was a 2012-2013 Soros Justice Fellow.  Her first documentary War Don Don (2010) examines the trial of Issa Sesay, a former Sierra Leone rebel leader, at the Special Court of Sierra Leone; her second film, Code of the West (2012), looks at the many stakeholders involved in Montana’s marijuana policy reform. She will be a Berkman Fellow for the 2015-2016 academic year.

Muira McCammon is a current M.A. candidate in Translation Studies at the University of Massachusetts-Amherst, where she explores the interplay between language barriers, law, and libraries.  Her most recent work has been published in The Kenyon Review Online and Words without Borders.  Muira’s current research focuses on the U.S. military-run libraries at Guantánamo Bay.  This summer, she interned with Internet Monitor!

Before filming War Don Don, you spent a summer working on the Defense Team at the Special Court for Sierra Leone and earlier, in 2005, you made a short documentary titled Nuremberg Remembered.  Were you - based on your background - ever tempted to just do documentaries on exceptional courts and military commissions exclusively? There seem to be so many war and military tribunals whose stories haven't been told in full yet.

No. I was not even a little tempted. When you're doing long form storytelling, it's a very immersive experience; it tends to consume you for a number of years.  One of the things I like about being a documentary filmmaker is that in a meaningful way, I get to be a generalist; I get to learn a lot about a lot of different things. Generally, I think I'm most interested in things related to the world of criminal justice and reform but very disparate parts of that reform movement. I'm usually very excited to try something new when a project's finished.

So then, how do you go about deciding which documentaries you want to pursue?

I'm interested in the same things that took me to law school in the first place, which is how do you make the world a better place even on a small scale, even in ways that are difficult to quantify, like changing opinions or challenging assumptions. And law is one vehicle to do that, even though it may be a very limited vehicle . So, knowing how to interface with the media is an incredibly powerful tool and one that is gaining momentum as a new element in law school curricula.  But to get back to your question, all of my films have been driven by the desire to show in a visual way, in an emotional way, the experience of being impacted by our laws and policies. For me, I have been drawn to explore a range of issues, from international criminal justice to direct marijuana policy reform.  Right now I'm working on a film about sex offender laws.

To go back to an earlier comment you made about films being vehicles, it's interesting to track how both of your documentaries have had different afterlives. Wasn't part of your documentary, Code of the West, ultimately used in court? Could you talk about that experience and explain what happened?

In documentary filmmaking communities, calling something an “advocacy film” can be sort of derogatory. It can signal that you're privileging advocacy over craft. Many very well-crafted films also have advocacy campaigns that go along with them, but a commitment to storytelling and craft first. I don't think we set out with clear intentions to make Code of the West as an advocacy film but sixth months into filming, the story took a sharp turn.  The marijuana farmers we had filmed for more than six months were raided by the federal government – and we knew that we had a responsibility to reveal the profound injustice of it all.

The film was used as evidence in the sentencing phase of Tom Daubert's case. And there was a very flattering article that was headlined: "Did Rebecca Richman Cohen's Medical Marijuana Documentary Save a Man from Prison?" Nonetheless, I think that's actually a very misguided title, because the answer is no, my film didn’t “save” Tom Daubert. But we were able to convincingly demonstrate to the federal judge that these guys were giving tours of the grow house to state law enforcement officials and legislators, secure in the knowledge that they were in compliance with state law.

An even more powerful use of the film was the seven minute New York Times op-doc that I produced about Chris Williams' case (he's also featured in the film). In a short time it attracted hundreds of thousands of views and Congressmen as well as celebrities were tweeting it. It seemed to have a constructive effect that was hard to measure.  But I think the most tangible responses to the film was not reflective of the hundreds of thousands of people who saw it on The New York Times' website, but rather the commentary of The New York Times editorial board, which last summer voted unanimously to support ending federal marijuana prohibition, citing  Chris Williams' story as one of the things that swung the editorial board’s opinion.

Impact is a big question with documentary filmmaking. How do we measure the impact of a film? It's a question that filmmakers often resist and resent, because it's very hard to measure certain things that films do well. It's hard to measure engagement and empathy, creating understanding and awareness.  These are important qualities that films capture that shouldn't necessarily be reduced to a numerical value.

It may be difficult if not impossible to gage how the film influenced hundreds of thousands of people.  Yet it has become clear that the film was influencing a very select number of people, who were in positions of power. I think filmmakers need to think creatively, both about how to engage very broad audiences but also very narrow, specific audiences.

That ties back to the work that I'm doing at the law school, which is teaching how to use video as a tool for advocacy.  It's an important to think about how to engage a mass audience, but it's also a very important to think about how to engage a specific audience, like judges or juries or policymakers. The later calls for a very different, but related skillset than then that required for making films for mass audiences.

How has your perspective on the importance of documentary filmmaking changed?

That's a great question. I think my perspective on this field is always changing.  I teach a seminar and a reading group that are both related to media literacy, helping law students watch film and media in a sophisticated way.  And often on the first day of class, one of the things I'll do is encourage students to eschew the use of the word "objective." That's a word that really irks me.  It seems to be a default that lots of people invoke instead of saying, "That was a very fair portrayal or a truthful rendering." They'll say, "That was such an objective portrayal."  I have come to the conclusion that framing a response in this manner reflects a profound misunderstanding of the way that media is produced as well as consumed. It fundamentally ignores the ways in which we bring our perspectives and experiences to bear on creating and consuming representations of the world.

So, I often start class with a screening of the Rodney King beating and ask students what they see.  Across the board, students say, "Oh, the police officers were using excessive force. That was incredibly brutal." Then you see how a very talented group of defense lawyers represented it to a largely white jury in suburban Los Angeles, and how that jury saw something very different.

The way we understand the context around the images that we consume really changes the meaning of those images. They are not locked in a specific meaning. And so, one of the purposes of the class is to bring context into sharp relief.  I see the importance of doing so when my students react to all these horrific videos documenting police violence that have emerged in the last two years. It's hard. Students have really pushed and initially said: "Well, look at the Walter Scott shooting; that looks like objective evidence. You don't have to be a black person. You don't have to have a specific context to understand."  But subsequently, they come to appreciate how the meaning of the evidence can be manipulated by creative rendering.  For this reason, I think this generation of students is more media literate than previous generations of students.

Does that give you hope?

Yes. I mean, the question is: how do you translate media literacy into activism, into a sustained social movement?  I'm hopeful that these videos will be a catalyst for more than fleeting engagement, that it will produce meaningful change, that they will engender outrage in Americans who are not exposed first hand to the brutalities that people of color experience with such frequency.  I think that is something important to explore and unpack in a classroom setting, and I think that's directly related to the work of lawyering for social justice.

I want to return to the metaphor that documentary films are vehicles. There's a clearer paper trail for what happened to Code of the West. It's harder for me to tell what happened in Sierra Leone after War Don Don came out. What type of outreach did you all do, and where did War Don Don travel?  

We dubbed the film in Krio and then also traveled around doing public screenings of the film in communities across the country. The Court worked with our team and provided an outreach officer, who came to answer questions about the Court. In the end, they were very supportive, even though it was a film that raised some criticisms of their work. I think we both wanted the same thing: to have a dialogue about the Court and its efforts, about how you measure its success.  Most of the major tribunals held screenings with judges and lawyers. The FBI War Crimes Investigation Unit hosted a screening. The CIA and State Department did as well. We did a screening in Congress.  So, policymakers and people in positions of power saw the film.  But still, it's not a film that advocates for an unambiguous outcome. It's not a film that says, "Let's get the bad guy."

There seems to be a lot of uncertainty at the end of War Don Don.

Right. It's an open-ended film, but what we set out to do was to show the inner workings of the Court in a way that's very hard to see from the outside, to provoke a critical discussion about its purposes.  So much of  the pursuit of international criminal justice seems to be dependent on the willingness of states to support it, while the domestic politics of these states may not be aligned with criminal justice goals. As a result, the domain of international criminal justice has needed a lot of cheerleaders.  This need to muster support for these tribunals has dampened the enthusiasm of its advocates to enter into a critical debate about its purposes and effects.

The other thing we were trying to do was portray a man, who was accused and ultimately found guilty of egregious crimes, as a human being, because there is a narrative that pervades the international criminal justice movement which argues that the commission of such crimes is the responsibility of a few bad apples. There's the idea that if we take out these very powerful, terrible people, like Kony in 2012, the world would be a much better place. And yet, while removing people from power who have abused their authority can be a good thing, that alone may not be sufficient to restore justice.

I think there's lots of powerful reasons why the pursuit of international criminal justice is of the utmost importance, but I think that pushing the narrative of a few bad actors obscures the root causes of these conflicts and makes it harder to confront them. The international criminal justice movement does a disservice to itself, when it paints perpetrators of war crimes as - in the words of David Crane, the Chief Prosecutor of the Special Court for Sierra Leone - as people who have "no soul." If you can see perpetrators of mass atrocity not as people who have no souls and are not human, but if you can see them instead as very human, then I am persuaded a very profound transformation is at play. That would be a measure of success for transitional justice mechanisms to appreciate the nuances and complexities of these situations and to hold in our minds the cognitive dissonance of seeing people both as victims and perpetrators without having to paint them in such stark black and white colors.

So, what are your goals as your year as a Berkman Fellow? It sounds like you have a lot on your plate for this upcoming year.

My intention for this year is to think through how to deepen and expand the work of familiarizing aspiring social justice lawyers with the uses of media as a tool for advocacy.  I say deepen, because it's work that's already been going on in a meaningful way at the Harvard Law School; a number of clinics have launched media advocacy projects. I had the privilege of working with the Human Rights Clinic two years ago, and we produced a short video that was employed in human rights litigation in South Africa. Students affiliated with the Food, Law, and Policy Clinic and I are about to finish a short video about food expiration dates in support of federal legislation they're proposing. These have been incredible experiences, which have afforded the students opportunities to do hands on work—strategizing, messaging and figuring out how to use visual language, how to use video as a tool to support their campaigns.

One of the questions that I'm excited to think through in a community of people who do similar work, who use media and the Internet as resources to seek social justice, is how to bring these initiatives to scale, which concretely translates into how to engage a much larger number of students.


by gweber at September 28, 2015 03:19 PM

Berkman Center front page
Berkman Center Launches New Internet Data Dashboard


Dashboard debuts at World Economic Forum meeting in Geneva


The Berkman Center for Internet & Society at Harvard University is pleased to announce the launch of the Internet Monitor dashboard, a freely accessible tool that aims to improve information for policymakers, researchers, advocates, and user communities working to shape the future of the Internet by helping them understand trends in Internet health and activity through data analysis and visualization.

Thumbnail Image: 

Cambridge, MA—The Berkman Center for Internet & Society at Harvard University is pleased to announce the launch of the Internet Monitor dashboard, a freely accessible tool that aims to improve information for policymakers, researchers, advocates, and user communities working to shape the future of the Internet by helping them understand trends in Internet health and activity through data analysis and visualization.

“Over three billion people around the globe use the Internet—for communication, for education, for livelihood,” said Urs Gasser, Executive Director of the Berkman Center. “As the Internet becomes a vital part of more and more people’s lives and as we shape its future, we need both data and analysis to help understand how it’s working. The Internet Monitor dashboard brings this data and analysis together in an easily shareable way.”

The dashboard lets users customize a collection of data visualization widgets—some offering real-time data—about Internet access and infrastructure, online content controls, and digital activity. Users can create multiple collections that enable easy comparisons across countries and data sources, and are quick to configure, edit, and share. In addition to creating their own collections, visitors to the dashboard will be able to view a selection of featured collections based on topics such as online media and network traffic around the world.

“I love what the Internet Monitor makes possible: a nuanced, informative view of what is really happening on the Internet all around the world,” said John Palfrey, a Director of the Berkman Center. “I couldn’t be more excited by what we can learn by virtue of having this tool at the disposal of researchers, policymakers, journalists, and the public at large.”

Internet Monitor Dashboard on Paraguay
Image: Sample Internet Monitor dashboard on Paraguay

The Internet Monitor dashboard launched on September 28 at the World Economic Forum's Future of the Internet Initiative (FII) core community meeting in Geneva, Switzerland. As a Knowledge Partner of the FII, the Berkman Center for Internet & Society is leading and participating in a set of activities that aim to foster an open, interoperable, and affordable Internet, serving the global public interest.

“Internet Monitor is a key part of our effort to expand the evidence base for public and private decision making about the future of the Internet,” said Mark Spelman, Future of the Internet Initiative, World Economic Forum. “We are glad to be partnering with the Berkman Center on such an important venture.”

Internet Monitor’s public data platform and Access Index, which launched in July 2014, offer free public access to an initial set of primary and secondary data and related analysis. The project’s research series focuses on key events and new developments in Internet controls and online activity. The new dashboard offers an interactive view of of the state of the Internet across a variety of dimensions. By making data more available and approachable, the dashboard aims to inspire both greater use of the data that exists and greater efforts to collect and share that data that does not yet exist.

"Internet architecture relies on an extraordinary collective hallucination: there is no central authority or switching station,” said Jonathan Zittrain, Faculty Chair of the Berkman Center. “That has made measurement of even basic facts about the size and scope of the Internet, and the flow of bits within it, difficult. We need those measurements to inform any number of debates about the state and future of the Internet. This project aims to get them.” Zittrain added that a key feature of the dashboard is that its data comes from many sources, making important work from a variety of people and institutions around the world more accessible to people who can use it.

Internet Monitor continues to seek and integrate new sources of data in order to provide policymakers, digital activists, researchers, journalists, and user communities with an authoritative, independent, and multi-faceted set of quantitative data on the state of the global Internet. Current data partners include organizations such as Akamai, which is contributing data on country-level Internet connection speeds, network attacks, and web traffic; Kaspersky, which is contributing data on spam, cyberattacks, and infections; Media Cloud, which is contributing data on online media worldwide; and Herdict, which is contributing data on crowdsourced reports of website unavailability. The project will continue to add new data partners and sources on a rolling basis.

Check out the video below for more about the dashboard.

About Internet Monitor
Internet Monitor is a research project based at Harvard University's Berkman Center for Internet & Society. Internet Monitor's aim is to evaluate, describe, and summarize the means, mechanisms, and extent of Internet content controls and Internet activity around the world. The project helps researchers, advocates, policymakers, and user communities understand trends in Internet health and activity through research, analysis, and data visualization. More information can be found at

About the Berkman Center
The Berkman Center for Internet & Society at Harvard University is a research program founded to explore cyberspace, share in its study, and help pioneer its development. Founded in 1997, through a generous gift from Jack N. and Lillian R. Berkman, the Center is home to an ever-growing community of faculty, fellows, staff, and affiliates working on projects that span the broad range of intersections between cyberspace, technology, and society. More information can be found at

About the World Economic Forum
The World Economic Forum is a comprehensive and integrated platform to strategically shape global, regional, national and industry agendas. The Forum helps the foremost political, business and other leaders of society to improve the state of the world, serving as an independent and impartial partner and acting as the officially recognized International Institution for Public-Private Cooperation. More information can be found at


by rheacock at September 28, 2015 01:31 PM

Bruce Schneier
Good Article on the Sony Attack

Fortune has a three-part article on the Sony attack by North Korea. There's not a lot of tech here; it's mostly about Sony's internal politics regarding the movie and IT security before the attack, and some about their reaction afterwards.

Despite what I wrote at the time, I now believe that North Korea was responsible for the attack. This is the article that convinced me. It's about the US government's reaction to the attack.

by Bruce Schneier at September 28, 2015 11:22 AM

September 25, 2015

Justin Reich
Beyond the Buzzword of Metacognition
When explored through the research of Bandura and Flavell, the true value of metacognitive activities elevate beyond buzzword status.

by Beth Holland at September 25, 2015 09:42 PM

Bruce Schneier
Friday Squid Blogging: Disney's Minigame Squid Wars

It looks like a Nintendo game.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at September 25, 2015 09:30 PM

Anti-Alien Security

You can wrap your house in tinfoil, but when you start shining bright lights to defend yourself against alien attack, you've gone too far.

In general, society puts limits on what types of security you are allowed to use, especially when that use can affect others. You can't place landmines on your lawn or shoot down drones hovering over your property.

by Bruce Schneier at September 25, 2015 07:23 PM

Cyberlaw Clinic - blog
DC Comics Wins Copyright Protection for Batmobile

9thCir“Holy copyright law, Batman!” Although this sounds like Robin, it is actually a line from a federal appeals court opinion issued this week, holding that Batman’s iconic car is entitled to copyright protection. The U.S. Court of Appeals for the Ninth Circuit sided with DC Comics in its claim to a copyright interest in the Batmobile, ruling in DC Comics v. Towle that the automobile was sufficiently distinctive to be deemed a protectable character. DC Comics had sued defendant Mark Towle for, among other things, copyright infringement and trademark infringement, based on his sale of replicas of the car. Mark Towle’s Gotham Garage sold replicas of the Batmobile as it appeared in the 1966 television series featuring Adam West as Batman and the 1989 movie starring Michael Keaton for approximately $90,000.

Towle argued that the Batmobile was not subject to copyright protection. Alternatively, Towle claimed that DC Comics did not own the copyright in the vehicle as it appeared in either production, because DC Batman comics had never featured Batmobile designs that looked exactly like those in the television series and movies.

“Pow! Boff! Thwack!” The three-judge panel delivered major blows to Towle’s arguments and ultimately sided with DC Comics. The Court of Appeals affirmed the District Court judgment that the Batmobile was protectable noting that the court had previously recognized “Eleanor,” a car in both Gone in 60 Seconds movies, as an “automotive character.” The court also rejected Towle’s argument that the vehicle was not protectable, because some depictions deviated from its “signature sleek ‘bat-like’ features.” In response, the court stated that although James Bond, Godzilla, and Batman have changed over time, they are entitled to copyright protection for they have “retained unique, protectable characteristics.” Furthermore, the court disagreed with Towle’s claim that DC Comics did not own a copyright interest in the Batmobile. The panel found that DC Comics retained the rights to derivative versions of the Batmobile when it licensed the right to make TV shows and movies to production companies.

To determine whether characters in comic books, television shows or movies are entitled to copyright protection, the court set forth a three-part test. First, the character must have “physical as well as conceptual qualities.” Also, the character must be “sufficiently delineated” so people recognize it as the same character across time. Third, the character has to be “especially distinctive” and “contain some unique elements of expression.”

Applying this test, the court found that the Batmobile was protectable under copyright law. “First, because the Batmobile has appeared graphically in comic books, and as a three-dimensional car in television series and motion pictures, it has ‘physical as well as conceptual qualities,’ and is thus not a mere literary character,” the court ruled. As for the second element, various distinct physical and conceptual qualities of the Batmobile make it recognizable whenever it appears. “[T]he Batmobile is almost always bat-like in appearance…[T]he Batmobile is a ‘crime-fighting’ car with sleek and powerful characteristics that allow Batman to maneuver quickly while he fights villains…Equally important, the Batmobile always contains the most up-to-date weaponry and technology,” the opinion stated. Finally, the court found that the third prong of the character analysis is met, given the Batmobile’s “status as Batman’s loyal bat-themed sidekick” and its “unique and highly recognizable name.”

The opinion concludes with a quote, noting that, “[a]s Batman so sagely told Robin, ‘In our well-ordered society, protection of private property is essential.’” The ruling does provide significant protections to copyright owners of comic book, TV, and movie characters. In this case, Towle will have to obtain permission from DC Comics to sell any more Batmobile replicas.

Cristina Carapezza is a 2L at Harvard Law School and a student in the Cyberlaw Clinic during the fall semester 2015.

by Cristina Carapezza at September 25, 2015 02:30 PM

Feeds In This Planet