Microsoft, the EU, and Free Market

This week’s announcement of the European Union’s new fine on Microsoft’s non-compliance, combined with their increasing monopoly charges against American companies such as Intel, causes me to question the nature of these accusations and wonder. Are the EU’s anti-privacy laws too strict, or are those of the US too lax? Is the EU unfairly biased against American companies? I only know that the EU’s harsh stance against American companies brings an uneasy feeling to me as an American citizen. I want to know why the collective punishment inflicted on Microsoft US courts has been derided as a mere slap in the wrist, yet the EU has fined Microsoft over 1.3 billion dollars and is openly continuing investigations on Microsoft’s monopoly status. As Europe should continue to be our ally in international business affairs, work needs to be done to reconcile the policies of US courts and the EU to be more in harmony, regardless of whether it is more just and beneficial to continue to punish Microsoft or to let the free market flow naturally.

Uprooting the Cuckoo's Egg

In The Cuckoo’s Egg Cliff battles the seeming dichotomy between security and personal rights as he tries to enlist different government agencies to help him catch a cyber criminal for which he has gathered more than sufficient evidence. The majority of the book could even be accurately condensed down to the story of Cliff Stoll, the author and main character, trying gathering enough support to convince the FBI to give out a warrant for a hacker’s arrest. This article explores some of the possible changes to the current law enforcement structure that could have prevented Cliff’s unnecessary frustrations from occurring.

One possible solution that may have ended Cliff’s story soon would involve the creation a less centralized system for law enforcement. For instance, if the FBI refused to grant him a warrant, he could have a place, perhaps the courts, to appeal to in order to override the FBI’s decision. Without such a system, Cliff was helpless as he found himself stopped by a narrow bottleneck for which there was no alternative route. He simply could not progress unless the FBI were willing to help, no matter how many other organizations supported him. This approach has the disadvantage of complicating the law enforcement process.
Another solution to the warrant problem would be to authorize more than one agency to grant warrants, or to have more specialized internal departments in the FBI. The former, however, might make the process of earning a warrant too easy for other warrant clients, mainly the police. The FBI could delegate special cases such as cybercrime cases to internal FBI divisions that specialized in these areas, but this would require that the FBI already recognize the special case as important, and the very act of creating the internal division would demote the case’s status from “special” to “categorized and normal.” For Cliff, the FBI had not yet made such a recognition with regards to cybercrime or privacy breaches in general.

Finally, authorities could be authorized to perform monitoring and surveillance without the need of a warrant. This has been the path actually taken since Cliff’s story ended. While if such power existed with the authorities during the story, Cliff may have caught his criminal sooner, the increased power in the hands of law enforcement could lead to a significant loss of personal rights. For instance, what if Cliff’s information led law enforcement to the wrong conclusion and they began monitoring the wrong people? If, they had decided the criminal was likely to be at Berkeley, they might have wiretapped all internet usage at the Berkeley library fruitlessly and to the loss of privacy of all innocent students there.

Overall, I think that The Cuckoo’s Egg shows us that we still don’t have a good system for dealing with cybercrime. No safe balance has been discovered between personal rights and security measures, no government checks and balances system exists to help a citizen get a warrant when one is warranted, and there still is no organization a person can turn to for help when he or she is victimized by a cybercrime. Progress still needs to be made in order to enable the American citizen to be able to report hackers and help bring them to justice.

Reveal More.... Bugs!

In recent news Opera employees called foul on Mozilla for giving them only a day's notice about a security flaw Mozilla discovered before publicly disclosing the security hole to the public. Without considering the politics and circumstances surrounding the conflict, one may observe that Opera's cry brings again to bear an often discussed security issue: what policy of revealing security flaws best serves the public interest? Influenced by my reading of the book "The Cuckoo's Egg", I believe Mozilla's policy of fairly transparently publicizing security holes as they discover them is of greatest benefit to their user base. The above mentioned book describes multiple real-life accounts of hackers compromising exploits known to the exploits' authors, as well as authorities, sometimes for whole years, but not publicized at large. If details on these exploits were promulgated to administrators everywhere, these people would have been both empowered and made responsible to protect their machines against the exploits.

Opponents of rapid exploit dissemination argue that publicizing flaws without fixes alerts hackers to these flaws faster than they would discover them on their own, but, especially with the case of open source software, hackers have free access to all codebase updates and can always easily search for exploits on their own. Also, Mozilla only provides access to detailed exploit information to a smaller circle of privileged users, so that information on how to exploit a flaw is not as easily obtained as general knowledge about it. Finally, software users themselves, aware of the exploit, can take precautions as necessary, potentially even turning off or discontinuing use of vulnerable software until a fix is found. Other advanced users can even actively contribute to solving a problem by submitting patches themselves. Overall, the benefits of a mostly transparent process of security bug publication outweigh the associated risks and provide the best protection to the public at large.

One Repository for One Family Tree

In the past years I have viewed the large quantities of genealogical data spread among multiple disparate sources with disapproval, and felt intimidated in beginning my own family history project. This problem seems to have arisen because the first software-based technologies for family history work were invented before the advent of the Internet. For instance, the church used to periodically distribute CDs containing their most up-to-date information to each ward and branch. Later the creation of PAF and the GEDCOM file format encouraged each person to maintain their own personal databases of family history, and as the Internet matured a host of different web sites have popped into existence with their own individual purposes, scopes, and information formats.

However, If we are to map the single family tree of human history from Adam to the present, we need to have one major repository for all genealogical data that is easy to use, explore, and contribute to. I believe the church has been tackling this problem for a while, and I hope that their new family history web service fulfills this requirement. If this new service succeeds in enabling most users to quickly comprehend accurately the current state of genealogical research in their families and know where they must begin to add to this body of knowledge, then it will become the greatest contribution so far in speeding along the work of redeeming the dead.