Yottabytes: Storage and Disaster Recovery

August 22, 2015  11:59 PM

At Worldcon, Science Fiction Fandom Hurries to Save Its History

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Now in its 73rd official year, science fiction fandom is grappling with a very present-day problem: How to archive its history in a way that future generations can reference.

“Archiving for the Future,” a panel session held at this week’s World Science Fiction Convention (Worldcon) in Spokane, Wash., included several science fiction historians as well as archiving professionals who discussed the aging of the fandom population, the lack of a clear repository for the history, and the fact that there’s so much material that no single site could actually serve as such a repository.

In the same way that some comic books became scarce because everyone’s moms threw them out, some irreplaceable science fiction fandom material, such as fanzines, has been lost because it was considered ephemera and discarded, panelists lamented. The problem is, many well-known science fiction authors started out as fans and their early work was included in those fanzines. “You have to save everything because you don’t know who that person will become,” one noted.  “Some of those people became Harlan Ellison.”

Moreover, material on paper is vulnerable to a variety of ills ranging from moisture to fire. When you get access to material, share it, panelists were told: You never know when your house is going to burn down or be hit by a hurricane.

Even now, in an era where material is born digital, some is considered ephemeral but is actually significant historically, noted participant Leslie Johnston, whose day job is Director of Digital Preservation at the National Archive.

For example, when the Library of Congress announced in 2010 that it would archive Twitter – a project  still under some criticism — some people didn’t understand why they’d want to bother saving details of what people had for breakfast, she said. But Twitter has become the first place a number of historical events and reactions to them were documented, such as the death of Osama bin Laden. “Twitter is today’s diaries,” she said.

And when such material does manage to make it to a collection rather than being thrown out, it’s often missing much of the context that gives it value, panelists said, citing cases of getting hundreds of photographs “from Worldcon” but with none of the participants, or even which Worldcon it was, identified. “It always comes down to the metadata,” said panelist Pierre Pettinger Jr., whose particular specialty is costuming. People have had to resort to such techniques as identifying venues based on the woodwork and carpeting shown in the pictures, panelists reported.

It was suggested, though, that crowdsourcing could help with some of that identification. Crowdsourcing has been used by a variety of libraries, from the New York Public Library to the British Library, to help identify and verify material ranging from maps to menus.

While some people may think that the preservation problem is solved once material is scanned or otherwise digitized, that’s no panacea, either, Johnston said. “Digitization is not preservation,” she said. “It’s creating a whole new set of materials that need to be preserved.”

What’s the issue? First of all, some of the digitized formats themselves are vulnerable. “CDs make me crazy,” Johnston said, because of their fragility, and thumb drives aren’t much better, relating the case of one that went through the wash.

Second, as time goes on, the hardware and software required to read material in particular formats can become hard to find, no matter how popular it once was, Johnston said. For example, the industry stopped manufacturing slide projectors three years ago, which will make it more difficult to look at slides going forward. She praised organizations such as the National Audio-Visual Conservation Center in Culpeper, Va., which holds a large archive of such hardware and software.

This loss of data isn’t just with old files, Johnston cautioned, noting that even some more recent material, which used early versions of cutting-edge storage formats, is now inaccessible.

Another issue, particularly with photographs, is that of the rights, panelists reported. Pettinger noted that he often posts images online that are of a lower quality than others he has because of concerns that people will appropriate them.

Similarly, panelists discussed the conflicting rights among the people who owned a picture vs. the people who might appear in it. Few of those subjects ever signed model releases, said fan history specialist Joe Siclari, who added that he always takes down images on request from the people in them. Fandom needs a better education in rights and how those rights can be transferred and archived, panelists said.

What’s needed now is for members of fandom to take responsibility for identifying and organizing the material they have, while they’re still around to do it, panelists said. In addition, fandom should set up a collaborative collection, where it’s accepted that a repository for one kind of material, such as costuming, will be located at one institution, with other institutions acting as repositories for other kinds of material.

Finally, that information also needs to be made available to fandom by creating repository directories, because there’s so much material that no one institution can take it all, Johnston said. That way, aging fans, and their descendants, know the value of the material and the process to follow for donating it.

In addition, there needs to be a canonical list of the types of hardware and software available, and where, that are available to read the different file formats. That way, archivists will be able to find out how to retrieve past material, panelists said.

Ideally, fans of the future would be able to see material in the same way that the writer originally did, Johnston said, citing the example of professor Salman Rushdie’s archive at Emory University.

Meanwhile, people are on their own. “How do we find the place that wants the stuff we have before we croak?” summarized one session attendee.

August 17, 2015  3:06 PM

EMC, VMware, Might Swallow Each Other

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
EMC, Storage, Virtualization, VMware

As you may recall, a year or so ago, activist investor Elliott Management Corp. took a large position in EMC stock, with the goal of “releasing shareholder value” – in other words, selling or reorganizing some of the pieces of EMC and VMware to make more money for stockholders. EMC CEO Joe Tucci has largely been resisting that effort, but a deadline is coming up that may mean something will happen – ranging from EMC buying VMware to VMware buying EMC.

How large is large? Reportedly it was more than $1 billion, which would amount to about 2 percent of its value, and also make it EMC’s fifth-largest shareholder.

So if this is something that’s been going on for a year, why the pressure now? It’s because in January, Elliott and EMC made a “standstill agreement,” which basically means that Elliott would not publicly pressure the company into divesting its holdings in VMware, in return for getting two people on the board of directors, writes Martin Blanc in Bidness Etc.. However, that agreement is set to expire in September, writes Anne Shields in Market Realist.

Moreover, Tucci’s on-again, off-again retirement is on again, Shields writes. “EMC’s CEO, Joe Tucci, is also under tremendous pressure to get EMC on the right track before he retires,” she notes. “David Goulden, CEO of EMC’s information infrastructure unit, as well as Patrick Gelsinger, VMware’s present CEO, are seen as equal contenders for EMC’s future CEO position.”

It might sound weird for the subsidiary VMware to buy out the parent EMC, but it makes sense because VMware stock is worth more than EMC stock, writes Blanc. “The move would likely be backed by Elliot Management as it will unlock more value for investors,” he writes. “Secondly, VMware already makes up for 73% of EMC’s entire market capitalization, so it makes more financial sense.”

Also, in some ways, VMware is the stronger company, with EMC facing pressure from flash drive manufacturers, commodity storage manufacturers, and other sources.  “EMC would emerge weaker than before,” writes Arik Hesseldahl in Re/Code, which started this whole speculation. “An EMC-minus-VMware scenario leaves the parent with a value of about $11 a share, or less than half what it’s trading for now.”

A VMware acquisition would work like this, according to Hesseldahl: “VMware would issue somewhere between $50 billion and $55 billion worth of new shares,” he writes. “A portion of those shares — about $30 billion — would be used to cancel EMC’s 80 percent stake in VMware, which currently has a market value of $38.5 billion. The remaining new VMware shares would be issued to current EMC shareholders, who will also get some cash generated from the issuance of about $10 billion in new debt.”

Putting VMware in charge would also make the merged company more forward-looking. “Inverting the company to make VMware the pinnacle would send a message that says storage hardware is not the future and virtualization/cloud (whatever that means) is where the world is headed,” agrees analyst Chris Evans. It would probably also play better with the companies’ various partners, he adds.

Ultimately, some sort of acquisition between the two companies wouldn’t have much effect in the long run about how they operate, writes Chris Mellor in The Register UK. “Not much would have changed fundamentally, on the good ship EMC, apart from the deck chair arrangement and signage,” he notes.

One big change? Integrating the two companies could reduce their operational expenses by almost $1 billion, writes Shields. And indeed, the most recent EMC earnings call hinted at such a possibility, with the company promising $850 million in savings by the end of 2016, though it didn’t say how.

That said, the stock market wasn’t necessarily thrilled about the potential merger news, particularly from the VMware side, writes Shields. “EMC shares rose more than 3%, whereas VMware shares fell more than 5% on August 5, 2015,” she notes.

July 28, 2015  11:17 PM

Committing a Crime? Don’t Post It On Facebook

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
legal, privacy, social media

Companies that collect large amounts of user data, such as Facebook, Google, and Twitter, may have a tougher time fighting government requests for that information after a recent court case.

New York prosecutors had filed 381 warrants in 2013 to get photos and private information from Facebook on hundreds of public employees suspected of Social Security fraud. A Manhattan-based state appeals court has unanimously ruled that the warrants could only be challenged by defendants in criminal cases to move to suppress the evidence they produced, according to Reuters.

This is the third time Facebook has lost on this ruling, and it had already provided the requested data to prosecutors.

Reportedly, “Facebook pages showed public employees who claimed to be disabled riding jet skis, playing golf and participating in martial arts events,” Reuters writes. By collecting the Facebook data, the government has collected nearly $25 million from those people.

It’s not the first time that people have been fired or lost insurance due to pictures on Facebook. What was new in this case was the government using warrants to gather information about the people from Facebook, some of whom were September 11 first responders. It also used private messages, not just information available publicly.

This appeal arose from the largest set of search warrants that Facebook had ever received, according to the brief on the case.  It noted that of the 381 warrants, only 62 of the targeted Facebook users were charged with any crime. (Eventually, 134 users had charges filed.)

“The warrants also contained broad gag provisions barring Facebook from informing its users what the Government was forcing it to do,” the brief continues. “The Government’s bulk warrants, which demand ‘all’ communications and information in 24 broad categories from the 381 targeted accounts, are the digital equivalent of seizing everything in someone’s home. Except here, it is not a single home but an entire neighborhood of nearly 400 homes. The vast scope of the Government’s search and seizure here would be unthinkable in the physical world.”

Facebook’s objections were primarily to the fishing expedition aspect of the warrants, noting that only a fraction of the information requested had anything to do with proving Social Security fraud, and that there was no provision for the government to return the data to the users.

Throwing a sop, the court agreed that Facebook had a point. “Our holding today does not mean that we do not appreciate Facebook’s concerns about the scope of the bulk warrants issued here or about the district attorney’s alleged right to indefinitely retain the seized accounts of the uncharged Facebook users,” the five-judge panel wrote, according to NBC.

Facebook also pointed out that as the holder of the data, it had to do all the work to collect it for the police, compared with a typical search warrant where the police are doing the searching.

Ultimately, though, that wasn’t enough. “If the cops show up at your door with a warrant to search your house, you have to let them search,” writes Orin Kerr in the Volokh Conspiracy legal blog. “You can’t stop them if you have legal concerns about the warrant. And if a target who is handed a warrant can’t bring a pre-enforcement challenge, then why should Facebook have greater rights to bring such a challenge on behalf of the targets, at least absent legislation giving them that right?”

While this particular action happened to target Facebook, there were amici curiae briefs from companies including Google, Microsoft, Pinterest, Twitter, and Yelp (as well as the New York Civil Liberties Union), because it could have just as easily been them. (Similarly, Microsoft is carrying the water for a case concerning the right of the U.S. government to seize data stored offshore, with Apple, AT&T, Cisco, and Verizon backing it up.) Tumblr, Foursquare, Kickstarter, and Meetup also filed a brief, arguing that “the lower court’s decision was especially troubling for startup online platforms like themselves” because smaller companies often lacked the financial resources to challenge warrants.

Part of the problem, the companies acknowledged, is that their business models are predicated on people being willing to share information about themselves online, which is sort of hard to do when you feel like the government could come in and snap up anything you post and the company can’t even warn you about it. Or, in lawyer talk,“Here that freeze also threatens the willingness of users to participate in online platforms — fora for speech of all kinds — that small and mid-size companies offer, for fear that their private information will be obtained improperly and without their knowledge,” the brief said.

Part of the problem, too, is that at least some of these people actually did appear to be committing fraud. In the same way that fighting for the right of people to encrypt their data and not reveal the key to the government means you end up supporting child pornographers, it’s can be more challenging to support legal principles if in the process crooks go free.

Facebook is reportedly considering whether to appeal the decision.

July 19, 2015  2:27 PM

UK Court Abolishes Surveillance Act, But More On the Way

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
privacy, Security

Legislation that had allowed enforcement and intelligence agencies in the U.K. to force communications providers to store records of their customers’ activities has been shot down by the country’s highest court, but the government has nine months – til March 2016 — to rewrite the law to make it more palatable.

Plus, the UK has already put forth another bill that could be even worse.

The Data Retention and Investigatory Powers Act (DRIPA) had been challenged by Members of Parliament David Davis and Tom Watson on the grounds that it lacked sufficient privacy and data-protection safeguards, Politico writes. “This is the first time a British national court has struck down primary legislation in the country, and the first time that a member of parliament has brought a successful judicial review against the government,” the site adds.

What was wrong with the law? “The MPs complained that use of communications data was not limited to cases involving serious crime, that individual notices of data retention were kept secret, and that no provision was made for those under obligation of professional confidentiality, in particular lawyers and journalists,” writes the Guardian. “Nor, they argued, were there adequate safeguards against communications data leaving the EU.”

Critics also said it had been rushed through Parliament, which is what led to the unusual judicial challenge, the BBC writes. “Normally it would be scrutinized in Parliament, but the two MPs say that because the Data Retention and Investigatory Powers Act was rushed through in days, there was no time for proper parliamentary scrutiny and that this judicial review was their only option.” Legislation in the UK usually takes months to pass, but the government claimed it needed the bill right away to protect British citizens against terrorism.

The law governed gathering information about who suspects contact by telephone or email, according to the BBC, and allowed the data to be stored for up to a year. “This does not include content but does include the fact that calls and emails are made, by whom, to whom and how often,” the BBC writes.  “Some half a million requests are made each year for this data.”

As with similar laws in the U.S., DRIPA supporters said the law was important to save lives in cases such as kidnapping and potential suicides.

The UK bill followed a similar one for the European Union as a whole, which was invalidated by the Court of Justice of the European Union in April, 2014. “The court struck down the directive largely because of poor access controls, although it was also concerned that citizens were not being informed about who was holding their data, and that some of the data might unlawfully leave the EU,” Politico explains. The MPs also drew on a number of EU laws in their arguments against the law.

DRIPA wasn’t just an issue for residents of the UK. The law also had a clause making it clear that foreign firms holding data on U.K. citizens could also be served with a warrant to hand over information. Anyone providing a “communication service” to customers in the UK, regardless of where that service is provided from, needed to comply, writes Lexology. “This was previously considered to be a grey area, and this clarification has significant ramifications for those providing communication services in the U.K. from overseas,” Lexology adds.

Exactly how the law could be rewritten is now being discussed. It could include more time to allow proper scrutiny of the proposed measures, writes the Media Policy Project blog of the London School of Economics.

The UK government has already said it plans to appeal the ruling. “I do think there is a risk here of giving succour to the paranoid liberal bourgeoisie whose peculiar fears are placed ahead of the interests of the people,” Security Minister John Hayes reportedly told BBC Radio 4’s The World at One.

But Parliament is already slated to see next month another bill that could be even worse: the Investigatory Powers Bill, writes the Huffington Post. “Revealed during the Queen’s Speech as a replacement for the emergency bill, the Investigatory Powers Bill has potentially far greater reach than even DRIPA with some of the preliminary wording suggesting that if fully approved it would allow the Government powers to ban encrypted communications services such as WhatsApp, iMessage and Facebook Messenger,” the Post writes.

July 9, 2015  11:06 PM

Watch Out, Candidates: Company Says It Can Detect Fake Photos

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Many of us who were around in 1982 remember a shocking incident. National Geographic ran a picture on its cover of the Great Pyramids of Gaza, but it later developed (no pun intended) that the magazine had moved the two pyramids closer together so they’d both fit into the picture. The world was horrified. This was National Geographic! Could we ever trust a published photograph again?

“No one might have noticed if the photographer, Gordon Gahan, hadn’t complained,” notes the website hoaxes.org. “It then became a source of major controversy. Sheila Reaves, a journalism professor at the University of Wisconsin has speculated that, ‘The enormity of moving such a large object brought home to people that you can move a shoulder or a smile.’”

The backlash was fierce. “The magazine was harshly criticized for this unethical act, and later, when the director of photography was replaced, the magazine issued a formal statement of apology and promised to never alter their images again,” writes Gettysburg College, which uses the incident as an ethics example in a journalism course.

This was hardly the first case of photo doctoring (though it was one of the first well-known cases of digital photo doctoring). But now there is a company that claims it can spot these instances of photo doctoring, by examining changes in the file caused by how it’s stored.

The company and product are both called Verifeyed. The product works by using machine learning to figure out whether photos have been through editing software and can establish which camera or phone was used to take them, writes Lucy England in Business Insider.

“Traditional digital cameras have several components: an optical system, then a photo sensor, and finally a storage system,” England explains. “If an image has been tampered with, it is decompressed, loaded onto photo-editing software, manipulated, and recompressed.”

But every time you compress a JPEG image, some information is lost to make a smaller file. When a JPEG image is compressed, it is split into adjacent blocks of pixels. Those blocks are compressed separately but still have to relate to one another in the same way they would in the original image. If someone has made changes to parts of the image, the changes will not relate to one another in the same way, and the Verifeyed algorithm can spot these differences, England writes.

The company is signing up clients from organizations such as banks, media companies, and insurance firms, which use the software on pictures that clients submit with claims. As many as 1 out of every 750 photos shows signs of digital tampering, Verifeyed notes. Another insurance company found that 1 out of 1000 pictures was fraudulent, which saved the company $1 million.

(Doctoring insurance photos has a long history. In the book Denial of Disaster, San Francisco librarian Gladys Hansen discovered that many 1906 earthquake pictures had been modified through techniques such as painting flames and clouds of smoke on earthquake-damaged buildings, because insurance companies would pay in the case of fire but not in the case of earthquake damage.)

Verifeyed claims that only 0.01% of the digital images the software examines are false positives. Moreover, it can analyze an image in less than a second, England writes.

So the product has a lot of interesting possibilities. What if someone decides to run Verifeyed against all the photos on the Internet? All the photos in the news? The company has already released a white paper showing how a number of photos have been manipulated, as well as publishing blog posts about them.

It could make the upcoming campaign season very interesting.

July 4, 2015  9:00 PM

Lois Lerner’s IRS Email: It’s Lost! It’s Found! It’s Lost Again!

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
ediscovery, Email, IRS

In case you thought the November 2014 revelation that Lois Lerner’s missing IRS email messages might have been found when backup tapes had been located meant the end of the story – LOL. You haven’t spent much time in politics, have you?

As you may recall, the whole thing started last June with former director of exempt organizations for the IRS Lois Lerner, and how something like two years’ worth of email messages — conveniently covering a period of time under Congressional investigation — were unavailable because employees could only store 500 mb of email, backup tapes were only saved for six months, and her computer had crashed, wiping out her hard disk drive. Last November, the IRS actually found the backup tapes – ironically, right where they were supposed to be – but it wasn’t clear whether they had any new messages on them and looking might be hard and expensive.

As with previous reports, conservative media has been leading the charge on much of the most recent news, which can sometimes make it challenging to figure out what’s really going on. That said, here goes.

A watchdog organization called Judicial Watch suggested last August that Lerner’s email messages might be on what turned out to be a total of 1,268 backup tapes. The Treasury Inspector General for Tax Administration (TIGTA) took possession of the tapes and was able to retrieve about 32,000 Lerner email messages from 744 backup tapes, as of November.

However, Judicial Watch wanted to know what was going on with  424 tapes (which still leaves 100 tapes unaccounted for, and what’s up with that?), and filed a Freedom of Information Act request to find out. “The conservative watchdog group wants to know their contents, whether they are now in the hands of the inspector general and whether the IRS must release the emails under the Freedom of Information Act,” writes the McClatchey Newspaper’s Washington D.C. bureau.

So U.S. District Court Judge Emmet Sullivan ordered on June 4 the IRS needed to answer questions by Friday, June 12, on the status of the lost email. On June 12, the IRS responded that TIGTA had given it 6,400 additional messages, which it had found in April, but that it needed to go through the messages – which could take until mid-September — to remove any duplicates before providing them to Judicial Watch – which didn’t take kindly to this.

Meanwhile, TIGTA has reportedly put together a 1,600-page report examining the agency’s handling of Lerner’s missing email messages and computer crash, according to Fox News, which said it had seen a copy of the report.

In contrast, the AP story says the report was only 22 pages long, but adds that 118 witnesses were interviewed for it, while GovExec said the report is scheduled to be released during 4th of July week (in the fine tradition of taking out the trash).

In any event, J. Russell George, the Treasury inspector general for tax administration, testified before Congress on the contents of the report in late June. And the upshot, writes the Associated Press, is that as many as 24,000 Lerner email messages may have been lost because the 422 backup tapes were erased. (Some reports, including the Judicial Watch press release, say 424 tapes, and the arithmetic for the total number of tapes does work out better for that number.)

This is despite the fact that IRS Chief Technology Officer Terry Mulholland had issued a directive in May, 2013, telling the department to preserve the records. (That said, the reason the IRS had said in the first place a year ago that it didn’t have the records was because backup tapes were routinely wiped so they could be used over again.)

“George and deputy Tim Camus said that two ‘lower level’ employees at a Martinsburg, W.Va., IRS facility erased the tapes as part of their normal housekeeping procedures,” writes GovExec. “’The investigation uncovered testimony and email traffic between IRS employees that indicate that the involved employees did not know about, comprehend or follow the chief technology officer’s May 22, 2013, email directive to halt the destruction of email backup media due to ‘the current environment’ and ongoing investigations,’ George said. ‘It appears they had a misunderstanding of the memo–they thought it was for hard-drives and personal computers, not backup tapes,’ Camus said.”

“’When interviewed, those employees said, ‘Our job is to put these pieces of plastic into that machine and magnetically obliterate them. We had no idea that there was any type of preservation (order) from the chief technology officer,'” Camus told the committee,” writes the Associated Press. “Rep. Thomas Massie, R-Ky., asked Camus if incompetence was to blame for the tapes being erased. ‘One could come to that conclusion,’ Camus said.”

Whose incompetence it was – the low-level employees, whoever it was who sent them the tapes for wiping, or Mulholland for not making a big enough deal of his directive — nobody said.

In addition, other testimony that day indicated that the original hard drive problem with Lerner’s laptop that caused her to no longer have copies of the email messages in the first place was reportedly caused by an “impact” rather than, say, a heat problem. Testimony didn’t indicate whether it was a “fell off the bed” or a “took a hammer to it” impact, but the laptop itself was reportedly undamaged, though the hard drive reportedly showed some “scoring.”

Mulholland was reportedly “blown away” upon learning that tapes had been degaussed, according to Fox News. It would mean that “evidence was destroyed 10 months after a preservation order for the emails; seven months after a subpoena; and one month after IRS officials realized there were potential problems locating certain emails,” Fox reports in another story.

But even Fox News had to admit that, according to the report, it all seemed like a case that should be attributed to stupidity rather than to malice. “The report says investigators found ‘no evidence that the IRS and its employees purposely erased the tapes in order to conceal’ some of the emails in question,” Fox writes. “However, the report demonstrates the IRS did a sloppy job retaining documents despite a House Ways and Means Committee directive to do so.”

In another one of life’s little ironies, Catherine Duvall, the person who had been in charge of producing the IRS email messages, is now in charge of producing former Secretary of State Hillary Clinton’s email messages.

June 30, 2015  10:10 PM

HP Settles Autonomy Shareholder Lawsuit for $100 Million

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Autonomy, ediscovery, HP

After months of trauma, HP has settled a shareholder lawsuit over its botched Autonomy deal for $100 million, in time to get it over with before the company splits in two on November 1.

“The Palo Alto tech giant said it believes the class-action lawsuit had no merit, but that it preferred to settle rather than engage in ‘burdensome and protracted’ litigation,” writes the San Jose Mercury News. The cost, which according to The Recorder amounts to about ten cents per share, will be paid for by insurance and specifically covers people who bought HP shares between August 19, 2011, when the deal was announced, and November 20, 2012, when HP announced a writedown of the deal, writes the Wall Street Journal.

Another major component of the settlement is that it lets HP and all its current and former officers, directors, and advisors off of any Autonomy-related securities claims.

As you may recall, this all started after HP’s monstrous $10 billion acquisition of Autonomy in 2011, for which nearly everyone agreed it overpaid. HP then took an $8 billion writedown on the deal, and since then the companies have been throwing lawyers at each other, in light of what some found to be, um,unconventional business practices on the part of Autonomy.

HP’s own $5.1 billion lawsuit against Autonomy for fraud is still underway. A lawsuit regarding harm done to HP’s retirement stock ownership plans has been dismissed, according to the Courthouse News Service.

Last year, HP paid out $57 million to resolve similar shareholder claims regarding its Palm Inc. acquisition, The Recorder adds.



June 27, 2015  12:18 AM

If Your Smart Devices Hear Something, Will They Turn You In?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
privacy, samsung, Security, Smartphones, Voice recognition

An increasing number of devices around us can now be controlled by voice. Our phones. Our speakers. Our televisions. Even our houses.

But for voice control to work, it means the devices have to listen. And some people are starting to worry about what sort of information the devices might be storing in the process, and what the ramifications could be.

Listening machines trigger all three aspects of the surveillance holy trinity,” writes Ethan Zuckerman, director of the Center for Civic Media at MIT and the principal research scientist at MIT’s Media Lab, in The Atlantic. He describes that trinity as follows:

  1. They’re pervasive, starting to appear in all aspects of our lives.
  2. They’re persistent, capable of keeping records of what we’ve said indefinitely.
  3. They process the data they collect, seeking to understand what people are saying and acting on what they’re able to understand.

But it’s more than that, Zuckerman writes. What responsibility might listening devices end up having? “If a robot observes spousal abuse, should it call the police?” he writes. “If the robot is designed to be friend and confidant to everyone in the house, but was paid for by the mother, should we expect it to rat out one of the kids for smoking marijuana?”

Similarly, Zuckerman talks about “Hello Barbie,” introduced in February at the annual Toy Fair to approbation when it was learned that it not only listened to kids, but actually recorded their speech (and could be listened to by parents). (A similar toy, a listening and talking dinosaur, blew away its Kickstarter funding after appearing at the same show, though it doesn’t record audio, though parents can read a text log of what their kids tell it.)

“’Hello Barbie’ transmits the recordings over the Internet to cloud servers,” explains the Campaign for a Commercial-Free Childhood. “Mattel’s technology partner ToyTalk processes the audio with voice-recognition software.Mattel says it will use this information to “push data” back to children through Barbie’s built-in speaker.”

People then worried about things like whether Mattel would use the information to market to kids. “Hi, Susie! I know you like decorating. Did you know I could have my own house?”

But it could be worse. Keep in mind that people who work with children, such as doctors and teachers, are required by law to notify authorities if they suspect abuse or neglect. If a kid confides to Hello Barbie that they’re being abused by a parent, or if Barbie hears something suspicious, should Barbie call the cops?

“Information recorded by the doll could be sent to authorities, governments and other entities if ‘required to,’” warns Vigilant Citizen.

Vendors of products intended for adults could run into the same problem. “Do we want a world in which we confide in our phones?” Zuckerman writes. “And how should companies be forced to handle the data generated by these new interactions?” Attendees at a recent conference he attended on listening machines even suggested that robots might someday have “robot privilege” that protects people from having their household devices subpoenaed.

One could argue that nobody – so far as we know, of course – has said that Google should contact the cops if somebody searches for “how to make poisons” or “how to hide a body.” And if that doesn’t happen, then why would anyone suggest that a listening device, whether it’s a phone or a Barbie, should take steps if it hears something suspicious?

That said, certainly there’ve been cases where law enforcement believes that security and encryption systems should have “back doors” built into them. It isn’t hard to imagine law enforcement believing that Siri should start a recording going – accessible only by police, of course – when she hears something she thinks “sounds suspicious” (like a gunshot, maybe?) Somehow that seems a lot more likely than “robot privilege.” And certainly there have been concerns about this in connection with webcams.

And as Amazon starts licensing the technology its Echo personal assistant uses to other vendors, we might find a lot more things around the house are listening to us. This is all happening at the same time there’s discussions of things like smart dust that can scatter minuscule microphones everywhere to listen to people.

“Smart TVs sit in your living room or bedroom, and can have microphones, cameras, and access to your TV-watching habits—which can produce incredibly personal data,” Parker Higgins, from the Electronic Frontier Foundation, wrote after the Samsung “listening television” issue. “If security researchers can’t examine the software these devices run, and developers can’t work on alternatives or modifications, then users are bound by whatever terms their manufacturers want to put forward, and must trust that they’ve been implemented as promised. Given that these devices are networked and can often be updated remotely, user privacy is at the mercy of not just the manufacturer, but anybody who can convince, coerce, or compromise it, to modify the software or collect additional information.”

It’s enough to make you clam up.

June 17, 2015  5:30 PM

How Geeks Spend Their Summer Vacation: Playing With Old Storage

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
IBM, Mainframe, PC, Storage

You know that you’re getting old when you start finding stuff you actually used in museums.

I was reminded of this on a recent trip to Seattle, where we visited the Living Computer Museum. Like the Experience Music Project, but not nearly so flashy, it’s funded by Microsoft co-founder Paul Allen. While, predictably, it talks a lot about all the value that Microsoft provided to computer history – as well as pictures of Allen and Bill Gates in high school, looking cute as the dickens — it also features hunks and hunks of big iron ranging from IBM to DEC to Xerox to even Apples.

(Incidentally, after donating $1.5 billion to various charitable causes, as well as his various indulgences like museums, yachts, and sports teams, Allen is still the #51 richest guy in the world, according to Forbes.)

To tell you something about the museum, this is the go-to place for Hollywood when they need old-looking hardware for the movies and television, such as the IBM 360/91 control panel used in Tomorrowland and the IBM 1052 printer keyboard used in Mad Men.

Naturally, with all that old hardware around, there has to be a lot of old storage devices around to go with it. And if you’re looking for a place to wave your cane and mutter about kids these days not appreciating what they have, this is a great place.

While sticking a 16 GB microSD card into your camera to take a picture of it, you can look at paper tape, which stored about 10 bytes per inch, or a punch card, which stored 80 characters per card (about the size of a business envelope). Or you can move on to big storage, like the 10 platters that made up a 25-pound disk pack to store 200 megabytes in a 1974 DEC storage device.

The museum also includes a display showing the various types of portable storage, ranging from DECTape to floppies to tape cartridges and of course thumb drives.

Best of all, this is an actual interactive computer museum, where most of the equipment actually works. You, too, can see what it is like to actually type a punch card, hold a facsimile of the paper tape with the first copy of BASIC that Allen and Bill Gates wrote, and hug a megabyte – which at the museum is in approximately a 6’ x 6’ cabinet.

Aside from the storage history, the museum is a fun place anyway. There’s all the old minicomputers, dating back to a PDP-7 (one of only five in the world, they say, and reportedly the only one still working). There’s even a Xerox Alto, basically the forerunner to all the graphic user interface devices we use today. Sadly, there isn’t much IBM hardware, because IBM typically leased its devices and repurposed the hardware when people were done with it. There’s not much in the way of HP hardware, either, though apparently they’re working on restoring one. And you can even get a remote login for the DEC hardware.

There’s also a batch of PCs loaded with vintage games and other game controllers, and this appears to be where they expect a lot of people will spend their time. If you, too, want to play a copy of the Oregon Trail just like you did when you were a kid, or if it’s been years since you played Rogue, this is the place for you.

If you go, don’t pass up the opportunity for a tour, where they explain the provenance of all the hardware and what people were able to do with it. The museum also goes to a fair amount of effort to include women in its displays and descriptions, such as pointing out how women were usually the ones hired as keypunch operators because of their accuracy – but not paid as well for their expertise. (You can also see my pictures, and understand why I’m a writer and not a photographer.)

Incidentally, if you happen to have one kicking around the garage, they’re in the market for a Cray.

June 9, 2015  9:44 AM

Clear Your Browser, Go to Jail

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
ediscovery, legal, Thumb drive, USB drive

One of these things is not like the others: Fish. Browser. Backpack. And not knowing the difference could send you to jail.

It’s all part of an unintended consequence of the Sarbanes Oxley Act, writes Amy Howe in SCOTUSblog. “In 2002, Congress passed the Sarbanes-Oxley Act in the wake of the collapse of Enron Corporation, once the world’s largest energy trader,” she explains. “One provision was a response to revelations that Enron and its accountants had destroyed thousands of documents, computer hard drives, and emails that might have shed light on the company and its finances. The law makes it a crime to ‘knowingly . . . destroy any record, document, or tangible object with the intent to impede, obstruct, or influence’ a federal investigation, even if such an investigation has not yet been officially initiated.”

We’re not talking about people deleting terabytes of data. Sarbanes Oxley has been used against individuals for as little as clearing a browser history, writes Juliana deVries in The Nation.

That would be the case of Khairullozhon Matanov, a friend of the Boston Marathon bombers. After he saw them listed as suspects, he went to the police (which, incidentally, he wasn’t required to do), but lied about some aspects of their relationship, according to deVries. “Then Matanov went home and cleared his Internet browser history,” she writes. Eventually, he was charged with four counts of obstruction of justice – three for the lies “and—remarkably—one count for destroying ‘any record, document or tangible object’ with intent to obstruct a federal investigation,” she writes, a charge for which he could serve 20 years. “This last charge was for deleting videos on his computer that may have demonstrated his own terrorist sympathies and for clearing his browser history.”

What makes this sort of expansion of Sarbanes Oxley problematic is that prosecutors do not have to show that the person deleting evidence knew there was an investigation underway, deVries explains. “In other words, a person could theoretically be charged under Sarbanes-Oxley for deleting her dealer’s number from her phone even if she were unaware that the feds were getting a search warrant to find her marijuana,” she writes. “The application of the law to digital data has been particularly far-reaching because this type of information is so easy to delete. Deleting digital data can inadvertently occur in normal computer use, and often does.”

Similarly, David Kernell, who was convicted of breaking into Alaska Governor Sarah Palin’s email account, while she was running for Vice President, was charged with felony destruction of records under Sarbanes-Oxley for clearing his browser cache, uninstalling the browser, deleting images he had downloaded from her email account, and defragged his hard drive, deVries writes. “In January 2012, the US Court of Appeals for the Sixth Circuit found that Kernell’s awareness of a potential investigation into his conduct was enough to uphold the felony charge,” she writes.

Defenders argued that the case had not yet been filed, but the court noted that Kernell specifically mentioned his concern that the FBI would find his records, writes Robyn Hagen in Findlaw. Individuals had also been charged with Sarbanes Oxley violations for destroying computer data when they knew about an investigation.

The federal government, for its part, noted that it had used Sarbanes Oxley “to prosecute the destruction of a wide array of physical evidence—including human bodies, bloodstains, guns, drugs, cash and automobiles—in order to cover up offenses ranging from terrorism and the unreasonable use of lethal police force to violations of environmental and workplace-safety laws,” according to Mark Walsh in ABA Journal, who went on to cite another expert that there is apparently not a federal destruction of evidence statute, which is why Sarbanes Oxley is being used in this way.

But the use of Sarbanes Oxley in the Matanov case, if successful, has all sorts of repercussions. “Think of it another way, outside of the context of terrorism,” explains Susan Zalkind in The Daily Beast. “Imagine your friend, with whom you enjoyed listening to rap music like Notorious B.I.G’s ‘Ten Crack Commandments,’ was arrested in a big crack sting. You don’t sell crack. You didn’t even know your friend sold crack. Maybe he mentioned it, but you thought he was playing around. But you do know federal investigators will now want to talk to you. And, in fact, you want to help. Songs about crack are one thing, but crack itself is a different story, you figure. To keep up appearances, you take down your Biggie poster, delete some of your music, and clear your browser history. The Matanov conviction could set up a precedent whereby you could serve federal time for any of those actions.”

So where do the fish come in? Well, the Supreme Court, watching the creeping Sarbanes Oxleyism of their courts, finally decided that enough was enough, writes Gideon Lichfield in Quartz.  Boat captain John Yates appealed the use of Sarbanes Oxley for his crime of throwing undersized fish overboard, in an attempt to keep from being convicted for having fish that were too small. Fish, the court ruled, could not be a record (despite Justice Kagan’s dissent, where she quoted One Fish Two Fish Red Fish Blue Fish, apparently the first time that Dr. Seuss had been cited in the Supreme Court). For a tangible object to count under Sarbanes Oxley, it must be used to record or preserve information, wrote Justice Ginsburg.

“Most of the justices seem to have very little patience with the feds going after John Yates with a white-collar destruction-of-evidence statute that carries a maximum penalty of 20 years in prison, merely because, as [Supreme Court Justice Antonin] Scalia puts it to the assistant solicitor general a moment later, ‘This captain is throwing a fish overboard,’” writes Dahlia Lithwick in Slate. “Scalia is only just getting started: ‘He could have gotten 20 years. What kind of a sensible prosecution is that? … Who do you have out there that exercises prosecutorial discretion? What kind of a mad prosecutor would try to send this guy up for 20 years?’”

“For as long as this case has dragged on, it has gained attention around the nation as a prime example of prosecutors going to absurd lengths to punish someone for reasons that the rest of us find difficult to understand,” agrees Keith Lee Rupp in an opinion in US News and World Report. “The nation’s criminal defense attorneys say the case is a poster child for the way some federal prosecutors try to scare plea deals out of their targets with threats of outrageous punishments if the matter goes to court. This is not a message the Justice Department should want to be sending, but it is.” (To add insult to injury, by the time charges had been filed, the fish size limits had been changed and Yates’ fish would no longer have been illegal, he notes.)

Zalkind also points out that the prosecutor filing these charges against Matanov is US Attorney Carmen Ortiz, the same person who filed what many say were excessive charges against Internet activist Aaron Swartz. They could have resulted in his serving 32 years in prison, and it is widely believed that this is what led to him committing suicide instead.

The Yates case could be used to free another Boston marathon bomber’s friend, Azamat Tazhayakov, who was convicted – in another case prosecuted by Ortiz — of destroying the marathon bomber’s backpack. Apparently, backpacks, like fish, should also be considered to be too far removed from the notion of a record for Sarbanes Oxley to apply to them, writes the law firm of Blank Rome. “Items of clothing and bags of any sort, including backpacks, briefcases, purses, or messenger bags, are now plainly outside of the statute’s compass,” the firm writes.

Interestingly, there was a thumb drive in the backpack, which would have been enough to convict Tazhayakov under Sarbanes Oxley, but the government did not raise the issue of whether he knew about the thumb drive when presenting its case, writes Mark Joseph Stern in Slate. In fact, if the government had used a simple obstruction of justice charge, he likely would have been convicted, but that could have resulted in only a few years of prison, not 20, he writes.

In the meantime, however, browser histories and other deleted information – indeed, any electronic object, according to Blank Rome — are apparently still fair game. “The Supreme Court did not answer the pressing question of how broadly federal prosecutors are allowed to use Sarbanes-Oxley in the digital age,” deVries writes. “Can you be prosecuted for deleting a potentially incriminating tweet? For uninstalling Firefox? For clearing your browser history? How much of their digital data should citizens have to preserve in case law enforcement wants to take a look?”

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: