Yottabytes: Storage and Disaster Recovery

May 13, 2017  11:40 PM

Another Judge Rules on Smartphone Encryption

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Encryption, Security, smartphone

Courts are still trying to decide if law enforcement can make you unlock your smartphone, with some ruling one way and some ruling the other. In the most recent case, they ruled that you have to. And, for once, it wasn’t a case involving child pornography or terrorism.

As you may recall, the whole issue boils down to how a device is encrypted. Traditionally, courts have ruled that you can be compelled to give up something you have, such as your fingerprint, which is used to encrypt your phone, but you cannot be compelled to give up something you know, such as a password. That’s because simply admitting you have the correct password on a particular encrypted phone or other storage device could be considered self-incrimination.

In this particular case, Hencha Voigt and co-defendant Wesley Victor were accused of threatening to release sex videos stolen from a phone belonging to a Miami socialite known as YesJulz, writes David Ovalle in the Miami Herald. After the phone was stolen, YesJulz received a series of text messages demanding money. After consulting with police, YesJulz set up a fake meeting with the extortionists, and the two were arrested. At the time, they had four phones with them, the contents of which prosecutors want to examine, he continues.

What makes this case unusual is that there is actually settled case law about it in Florida. A December appeals court decision allowed police in Sarasota to force a suspected voyeur, allegedly caught at a mall trying to take photos up women’s skirts, to give up his iPhone pass code, Ovalle writes. The judge who ruled on the Voigt case had to follow that precedent, he said.

Attorneys for the two contend that law enforcement is asking for the passcode so it can go on a fishing expedition, writes Eric Levenson for CNN. “They’re asking for the passcode so they can keep on searching what’s on the phone — which may be incriminating my client — and then use that against her,” Kertch Conze, Voigt’s attorney, told CNN, he writes. Technically, though, that isn’t allowed – law enforcement needs to have a reasonable suspicion that the information they’re looking for is on the encrypted device, Levenson explains.

The judge, Miami-Dade Circuit Judge Charles Johnson, explicitly referred to the thing-you-have-vs.-thing-you-know debate by saying that for him, turning over a password is like turning over a key to a safety deposit box – in other words, a thing you have, which you can be forced to surrender, rather than a thing you know, according to the BBC.

Attorneys for the defendants may have telegraphed their strategy going forward by noting that they would need to talk to the clients to see whether they remembered the passcode. On the other hand, in another case, last year one U.S. defendant was arrested for claiming not to remember the password to an encrypted device, and other defendants have been jailed in the UK.

Meanwhile, the case law on either side of the argument keeps piling up, meaning that, eventually, the whole thing is liable to end up in the lap of the Supreme Court – especially now that we have a full complement of Supreme Court judges, meaning that whatever they decide can be used as a precedent in the future. “No question in my mind that the U.S. Supreme Court will need to decide the issue eventually,” Mark Rumold, a lawyer with the Electronic Frontier Foundation, told Ovalle. “To me, it’s not so much a question of if, but when.”

April 30, 2017  9:59 PM

New Micron CEO Comes From SanDisk

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Flash, Micron, SanDisk

It wasn’t a merger, exactly, but two storage companies have recently gotten together, sort of, when Micron Technology got its new CEO from SanDisk.

Sanjay Mehrotra, cofounder of SanDisk in 1988, had been its CEO from 2011 to 2016, and was instrumental in Western Digital’s acquisition of the company, according to Reuters. He stepped down after the acquisition, which was announced in 2015 and closed in 2016. While he had a seat on the Western Digital board, he stepped down from that position a week after Micron announced its CEO search, writes Anders Bylund in the Motley Fool.

Ironically, Micron had reportedly been one of the other bidders for SanDisk.

The two companies both make flash memory chips, and in fact some analysts had said last year that they were puzzled about why Micron was interested in buying SanDisk. In addition, SanDisk had sued Micron for patent infringement in the early 2000s, write David Staats and Kristine Rodine in the Idaho Statesman. It seems likely that the new CEO will help steer Micron toward further development in the flash arena.

Analysts were ecstatic over the news. “Mehrotra was a model of clarity at Sandisk,” gushed “Electric Phred” at Seeking Alpha. He’d spend all day in analyst presentations with audio (and video!) that worked, enough seats for all would be attendees, piles and piles and piles of excellent slides, and excellent presenters from several layers of management. May Mehrotra bring that much better interface to the investment community! May we have well organized and presented and detailed analyst days such as Sandisk used to have.”

It could not be more telling when the ex-CEO of SanDisk returns to become the CEO of rival and peer Micron,” Mizuho Securities analyst Vijay Rakesh notes in StreetInsider.

“I honestly can’t come up with a better CEO candidate for Micron,” Bylund writes, noting that the stock rose 2 percent on the news. “Today’s stock surge is more than just a sigh of relief over the CEO uncertainty situation — it’s a vote of confidence in the new name.”

Micron needed a CEO because its existing one, Mark Durcan, announced in February that he planned to retire once a replacement could be found. A 30-year Micron veteran who had actually already retired once, he replaced iconoclastic Steve Appleton, who was CEO of Micron until he died in 2012 when his experimental plane crashed.

Mehrotra, who will also serve as president and chairman of the board, is scheduled to start work on May 8, while Durcan will stay on as an advisor until August, according to the company. He is expected to divide his time between Micron’s Boise, Idaho, and Milpitas, Calif., offices. And, causing a sigh of relief to Idaho, where Micron is one of its largest employers, the company said he had no intention of moving headquarters out of Boise, which state officials have worried about for years.

April 26, 2017  11:16 PM

Can Google Books Turn Into Spotify for Books?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Books, copyright, Google, Storage

Isn’t it cool how you can search for a genre of music, run across a new-to-you recording artist, decide you like them, then be able to listen to a whole lot of their work? And then if you like them, you can buy their CDs or higher-quality recordings and keep them forever?

Wouldn’t it be cool to do that with books? Not just current ones, but old ones too?

You almost could. And at some point, you might still be able to. A couple of articles are reminding us of what Google Books was supposed to be: an online repository of all the books in all the libraries, in and especially out of print, and you could search for a phrase or a fact, get a list of books about it, and read that section. And then, if you wanted, you could buy electronic or even published copies of the books.

“You were going to get one-click access to the full text of nearly every book that’s ever been published,” writes James Somers in the Atlantic. “Books still in print you’d have to pay for, but everything else—a collection slated to grow larger than the holdings at the Library of Congress, Harvard, the University of Michigan, at any of the great national libraries of Europe—would have been available for free at terminals that were going to be placed in every local library that wanted one. At the terminal you were going to be able to search tens of millions of books and read every page of any book you found. You’d be able to highlight passages and make annotations and share them; for the first time, you’d be able to pinpoint an idea somewhere inside the vastness of the printed record, and send somebody straight to it with a link. Books would become as instantly available, searchable, copy-pasteable—as alive in the digital world—as web pages.”

Granted, you can still do some of that now, after a fashion, but it’s just a whisper of the original plan. Starting in 2004, it saw Google employees manually scanning what turned into 25 million books from libraries such as Michigan, Harvard, Stanford, Oxford, and the New York Public Library, at a cost of $400 million, into a massive database of up to 50 to 60 petabytes, Somers writes.

“Approximately twenty per cent of all books are in the public domain; these include books that were never copyrighted, like government publications, and works whose copyrights have expired,” wrote Jeffrey Toobin in the New Yorker in 2007. “Google has simply copied such books and made them available on the Web. Roughly ten per cent of books are copyrighted and in print—that is, actively being sold by publishers. Many of these books are covered by Google’s arrangement with its publisher partners, which allows the company to scan and display parts of the works. The vast majority of books belong to a third category: still protected by copyright, or of uncertain status, and out of print.”

And those books, known as “orphan works,” were the problem. The problem, like the early days of Napster and music sharing, was copyright and the rights of the artists to control their work. While that has gotten largely worked out in this day and age for music, there’s not yet a Spotify for books.

“There’s actually a long tradition of technology companies disregarding intellectual-property rights as they invent new ways to distribute content,” Somers writes. “What usually becomes of these battles—what happened with piano rolls, with records, with radio, and with cable—isn’t that copyright holders squash the new technology. Instead, they cut a deal and start making money from it. But even if everyone typically ends up ahead, each new cycle starts with rightsholders fearful they’re being displaced by the new technology.”

Google Books was no different, and litigation over the subject went on for years, with the upshot that people don’t have access to the database of 25 million books that the company had scanned thus far. There was also the interesting nuance mentioned in Backchannel that people don’t have access, but AI systems might. “We know Google can’t legally make its millions of books available for anyone to read in full — but what if it made them available for machines to read?” writes Scott Rosenberg.

And, who knows? Perhaps with the examples of the music industry before it, and in a different political climate, the computer industry can figure out how to do Spotify for books after all. Interestingly, one of the Google executives in charge back in the day was Marissa Mayer; maybe she’d like to get involved again?

“Google Books could turn out to be for out-of-print books what the VCR had been for movies out of the theater,” writes Somers. “The greatest tragedy is we are still exactly where we were on the orphan works question,” Lateef Mtima, a copyright scholar at Howard University Law School, tells him. “That stuff is just sitting out there gathering dust and decaying in physical libraries, and with very limited exceptions, nobody can use them. So everybody has lost and no one has won.”

That said, Somers was wistfully hoping that, somehow, access to the Google Books database could be opened or that the files could somehow become available. “What would it take to make the books viewable in full to everybody? What’s standing between us and a digital public library of 25 million volumes?” he writes. “All you’d have to do, more or less, is write a single database query. You’d flip some access control bits from off to on. It might take a few minutes for the command to propagate.”

Perhaps he was wishing Aaron Swartz was still around.

April 21, 2017  10:36 PM

New York to Destroy IDNYC Data

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Data destruction, privacy, Security, Storage

We’ve written before about government agencies concerned that President Donald Trump’s administration could end up destroying data that those agencies find useful but which the administration finds inconvenient. Now we have the opposite situation: Cities that are destroying data to keep it out of the Trump administration’s hands.

While the point of storing data is typically to keep it around, data retention experts actually recommend not doing that, and instead suggest purging data that isn’t needed. It’s not just a matter of saving space on the hard drive, and the time it takes to keep that data backed up and maintained. In an electronic discovery or other legal situation, there’s that much more data to go through to look for relevant information – or that could get you in trouble.

That’s the situation that a number of states and cities are in. Altogether, about a dozen states offer special driver’s licenses for people who can’t prove citizenship, while more than a dozen cities offer alternative identification programs to help identify people who aren’t necessarily eligible for a more traditional type of ID, according to Jen Fifield in Governing.

One of the biggest such programs, with almost a million cardholders, is New York’s IDNYC program. It’s not just undocumented residents, writes Liz Robbins in the New York Times. “The IDs have also been popular with some of New York’s most vulnerable residents: those living in homeless shelters, victims of domestic violence and transgender people,” she writes. “The cards allow entry to public schools, are accepted by the Police Department as a form of identification for people reporting crimes and grant free admission to museums.”

As recently as mid-November, after President Trump’s election, New York started thinking about destroying all the IDNYC data it had collected in the process of providing those municipal identification cards to undocumented residents, to keep it out of the hands of the federal government. Two New York State assemblymen filed a case to prevent New York from destroying the IDNYC data, claiming it was a risk to national security, but a recent legal ruling found that the city could destroy the IDNYC data if it wanted to.

“A State Supreme Court judge has ruled that New York City has a right to destroy information obtained through its municipal identification card program, IDNYC,” writes Jason Shueh in StateScoop. “Judge Philip Minardo issued the ruling after two Staten Island State Assembly members, Ronald Castorina and Nicole Malliotakis, both Republicans, sued to preserve IDNYC’s application data.”

John Miller, the New York City Police Department’s deputy commissioner for intelligence and counterterrorism, testified in January that that the IDNYC data could be destroyed without increasing the risk of terrorism, writes Robbins in a different New York Times. The department had not seen such IDs used in terrorism cases in the two years of the program, he testified.

“Under the law that created the ID program in 2014, records of the documents used to apply were to be kept for two years and made available only through a judicial warrant or subpoena,” Robbins writes. “Applicants were promised privacy.”

In fact, keeping the documents offered more of a risk of identity fraud, because they would then be open to hacking, Miller testified.

Not everyone agrees. “This is a scandalous attempt on the part of the city’s government to protect undocumented immigrants from federal law at the expense of public safety and state law,” writes Alexandra DeSanctis, a William F. Buckley Fellow in Political Journalism at the National Review Institute, in the National Review.

Consequently, Minardo did issue a stay to prevent the city from destroying any documents until April 17, pending an appeal, Shueh continues. In any event, the city also decided in December not to keep any supporting documentation once an application had been approved, which a number of the other cities that offer municipal IDs already do, Fifield writes. The stay was then extended until April 21, plus Castorina filed a second suit regarding his efforts to obtain copies of the documents under New York’s version of the Freedom of Information Act, which could prevent destruction of the IDNYC data until after May 3, writes Rachel Shapiro in SILive News.

Other cities that have or are considering their own municipal ID program, such as  Washington, D.C., Chicago and Los Angeles, are watching the IDNYC data case closely, because it could serve as a precedent for what they might want to do with their own data about undocumented residents. Boston is considering setting up a municipal ID program and had been concerned about federal government access to the data, Shueh writes. “Boston Mayor Marty Walsh initiated an RFP last January to investigate whether an ID program would benefit and protect residents,” he writes. “Federal warrants to retrieve information on the whereabouts and on immigration status is a chief concern in the study.” Philadelphia is also considering a municipal ID program and has similar concerns, Fifield writes.

Meanwhile, in Vermont, a state program that provided such IDs turned out to be giving information on people living in the country illegally to federal Immigration and Customs Enforcement officials, although the state has a policy that prohibits state officials from carrying out federal immigration policy, writes Cory Dawson for the Associated Press. In one such case, the Department of Motor Vehicles was ordered to pay $40,000 to the undocumented resident.

It is not clear what repercussions there might be to a city that destroyed its data, similar to the punishments the Trump administration is reportedly considering for cities that declare themselves to be “sanctuary cities” that won’t cooperate with immigration officials to round up undocumented citizens.

April 17, 2017  11:35 AM

What Does Its Troubles Mean for Toshiba’s Hard Disks?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Hard disk, Storage, toshiba

As you may recall, the number of hard drive makers has been steadily shrinking as the product becomes more of a commodity and the industry consolidates.

Now, it looks like, one way or another, Toshiba will be next on the block.

This is not, in itself, an astonishing development. As long ago as 2015, the Motley Fool was predicting that Toshiba would be acquired. “When Western Digital’s leadership gets comfortable with this new partnership, I wouldn’t be surprised to see it develop into yet another hard-drive buyout,” The Fool’s Anders Bylund wrote in October, 2015. “If Western Digital doesn’t own Toshiba’s hard drive operations by 2018, I’ll be shocked.”

And in 2011, when Seagate bought Samsung, there was some discussion that Toshiba (which started the whole acquisition merry-go-round in 2009 with its acquisition of Fujitsu) might either buy Samsung itself or be bought by Seagate.

What’s surprising is that Toshiba’s move doesn’t have much to do with its storage industry per se, but with its nuclear construction business, which is threatening to bring the rest of the company down with it. “Toshiba warned this week that there is ‘substantial doubt’ about its ability to stay in business, saying its loss for the year ended in March could hit 1 trillion yen ($9 billion),” writes Sherisse Pham in CNN Money. “Toshiba is pulling out of the nuclear construction sector, the root cause of its current financial debacle. Its troubled U.S. subsidiary Westinghouse Electric filed for bankruptcy last month, and will eventually be removed from the Japanese company’s books, leaving a thick trail of red ink.” Altogether, the company has lost $4.8 billion over the first nine months of its fiscal year and could lose $9.2 billion for the full year, with the result that the stock dropped 8 percent last Friday, according to Jon Swartz in USA Today – after falling 29 percent in the past three months.

That was just the beginning. “Toshiba took the unusual step of reporting third-quarter earnings without approval from its auditors. Toshiba said losses last year had left it with negative shareholders equity of 225.6 billion yen at the end of December,” write Takako Taniguchi and Pavel Alpeyev in Bloomberg. “This further jeopardized Toshiba’s listing on the Tokyo Stock Exchange. The TSE kept Toshiba on its list of securities on alert in a December announcement, after originally being included for overstating profits from 2008 through 2014. Toshiba last month submitted a report detailing plans to improve internal controls. If deemed insufficient, the company will face delisting.”

In response to all this, Toshiba is considering selling its memory chips business, hoping to bring in at least 2 trillion yen ($18 billion), Pham writes. Potential bidders include Apple, which would give the company more control over its supply chain, as well as keeping the Japanese company from being owned by the Chinese, writes Janko Roettgers in Variety. Apple would partner with its supplier Foxconn, a Chinese company, technically known as Hon Hai Precision Industry.

However, this raises another problem: Western Digital, which partners with Toshiba, has reportedly warned that a sale may violate a contract it has with Toshiba, write Alex Sherman, Ian King, and  Pavel Alpeyev in Bloomberg, and that Toshiba should be talking with Western Digital first. This would be ironic, because at one point Toshiba had the ability to stop Western Digital’s 2015 merger with SanDisk, because SanDisk had a partnership with Toshiba. In fact, it was that acquisition and its debt that may limit Western Digital’s ability to put forth a winning bid. At this point Toshiba has put a hold on the whole discussion, they report, though Toshiba itself denies this.

The problem that storage vendors are having with this sort of market consolidation is that the Federal Trade Commission has started to get involved. When Western Digital bought Hitachi GST in March, 2012, it had to sell to Toshiba assets that Hitachi GST used to make and sell desktop hard-disk drives. In addition, the European Commission required Western Digital to sell one of Hitachi’s 3.5-inch manufacturing plants and associated intellectual property for making these drives. In return, Western Digital received a Toshiba plant that had been damaged in the Thai floods.

As of Friday, Reuters reports that Toshiba has four bidders: U.S. chipmaker Broadcom, which has partnered with private equity firm Silver Lake Partners; South Korea’s SK Hynix; Foxconn, and Western Digital. “Broadcom has put in the highest first-round offer of 2.5 trillion yen ($23 billion), while Foxconn offered 2 trillion yen,” Reuters writes. Toshiba expects to pick a final winner by its shareholders’ meeting in June. It’s also expected that the company will receive some level of government bailout.

The sale discussion so far primarily covers Toshiba’s memory chips, not its disk drive business itself (sales of which Toshiba bragged about as recently as last month).  But it isn’t clear where, after the dust settles, the disk drives are actually going to end up. There had been some discussion in January 2016 that it was shopping around its disk drive business but nothing came of it, though some people are speculating again.

“Selling the HDD unit along with the flash unit could be one outcome, in that case Western Digital would be the obvious favored suitor, since Toshiba and Western Digital co-own NAND flash fabrication facilities and Western Digital has an established HDD business,” writes Tom Coughlin for Forbes. “Would the Japanese government consider co-ownership of the memory plant with Western Digital, which already owns part of the Toshiba/WD joint memory fabs in Japan, in order to keep flash production in Japan and out of the hands of the Chinese? Would WD get Toshiba’s HDD business as part of such a deal?” Toshiba could also sell the business to Seagate, he adds.

Hard drives could be most of what Toshiba has left.

March 31, 2017  2:13 PM

What Cake Goes With World Backup Day?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Backup, Storage

Think you’ve missed World Backup Day? It’s not too late. World Backup Day is one of those days that can be celebrated throughout a week – or even all year round.

In case you haven’t heard about it, World Backup Day is always celebrated on March 31, the day before April Fool’s Day, presumably to protect oneself against “tricks.” It’s intended to encourage users to set up regular backup practices for their data, both business and personal.

It tells you how mainstream it’s becoming when the New York Times does an article carefully explaining all the different types of data people have and how to back up each one.

Hopefully, in this day and age, not too many people need to be reminded to back up their systems. Though according to the World Backup Day website, 30 percent of people have never backed up their systems. Why? “Of users reporting that they have no backup solution in place only around seven per cent believe their data is secure without a backup,” reports Kroll Ontrack in a recent survey. “When asked why they chose to forego a backup solution, around 14 per cent of respondents worldwide said the quest for the right backup solution and the expense of managing the solution once installed, entailed too much work.”

That said, even if you think you already back up your data, there’s nothing wrong with making sure – as well as making sure that you can get the data back again should something happen with your system. Kroll reports that 24 per cent of respondents admit to never testing backups; the same percentage of respondents said they test backups at least once per week. 30 per cent test backups once per month and just under 14 per cent once per year.

And with increasing concern about ransomware and cybersecurity, there’s never a bad time to make sure your data is backed up. According to a survey performed by backup vendor Acronis, 75 percent of respondents value their data more than their device – which makes sense, actually – 33 percent protect their computer’s entire system, and almost half value the cost of their data is more than $1,000.

Cloudwards recommends what it calls a 3-2-1 strategy: 3 copies, on two different types of media, and one of them stored offsite. (That said, its infographic also has the infamous “90 percent of businesses that lose data shut down within two years” statistic.)

How are people backing up their data these days? According to Kroll, around twice as many users (about 33 per cent) as last year report they make backups online. At the same time, tape is experiencing a resurgence; 17 per cent of businesses and consumers back up their data on tape, up from about eight per cent in 2016, Kroll reports. “In the UK, 63 per cent of respondents said they back up daily, compared to 44 per cent of survey respondents based in other countries,” the company writes. “More than 18 per cent of respondents back up their data once per week, and almost 16 per cent once per month. Only around four per cent said they back up data only once annually.”

The best part about World Backup Day is the various sales and specials that vendors offer. Vendors such as Acronis, AOMEI Backupper, and Quadric Software are offering sales today, this week, or even longer, associated with World Backup Day. How to find them? Check out the #WorldBackupDay hashtag on Twitter and Facebook, or the World Backup Day page on Facebook.

The bad news? Even if you do back up your data, chances are that you could still end up losing data, according to the Kroll survey, perhaps by not remembering to include all devices and data sources in a backup plan. “Of the respondents who lost data, only 35 per cent did not have a (current) backup,” the survey notes. “A quarter of respondents also reported that their backup failed to work properly. Of the users who experienced data loss and had access to a backup, 67 per cent said they were able to restore almost all their data, while another 13 per cent were able to restore up to three quarters. 12 per cent reported that the backup was corrupted. Just under three per cent were able to restore only a small proportion of their data.”

And according to Acronis, 31 percent of data loss is due to events beyond user control.

That said, backing up data can’t hurt. And besides, there could be cake.

March 27, 2017  4:26 PM

‘Google, How Do I Hide a Body?’

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, law, legal, privacy, Search, Security

Depending on how a certain legal case works out, you may want to become more familiar with tools such as the “incognito” feature in your browsers: Law enforcement might be able to come calling for your search history.

“A county judge in Minnesota approved a uniquely broad search warrant in conjunction with a wire fraud investigation last month that is now in the hands of Google’s lawyers,” writes Colin Wood in StateScoop. “Hennepin County Judge Gary Larson approved on Feb. 1 a search warrant filed by the Edina Police Department (EPD) that requires Google hand over ‘any/all user or subscriber information’ of Edina residents who searched for the full name of the case’s victim during a recent five-week period.”

The problem is, if the ruling stands, it’s pretty scary if you happen to be the sort of person who occasionally Googles things like “how to hide a body.” “It would establish a troubling precedent for those unfortunate enough to use the same search terms as those being pursued in criminal investigations,” Electronic Frontier Foundation staff attorney Stephanie Lacambra tells Wood.

“If Google were to provide personal information on anyone who Googled the victim’s name, would Edina Police raid their homes, or would they first do further investigative work?” writes Tony Webster, who broke the story in his blog. “The question is: what comes next? If you bought a pressure cooker on Amazon a month before the Boston bombing, do police get to know about it?”

Google has pledged to fight the warrant, calling it overbroad, and had previously rejected a subpoena to provide the same information, according to the Minneapolis Star-Tribune.

As you may recall, a somewhat similar situation came up last fall when investigators wanted Amazon to produce possible data recorded by an Amazon Echo smart home device. In that particular case, it wasn’t because investigators thought the defendant might have asked, “Alexa, how do I hide a body?” but because the device might have recorded some incidental sounds that could shed light on the crime. Amazon fought that attempt, but submitted earlier this month when the defendant said they would voluntarily give up the recordings.

Which is what makes this Google situation different. In this case, it could become incriminating to  ask, “Google, how do I hide a body?”, even if one is a writer, has puckish friends, or is simply curious. Just how incriminating it could be, though, won’t be clear until all the rulings on the case are finished.

In fact, part of Amazon’s defense was the contention that search engine results are protected, write Toni M. Massaro, Margot E. Kaminski, and Helen Norton in Slate. “Whether the First Amendment protects Amazon’s speech through Alexa reflects a debate from a few years ago about whether search engine results are protected,” write the three legal scholars. “Back in 2003, Google asserted that its search engine results were protected by the First Amendment. Eugene Volokh, a law professor at the University of California–Los Angeles known for his First Amendment scholarship, wrote a Google-commissioned white paper arguing that search engine results were like the pages of a newspaper: protectable because of editorial choices. Some agreed. Others countered that search engines were more like information platforms or conduits that should be regulated to prevent unfair behavior; or like advisers who owe duties of disclosure and loyalty to users. In 2014, a district court held that Baidu’s search engine results were in fact protected by the First Amendment, citing Volokh’s reasoning and analogizing the search engine to a newspaper. This kind of decision makes it harder to impossible to regulate search engine outputs, for better or for worse.”

(As an aside, imagine combining this with the Senate vote a few days ago to let Internet service providers sell your web browsing history to marketing companies. “I see you recently Googled ‘How do I hide a body?’ Would you like to place an order for rubber gloves, rope, a shovel, and quicklime?”)

Similarly, the so-called USA PATRIOT Act, passed in the wake of 9/11, gave the Federal Bureau of Investigation (FBI) the authority to ask libraries for patron records, so the FBI could find out if you’d checked out Terrorism for Dummies. In response, though, librarians – who are often fierce guardians of civil liberties – have stopped tracking that sort of information, so it’s not available if the FBI comes to call. (And, since many such inquiries have a gag order on them, at least one library has set up a “warrant canary” in the form of a library warning sign that read, “The FBI has not been here,” and then, in smaller type below: “Watch very closely for the removal of this sign.”)

In the meantime, think carefully about what you search for.

March 21, 2017  6:43 PM

Remember Zip Disks? These Election Departments Do

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, Storage

You may recall that a couple of years ago we ran a piece talking about how Ada County, the most populous county in Idaho, was desperately looking for Zip disks and drives to help keep its aging voting machines running.

As it turns out, Ada County isn’t alone. Apparently a lot of counties are in the same boat.

In case you don’t remember, or are too young to remember, Zip disks and drives were developed by Iomega in 1994. They were a similar size to floppy disks – thicker – but held considerably more data; they started at 100 MB and eventually went up to 750 MB. (Which, in those days, was a lot.) Another interesting distinction about them is that they could be used for either PCs or Apple computers.

Several of the major voting machines used back in the day, such as the ESS Model 650 Central Scanner, used Zip disks. And a number of the counties that considered themselves cutting-edge now have to deal with the ancient technology.

“At least once a year, staffers in one of Texas’ largest election offices scour the web for a relic from a bygone technology era: Zip disks,” writes David Saleh Rauf for the Associated Press. “The advanced version of the floppy disk that was cutting edge in the mid-1990s plays a vital role in tallying votes in Bexar County, where like other places around the U.S., money to replace antiquated voting equipment is scarce.”

Bexar County, which had more than 1 million registered voters in the 2016 election and includes the city of San Antonio,  bought its voting equipment in 2002. Now, it’s among the oldest in Texas, Rauf writes. Other states with Zip-disk voting systems include California, North Dakota, and Ohio.

2002 was a big year for acquiring voting machines in the wake of the 2000 “hanging chad” problem. “The 2002 Help America Vote Act provided $4 billion to states, but that money is largely gone,” Rauf writes. “With many state legislatures unwilling to allocate funding, election officials are left scrambling to make do.”

For example, 43 states used machines that were at least a decade old and nearing the end of their lifespans during November’s presidential election, according to the Brennan Center for Justice, Rauf writes. “Election officials in a least 31 states want to purchase new voting machines in the coming years, according to a 2015 report from the center. Most, however, don’t know where they’ll get the money.”

Here’s some examples:

  • Arkansas: Lawmakers two years ago approved $30 million for new statewide voting systems, but the appropriation was never funded, so the secretary of state’s office used leftover money in its budget to improve equipment for part of the state, Rauf writes
  • California: The secretary of state has projected it could cost up to $450 million to replace voting machines
  • North Dakota: Lawmakers recently rejected proposals for $12 million to replace voting equipment, even after being told machines could be unworkable by the next presidential cycle
  • Ohio: The elections chief is asking state lawmakers for help for counties, noting that it cost more than $100 million to replace old machines with money from the U.S. government in 2005
  • Texas: Legislation would create a program for counties to apply for a state grant to cover up to half the cost to replace voting machines

On the other hand, Johnson County in Texas says it’s fine with the Zip disk systems and doesn’t have any trouble keeping stocked up, writes Todd Glasscock in the Cleburne Times-Review.

People buying Zip disks online also sometimes get more than they bargained for, like the fellow in Houston who ended up with nine Zip disks of personally identifiable information, including Social Security numbers.

But whatever happened to Ada County? The county updated its systems before last spring’s Republican Presidential primary so that it no longer is dependent on Zip drives.

Wonder what it did with them. I think I know some people who could use them.

March 15, 2017  11:45 PM

Courts Wield ‘Spokeo’ Precedent

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

As you may recall, about a year ago the Supreme Court ruled on a case about the data aggregator Spokeo, regarding whether people could sue a company based on data it collected about them. By ruling one way, the Supreme Court could open the door to all sorts of frivolous lawsuits based on companies’ tiny procedural errors; by ruling the other way, the Supreme Court could essentially shut down the practice of class-action suits.

Instead of making either of those two decisions, the Supreme Court ruled that it wasn’t an issue because the person couldn’t prove any concrete damages caused by the errors in the Spokeo database. The computer industry heaved a great sigh of relief and went on about its business.

But Spokeo as a legal precedent hasn’t gone away. All sorts of legal cases are continuing to cite it, whether in an attempt to make a lawsuit go away, or in a legal ruling against such a lawsuit.

Some attorneys criticize the Supreme Court’s decision itself, saying that while it avoided the Scylla and Charybdis of the two potential opposing decisions, it also didn’t settle anything and in fact may have been ducking the issue. “If the Spokeo holding recounted above seems to you less than a model of clarity, your response is akin to that of counsel and courts who have struggled to apply the Supreme Court’s reasoning in the wake of the decision,” writes Devin Chwastyk  in JD Supra. “The obliqueness of the decision suggests the court merely kicked the can down the road to allow lower courts and litigants additional opportunities to develop appropriate theories for standing in consumer class actions.”

To add further fuel to the fire, the Spokeo case has different results in federal and state courts, because state courts aren’t bound by Spokeo. In other words, if a defendant uses Spokeo as a defense in federal court, having that ruling granted could simply throw the case to a state court instead, rather than make it go away completely.

“The court’s ruling in Mocek reflects that Spokeo standing arguments may not be a silver bullet for defeating class claims where the plaintiff’s injury was caused by a ‘bare procedural violation, such as those under [the  Fair and Accurate Transactions Act], the Telephone Consumer Protection Act, or the Fair Credit Reporting Act,” write Alan S. Kaplinsky, Burt M. Rublin, and Taylor Steinbacher  in JD Supra. “Indeed, successfully asserting a defense based on Spokeo may lead to the unintended consequence of remand to state court, an outcome that few defendants likely would prefer. It bears emphasis that state courts are not bound by Spokeo in making their own standing determinations.”

If nothing else, these Spokeo cases demonstrate that some people will sue over just about anything. Suing three years after leaving a gym because the gym sent him text messages asking him to rejoin, when he never even replied STOP to the texts? Suing because the employer who hired them had the credit disclosure on a piece of paper with other material on it, rather than on a single piece of paper as the law specifies? Suing a company for asking for your zip code when you buy something, by claiming it violates consumer protection laws? These are all real cases.

Next time you’re tempted to complain about your job, take heart: Instead, you could be a lawyer and have to bring, or defend, cases like this.

February 28, 2017  11:32 PM

Amazon AWS Outage Casts Doubt on Cloud

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Amazon, AWS, Cloud storage

“Don’t have your own storage! Just put everything on the cloud! It’ll always be available!”

Yeah. About that.

The Amazon Web Services (AWS) Simple Storage Service (S3) was down for some four hours earlier today, causing chaos, consternation, and first-world problems as the various services that depend on it were unable to gain access to data and images stored in it.

As you may recall, AWS was also down in 2012 due to weather – not even a hurricane, just a thunderstorm – and in 2011 due to a configuration problem. There’s something to be said for the fact that it happens so seldom that people completely lose their minds when it does, but at the same time it forces us to realize how fragile this connected world really is. The whole point of using the cloud, after all, is so the information will continue to be there even if something goes down.

It’s not that Amazon’s cloud service is so much worse than that of its competitors. If anything, it’s that it’s so widely used that any sort of glitch tends to have really big ramifications. In this particular case, 148,213 sites  use the S3 system, according to Elizabeth Weise in USA Today.

“Sites like Imgur, Medium, Expedia, Mailchimp, Buffer and even the U.S. Securities and Exchange Commission were all impacted, as were communication services like Slack,” writes WCMH. “Also ironically impacted, DownDetector.com, which is a website that tracks when other websites are down.”

“Some of the services affected included Amazon Prime Video and Amazon Music,” writes Janko Roettgers in Variety. “But the outage also affected numerous third-party websites, apps and services.  A number of web publishers, including The Verge and Axios, were unable to load images for their articles. Other media sites, including Business Insider, weren’t able to publish any new stories at all for hours. The outage also affected phone support systems at a number of companies and public agencies, including Boston’s public transit agency and the app-based investment service Acorns. The secure messaging app Signal reported on Twitter that users weren’t able to attach images to their messages. And an outage of the cloud-based scripting and control service IFTTT even led to internet-connected light bulbs ceasing to function, according to user reports.

In fact, so dependent is the world on this particular piece of AWS, based on the East Coast, that Amazon itself  got burned by the outage. “Amazon wasn’t able to update its own service health dashboard for the first two hours of the outage because the dashboard itself was hosted on AWS,” Weise writes.

Maybe, for disaster recovery purposes, Amazon want to re-think that decision? Just a thought.

Why it was down, Amazon hasn’t yet said, other than blaming “high error rates,” though that is likely a symptom rather than a cause. Weise quoted Gartner analyst Lydia Leong  as saying that the most common causes of this type of outage are software-related, either a bug in the code or human error. And the primary way to protect against it is to have multiple backups of the data, she adds. “Only the most paranoid, and very large companies, distribute their files across not just AWS but also Microsoft and Google, and replicate them geographically across regions  —  but that’s very, very expensive,” she tells Weise.

Variety notes, for example, that Netflix stayed up during the outage, likely because it had redundant storage on other services.

As far as what to do in the future, there’s really not much to add to what I wrote in 2011 when this happened:

“Organizations that use the cloud — anybody’s cloud, not just Amazon’s — should take this as a wake-up call. Even if you weren’t affected by this outage, you could be on the next one. Don’t just have a backup. Have a backup for the backup. Yes, it costs money. How much money does it cost for your business to be out for a day?”

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: