Tag Archives: California

True Video Lies

This is a longer version of a piece I recorded for the BBC World Service.

The other day my wife lost her phone out shopping. We narrowed it down to either the supermarket or the taxi. So we took her shopping receipt to the supermarket and asked to see their CCTV to confirm she still had the phone when she left.

To my surprise they admitted us into their control room. Banks of monitors covering nooks, crannies, whole floors, each checkout line. There they let us scroll through the security video—I kind of took over, because the guy didn’t seem to know how to use it—and we quickly found my wife, emptying her trolley at checkout line 17. Behind her was our daughter in her stroller, not being overly patient. It took us an hour but in the end we established what look liked a pretty clear chain of events. She had the bag containing the phone, which she gave to our daughter to distract her at the checkout. One frame shows the bag falling from her hands onto the floor, unnoticed by my wife.

Then, a few seconds later, the bag is mysteriously whisked off the floor by another shopper. I couldn’t believe someone would so quickly swoop. The CCTV records only a frame a second, so it took us some time to narrow it down to a woman wearing black leggings, a white top and a black belt. Another half hour of checks and we got her face as she bought her groceries at another till. No sign of the phone bag by this time, but I was pretty sure we had our man. Well, woman.

Except I’m not sure we did. What I learned in that control room is that video offers a promise of surveillance that doesn’t lie. It seems to tell us a story, to establish a clear chain of events. But the first thing I noticed was when I walked back out into the supermarket, was that how little of the floor it covered, and how narrow each camera’s perspective was.

For the most part we’ve learned that photos don’t always tell the truth. They can be manipulated; they offer only a snapshot, without context. But what about videos? We now expect to see cameraphone footage in our news bulletins, jerky, grainy recordings taken by unseen hands, raw and often without context.

This is not to say videos are not powerful truth tellers. But we tend to see what we want to see. When a policeman pepper sprays protests at the University of California there is outrage, and it does indeed appear to be unwarranted. But when four of the videos are synchronized together a more complex picture emerges. Not only can one see the incident within context, but also one gets a glimpse of a prior exchange, as the officer explains what he is about to do to one protester, who replies, almost eagerly: “You’re shooting us specifically? No that’s fine, that’s fine.”

This is not to condone what happens next, but this exchange is missing from most of the videos. The two videos that contain the full prelude are, of course, longer, and have been watched much fewer times: 12,658 (15 minutes) and 245,226 times (8 minutes) versus 1,346,781 times (1 minute) for the one that does not  (the other video has since been taken down).

I’m not suggesting that the more popular video has been deliberately edited to convey a different impression, but it’s clearly the version of events that most are going to remember.

We tend to believe video more than photos. They seem harder to doctor, harder to hoodwink us, harder to take out of context. But should we?

It’s true that videos are harder to fake. For now. But even unfaked videos might seem to offer a version of the facts that isn’t the whole story. Allegations that former IMF president  Dominique Strauss-Kahn may have been framed during a sexual encounter at a New York Hotel, for example, have recently been buttressed by an extensive investigation published recently in the New York Review of Books. There’s plenty of questions raised by the article, which assembles cellphone records, door key records, as well as hotel CCTV footage.

The last seems particularly damning. A senior member of the hotel staff is seen high-fiving an unidentified man and then performing what seems to be an extensive dance of celebration shortly after the event. This may well be the case, but I’d caution against relying on the CCTV footage. For one thing, if this person was in any way involved, would they not be smart enough to confine their emotions until they’re out of sight of the cameras they may well have installed themselves?

Back to my case: Later that night we got a call that our phone had been recovered. The police, to whom I had handed over all my CCTV evidence, said I was lucky. A woman had handed it in to the mall’s security people. I sent her a text message to thank her. I didn’t have the heart to ask her whether she had been wearing black trousers and white top.

But I did realise that the narrative I’d constructed and persuaded myself was the right one was just that: a story I’d chosen to see.

Google Suggest: Your Company + Scam

image

I find that the auto suggestions feature from Google Suggest in the Firefox search box very useful. But perhaps not in the way it was intended.

Google Suggest works via algorithms that “use a wide range of information to predict the queries users are most likely to want to see. For example, Google Suggest uses data about the overall popularity of various searches to help rank the refinements it offers.” In other words,  type one word and Google will tell you the next word most likely to be typed after it. Type “dimitar” and the most likely second word will be “berbatov” (this may not been a lot to non-soccer fans, but trust me, the two words go together like rock and roll for the rest of us):

image

This can be useful, or at least revealing.

For example, I received one of those awful pieces of spam from Tagged.com that give the whole social networking thing a bad name:

image

Click on the “Click here to block all emails from Tagged Inc., 110 Pacific Mall Box #117, San Francisco, CA. 94111” and you’re taken to a page where you’re asked to sign in or sign up. A sure sign of a scam if ever there was one; what happened to opting out a la CANSPAM?

image

So I figured I should Google these clowns and see what’s being said about them. Type their name into the Firefox search box, and then hit the space bar, and this was what Google offered me as the most popular search terms:

image

Having your product name coupled with “spam” and “scam” in its top three searches can’t be good.

Needless to say, tagged.com is a scam, at least in the way it tries to hoodwink users into signing up and signing up their friends. Here’s how the excellent and resourceful Amit Agarwal recommends you get rid of it from your inbox. It’s a shame that so many apparently good names are involved in something so blatantly anti-social and spammy. At what point do these people feel they’ve lost the game and allow corners to be cut? One of the founders even spoke at last year’s Authentication and Online Trust Summit for crying out loud.

The bigger issue is how to stop these sites from damaging social networking further. But that’s for another day. For now, using Google Suggest is a good quick way to know whether you’re on a hiding to nothing if you even click on a link in one of these emails. Take another scam networking site I’ve written about recently, Yaari. Its Google Suggest juice comes out looking similarly dodgy:

image

Compare that with something a bit more bona fide, like LinkedIn:

image

While this is a useful tool for us, I’m guessing that the companies involved are going to be hiring some drones to try to massage these results so they don’t look quite so  bad.

The New Newswire: a Dutch Student Called Michael

Twitter is now a news service in its own right. ReadWrite Web, an excellent website dedicated to Web 2.0 stuff, points out that the recent earthquake in England–not that unusual in itself, apparently, but rarely actually strong enough to be felt by humans—was reported first by Twitterers and by a Twitter-only news service called BreakingNewsOn (www.twitter.com/BreakingNewsOn): 

This story broke over Twitter in the past half hour, and nothing is up yet on the BBC sites, the Guardian, or the Telegraph. This story is breaking live on Twitter.

Looking at the situation a few hours later, it’s certainly true that mainstream websites have been a bit slow with the story. From what I can gather, the timeline is something like this (all times are in GMT):

Quake hits south of Grimsby 00:56  
First tweets 00:57  
BreakingNewsOn 00:59 (“Unconfirmed reports of earthquake in London”)
BreakingNewsOn 01:01 (“Reports of earthquake, working to confirm”, followed by lots of tweets)
BreakingNewsOn 01:10 (confirmation from European-Mediterranean Seismological Centre)
Dow Jones Newswires 01:29 (quotes BBC report)
Associated Press 01:30 (garbled alert)
Reuters 01:36 (“Quake shakes Britain, no casualties reported”)
AFP 01:45 (“Moderate quake shakes Britain”)
BBC twitter feed 01:56 (“Tremors felt across England”)

There may be some holes in here: I don’t have the exact time when the BBC website first carried the story, but I’m guessing it’s a few minutes before the wires. And this is not the first BreakingNewsOn has been ahead: It was, according to some reports, first on the Benazir Bhutto assassination, although I’ve not been able to confirm that. 

So who or what is BreakingNewsOn, and how does it scoop the big guys on their own turf? The service is actually pretty much one guy, a 20-year old Dutch student called Michael van Poppel, according to this interview by Shashi Bellamkonda. He is a news junkie, and makes money from it too, doing something called web-trawling—searching the net for stuff he can sell to the big players. (He was the guy who last September dug up a videotape of Osama bin Laden, which he then sold to Reuters.) 

Van Poppel works with a couple of other people and is clearly experienced and voracious in hoovering up web content. But it’s also about citizen journalism, crowd sourcing, whatever you want to call it: in the case of the UK quake, the first alerts actually came from witnesses, who twittered about the jolts they felt; it was BreakingNewsOn’s skill in harvesting that information, and staying sufficiently close to its readers for them to think to share their experience, that led to the fast turnaround. 

Of course, there’s much about this that is new. Everyone is now a reporter, if they find themselves in the middle of news. And everyone can be a media publisher: In this case it’s one 20-year old student with a twitter feed and an Internet-connected computer. And, finally, everyone can now subscribe to that once holiest-of-holies: a newswire service that updates in real time. Only now it’s not called a Reuters terminal or a Bloomberg but Twitter. 

But behind that, not much has changed. I’ve covered a few quakes in my time, and it’s all about finding the stuff out quickly by getting it out quickly. Nothing much has changed. No one was injured or killed, and it sounds like there was no falling masonry or damage to buildings. But that’s no excuse: earthquakes are news, and especially if they’re the strongest in the country for more than two decades

Twitter is perfectly suited for breaking news, because it’s all about short pithy sentences and updates. As ReadWrite Web points out, during the California wildfires last year, Twitter and other citizen journalism tools were used by people on the ground, scooping the mainstream press. And all this offers some lessons for the mainstream press that it would be wise to absorb: 

  • Mainstream media cannot afford to be slow off the mark on stories like this, since their value to high-paying subscribers is intimately tied to their speed;
  • Alert streams are no longer the province of market traders;
  • Traditional media needs to find a way to work with these new sources of news, or else find a way to add value that such services cannot. In this case it could have been finding a way to reflect in the headlines the unusual nature of this event;
  • Traditional media has to both monitor these new sources of news–the tweets from ordinary folk surprised to be shaken awake by a tremor—and work with them to ensure that they, too, benefit.

Some might say that what van Poppel does isn’t news. I’d contest that. He did everything right in reporting the story: it’s big enough an event to merit an “unconfirmed” snap, a quick follow-up which contains what we old newshounds would call an advisory letting subscribers know what he’s doing and to expect more. When he got confirmation he put out, all within 10 minutes. That’s a time-tested, old-fashioned and reasonable news approach. He leveraged the new media, but he showed an understanding of news values and what his readers needed. 

Kudos to him. We all could learn a lesson.

(An extended version of this post is available for publication to newsprint media as part of the Loose Wire Service. More details here, or email Jeremy Wagstaff directly.)

The Real, Sad Lesson of Burma 2007

Reuters

I fear another myth is in the offing: that Burma’s brief uprising last month was a tipping point in citizen journalism. Take this from Seth Mydans’ (an excellent journalist, by the way; I’m just choosing his piece because it’s in front of me) article in today’s IHT:

“For those of us who study the history of communication technology, this is of equal importance to the telegraph, which was the first medium that separated communications and transportation,” said Frank Moretti, executive director of the Center for New Media Teaching and Learning at Columbia University.

or this, from Xiao Qiang, director of the China Internet Project and an adjunct professor at the Graduate School of Journalism at the University of California at Berkeley, quoted in the same piece:

“By shutting down the Internet they show themselves to be in the wrong, that they have something to hide,” he said. “On this front, even a closed-down blog is a powerful blog. Even silence on the Internet is a powerful message.”

There are a couple of things here. None convinces me either of the above is true.

First off, the first Burma uprising, back in 1988, was not conducted or repressed in a media blackout. Journalists were able to get in, and get out extraordinary, iconic images. One still sticks in my mind, and I wish I could find it: a photo splashed across the cover of Newsweek of an impossibly beautiful female demonstrator, blood soaking her longyi and her face a mask, as she was carried by comrades through the wet streets of Rangoon. The junta took its time in closing down the media, but 1988 was no different to 2007: when they did pull down the shutters, they did it completely.

It’s true that there have been a lot of images, videos and information finding its way out via both the Internet and sympathetic agencies and embassies. This is not greatly different to 1988. People had cameras back then, and were extremely inventive in how they got information out. I would get calls all the time in Bangkok from people smuggling out cassettes, photos and other material. When I visited Rangoon in 1990 the NLD headquarters was a mine of printed and other information of strikingly high quality.

Burma’s generals are cleverer than the image they portray. Back in 1988 they bided their time, allowing all those who opposed them to show themselves, from students and monks to government departments and even soldiers. Their parading in the streets, watched by spies and plain clothes officers, made it easy for them to purged later. The same thing, it seems, is happening today: As another story in the IHT on the same day by Thomas Fuller wrote, loudspeakers on trucks and helicopters are telling terrified citizens

“We have your pictures. We’re going to come and get you.”

They may lack the sophistication of a more civilized form of repression, but Burmese leaders understand the importance of photographs and videos as evidence, and I fear all those pictures posted on blogs, on YouTube, on television, in emails sent out of the country, will all resurface in show trials in months to come.

Xiao Qiang’s point about the blackout showing the world who these generals really are is to me naive. No one, I believe, was under any illusion about what these people were like, or the lengths they were prepared to go to preserve their position. The ‘democratic’ process that was underway was a fig-leaf as old as 1990, when the NLD won the election I witnessed. In other words, 17 years old.

More importantly, as far as technology is concerned, I don’t think that silence on the Internet is any different to a news blackout. It’s the most effective way for people to stop paying attention. Initially there’s outrage, then people shrug and move on. Soon Burma will be back to what it has been for the past 19 years — a peripheral story, a sad but forgotten piece of living history. Soon the Facebook groups and red-shirt days will fade.

I would love to think it was and will be different. I would love to think that technology could somehow pry open a regime whether it pulls the plug or not. But Burma has, in recent weeks and in recent years, actually shown the opposite: that it’s quite possible to seal a country off and to commit whatever atrocities you like and no amount of technology can prevent it.

By holding the recent uprising as an example of citizen journalism and a turning point in the age of telecommunications we not only risk misunderstanding its true lesson, but we also risk playing down the real story here: the individual bravery and longtime suffering of the Burmese people who had, for a few heady days, a flickering of hope that their nightmare was over.

How to Rip People Off Like Disney World

If you’ve ever visited Disney World, or some other overpriced resorts (last year I visited Warwick Castle and Legoland in the UK, both appallingly people-traps) you’ll have done what I did: vow never to come back. Of course, the companies running these places both know that and don’t care — which is why they are ripping you off royally while they can.

Seethu Seetharaman, an associate professor of management at Rice University’s Jesse H. Jones Graduate School of Management, calls it a variety-seeking market and says it doesn’t just apply to tourist attractions:

Turns out that the resorts in Orlando are in a market where consumers want variety. Indeed, if a family is in Orlando for a week or more, there is little chance — at least if parents and children want to remain on speaking terms at vacation’s end — that they’ll do the exact same thing day after day. Instead, they’re likely to visit both Universal and Disney World and take in as many different rides and sights as possible; in other words, they’ll seek variety.

Seetharaman says that the same is true of people who are too lazy to shift brands: what he calls consumer inertia:

Using a mathematical model, Seetharaman, along with his research partner Hai Che, an assistant professor of marketing at the University of California at Berkeley, was able to determine that the impact on price in both variety-seeking and inertial markets is similar. “The main point of the paper is that in markets where consumers seek variety, firms have an incentive to rip them off,” he says. “The surprise is that when markets are characterized by the opposite of inertia, the exact same incentive in terms of price competition that characterized inertial markets goes through as well.”

Basically, we’ll pay to go to Disney World whatever it costs, especially if we’ve already gone to Universal Studios or whatever else is within our daily trip radius. To that I’d add a couple more observations:

  • it pays to charge at least what rivals in the neighborhood are charging, because if a family has shelled out once, they’re likely to shell out again.
  • Secondly, customers may well equate price with the quality of experience; there’s no point in trying to undercut your rivals because that would imply the experience you’re offering is not as valuable as theirs.
  • This doesn’t seem to stop these kinds of resorts from trying to gain loyalty. There’ll always be some families who want to come back each year, so it makes sense to offer them a steep discount.
  • The only problem I see with all this is that while you want to have a boisterous, noisy crowd, if the queues are too long you may scare away some visitors from the whole concept. In that sense the companies are not rivals at all, but are partners in trying to lure more and more families into the idea of vacationing at these places. Which, as an afterthought, raises the question: should we be thinking cartels and price fixing?

Seetharaman concludes:

None of this comes as a big surprise to companies involved in a variety-seeking market. “The firms know this. They know this market is characterized by variety, so they know that they are going to eventually get their competitor’s previous customers,” says Seetharaman. “Knowing this they are actually trying to rip them off.”

Rice University | Explore Rice

del.icio.us Tags: , , ,

Bald-headed Britney and the Lost Art of Linking

I think we’ve missed a big trick with links. You know, those underlined words on a web page that take us somewhere else. They’ve been around a while now, so you’d think we’d have explored them a bit, built a little etiquette around them, what to do, what not to do when you link to something else. After all, by turning a word, an image or a button into a link you’re building a door into another world, sort of.

Links are great, it’s just we don’t know how to use them. When we come across a link like this, we’re automatically thrown into confusion: Where does the link go? Do we click on the link and stop reading what we’re reading? Do we not click on the link and keep reading and make a mental note to come back and click on the link later and yet never do? Do we click on the link and open it in a new window? A new tab? A new computer? And then what happens?

Sure, something similar happens in newspapers. You come to the end of the page, and there’s a link to what we professional journalists call The Jump. As in DRUGS, continued on page 4. CARS, continued on page 5. TEDIUM, continued on page 7. UK satirical magazine Private Eye realised these links’ comic possibilities by adding Continued on page 94 at the bottom of its sillier pieces until the term entered the lexicon itself. Wikipedia explains the phenomenon with its usual literalness (“No issue of Private Eye has ever run to anywhere near 94 pages.”)

But this doesn’t induce the same confusion as online. What are we supposed to do when confronted with a link that doesn’t explain where it’s going? When I insert a link under the words “Wikipedia explains” above, you don’t have to be a genius to figure out I’m linking to the Wikipedia entry on Private Eye. But most of the time that doesn’t happen. Most of the time we have no idea what words are linking to what. Don’t bother clicking on any of those links; I was just trying to make a point. Which is this: Words or phrases with links on that aren’t clear where they’re going would be like marking doors with obscure labels like ’open’ or ‘Ffortescue was here’ or ‘door’. (And don’t get me started on those links that look as if they’re going one place and actually go to another internal page, like the company links in this page at Webware.)

Which is why I like MTV’s website and their coverage of Britney Spears going Rehab AWOL again. OK, so the links don’t go outside the site but to other MTV stories, but I both admire the fact that MTV explains what they’re linking to in the link, and the, er, clarity it throws on Britney’s recent lifestyle deviation.

This time, her family and manager intervened, and announced yesterday that Spears had voluntarily entered rehab (see “Britney Spears Checks Into Rehab”).

Now that’s a link that explains itself. Actually it explains itself so well you don’t really have to click on it. Plus it really bolsters the bald (sorry) assertion that precedes it. You’ve got to hand it to MTV . No silly, teasing but vague headlines for them. These guys probably moonlight at Wikipedia.  Like this one:

After returning from her first trip to rehab, Spears made a shocking public appearance Friday night, debuting her newly shaved head at a tattoo shop in Sherman Oaks, California (see “Britney Spears Shaves Head, Gets Tattoo”).

or my personal favorite (The combination of story and the title of the link would not look out of place in Private Eye itself):

“She is obviously in a lot of pain and needs help immediately,” agreed Doreen Seal, the mother of Jason Alexander, a longtime family friend to whom Spears was briefly married (see “Britney On Her Marriage: Vegas Made Me Do It”).

Maybe it’s just Britney’s story naturally lends itself to links that make sense. But I would wager that it’s more MTV’s excellent linking that leaves us in no doubt of what we’re clicking on. I’m going to take a leaf out of their book and practice safe Link Labeling from now on (see “Loose Wire on Linking: Britney Made Me Do It”)

Technorati tags: , , ,

From the Ashes of Blue Frog

The Blue Frog may be no more,  but the vigilantes are. Seems that despite the death of Blue Security in the face of a spammer’s wrath, the service has built an appetite for fighting back. Eric B. Parizo of SearchSecurity.com reports on a new independent group called Okopipi who intend “to pick up where Blue Security left off by creating an open source, peer-to-peer software program that automatically sends “unsubscribe” messages to spammers and/or reports them to the proper authorities.”

Okopipi has already merged with a similar effort known as Black Frog and has recruited about 160 independent programmers, who are dissecting the open source code from Blue Security’s Blue Frog product. The idea seems to be the same: automatically sending opt-out requests to Web sites referenced in received spam messages, the idea is to over-burden the spammer’s servers (or those of the product he’s advertising) as a deterrence and incentive to register with Okopipi. By registering he can cleanse his spam list of Okopipi members.

Some tweaks seem to be under consideration: Processing will take place on users’ machines and then on a set of servers which will be hidden to try to prevent the kind of denial-of-service attack that brought down Blue Frog.

Possible problems: I noticed that some of the half million (quite a feat, when you think about it) Blue Frog users were quite, shall we say, passionate about the endeavour. These are the kind of folk now switching to Okopipi. This, then, could become an all-out war in which a lot of innocent bystanders get burned. The Internet is a holistic thing; if Denial of Service attacks proliferate, it may affect the speed and accessibility of a lot of other parts of it, as the Blue Frog experience revealed. (TypePad was inaccessible for several hours.)

Another worry: Richi Jennings, an analyst with San Francisco-based Ferris Research, points out on Eric’s piece that project organizers must ensure that spammers don’t infiltrate the effort and plant backdoor programs within the software. “If I’m going to download the Black Frog application,” Jennings said, “I want to be sure that the spammers aren’t inserting code into it to use my machine as a zombie.” I guess this would happen if spammers signed up for the service and then fiddled with the P2P distributed Black Frog program.

Another problem, pointed out by Martin McKeay, a security professional based in Santa Rosa, Calif., that spammers will quickly figure out that the weak link in all this is it rests on the idea of a legitimate link in the email for unsubscribing, and that spammers will just include a false link in there. Actually I thought the link Blue Frog used wasn’t unsubscribe (which is usually fake, since if it wasn’t would then pull the spammer back within the law) but the purchase link. How, otherwise, would folks be able to buy their Viagra?

One element I’d like to understand better is the other weakness in the Blue Frog system: That however the process is encrypted, spammers can easily see who are members of the antispam group by comparing their email lists before and after running it through the Blue Frog/Black Frog list. Any member who is on the spammer’s list will now be vulnerable to the kind of mass email attack that Blue Frog’s destroyer launched. How is Okopipi going to solve that one?

The Lego Scam

A man after my own heart: AP reports that a man has been arrested accused of stealing a truck full of Lego:

A 40-year-old man is behind bars, accused of stealing hundreds of thousands of dollars of a toy geared toward the 6-and-up crowd: Legos. To haul away the evidence, agents working for the U.S. Postal Inspector said they had to back a 20-foot truck to William Swanberg’s house in Reno, Nev., carting away mountains of the multicolored bricks.

Swanberg was indicted Wednesday by a grand jury in Hillsboro, a Portland suburb, which charged him with stealing Legos from Target stores in Oregon. Target estimates Swanberg stole and resold on the Internet up to $200,000 of the brick sets pilfered from their stores in Oregon as well as Utah, Arizona, Nevada and California.

When no one was looking, Swanberg switched the bar codes on Lego boxes, replacing an expensive one with a cheaper label, said Detective Troy Dolyniuk, a member of the Washington County fraud and identity theft enforcement team.

Target officials contacted police after noticing the same pattern at their stores in the five western states. A Target security guard stopped Swanberg at a Portland-area store on Nov. 17, after he bought 10 boxes of the Star Wars Millennium Falcon set. In his parked car, detectives found 56 of the Star Wars set, valued at $99 each, as well as 27 other Lego sets. In a laptop found inside Swanberg’s car, investigators also found the addresses of numerous Target stores in the Portland area, their locations carefully plotted on a mapping software.

Records of the Lego collector’s Web site, Bricklink.Com, show that Swanberg has sold nearly $600,000 worth of Legos since 2002, said Dolyniuk.

Interestingly, folk seemed to have been quite happy to deal with Swanberg on Bricklink.com. He’s been registered on the site since 2002, earning praise from more than 6,000 users, and getting complaints from only 11. He was still shipping up until the last minute: Eight folk posted praise about dealing with him on the day or after he’d been indicted. Only one person seemed to harbour doubts: That person wrote on November 19, four days before Swanberg was indicted: “Wish I knew where these came from…”

Actually, this kind of scam is well documented, and may be a copycat theft. Eagle-eyed readers may recall a piece I wrote a few months back about Douglas Havard, a phisher who was jailed in June for conspiracy to defraud and launder money. According to an earlier piece in the Dallas Observer Havard used to steal expensive Lego sets by switching price tags on Lego boxes. The only difference was that Havard was printing his own price stickers.

What is it with Lego that turns people into criminals?

The Smell of Sterile Burning

There’s a growing noise about Sony’s apparent attempt to install digital rights management software usually associated with bad guys trying to maintain control of a compromised computer: Mark’s Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far:

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.

The comments below Mark Russinovich’s post reveal not only growing frustration with such clumsy attempts to control what users do with CDs they buy from legitimate sources, but it may also prompt a class-action suit against the company in the U.S. since early versions of the End User Licence Agreement on the software may not have covered such software installation. A representative of SF-based Green Welling LLP has posted a comment asking to hear from “any California residents that have experienced this problem before the EULA was changed. We have looked at many DRM cases and Sony went too far with this particular scheme”. (The End User License Agreement originally, according to Russinovich, made “no mention of the fact that I was agreeing to have software put on my system that I couldn’t uninstall”.) Bruce Schneier asks whether Sony may have “violated the the Computer Misuse Act in the UK? If this isn’t clearly in the EULA, they have exceeded their privilege on the customer’s system by installing a rootkit to hide their software.”

Sony deny that their software is malware or spyware: Their FAQ says “the protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User License Agreement.”

According to eWeek, the technology has a name: ‘sterile burning’. And it’s built by a British company called First 4 Internet, whose CEO, Mathew Gilliat-Smith, is quoted as saying it’s not a rootkit but part of a copy protection system designed to balance security and ease of use for the CD buyer. First 4 Internet call it XCP for Extended Copy Protection which “aims to provide effective levels of protection against the unauthorised copying of digital audio and data files without compromising sound quality and playability. XCP helps to protect the rights of Artists and Record Labels while accommodating consumer needs for ‘fair use’ copying.” More specifically, it

protects the content of an audio disc without compromising playability or quality. By using a range of methodologies, including the construction of multiple protection layers, limiting the ROM player accessibility to the provided player software and encapsulating the Red Book audio content, XCP can be used by content owners to help protect digital content from unauthorised copying.

It was first shipped by Sony BMG in March. A new version has been developed with features which, eWeek says, “respond to many of the questions Russinovich raised in his analysis” and will be available in new Sony BMG CDs. But will it be too late by then? Who in their right mind would risk buying a Sony BMG CD?

Publishers Upset By Google Initiative

Did Google check first with publishers before announcing its digital library initiative. Nature reports that publishers are irritated  because they weren’t:

Late last year, Google, based in Mountain View, California, announced a decade-long project to scan millions of volumes at the universities of Harvard, Stanford, Michigan and Oxford, as well as the New York Public Library. The resulting archive would allow computer users worldwide to search the texts online. But some publishers complain that they weren’t consulted by Google, and that scanning library collections could be illegal.

Not everyone agrees: The story quotes Peter Kosewski, director of publications and communications at Harvard University Library, as saying the library believes that the way Google intends to handle copyright works is consistent with the law. Harvard is carrying out a pilot with Google on 40,000 titles before making a decision on digitizing its entire 15-million-volume collection. “We have a number of questions that will be answered by the pilot project, and that includes copyright issues,” he says. “We think it is a great programme Google has put together.”