Late last week, the New York Times dropped the not-so-surprising revelation that the US government has its nose deep into the world’s largest international financial database, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) database, looking for leads on terrorist activity. If you haven’t been following this story, then you’ll want to jump down to the last part of this post, because I’m first going to dive right into why I support this particular antiterror program.
Regular Ars readers who’re familiar with my previous, critical coverage of other invasive, electronic snooping programs—criticism that goes all the way back through the Carnivore/ECHELON days and extends right up to the NSA’s domestic surveillance program (formerly TIA)—might be surprised that I could support a program that taps into international financial records and looks for terrorist connections. Isn’t such activity just as invasive and scary as the NSA listening in on our phone calls and reading our email? In a word, no.
Working with the market vs. working against the market
Anonymity is the enemy of commerce. This has been true four millennia, and it’s even more true in our modern world of cashless commerce than it was in antiquity. Our entire modern financial system is built on the ability to verify the identity of all the parties involved in market transactions, either directly or by using a proxy like verifying that a particular credit card transaction fits the cardholder’s typical purchasing behavior.
My point here is that, when the US government dips into a large financial database in an attempt to trace money as it flows between parties, they know exactly who they’re spying on. The SWIFT snooping program works because the feds can start working their way through the network of transactions at a known node—a terrorist or terrorist financier. They then can look to see who that person is dealing with, and who their contacts are dealing with, and so on. This is the polar opposite of the NSA program, in which the government starts with a data flow and then tries to figure out identities of all the parties involved in the communication.
It is crucial that critics of the NSA program, and of other technologies of mass surveillance (TMS) efforts, keep these two types of programs separate. The SWIFT program makes sense, because you begin with a discrete and inherently finite collection of identities and try to trace the myriad connections between them. In contrast, the NSA program attempts to work in the opposite direction, from an overwhelming volume of connections to a very small pool of identities. If the former program works, it’s because the financial industry has gotten very good at identifying all the parties to a transaction; if the latter program works, it’s because we got lucky and happened to be snooping the right call at the right time.
Let me put this in market terms: there are massive, overwhelming incentives for the financial community to be able to verify the identity of each node in a network of financial transactions; as I just said, business is built on this knowledge and the trust that it engenders. This is not true for telecom networks, where the incentives are structured to reward transport capabilities—bandwidth, quality of service, access, on-time delivery, etc.—between nodes that may or may not be anonymous.
Thus the SWIFT snooping program exploits the strengths that the market has endowed financial databases with, while the NSA snooping program is fighting an uphill battle against the ever growing volume of communications data that the market demands from telecom networks.
Oversight is key
Although I think that the SWIFT snooping program is a good idea, I almost certainly wouldn’t support a similar program for snooping domestic transactions. Why? Because I’m one of those “give me liberty or give me death” fanatics, which means that I have two main criteria for any kind of government program that involves spying on innocent citizens:
- Operational effectivenessOversight
There’s so much international money tied up in the integrity of the SWIFT database that I have a fairly high degree of trust that the SWIFT snooping program is subject to strict controls and international oversight. We’re not talking about a domestic company that’s going to roll over for the feds, and a Congress that’s going to look the other way while the Executive branch does whatever it likes. There’s real money at stake here, and much of it belongs to foreigners who are going to be concerned about things like corporate espionage and the US using the data to give domestic businesses an unfair edge.
A very short intro to the SWIFT database story
One of the US government’s first priorities in the aftermath of 9/11 was to strike terrorism right in the pocketbook. It was in the context of their attempts to freeze terrorist assets and to trace the sources of funding for international terror organizations that the Bush administration first learned of the SWIFT database. They immediately moved to gain access to it, and at one point they allegedly wanted a copy of the entire thing for antiterror purposes.
Here’s the NYT’s description of the SWIFT international banking database:
Swift’s database provides a rich hunting ground for government investigators. Swift is a crucial gatekeeper, providing electronic instructions on how to transfer money among 7,800 financial institutions worldwide. The cooperative is owned by more than 2,200 organizations, and virtually every major commercial bank, as well as brokerage houses, fund managers and stock exchanges, uses its services. Swift routes more than 11 million transactions each day, most of them across borders.
The cooperative’s message traffic allows investigators, for example, to track money from the Saudi bank account of a suspected terrorist to a mosque in New York. Starting with tips from intelligence reports about specific targets, agents search the database in what one official described as a “24-7” operation. Customers’ names, bank account numbers and other identifying information can be retrieved, the officials said.
Immediately following the NYT’s story, the Republican outrage machine cranked into high gear over the revelations, with a chorus of right-wing bloggers, pundits, and even the President himself condemning the story as damaging to national security. In fact, by turning the outrage knob up to eleven, the administration and its surrogates have been able to turn the conversation about the program almost completely into one about freedom of the press vs. national security. (This is a move that the left has been wholly complicit in, by the way.)
For what it’s worth, I think it’s a tragedy, and probably even a threat to national security, that the NYT is our now our first line of defense against Executive overreach. That used to be the job of Congress.
Further readingSWIFT statement on compliance policyBank Data “Motherlode” in Feds’ HandsNYT reveals secret program to combat terrorist financingSWIFT: The Latest Victim of the War on Terror
Palm and Xerox have settled a nine-year-long patent battle over the handwriting-recognition technology used in the Palm handhelds. Palm will hand over US$22.5 million to Xerox, which will cover the nine years of alleged infringement and buy another seven years of patent peace for the handheld maker and copier/printer giant.
Xerox’s Unistrokes handwriting recognition was supposedly the basis for Graffiti, the text input method so familiar to millions of Palm users. After noticing the similarity between Graffiti and Unistrokes in 1997, Xerox filed suit against US Robotics, which owned Palm at the time. Back then, the Palm Pilot was in the midst of revitalizing the PDA market due in no small part to the easy-to-learn Graffiti data entry method.
Feeling the pressure from the lawsuit, Palm licensed another handwriting recognition technology, Jot, as the basis for Graffiti 2. The change to Graffiti 2 in 2003 was not welcomed by most Palm users. I remember getting a replacement Kyocera 7135 smartphone around that time that had the unfamiliar and unintuitive Graffiti 2 installed. Although Palm could go back to using Graffiti 1 if it chose to, it’s a bit late—consumers seem to have become accustomed to miniature QWERTY keyboards over the past couple of years.
Since the lawsuit was filed, the competitive landscape has changed markedly. Palm no longer rules the PDA market, and in fact, now makes devices that run Windows Mobile rather than Palm OS. Xerox, despite vigorously defending its patent, has never made an attempt to create or market its own PDA. Either way, a long patent battle is over; does the US$22.5 million Xerox settled for make the fight worthwhile?
Plenty of players in the entertainment biz have made it clear that there's not just one model for successful media distribution, but to find that perfect balance between content control and commercial success sometimes makes for very amusing results. MTV announced today that they are expanding their iTunes Music Store television offerings. This is definitely good (although not wildly exciting news) for iTunes fans. Still, after teaming up with Microsoft only a month ago to launch their own online music service, URGE, with great fanfare, it certainly raises some questions about MTV's long-term plans for online content.
New iTMS shows come from Spike TV, TV Land, Nick at Nite, Logo (okay, I've never even heard of this channel), MTV, and The N. Don't go looking for Lucy Ricardo or the whole DeGrassi gang, because offerings are more along the lines of "TNA: iMPACT" (billed as a "wrestling alternative" and I'm pretty sure they don't mean "sitting down to talk it out like civilized adults"), "Disorderly Conduct" (police out-takes?), "Viva La Bam" ("documenting the comical and chaotic life of skateboarding pro and 'Jackass' star, Bam Margera."—uhhh, thanks MTV!), and "Beyond the Break" (a teenage girl surfing drama). In other words, it's typical MTV Networks programming. One interesting nugget is the new Spike TV show "Blade: The Series." While it might be terrible, you can download the pilot for free from iTMS and judge for yourself.
What about URGE, you say? The optimist in me wants to say that URGE, unlike MTV (back in the days when it was a channel, not a network), will stay all about the music. Sounds nice, and MTV could be following Disney, who tested the video movie waters with High School Musical before making any long-term downloadable movie commitments. On the other hand, MTV's partner Microsoft has been heavily promoting URGE-rival Rhapsody. In that light, MTV strengthening their partnership with Apple is, as one Ars staffer observed, "like leaving your child in the woods to die." Time will tell, I suppose.
For now, there's nothing good on TV and the iTMS is giving away a 1 1/2 hour show about a half-vampire fighting against the forces of… other evil. You have no excuse for being bored.
This week has seen plenty of conjecture about that online payment service Google was about to launch. Well, now the service is here and it’s not the PayPal killer many expected. Our own Jeremy stood apart from the crowd by telling you so weeks ago.
The new service, called Google Checkout, is meant to give businesses an easy way to charge for their wares, and to relieve customers from the hassle of keeping track of multiple accounts with online merchants. As a shopper, you’ll need a Google account to use the Checkout service, and the signup asks for your address, phone number, and the usual details on a major credit card. You only have to do this once, and then you’re ready to check out online purchases from stores like Starbucks, Buy.com, and Tweeter with just a couple of clicks. The appeal of Google Checkout for us punters is its simplicity, along with having a single interface across multiple stores.
For the vendor, Google takes a smaller cut of payments than eBay’s PayPal does. PayPal starts at US$0.30 plus 2.9 percent of the total payment, but Google lowballs that with $0.20 and 2 percent, respectively. In addition, merchants that use AdWords get a break on these fees to the tune of ten times the amount spent on advertising. In other words, spend $100 on AdWords campaigns and get up to $1,000 of your Checkout fees refunded, making the service essentially free for some sellers.
If that wasn’t enough incentive for businesses to open a Checkout account, there’s one more perk: if you’re a registered Checkout merchant, your AdWords text ads will get a spiffy little shopping cart icon next to them, which makes your ads stand out a bit from cart-less competition. Of course, if this becomes common practice, it will work the other way around as most ads have little carts and the ones that don’t might attract more eyeballs.
But even then, the non-carted ads will be missing a badge of honor, or so Google hopes. When you can entrust your credit card information to Google—and who doesn’t trust Google?—with clearly defined refund policies and dispute resolution procedures, why would you want to use a payment system cobbled together in some dodgy e-tailer’s garage and hand over credit card information to companies you never heard of before clicking on a Google ad?
<!– Buy early, buy often. –>
Google may be trying to displace PayPal for small business use (and maybe even get into larger accounts than PayPal ever did) but let’s be clear: this is not going to be a person-to-person payment system anytime soon. There’s no simple way to send money to other individuals who aren’t running online businesses, and certainly nothing close to the convenience of PayPal’s payments to anybody with an e-mail address. The recipient must be running a website with the appropriate code to link into Checkout services, and you’re not going to get great-uncle Bert to set up a website just so you can send him cash to finance his
Viagra Lipitor habit.
And while Checkout is tightly integrated with AdWords and even Analytics, there are no ties at all to Google Base or Froogle at this point. Searches in those services that return listings from Checkout partner stores don’t have the little shopping cart icons anywhere in sight, though you can still checkout through the Google system if you entered the store from Froogle, or just typed in the store URL by hand.
All things considered, this is simply the Google Wallet that the company’s management has been discussing publicly for a very long time. The official word all along has been that there will be no person-to-person or micropayment solution, and that Google was not intending to compete directly with PayPal. The company has delivered on its promises, and still many popular news sources are hyping the future of Google Checkout as the definitive PayPal killer. Here at the Orbiting HQ, we think that this is pretty close to the final form of the service, and eBay can put down that nuclear warhead it had planned to deploy in its defense.
Should you feel like giving the Checkout process a look from the consumer side, several of the initial partner stores are running a $10 rebate on $20 minimum purchase promotion. So hurry up and get your eCost discount before that company goes out of business. 😛
Talk about getting your wires crossed. In the same week that Microsoft sounded the trumpets for the arrival of their online preview for Office 2007, they’re now announcing a shipping delay for the office suite.
"Based on internal testing and the beta 2 feedback around product performance, we are revising our development schedule to deliver the 2007 system release by the end of year 2006, with broad general availability in early 2007," a Microsoft spokesperson told Ars Technica.
The company had previously planned an October release, although speculation that Office 2007 would be delayed began shortly after Windows Vista’s own ship date slipped from the fourth quarter of 2006 into early 2007. Pragmatically speaking, this means that the company will launch its mainstream promotions for Office 2007 almost simultaneously with Windows Vista.
How much of a change this represents for Microsoft’s marketing plans is unclear. The October release was already low-key, aimed primarily at getting OEMs on board in advance of holiday sales. For the consumer market, the expectation has been that Microsoft’s marketing department would ride the Vista wave while trying to hawk Office. That’s unlikely to change now, unless Windows Vista slips again. Ballmer has hinted that Windows Vista could see another delay, but those hints are largely vacuous, and seem to be primarily centered on timing issues framed in terms of weeks, not months. We expect that Microsoft will shortly announce free upgrade programs for computers purchased this holiday season for both Windows Vista and Office 2007. At the very least, such a move would allow Microsoft to talk up their "units shipped" quickly after launch
According to Microsoft, over 2.5 million people have downloaded the Office 2007 beta. It marks a significant development for the company, insofar as they are abandoning many years of a largely consistent user interface in favor of an almost entirely redesigned system. Microsoft believes that the redesign will pay off in spades as customers find new productivity enhancements, but the marked difference from versions past could be considered a risk for the company, should the Office 2007 System meet mostly disinterested customers. IT buyers in particular have expressed concerns that the new user interface could end up costing companies more as they retrain users. Office developers, on the other hand, have said that the new user interface was originally conceived with to require little to no training to use effectively.
After letting Internet Explorer 6 go for years without any significant updates, Microsoft has been trying to make up for lost time by releasing a series of previews and betas for IE 7. The first preview was released to the public in January, and Beta 2 followed on its heels in April. Now, Microsoft has unveiled a third and possibly final beta of its new web browser.
There are no significant changes to the rendering engine, as Microsoft promised web developers in March that the layout engine was “feature complete” and that they could start testing their sites with the new browser. However, the new beta does offer many bug fixes, performance enhancements and minor user interface tweaks.
As with Beta 2, the new version requires Windows XP with SP2 installed. Versions are also available for Windows XP Pro x86-64, and for both x86 and Itanium versions of Windows Server 2003. Microsoft recommends uninstalling Beta 2 or earlier if installed, although the release can be installed on top of Beta 2 if you feel like living dangerously. Installing IE 7 involves running Windows Genuine Advantage to check to see if you are running a “valid” copy of Windows twice: once before you download the installer, and a second time after the installation routine begins. While this may please people who really love to feel validated, it seems a tad overkill for installing a beta version of a free browser.
Improvements over Beta 2 are mostly bug fixes, although some welcome changes have been added to the user interface. Like most other tabbed browsers, Beta 3 now allows you to change the order of the tabs by dragging and dropping them into a new place. RSS feeds can now be updated all at once instead of one feed at a time, and there are more options for marking all feeds as read. For those people who missed their e-mail button on the main toolbar, the new beta allows it to be put back in. The crazy arrangement with the menu bar sandwiched in between the address bar and the toolbar is still there by default, and although it is possible to unlock these toolbars and drag them to more sensible places, you still can’t place the menu bar above the address bar, where most everone in the universe would expect it to be.
IE 7 Beta 3’s Toolbar, with the “Classic” menu bar disabled.
Microsoft continues to promote their new web site devoted to showcasing third-party plugins for IE 7, no doubt to compete with the many Firefox plugins available. Internet Explorer 7 does a good job of catching up to other browsers on the market, although Opera and Firefox users may not see anything new here that is compelling enough to get them to switch. However, IT managers will no doubt welcome the extra security features, including antiphishing tools that warn users when they are visiting spoofed sites.
Internet Explorer 7 is scheduled for a final release near the end of 2006, and although this is the last scheduled “beta,” there may be additional Release Candidate previews before that time.
On Tuesday, the Brennan Center for Justice at NYU’s law school released the most comprehensive study to date on the state of electronic voting. The extensive report is a painful read for anyone concerned about the future of democracy, because it shows just how brain-dead easy it is to rig an election with three popular electronic voting systems: direct recording electronic (DRE), DRE with voter verified paper trail, and precinct count optical scan.
Among the more startling findings are the fact that voting machines with wireless components are very easily compromised by anyone with a little know-how and nearby wireless device—you don’t even need a laptop; a PDA will do nicely.
The report also found that voter verified paper trails that aren’t backed up by routine, random audits are good only for instilling a false sense of security in the voting process. You’d think it would be obvious to election officials that even if you get a paper receipt documenting the vote that you cast, any later meddling with that machine’s vote count can go completely undetected if a sample of those receipts are never compared to the final output. But apparently a lot of things that are obvious to tech people go over the heads of election officials (e.g. the idea that you would never want to give wireless access to voting machines.)
It’s worth noting that the Brennan Center task force isn’t just another group of activists:
The government and private sector scientists, voting machine experts, and security professionals on the Task Force worked together for more than a year. The members of the non-partisan panel were drawn from the National Institute of Standards and Technology (?NIST?), the Technical Guidelines Development Committee of the federal Election Assistance Commission (?EAC?), the Lawrence Livermore National Laboratories, leading research universities, and include many of the nation?s foremost security experts.
The Task Force surveyed hundreds of election officials around the country; categorized over 120 security threats; and evaluated countermeasures for repelling attacks. The study examined each of the three most commonly purchased electronic voting systems: electronic machines (?DREs?) with ? and without ? a voter verified paper trail, and precinct-counted optical scan systems (?PCOS?). The report, The Machinery of Democracy: Protecting Elections in an Electronic World, is the first-ever systematic analysis of security vulnerabilities in each of these systems.
The task force concluded the report with a number of recommendations for making electronic voting more tamper-proof. But given the widespread, ongoing evidence of rampant insecurity in popular electronic voting systems (Google “Diebold,” for instance) and the mystifying nationwide failure to do anything about it, will another voice shouting that the house is on fire be enough?
I have this fantasy where I organize a group of computer science types who’ve been working for years on electronic voting problems and we write a book called, How To Steal a National Election: An Step-by-Step Handbook. The book would come complete with everything from discussions of the theory underlying how you could steal a presidential election by rigging a few key counties, to a nuts-and-bolts, “push this, pull here, type in this command” guide to how to rig specific machine models. We’d also include a CD with source code, applications, schematics, all the other tools the modern election fraudster needs. I feel that if there were some way to make clear just how real this threat is and just how easy it is to actually steal and election, maybe folks could get motivated to care. But maybe I’m just fantasizing.
Update: A lot of people were fired up about the book idea. If you’re interested in it, go here.
According to a post put up this morning on Ian Moulster’s (a Microsoft product manager in the UK) blog, Microsoft is providing only a limited number of copies (both physical and downloaded) of Vista Beta 2, and they are “fast approaching the cut-off point.”
Those still interested in becoming part of the beta program can go to Microsoft’s beta registration site and sign up for the program. The site requires a “Windows Live” ID, which is essentially the same as your Passport sign-in for Hotmail, and once signed-in you can obtain a beta product key and start downloading the massive 3.2GB file, which comes in the form of a DVD ISO image.
According to the site, as long as you start your download today, even if you get cut off you will still be able to resume the download at a later time, provided of course that you use a download manager that allows file resuming, or use Microsoft’s supplied ActiveX-powered Akamai download manager. However, after July 14th, even interrupted downloads will be cut off.
Beta testers are encouraged to activate their copy after installing. Moulster mentioned on his blog that activation may bring future benefits. “We may be able to provide people who have activated copies with future…stuff,” he said on his site. “I’m being vague because I need to be, just trust me and make sure you activate.”
A similar beta program is in process for Office 2007, the new version of Microsoft’s venerable suite sporting a radically redesigned user interface. According to Moulster, there is no cutoff point at present for the Office 2007 beta program, although this may be subject to change at a later date.
Windows Vista is scheduled to be released to the public in January 2007. Office 2007’s ship date was recently bumped forward to a similar date.
It's not hard to spot a Type-II supernova while it's happening; a star that suddenly shines brighter than its host galaxy is an easy give away. The immediate aftermath is pretty obvious as well, as immense clouds of gas that are glowing with energy can be tough to miss. But over time, the gas cools down, and what's left is gas that is indistinguishable (temperature-wise, at least) from the regular contents of the galaxy. This has made it tough to compare the number of supernovae in our galaxy with estimates derived from a variety of sources.
An article in The Astrophysical Journal states this problem clearly in its very first sentences: "Although some 20,000-30,000 supernova remnants (SNRs) are expected to exist in the Milky Way, only about 230 are currently known. This implies that most SNRs are 'missing.'" It then goes on to locate them. I can't access the original, but Nature provided a summary of it in its latest issue. Unfortunately, that summary doesn't even have an open access abstract. It does, however, have a figure that anyone can apparently take a look at, which shows the ancient remains of an area where roughly 100 stars went supernova over a relatively short time period.
Article access issues aside, how did the astronomers identify the old remnants? Once the gas from a supernova cools down, its key distinguishing feature from the rest of the galaxy is the momentum imparted by the initial explosion. That is expected to take nearly 100 million years to dissipate completely and, in the mean time, the speed of the gas will result in a doppler shift in the light it emits. The astronomers simply surveyed a band of the sky for structures that showed emissions from cool hydrogen that had notable doppler shifts, and came up with about 200 new candidate supernova remnants. With some more detailed surveys, it's expected that a clearer picture will emerge of how well reality corresponds with predictions.
In the good old days of 2001, Microsoft started an aggressive anti-piracy initiative that is still alive today. Called "Windows Product Activation," Microsoft’s early iterations attempted to verify copies of Windows online, going so far as to scan system components in an effort to individually identify machines. Some five years later Microsoft is still trying to keep an eye on piracy online, but they’re going about it in a way that angers many.
Los Angeles resident Brian Johnson has field suit against Microsoft in the U.S. District Court in Seattle, charging the company with failing to disclose the true nature of a similar anti-piracy tool that Microsoft has distributed. The tool in question is the now-notorious "Windows Genuine Advantage"—an descendant of sorts from the old WPA approach. Johnson’s complaint centers around the fact that previous versions of WGA constantly "called home" to Microsoft, which in his view constitutes a a violation of anti-spyware laws in both California and Washington State. Johnson’s suit seeks class-action status for the complaint, and it is being fronted by Scott Kamber of Kamber & Associates LLC in New York. Kamber recently served as plaintiff’s counsel in the rootkit fiasco centering on Sony.
According to the complaint, "Microsoft effectively installed the WGA software on consumers’ systems without providing consumers any opportunity to make an informed choice about that software." Furthermore, Microsoft was accused of "misleading and unlawful conduct in installing uninstallable licensing enforcement software under the guise and misrepresentation of a security update…" Microsoft has dismissed the complaint, calling it "baseless."
Of the many issues that surround the case, one that will be particularly important as it moves forward relates to the definition of spyware. In legislative debates over the matter, legislators, lobbyists, and software representatives couldn’t agree on the essential definition of spyware, and many software companies were concerned that a loose definition could result in frivolous lawsuits. Microsoft’s position on the matter seems to adopt this view. Jim Desler, a Microsoft spokesman, said that "spyware is deceptive software that is installed on a user’s computer without the user’s consent and has some malicious purpose." As such, he argued, WGA doesn’t fit the bill.
Technically speaking, WGA does require the "consent" of a computer’s operator to be installed, although that consent could be considered somewhat weak given that it is presented as a mandatory update. To Microsoft, however, the fact that the tool once called home daily is of little significance, inasmuch as what it is designed to do is singular in its purpose: to constantly monitor the licensed state of a Windows install. In their view, WGA would have to have some ulterior functionality to be true spyware. Nevertheless, the company changed the frequency of callbacks to something closer to every 90 days, although the company has not explicitly said what the periodicity is.
To be sure, while rumors relating to WGA’s supposedly nefarious capabilities are rampant (and include the possibility of it housing a kill switch), nothing has been "found in the wild" (so to speak) that rises to the level of Sony’s rootkit, which made demonstrably unsound changes to the Windows operating system. The Seattle Post-Intelligencer, which broke the story, quotes the co-founder of People for Internet Responsibility as saying that WGA doesn’t cause "anywhere near the kind of damage that is normally associated with spyware." Nevertheless, pervious versions of the tool did not disclose details of the "phone home" system, and questions remain regarding the propriety of distributing an anti-piracy tool as a security update.
As of yet, no court dates have been set.