Cory Doctorow has a new DRM Talk
This time, he gave it to the folks at HP Labs and it’s a good one. In the original Microsoft DRM Talk, he explained why DRM is ultimately futile. This time around, he tackles DRM as a countermeasure to a perceived threat, disassembles some entertainment industry strawmen, and generally presents the arguments against DRM in a manner that even the non-technical can understand.

He opens:

I work for the Electronic Frontier Foundation, a member-supported
charitable organization that works to uphold the public interest in
technology law, policy and standards. For nearly four years, I’ve
spent my time attending DRM standards meetings, consortia, and treaty
meetings at the United Nations. In that time, again and again, I’ve
seen tech giants like HP take suicidal measures to voluntarily cripple
their products to make them more palatable to a few entertainment
companies, even though this measure makes them less palatable to
virtually all of your paying customers.

Nothing epitomized this more than Carly Florina’s inaugural CES
address in which she promised to put DRM in every HP product. Reading
that in my office in San Francisco (I live in London now), I thought,
well, hell, I guess I’m not buying any more HP products. I’m pretty
sure I’m not the only one.

I’ve had innumerable conversations with engineers, lawyers and execs
about DRM, but it’s rare that I get the chance to systematically
explain how DRM fails as a technology, as a moral proposition, and as
a commercial initiative. I’m grateful that HP has given me that chance
today. I’m looking forward to your questions after my talk.

Now, onto the talk, in which I will try to address the security, moral
and commercial aspects of DRM.

Go read the rest. There’s a reason he’s a professional writer and I’m an amateur blogger, and I know my limits.

I’m sure I’ll have more to say about it later, but not tonight.

I just ran across an interesting post at Marginal Revolution about his Tyler Cowen’s view of the Chinese Central Bank. I’ll throw

Much hinges on whether we expect the Chinese central bank to continue buying U.S. Treasury securities. As many MR readers will know, I am a cautious optimist. I have never been to the Chinese central bank, or spoken with a Chinese central banker, but here is my implicit mental model of how they operate:

1. Intelligence and financial prowess aside, they grew up in an age of Communist terror, or if they are young they heard narrations of such from their parents.

2. They are deathly afraid of making mistakes and causing China to lose face on the global scene.

3. They know full well that the Chinese economy — especially the financial system — is a rickety house of cards. If capital flows out of China were unrestricted, and the yuan allowed to float freely, a financial collapse would come within five years. They see us as propping up their currency, rather than vice versa. Most of all, they want to be holding safe assets, in case the worst should happen. They are risk-averse bureaucrats.

That’s part of the list, but what it seems to come down to is that over at the Chinese Central Bank, the motto is, “Nobody ever got fired for buying US Dollars.”

Further down the list, it gets even more interesting because it adds another piece to the puzzle:

5. They don’t much care if they suffer capital losses on their dollar-based endowment, evaluated in terms of the relative exchange rate with the yuan.

6. Many Chinese have a highly conspiratorial view of the world. They would expect — indeed “overexpect” U.S. “retaliation” if they suddenly stopped buying Treasury securities.

Does this mean that, on a certain level, they believe they are being extorted by the United States? This would be interesting because, at least to me, this seems like an indicator of building resentment which will get ugly once they finally decide they no longer need our Dollars.

The other piece of the puzzle which doesn’t fit Tyler’s theory (unless #6 is spot on) is why they would continue to purchase dollars which are, as he notes, losing value when they could easily shift their purchases to Euros?

Would some of the actual economists out there care to tell me what they think?

Gartner doesn’t much like Skype. I think we already knew this, but they released a new report last week that removes any doubt. Network Week pulled out a couple of key quotes:

“Don’t use voice services based on proprietary protocols like Skype while on corporate networks, because of network security issues,” the firm said in a research note.

While it’s possible that Skype under EBay could release a business-class product, “I don’t think that drove what (EBay) did, so I wouldn’t look for that overnight,” Gartner analyst David Smith said.

So it’s time to decide what the real question is for those of us looking at Skype with regards to our Enterprises. Is it whether or not we should get into a Cat & Mouse game with our employees who would use Skype? Or whether Skype is an Enterprise product at all?

I don’t think that Skype has ever tried to imply that they are an Enterprise solution. I’ve had several conversations with them and the feedback we have consistently received is that while their target market is consumers, they were always happy to have more users, regardless of where they came from.

To imply that something is not an “Enterprise” solution, however, solely because the vendor are not trying to sell it to Enterprises does not make sense to me. Whether the sticker on the side that says, “Consumer” or “Enterprise” is irrelevant. It either meets a set of requirements or it doesn’t.

Currently, though, most Enterprises lack any agreed-upon set of requirements for a softphone solution. Nature abhors a vacuum, though, so users are adopting Skype to fill the need since it meets user requirements extremely well.

From the security and network engineering perspective, it creates a number of potential risks since we can’t snoop inside its encryption. From a malware perspective, this is worrisome but assuming that the registry hooks to disable file sharing work as promised in the 1.4 version, this risk can then be largely mitigated by pushing some Group Policy Objects to enforce the official written policy.

If the risk is that we don’t trust our employees to have unaudited voice or IM, then I think the threat needs to be highlighted and discussed so we can be address it through an appropriate combination of improved management, awareness training and in the worst case, HR. Regardless, this problem will not be solved at the technological level.

At this time, there are high-level people within my Enterprise with a strong desire to utilize Skype as a toll bypass solution for their employees who travel internationally. The current costs to be avoided are significant spending on cell phone charges.

If the alternative is to provide our own solution to this problem, then it must be publicized as soon as possible and its adoption accelerated. Otherwise, we should not be surprised that our co-workers solve problems to the best of their ability with the resources available.

Either way, I’m not convinced that banning Skype without providing a viable alternative is an acceptable approach to solving the Business’ demand for some kind of softphone solution.

Stu Berman left a comment on my original Surge Protectors post stating that we may be going a bit overboard about H5N1, aka Bird Flu:

Ian Welsh seems to be a bit of an alarmist from the snippet you post.

The US economy is remarkably resilient to a wide variety of shocks (9/11 is a good example, as is Katrina) due to our horizontal integration rather than vertical. It is easy to look at history and see where colossal economic problems occurred - Soviet central planning, Nixonian gas price controls.

I hope he’s right, but I still agree with Ian’s projection.

I disagree that 9/11 is a good example of why we shouldn’t be worried. Sure, the economy took a minor hit after 9/11, except for New York, which felt a much greater economic impact. While the psychological impact on all of us was significant, the actual physical damage was much more limited. Long-term economic loss following 9/11 generally correlated to the adequacy of the impacted firms’ Disaster Recovery planning. Those that had (and executed) good plans are in business today. Those that didn’t aren’t. The impact on individuals flows outward from that fact.

I find it almost ironic, however, that he should mention Soviet Central Planning as an example of how not to run an economy. Central Planning is the best analogy I have ever seen for how large corporations are run today. The only difference is that the corporations have a lot better computing power to manage their logistics (And that they’re not spending 20-25% of everything they make on weapons systems, but analogies only go so far). I say this as someone who spent his University career in Soviet and East European Studies and works for a Fortune 100 company. If we lose more than a handful of certain key staff, all of whom live in areas which I expect will be hit hard by H5N1, the entire company will shut down. Its central nervous system will fail. And even if the brain (Senior Management) is alive and well and trying to tell the body what to do, the systems that are supposed to convey those mesages will be gone.

Corporations won’t be alone in this regard. The entire Western world and an ever-increasing portion of the rest of the world are all increasingly vulnerable. Response to Hurricane Katrina was severly hampered by lack of communications. People assumed cell phones would work in their disaster plans. Bad assumption. Without city power, cell cites don’t last long–a digital cellular base station draws 400 Amps of power, so the necessary battery plant isn’t designed to keep service up through much more than a brownout. Unless you’re Bill Gates, that’s far more than your entire house. People assumed radios would work, another bad assumption. “Modern” radio systems like those used by police and fire departments bear a strong resemblance to the cell phone network in terms of fragility. They use Repeaters, which must also be powered off either the city grid or built into squad cars. When the power to the repeaters failed, it was very quickly game over for the First Responders’ communications networks.

This is why the military spends so much effort on destroying their enemy’s C3I. If units can’t communicate to coordinate their operations, they can be overwhelmed and destroyed far more easily than if they are functioning as a coherent whole.

Getting back to economics, the main difference between what happened on 9/11 or in Hurricane Katrina (thus far*) and the Asian Tsunami is that the incident was (relatively) isolated, basically allowing the other 300 million or so people around the United States (not to mention the other billions around the globe) to each contribute a little bit and the global logistical system was able to handle the incremental increase in demand with minor adjustments. The disaster in Katrina may have started with the levees breaching, but lack of coordination at any level is what kept it going for days.

In the case of H5N1, however, the leverage will be more-or-less reversed. As waves of the disease hit, any attempt to utilize global logistics to respond will only hasten the spread. Thus, the only response is to isolate those areas that most need the outside help. The disease will only be stopped when the system grinds to a halt long enough for existing infections to burn themselves out without spreading to new areas.

I understand how fragile the system really is; this is why I stockpile in preparation for Bird Flu. To mitigate the impact of a true system breakdown, I am taking steps now to avoid the risk that I or my family will be infected while searching for essential supplies like food or water. Additionally, I will help mitigate the impact of the demand surge that will not occur until after the system can no longer accomodate it by not being part of it.

For some idea of how bad this could be, consider how hard SARS hit the Canadian economy. According to the CBC:

The Canadian Tourism Commission studied the combined impact of SARS and…estimated SARS will cost the Canadian economy $519 million in 2003 alone and $722 million between 2003 and 2006. It says Canada lost 662,000 occupied room nights in the month of April 2003 - translating into an estimated $92-million loss of revenue.

The CTC estimates the bleak picture is the same for the tourism job sector, where losses are estimated at 5,300 for 2003, with 7,350 jobs lost between 2003 and 2006.

That’s from a disease which only killed 38 people in all of Canada. With H5N1, we’re talking about a disease which will kill more than 38 people in many zip codes.

* For a longer view of what we might expect Katrina’s impact to be, read this essay by George Friedman and then go read John Quarterman’s thoughts on it. I will just say that I Concur.

Saar Drimer details an interesting variation on Identity Theft Fraud-by-Impersonation involving selling stolen cars which I think illustrates nicely why this is really an Authentication problem.

He details the fraud and provides some nice analysis. I’ll borrow the bit I’m interested in but let you go read the rest on his site.

1. The “title” or “pink slip” is an easily forged piece of paper, there is one piece of silver impression that is more for style than protection (it included the VIN number, owner ID/address/name and car info.)
2. In order to sell a car the seller and the buyer need to appear _in person_ at the DMV (or equivalent), bank or post office to show their ID just for the purpose of showing they both actually exists. Clearly, those places have no access to any car registry database except the former and they don’t have the ability to examine the car. This step is to authenticate the people, not the car.
3. No authority ever looks at the car in any step of the transaction.
4. There is no Carfax in Israel (this is critical, although the thief could provide a fake report while the buyer is excited to get the car for cheap and never runs it on his own.)

This is the same core misunderstanding that enables Identity Theft Fraud-by-Impersonation here in the States.

When someone applies for credit or otherwise tries to make use of a “stolen” identity, the assumption by the credit issuer is that if they authenticate the person as having the expected credential (typically, SSN+Name+Date of Birth), then that person must be that person, when in fact there is no reason to assume at this time that the credentials being presented actually belong to the applicant.

What seems to be missed by many people is that the fraudulent transaction is not the one where goods are obtained, but rather the transaction where the criminal is granted access to the means to purchase the goods.

In this case, the Israeli DMV also assumed erroneously that if a person presented a Personal ID which matched the name on the car’s (forged) title, then they must be the owner of the vehicle being sold.

As a bit of an aside, this could also be seen as a variation on bypassing airport no-fly lists by printing your own boarding passes.

Pre-Katrina, US Refineries were operating at 95% of capacity. 5% of that capacity was knocked out by Katrina and it drove gas prices up $0.38 per gallon.

Now, Hurricane Rita is headed for Texas and could knock out Texas’ refineries for up to three weeks, reducing refining capacity by an additional 15%:

“Between 15 and 20 percent of the nation’s refining capacity is at risk from this hurricane,'’ said Bill O’Grady, assistant director of market analysis at A.G. Edwards & Sons in St. Louis. “A Category 3 or above storm is going to down power lines and refiners will lose power. It will take at least 1 1/2 to 2 weeks before they come back.'’

If there is flooding the situation would be much worse, O’Grady said.

So how bad is it? Pretty damn bad

“Rita is developing into our worst-case scenario,'’ said John Kilduff, vice president of risk management at Fimat USA in New York. “This is headed right into our other major refining center just after all the damage done to facilities in Louisiana. From an energy perspective it doesn’t get any worse.'’

I keep saying I should be biking to work. This may be my inspiration to actually do it.

Here’s a scary thought from Ian Welsh:

Our society, as a whole, has no surge protection - no ability to take shocks. We have no excess beds, no excess equipment, no excess ability to produce vaccines or medicines, nothing. Everybody has worshiped at the altar of efficiency for so long that they don’t understand that if you don’t have extra capacity you have no ability to deal with unexpected events. And now some people are suing the Ontario government for their SARS handling, which I fear will perversely make the government less willing to do what needs to be done rather than more, when a crisis hits.

Public health care in a pandemic or epidemic is a triage operation. You isolate people and you shut things down deliberately, and people are going to die because of the decisions you make. If nurses and doctors decide that their own lives are more important than those of the sick, or if ordinary citizens decide to break quarantine or travel restrictions, then there could be complete disaster. The moment of the SARS outbreak that caused me the most fear was when there were reports of people fleeing Beijing. In a real pandemic situation all that would do is spread the disease further and kill even more people.

(emphasis mine)

To make matters scarier, as we have now seen with Hurricane Katrina, even if the capacity were there, the United States’ ability to manage and allocate that capacity is essentially non-existent. At this point in time, when evaluating the safeguards available to me as I look to manage the risk of a worst-case H5N1 outbreak, one safeguard I will not be counting on is a functioning national infrastructure. It’s no longer so much a question of if I will stockpile essentials like food, water, medicine and protective clothing as a question of how long will I expect my stash to last.

Earlier today as I was travelling between campuses, I happened to hear a little bit of an interview on Fresh Air regarding the history of the Mafia in America.

The Mafia, it was explained, had generally limited its activities up until that time to crimes which carried relatively light prison sentences. As such, it was extremely difficult for prosecutors to use offers of reduced sentences in exchange for testimony or evidence since there was more benefit to the Mafiosos in keeping quiet and serving out one’s time rather than rolling over and winding up at best a former, unemployed gangster or at worst, dead.

The guest was explaining the origins of the Mafia’s edict barring involvement in the drug trade. In the 1950’s, the penalties for drug trafficking were raised significantly, increasing the prison sentences for traffickers to 30 years. Suddenly, prosecutors had a useful lever to elicit cooperation from accused traffickers facing extremely lengthy prison sentences. To avoid the now-significant risk of a member convicted for drug crimes testifying in exchange for a reduced prison sentence, the Mafia decided to officially distance themselves from the drug trade, despite it being an extremely lucrative activity.

They eventually developed methods of mitigating that risk by acting as brokers and market-makers between the Sicilians who actually imported the drugs and street dealers, but did not actively begin dealing for some years to come.

This just goes to show how well people manage risk when the asset-at-risk is something as dear as their freedom.

So gasoline is at an all-time high:

The weighted average price for all three grades surged more than 38 cents to nearly $3.04 a gallon between Aug. 26 and Sept. 9, said Trilby Lundberg, who publishes the semimonthly Lundberg Survey of 7,000 gas stations around the country.

Self-serve regular averaged $3.01 a gallon nationwide, according to the survey. Midgrade was pegged at about $3.11, while premium-grade was at nearly $3.21.

“That’s all thanks to Katrina,” Lundberg said.

Oil companies’ and Refiners’ Hurricane Risk was almost certainly transferred via insurance. So their rebuilding cost is being paid by shareholders in Insurance/Re-Insurance companies, which is to say, you, I, and anyone who bought insurance from those companies. That’s the same you and I who are also paying that extra $0.38/gallon at the pump.

US gasoline consumption was 20.4 million bbl/day in 2004. By my back-of-the-envelope math, (ignoring independent retailers incremental profit) US oil companies have seen a revenue jump of about $200 million per day for two weeks for a total of over $1.5 billion in increased revenue from gasoline sales.

Prices are only expected to fall by about 10 cents as the summer driving season ends, meaning that oil companies will continue to see an incremental revenue boost of a little more than $100 million per day for the indefinite future.

So what’s the Risk take on this? I haven’t found out too much about how well- or poorly-insured oil companies were against a catastrophe like this one (I haven’t done more than a cursory Web search).

Questions I would love to know the answers to:
1) Did Oil companies’ risk managers assume a surge in gasoline prices in the event of a hurricane hitting the gulf coast? If so, did they adjust their insurance coverage accordingly?
2) How much is this disaster costing them in terms of un-insured damage and lost production?
3) Are their uncovered losses greater than the increased price of gasoline?

I’m sure that research has been done on the subject, I just don’t have the time or energy to go find it right now (I can’t say I’d be upset if a link or two showed up in the comments…).

So was Big Oil effectively over-insured, in which case they have been spreading the cost across risk transfer of other insured residents of the Gulf Coast and are now simply taking excess profit due to the gasoline price spikes? Or were they were under-insured, in which case we are all subsidizing their recovery through increased gasoline prices (and their trickle-down into the prices of everything else).

Either way, as consumers we’re all paying the price.

One final note. I know that domestic refining capability has been at about 95% of theoretical maximum capacity, so it’s not like they can simply “catch up” the points in the supply chain where reserves are being drawn down to allow continued consumption. That means that the only option available to prevent shortages of fuel for essential operations (and, no, driving Timmy to soccer practice in an H2 Hummer is not an essential operation) is to let the Demand Curve work its magic on consumer choice. You call it “price gouging,” I call it, “putting Economics to work.”

I’ve been spending a lot of time looking at Instant Messenger privacy of late. I’ve examined AIM, Yahoo, MSN (including the corporate flavor), Trillian, Skype, and Gaim. I excluded Jabber but may take a look at it in the future What it comes down it is that you really only have three options:

No Security: This is the default for all of the “major” IM networks (AIM, MSN, Yahoo) except Skype. All traffic is sent unencrypted as plaintext HTML. Anyone who can snif the traffic can read it. Anything said over IM should be assumed to be logged and readable by either a network administrator, security admin, or the IM network operator (AOL, Yahoo, Microsoft).

Some encryption: Traffic is encrypted, but the cryptographic implementation has either known or potential flaws. This may stop an attacker or it may not.

Trillian’s SecureIM, which allows encryption of AIM traffic falls into this category. While the cryptographic cipher itself is strong (blowfish 256), the Key Exchange lacks authentication or a capability for out-of-band key exchange or verification of key integrity.

As a result, a proxy server or gateway device could successfully implement a Man-in-the-Middle (MITM) Attack to intercept the key exchanges, substituting its own keys, then decrypting and re-encrypting the messages between the two allegedly-secure clients. We are implementing an IM monitoring solution which performs this activity on SecureIM conversations.

This category also includes Skype, whose crypto algorithm is said by the company to be AES-256 but the implementation is still of unknown quality. What impact their purchase by eBay will have on their position regarding “opening the kimono” on their crypto implementation remains to be seen. As it is, we know it to be encrypted only so far as the data is not transmitted in the clear. We do not know if the key exchange or crypto implementations have vulnerabilities in either their design or implementation.

Additionally, eBay’s Privacy policies have traditionally been quite poor. Until we know more about how those policies will impact Skype, I remain skeptical that they will act with the privacy of their users in mind.

Good Encryption: Traffic is encrypted using open implementations of open algorithms and adequate key lengths; client keys can be verified and/or exchanged out-of-band; client keys can be explicitly associated with a remote user.

I tested Gaim’s Gaim-Encryption Plug-In and found that it provided all of the above features. While the plug-in only functions if both users are running Gaim and have it installed, it can be enabled for any protocol within Gaim. Non-Gaim clients will see a message, but not be able to read it. The ciphertext itself is transferred as the contents of an HTML Link (<a>) so it is not displayed in the window, although it will still be sent to the client.

While the key exchange might still be vulnerable to a MITM attack, the key fingerprint can be compared out-of-band to ensure that it was not.

Thus, my choice (and the one I’m now evangelizing to the people I talk to via IM at work) is Gaim with the Gaim-encryption plug-in.

This is quite different from the corporate goal, which is to ensure our ability to be the IM Big Brother over the major IM networks used from our corporate network, ideally while preventing anyone else from doing likewise. What started as an effort to protect our internal network from IM-borne worms and virii has now turned into a full-blown anti-Information Leakage program.