Interesting Posts on HP, Sept 10

HP-board.jpgEric Rescorla ties HP’s use of traffic analysis to that of the NSA in “I told you traffic analysis was useful.” Apparently, HP didn’t just chase down directors and reporters, but also the father of at least one journalist. See “HP Leak Investigation Extended Beyond Reporters, Directors.” (I say HP rather than HP’s investigators because I believe the ultimate responsibility lies with she who gave the orders: Ms. Dunn.)

The update to the Newsweek cover story, “Scandal At HP: The Boss Who Spied on Her Board” is perhaps the most beautifully ironic thing I’ve seen:

Update: A source close to Hewlett-Packard tells Newsweek that HP’s emergency board meeting was adjourned late in the afternoon on Sunday (ET) without any decision being reached on the possible resignation of Patricia Dunn as chairman. The source, who requested anonymity because of the confidentiality of internal board proceedings, said the HP board would reconvene late Monday afternoon.

Which is to say, after all this, the board is confident it can leak with impunity.

Dan Kaminsky has an interesting analysis in “McNealy’s Law,” in which he says it’s as if all of the sudden America’s rich and powerful realize McNealy’s Law applies to them, too.

Finally, I’ll mention that I don’t think I coined the term privacy Chernobyl, but Dan may have first heard it from me. I’ve been down on the term, but think this may actually qualify. Like Chernobyl, many privacy flaws are the result of government policies and actions gone horribly wrong. (Like the creation of the SSN, or the libel exceptions for the credit agencies.) Like moving away from nuclear power, changing systems that depend on private information will be horribly expensive. Some of the benefits will be hard to get from other systems. Nevertheless, if I may overextend a metaphor, as people discover how fragile the nuclear power stations of the personal information world are, they’re gonna want to go green in a serious way.

Someone with more time than me needs to start Patricia Dunn’s Livejournal.

Photo: “Clowns&Elephants” from revraikes.

The Facebook Privacy Scandal

It’s only with the understanding that privacy has many meanings that I can comprehend people on Facebook complaining about privacy. (People interested in this should read Alessandro Acquisti’s work.)

That’s not what I wanted to post about. What I wanted to post about was the great way the CEO of Facebook took the wind out of the story:

Somehow we missed this point with Feed and we didn’t build in the proper privacy controls right away. This was a big mistake on our part, and I’m sorry for it. But apologizing isn’t enough. I wanted to make sure we did something about it, and quickly. So we have been coding nonstop for two days to get you better privacy controls. This new privacy page will allow you to choose which types of stories go into your Mini-Feed and your friends’ News Feeds, and it also lists the type of actions Facebook will never let any other person know about. If you have more comments, please send them over.

An Open Letter from Mark Zuckerberg,”
via VentureBeat, “Facebook responds, bolsters privacy options for ‘feed’ features.” Compare and contrast:

“Let me begin by offering an apology on behalf of our company and my own personal apology to those consumers whose information may have been accessed by the criminals whose fraudulent activity ChoicePoint failed to prevent.” Smith said.

There’s also some really good analysis by Danah Boyd, “Facebook’s ‘Privacy Trainwreck:’ Exposure, Invasion, and Drama,” to which Boingboing linked.

Hoder’s Denial

Recently, Hossein Derakhshan blogged about his denial of entry into the United States. (“Goodbye to America.”) This is really too bad. Hoder’s an insightful fellow, and even if he happened to be one of the 15 or so million living in the United States without official permission, we profited from his visits. I believe that he was one of the fellows of whom Pericles spoke when he said “We throw open our city to the world, and never by alien acts exclude foreigners from any opportunity of learning or observing although the eyes of an enemy may occasionally profit by our liberality.”

Hoder was denied entry to the United States, in part based on things he wrote in his blog about where lives. (At least that’s the given reason.) Not six months ago, he and I shared beer in Nashville. He told me he frowned on the anonymous blogging project I was working on: That blogs need a touch of humanity for them to be credible, and that a name is part of that. I told him that nasty, repressive governments would harass bloggers who used their real names.

In two bits of closely related news, Curt Hopkins is hard at work building the guides for anonymous bloggers in a variety of countries. He could use help with technical review from people other than myself. (When we started the project, I expected it to be fairly technical; it turns out that writing and translation are more important, and I’m glad to see Curt on those aspects of things. We may build some technology later.) He also has a really good post “Why the Harassment of Bloggers by Repressive Governments Will Increase in the Coming Year.” I don’t think this is an instance of that; here the US was enforcing immigration policies, and using blogged information to help it make decisions.

There are more mundane reasons, like you might not want the HR department of a company you’re applying to to find your blog. A friend has just started the “ClueChick” blog to offer up advice for those seeking love via Craigslist (and other) personal ads. She’s decided to leave her name off the ads, and I applaud her privacy sense.

(The mask is by Aidan Campbell.)