Information production support systems: DEVONthink

Writers love having written. Problem is the time, work and brain twisting necessary between an idea to produce something and actually having done it. Well, it’s not that bad, sometimes you love writing, but sometimes you hate it. Or it bores, is cumbersome, and annoyingly laborious. This is why the human species loves to create machines: to enjoy the fruits of life, ransomed from the need to plug, wash and process them. With the field of information production, it’s about the same. The invention of computerized information processing has led to the rise of numerous attempts to create machines supporting human efforts of thinking, understanding, and creating meanings. In a sense and high on the abstraction layers, this is what computing is about in general. More narrowly, the question is how and which kind of software can support individuals in their efforts to gather information, grasp it, recombine it, and create new insights, new meanings, new information, new knowledge. What would be the equivalent of exoskeletons for the brains, which would enable the average brain to easily jump on the notorious shoulders of giants and beyond?

Read the rest of this entry »

26C3: internet politics 2010, defence of the digital habitat, internet utopia, decentralized technologies and implementing Cryptonomicon

“It seems like the Crypt is their worst nightmare.”

(Neil Stephenson, Cryptonomicon)

China spearheads the anything-goes movement of technology-based societal control, authoritarian countries worldwide follow suit, and we yet don’t know whether western democracies will manage to at least remain in their currently mediocre shape if one of the many ongoing global developments and crisis should ever have a major and disruptive societal impact. From the perspective of the freedom and unhindered flow of information, the internet makes a bad expression these days and things haven’t changed for the better in the last year and the naughties.
John Perry Barlow’s “fuck them” Read the rest of this entry »

A follow-up on the German botnet-center

I’ve written a quick analysis of the recent anti-botnet politics in Germany. Kind crew behind netzpolitik.org has published it on this blockbuster blog. It’s written in German, though, but you could alternatively give Google Translator a moment of embarrassment.

Shadowserver Foundation publishes Conficker botnet stats

This is going to be an interesting experiment in internet security governance. Scientists have argued for years that internet security problems are as much caused by a misalignment of incentives as they are by technological flaws in software and hardware. One obvious recipe to call ISPs for action against botnets is one that has helped to increase software vendors’ activities in increasing software robustness.

Gathered under the umbrella of the Shadowserver Foundation, a group of engineers and scientists have scrupulously gathered evidence and background information about the activities of the Conficker botnet. They have known for months that millions of machines worldwide had been infected with Conficker malware. Yet, no one reacted, only shoulders were shrugged. At govcert.nl in October, many were contemplating how to proceed with Conficker.

Starting today, Shadowserver let’s everyone know where these Conficker-infected machines are. The move is a valuable contribution to increase global transparency about the somewhat obscure botnet problem.

An interesting example from Germany immediately sticks out. 1&1, a big hosting and medium-sized accessed provider, had initiated an internal initiative against botnet-infected customer systems earlier this year. Today, only ten IP addresses and 0% of their routed space are assigned to infected machines. For customers of Deutsche Telekom, which hasn’t announced a similar program, things look worse: 0.1% of all IP addresses or more than 32,000 IP addresses belong to a Conficker-infected machine.

Germany will get a private-public botnet center

Yersterday, press reports about an alleged joint venture of national ISPs and the national IT security agency to build a national botnet center stirred some scepticism and perplexety in Germany. After heise online brougth the news, the hacker association CCC informed that this rather is a hoax.

However, the German national ICT security agency (Bundesamt für Sicherheit in der Informationstechnik, BSI) and the association of the German internet business, eco (Verband der deutschen Internetwirtschaft), have cooperated on botnet issues at least since October 2008.

A workshop on botnets in early February 2009 addressed topics such as data-exchange between ISP regarding information from systems such as honeypots, abuse systems, spam traps (email analysis), DNS analysis, IDS/IAS (anomalie detection) or harmful websites. This information provided by ISPs could then be complemented with external data sources. Given the lack of published data, it is not clear which techniques ISPs actually use to exchange data today.

Another workshop on botnets, obviously organized by eco, took place in early February 2009. One of the speakers was Frank Ackermann, senior legal counsel to eco, who talked about judicial aspects of botnet fighting. According to Ackermann, “ISPs are interested in moderate filtering” of spam. Thus, politics should be discouraged from strict anti-spam regulation.

The programme of another joint eco-BSI workshop, the 7th German Anti Spam Summit mid-September 2009 on conficker, has sessions like “Status Quo central botnet disinfection call center DE” and “Legal Guide on Technical Approaches against Botnets” listed. According to the programme, Dr. Lothar Eßer, Head of Division Internet Security of BSI, also attended this session.

In late November 2009, eco mentioned in a summary of their IGF09 activities that it is going to build a “Botnet Disinfection Center” in a joint effort with BIS and several providers.

So, Germany will get it’s public-private anti-botnet center. According to eco’s press release, eco and BSI will establish a user-support center. ISPs will forward customers with infected machines to a website which provides tools and descriptions for removing malicious software from their machines. In addition, users with infected computers can call a special hotline with experts assisting users in removing harmful software.

—-

Upd. 9.12.; 16.12: changed headline, added the paragraph with eco’s press release; corrected typos

Justice by Slavery? The meanings of crowdsourcing

There are several concepts, partly overlapping, partly different, that are used to describe phenomena that seem to be somewhat similar if not the same: social production, peer production, crowdsourcing, or collaboration. As so often with buzzwords, theses concepts are, if at all, vaguely defined. Take crowdsourcing. Columnists and researchers use it it such different ways, that the definitions in certain aspects are diametric.

Dan Woods had an intersting column on the “Myth of Crowdsourcing” on Forbes online the other day. Best quotes:
Read the rest of this entry »

Crowdsourcing of political investigation? The problem of web-based ad-hoc collaboration

A couple of days ago, I mentioned Wikileaks‘ scoop of leaking the apparently horrid contracts between the Federal Republic of Germany and Toll Collect, a joint-venture of Daimler-Chrysler, Deutsche Telekom and Cofiroute.

When Germany’s leading webpolitics site netzpolitik.org brought the message (“Toll Collect wird offen”), its leading brain Markus Beckedahl asked his broad and usually helpful audience how, with which tools and techniques some 10,000 pages of contract papers could collaboratively be analyzed to quickly find the rascalities that everyone was expecting to find there. I was split on whether this could work out or not, whether such a task is suited for social ad-hoc collaboration or not.

Back in 2004, I was working with a

Read the rest of this entry »

Links on states’ recent activities in internet security

UK
UK cybersecurity centre starting operations in March – ZDNet.co.uk
Administered by Cabinet Office; staff partly to be recruited from GCHQ, should have hacker mentality; “primarily … a defensive role “, cyberattack as “last resort”.UK also has an Office of Cyber Security (OCS), set up last summer. UK launches dedicated cybersecurity agency – ZDNet.co.uk Gordon Brown: “we … have to secure our position in cyberspace in order to give people and businesses the confidence they need to operate safely there”
As UK is at it: Digital Economy Bill passed:

Britain’s new Internet law — as bad as everyone’s been saying, and worse. Much, much worse. – Boing Boing Including 3-strikes, stricter video-game ratings, ISPs forced to deliver data with content industry, business secretary gets carte blanche to come up with stricter regulations.
“It’s a declaration of war by the entertainment industry and their captured regulators against the principles of free speech, privacy, freedom of assembly, the presumption of innocence, and competition.” (BoingBoing)

US
The cyberwar plan, not just a defensive game – Nextgov
Stupid headline – who would think that cyber-warfare is about defense only.
„Computerized tools to penetrate an enemy’s phone system“, „computer viruses and malicious software programs that can disable electrical power systems, corrupt financial data, or hijack air traffic control systems“, „cyber-intruders have probed our electrical grid“ (no, not the squirrel terrorists), “we’d have cadres of people who’d know how to do that”, “Military forces fight for the ownership of that domain [cyber-battlefield]“, “Defense Department graduates only about 80 students per year from schools devoted to teaching cyber-warfare”, ” proposed building a military “botnet,” an army of centrally controlled computers to launch coordinated attacks on other machines”. “The risk of losing control of a weapon provides a powerful incentive not to use it”

See also: National Journal Magazine – The Cyberwar Plan

Who’s in Big Brother’s Database? – The New York Review of Books
Degree of surveillance measured in electricity bills: 70 millions per year http://bit.ly/3DwW49

Information Security News: NIST Drafts Cybersecurity Guidance
“tackling criticism that federal cybersecurity regulations have placed too much weight on periodic compliance audits”; “more onus on applying risk management throughout the lifecycle of IT systems”. Yawn.

[ISN] Inside the Ring – Chinese, Russian cyberwarfare
Like nuke-counting in the eighties.
Noteworthy: a new Cyber Security Alliance 14 tech firms form cybersecurity alliance for government — Government Computer News

Australia
Australian government overhauls national cyber security arrangements – Government & Policy “against increasing online espionage and attacks on critical infrastructure”, new CERT Australia, Cyber Security Operations Centre (CSOC), details undisclosed

EU
Automated Social Networking Surveillance Systems Statebook is going to be developed!?

====
How the Internet Ruined Newspapers, TV, Music, Movies, Microsoft – Newsweek 2010, The Internet: A Decade of Destruction – Internet Use/New Technologies „wherever companies were profiting by a lack of transparency or a lack of competition, wherever friction could be polished out of the system, those industries suffered“ – What about national political institutions (in the wider sense) then?

Public knowledge brokering services vs. plutocratic demoracy

An interesting  development is currently happening in German politics. It’s still in its infancy, but it could well become an important social experiment. Hopes have been high that the Internet and social media will not only revolutionize business models and business processes but also boost individual influence on decisions that are more or less out of control of voters.

The legitimacy of the parliamentary democracy stems partly from the problem of aggregating individual interests into societally binding decisions. Technology might act as a game changer here. Moreover, the potentials of social technologies appear to be so enormous and presumably inline with majorities interest, that it is hard to envisage how the the currently predominant political system in western societies, representative liberal democracies, will remain unchanged. That is unless no massive backfiring by plutocratic interests—in opposite to democratic interests—will set in. Which will, dead certain, happen or better: does happening right now. Even mainstream media is starting to get it: Germany’s conservative daily FAZ (Frankfurter Allgemeine Zeitung) had an article today titled: „The state is reclaiming the net“ (in German, though). Baseline: There is a global trend driven by states to get the internet into their hands. Indeed. But that’s only one part of the story.

Wikileak has just published 10,000 pages of one of the best hidden secrets in German politics in the last couple of years: the contracts between the Federal Republic of Germany and Toll Collect, a joint-venture of Daimler-Chrysler, Deutsche Telekom and Cofiroute. Toll Collect had developed a fully automatized system to collect tolls payable for utility vehicles on the German autobahnen. The system consists of integral boxes with GPS receivers and obligatory for any utility vehicle driving on highways, a system of physical bridges receiving information from the boxes as well as holding cameras with OCR technology to identify potential free riders.

(In the Netherlands, there is currently a debate about a comparable toll-collect system for any vehicle. The early promises that the foto&OCR system would only and exclusively be used for toll-collection purposes have long been forgotten. By now, it also serves as a public surveillance technology.)

While the system by itself is a solid piece of engineering, it has been criticized for its non-pragmatical, overly ambitious and expensive approach. The biggest burden for federal finances however was caused by a delayed roll-out of Toll Collect’s solution, as billions of toll revenues didn’t made their way to federal accounts. While one would assume that a decently brokered contract would provide indemnifications by the service provide for the purchaser, this hasn’t allegedly been the case with Toll Collect. While politicians ranted about Toll Collect’s failure, the federal government acted as if it didn’t really want to get compensations from Daimler-Chrysler and Deutsche Telekom. In addition, the secrecy of the contracts for the operation of the toll collect system has aroused suspicion from the onset.

Wikileaks has become a major obstacle for those who are in favour of a plutocratic interpretation of democracy and it’s proneness to behind-the-curtain deals. Some private-public partnership and cross-border leasing deals would have had more difficulties in passing legislation if municipal, state or federal parliaments had known the contracts beforehand and been able to understand them. Regulatory capture precludes secrecy and intransparency of bureaucratic and managerial activities. Stern.de, a Bertelsmann subsidiary product, has called Wikileaks the „Robin Hood of the Internet“ (German). His popularity and his fate are legend.

While a lot has changed since those times, post-noble dukes still don’t like being ridiculed by mere peasants. These days, business interests feel plagued by flash-mobs and are weakened by the ability to organize labour interests by social technologies, maneuverability of national governments is reduced by the abililty to instant vet governmental activities (if public knowledge brokering services like Wikileak continue to grow), and mass media has suffered some dents in their credibility by their reduced use of investigational methods and easy alignment with business and government interests. These actors are those who a are set on a slippery slope, who are in descent. For them, the biggest problem is three-fold: technically enhanced trooping and rallying by like-minded interests, social motivation, the ease of achieving transparency by, say, Wikileak, and the ability of social investigation. But then, state institutions dominate the spheres of law and law enforcement. Laws and law enforcement are the tools for vested interests to make their wills publicly binding. We might very well see legislation upcoming that would go beyond some kind of Prohibition on the internet. Some vested interests would rather prefer thick digital walls and high barbicans.

blog, research, interests

Security of the internet isn’t provided by a hierarchical, secretive and central organisation. There is no global internet police, and there is no internet defence corps. Internet security is the result of the collaboration of diverse types of actors such as internet service providers, technical experts, police and law enforcement, governments and academics. These actors make a dense, highly complex internet security governance network in which each type of actor is characterized by its own organisational idiosyncrasies while at the same time being part of the overall governance structure.

My focus currently is on bottom-up processes to provide internet security, like task-forces and working groups that are set up in an ad-hoc manner to tackle with the lates security phenomenon. Academics, engineers, experts and geeks from all over the world collaborate to provide. The way in which they are addressing security problems resembles what could be called peer production of internet security. My interest is to learn to what extent this mode of security provisioning is used, the settings in which we can observe it and whether this mode is sustainable or not. And how this all relates to internet security and the overall structure of internet security in general.

The internet is a tool that already has fundamentally changed business processes and business models. It is too early to tell what its long-term impact on societies and politics will be. Debates about ‘freedom’ on the internet have been going on for a while, such as if and how the internet fosters freedom of expression, or how authoritarian internet governance approaches could suppress individuals’ rights. The practices of internet security provisioning will have decisive consequences for the shape of ‘freedom’ on the internet.