InfoTech & Public Policy

In our last class we discussed current issues related to VOIP technology. Related to this, America Online recently announced plans to offer a Skype-like service to its AIM users. AIM has long had a feature which allowed users to “talk” to other users using the connections established by their messaging conversation. From personal experience I can say that “AIM Talk” is pretty worthless, especially compared to my positive encounters with Skype. This new “AIM Phoneline” will give AIM users an actual phone number which can be called like a regular number. Someone would dial the number, and the AIM user’s computer would ring, signifying an incoming call. AOL’s hope is that by giving this service away for free, they can lure users into signing up for the $14.95 a month subscription service which would allow calling outside phones from the computer. So incoming calls and the phone number are free, but outgoing calls will cost you. Skype offers “SkypeIn” which will hook you up with a phone number for around four dollars a month, and you get to pick your favorite number (if it is still available, of course). “SkypeOut” lets you make computer-to-landline/cell phone calls (you can also call internationally), and charges you by the minute. To make outgoing calls to US phones you’ll have to pay 2.1 cents a minute. For the AOL outgoing service to make sense, you’d have to talk online for almost 12 hours a month. The one advantage AOL has in this VOIP arms-race is the fact that they have around 61 million AIM users representing over half of the online chat market.

To me the Skype business model seems better, especially in an age where most people who have the internet also have cell phones, and would probably be unwilling to shell out another $14.95 a month on top of cell service and internet just to get the functionality of a phone from their computer. I know I sure wouldn’t pay for AIM Phoneline, but I have used SkypeOut to call internationally and it works pretty well.

Since this is my last post (and the last homework of my college career), I’d like to thank Prof. Felten along with everyone in the class for making this an enjoyable and interesting part of my week. Good luck with your finals…

This week I want to talk about a current issue that deals with privacy and the protection of personal information, two topics that we focused on in previous classes.  By the end of 2006, the State Department hopes that all newly issued passports will be “e-passports.”  The US is also pushing other countries to issue these electronic passports.  What makes the e-passport different is that it has an embedded RFID chip which holds the travelers identification information, including name, birthday, and digital picture.  This is the same technology that is used at tollbooths, such as the familiar EZ-Pass .

When the US issued the first e-passports in January 2006, they opened a big can of worms with civil liberties groups.  The ACLU fears that these e-passports will be abused as tracking devices to keep tabs on the whereabouts of travelers on certain watch lists.  I don’t think that this concern holds much water, because the government can already track travel habits just by looking at ticket records as it is.  What concerns me is not a fear of big brother-tactics by the government, but rather the theft of my personal information by someone “skimming” the information off of my EZ-pass(port). To demonstrate security flaws in the new technology, a Dutch security firm successfully intercepted and decoded information on an e-passport.

I think that e-passports could definitely speed up the line at customs, and they do make sense as the next step in the evolution of identification.  They do raise privacy questions. If we are going to require e-passports with RFID chips, why doesn’t the government just implant RFID chips into travelers?  I have heard of some systems that use RFID chips to identify pets. Certainly this same technology could be applied to humans.  Just think, you would never have to worry about losing your passport or forgetting it at home.  At the same time, however, you would have a microchip inside you that could still be skimmed, and this information could be used to program another chip which could then be implanted in someone else who just successfully stole your identity.  As technology continues to evolve, privacy concerns and identity theft become more and more commonplace.  As we’ve discussed, it is up to the individual to protect his or her personal information in the face of technological innovation.

I recently came across an article which describes how Westchester County in New York just passed a law to protect consumers from identity theft. County officials saw a growing trend of unprotected wireless networks popping up in local businesses, and many of these networks offered malicious hackers an easy way to get credit card numbers and other sensitive personal information about the businesses’ customers. The law specifies that any wireless networks which store financial information of consumers must use basic security measures such as firewalls or encryption, and they also must change the “default SSID” of the network so it isn’t such an easy target. With the proliferation wireless networks, hackers can sit outside businesses and collect valuable information during transactions which use these wireless networks.

Another important part of the law mandates that providers of wireless “hotspots,” such as those at hotels, Starbucks, or book stores put up signs which say “For your own protection and privacy, you are advised to install a firewall or other computer security measure when accessing the Internet.” While this doesn’t guarantee that consumers will heed this warning, it does, however, increase awareness about the risks of using these insecure wireless networks. Also, I think that these signs will make consumers more likely to approach the businesses that offer these hotspots and ask for protection on that side. Another benefit of these signs is that they might serve as some sort of deterrent against malicious identity thieves.

The county’s chief information officer estimated that installing the necessary security measures to comply with the new law would take less than one hour. Obviously this is a small price to pay to even marginally increase the security, protection, and confidence of the county’s consumers. The penalties for non-compliance, however, are not very steep and therefore it may be difficult to convince business-owners to change their practices. A first offense will get you a warning, while a third offense will only get you a $500 ticket.

I think that Westchester is taking a step in the right direction in the fight against identity theft; maybe this will set the tone for other counties around the United States.

Since tax season is upon us and tax day is right around the corner, I’d like to post about identity theft and fraud related to filing your tax return and getting your tax refund. I recently read an article about how email “phishing” scams are on the rise this tax season. In fact, these scams have exploded over 800% since last year, with the IRS reporting seven phishing schemes last year and 65 this year. These are not 65 cases of fraud, but rather 65 different scams that are targeting unsuspecting taxpayers by email. With the rise in popularity of e-filing (over 50% of taxpayers use online filing), many taxpayers are vulnerable to email scams – unsophisticated computer users might have the tendency to think that an email that says it is from the IRS probably is, just because they used the computer to file their return (perhaps after years of paper filing). The IRS cautions that they do not use email to communicate with taxpayers, and that any email claiming to be from the IRS is a phishing scam. They warn not to click on any links in the emails, warning that many of the fraudulent cites look almost identical to the legitimate sites – sometimes with the only difference being the clever camouflaging of the URL. The IRS website gives a list of things to look out for, and advice on protecting yourself. The article cites one case when the word “west” was spelled “vvest” in an address, and the rest of the site was a carbon copy of the real site. If you find a suspicious email in your inbox, the IRS urges you to forward it to phishing@irs.gov where they can work to shut down the fraudulent site and prevent any future fraud, if possible. The barriers to entry in the phishing game are very small because all you need is a computer and a list of email addresses. Furthermore, with many of these scams based out of the United States, it is hard for the IRS to stop the problem. Ultimately, the responsibility rests on the taxpayer to stay informed of the latest scams out there, and to avoid giving out their personal information. These phishing scams are just like other cases of identity theft which we have discussed, and the solution is still the same. Consumers must protect their personal information if they want to avoid getting burned.

This week I’d like to blog about some interesting stories related to real world problems that occurred as a result of gameplay in a virtual world. To some these stories might border on ridiculous, but to the people intimately involved, gameplay has actually had a significant effect on their real lives (here I’m talking about their lives away from the computer, because some of these gamers think their virtual life is actually real).

The first story I found in the “Second Live Herald” which is a blog that contains news stories from virtual worlds (not news stories about virtual worlds, but virtual news). A World of Warcraft (WoW) player died in real life so the members of his “guild” decided to hold a virtual funeral for him, because they were his closest real friends. The interesting part is that a competing guild saw this virtual funeral service as the perfect opportunity for an ambush (all within the spirit of the game) and they massacred the funeral guests (they “griefed” the grieving gamers). The attacking guild videotaped their offensive and set it to music which really angered many people, both members of the victimized guild as well as unaffiliated gamers who saw the attack as unethical, disgusting, and barbaric (as if someone had actually come to a real life funeral shooting up the place). To some gamers, these “avatars” are real people who deserve basic human rights and respect, even though in my opinion, the game is just a game.

The second story relates to ER’s April 5^th posting about gaming addiction – “Liability issues for gaming addiction – don’t hate the player, hate the game?” In 2002 in Wisconsin, a 21 year old Everquest gamer named Shawn Woolley shot himself after a long session of online gameplay. His mother believes that her son was driven to suicide by an online marriage proposal that was rejected. He was found in his apartment alone after having changed his online name to “I Love You.” To Shawn Woolley, his virtual life was more important to him than his real life. His mother started an organization called Online Gamers Anonymous to help those afflicted with gaming addiction, with the hope that she can stop other compulsive gamers from following in her son’s tragic footsteps.

This week I want to discuss another recent case of an investigation which used a popular social networking website to get leads. This story is of a much more serious nature, however, than the Princeton Buildering Society facebook.com group about which I blogged about last time. After a brutal sexual assault and robbery, Boulder Colorado police explored the victim’s myspace.com profile to look for leads. The assailants never thought that their profiles on myspace.com could incriminate them in this investigation. The victim met her attackers over myspace.com, and agreed to have the party at which she was attacked over the same social networking website. The article mentions that she didn’t even know their last names, yet she felt comfortable enough with their online personas to invite them to her home so that they could rape her and rob her house. What concerns me regarding this case, is the fact that just by being a member of a group on myspace.com or facebook.com one can become a leading suspect. I am not arguing that law enforcement officials shouldn’t use all the investigative tools available to them, but I am once again cautioning all you facebook.com and myspace.com users to “be careful who your friends are.” I am also worried that these networking websites are becoming proving grounds for predators, and that many unsuspecting users are setting themselves up to be victimized.

On a lighter note, while reading the news I found a couple of articles discussing people who broadcast their own radio stations with their own equipment (without regard to federal spectrum licensing regulations), similar to those we discussed in class a few weeks ago. These “pirate radio” stations have been interfering with communications between pilots and air traffic control. These amateur broadcasters satisfy the demand for music that isn’t played by the licensed radio stations because it doesn’t have the financial support of the major record labels who decide what gets played on the air. The article cites that between “nine and 20” unlicensed radio stations are broadcasting at any point in time in Miami, and also that these amateur broadcasters stay one step ahead of the authorities by changing their broadcasting locations and frequencies before they can be tracked down. I see this case as one in which regulation and licensing play positive roles because these rogue radio broadcasts affect the safety of airplane pilots and their passengers. One way for these “radio pirates” to expose the public to unknown artists and their music is to use the distribution capabilities of the internet, and not interfere with the safety of air travelers.

I’d like to follow up on my posting from last week concerning facebook.com by discussing two articles in today’s Daily Princetonian. I seem to have found the answer to my question of whether or not you could be “guilty by facebook.com association.” This week, you can add Princeton University to the long list of places that employ Big Brother tactics to police the student body.

According to this article, the Public Safety department has finally admitted to using facebook.com for investigations. In one case, all the members of a facebook.com group that claimed to enjoy scaling the walls of University buildings were called in by Public Safety officers. The group had posted pictures of themselves climbing on Princeton’s buildings, which is against University rules. There are two ways Big Brother could’ve found the pictures on the website – 1) a student with too much time on their hands first read the University’s “Rights, Rules, and Responsibilities” found the evidence, and then tattled on the offenders, or 2) the University has run out of worthwhile academic pursuits because they are wasting money paying trained Public Safety officers to surf facebook.com for hours to find pictures of students being students. I think the class will agree that the second option sounds a little more likely. Another incident that the article mentions is the case of a clever Public Safety officer who puts 2 and 2 together when he matches a facebook.com photo of a party to a room that had excessive garbage piled in the hallways. This way the proctor could identify students that were at the party. I suppose that with nothing better to do the proctor could spend many more hours matching up names with faces from the party-picture as he looked through every Princeton student’s profile on facebook.com. While all this does sound scary and shocking, it does highlight just how powerful the internet is, and reinforces the idea that people need to be careful with their personal information – the officer who is quoted in the article even says “We only get what people voluntarily put out there.”

The second article I’d like to highlight is a funny piece written as an “open letter” to facebook.com founder Mark Zuckerberg. The authors raise some interesting points. Now that high school students can join facebook.com (keep in mind some of these kids are only 14 – not exactly responsible adults) there is a real risk that these children will unknowingly post highly personal information that could be used to endanger them. The authors suggest that Zuckerberg should cover all his bases in terms of the potential liability surrounding high school use of his site. Half jokingly, the article says, “The high school facebook is the best thing to happen to sexual predators since lollipops and roofies…[Zuckerberg] just be thankful that high school facebook wasn’t around when Natalee Holloway went missing, or we’re pretty sure you’d have Greta Van Susteren all over your ass looking for an explanation.”

Anyway, It is now officially time to take down your pictures from facebook.com. Search your friends’ albums for objectionable pictures of you and demand they be removed (no matter how funny you think you are being in them).

See you in class.