Those nasty hackers (crackers?) aren't the real problem

Just about everybody, including me, seems to think that hackers (or, more accurately in my estimation, "crackers") are responsible for most of the data loss. Well, that may not be the case—at least according to research from the University of Washington. That's the school that's a few miles south on I-5 from Microsoft.

Phil Howard, an assistant professor of communication at the University of Washington, says that by the end of 2007, the 2 billionth personal record will have been compromised. By personal record, he means a Social Security number or a credit card number, academic grades, or someone's medical history. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million records a month in 2007, up some 200,000 a month from last year.

Allow me to define a couple of terms here: Hacker and cracker. It's probably a losing battle, but I still consider the term "hacker" to be one of honor. "Crackers" are the ones who raid computers to steal information. Think of "safe cracker" and you'll understand the term. I will use "cracker" where Howard uses "hacker" because I believe the distinction still matters.

Howard bases his projections on a review of breached-record incidents as reported in major US news media from 1980 to 2006. The total through last year stood at 1.9 billion, about 9 records per American adult. The report, co-authored with Kris Erickson, a University of Washington geography doctoral student, will appear in the July edition of the Journal of Computer-Mediated Communication. And if you want the bad news, Howard says his numbers are conservative.

The researchers avoided counting reports of a single incident more than once. Howard believes similar incidents took place, but went un-reported or under-reported before 2003, when California's pioneering Notice of Security Breach law took effect. That is a safe supposition because companies are loath to announce such events because of the legal culpability they might face.

But it's not crackers most of the time

Howard and Erickson say that crackers are responsible for only 31 percent of 550 confirmed incidents between 1980 and 2006 while 60 percent were attributable to organizational mismanagement (missing or stolen hardware, for example). The cause of the remaining 9 percent was undetermined.

A single incident in 2003 involved 1.6 billion records held by Acxiom, an Arkansas-based company that stores personal, financial, and corporate data. That is by far the largest event to date. In that case, the offender controlled a company that did business with Acxiom and had permission to access some files on Acxiom's servers. Prosecutors say that he plundered other records and then tried to conceal the theft.

When viewed in terms of the number of reported incidents, 3 of 5 are the result of "organizational malfeasance of some variety," including missing or stolen hardware, insider abuse or theft, administrative error, or accidentally exposing data online, Howard and Erickson found.

Thanks to the mandatory reporting process established by California, "We've actually been able to get a much better snapshot of the spectrum of privacy violations," Howard said. "And the surprising part is how much [many] of those violations are organizationally prompted—they're not about lone wolf hackers [crackers!] doing their thing with malicious intent."

Corporate America, says Howard, would prefer to let "market forces"—factors such as negative publicity and expenses generated by data loss—take care of the problem. But with identity theft listed as the fastest-growing crime in the United States, he says market forces are unlikely to be sufficient. The federal government has dropped the ball, says Howard, but it appears that the states are stepping up to fill the regulatory void.

The Internet Past, Present, and Future

"The Internet wasn’t developed to be a dangerous place." Andy Marken, a west coast public relations guy said that during an online conversation. I asked for permission to quote him. The Internet was once an innocent place. If you doubt that, take a look at the program logic of SENDMAIL when you have time. The application that handled the Internet's e-mail when it was still ARPA-NET still handles most of today's e-mail, but SENDMAIL has no security. None. That's one of the reasons spam continues to be a huge problem, but the developers of SENDMAIL were working on a closed network and they assumed senders would be honorable. The Internet was not developed with today's users in mind.

"It wasn’t developed for spammers/scammers, which Australia-based Marshal's Threat Research and Content Engineering Team estimates will represent up to 90% of the email by the end of the year," says Marken. It wasn’t developed for you to buy and sell things, or for YouTube-based viral ads, or to allow unfettered sharing of music.

Marken says most of the folks who now want to make huge bucks off Web 2.0 never waded through the difficulty of CompuServe. And he remembers when only the “real” members of the press had addresses at The Well. None of these folks ever thought that the network of networks would have so many cannibals ready to have them for lunch!

You know that the Internet started by connecting research institutions and college campuses; then companies with large budgets were able to get hooked up; eventually anyone could get on for a few bucks per month. And there's no going back. In the 1940s, people said television was a fad. In the late 1980s, they said the Internet was a fad. People also thought that automobiles and the telephone were fads. Individually, some of us are smart; collectively, we're pretty dumb.

Despite the troublemakers who spread spam, viruses, worms, and such, there are more of us than them and every day we're doing more business, gaining information, and being entertained via the Internet. (Is now a good time to point out that Al Gore didn't invent the Internet and never claimed to? Only the Rush Limbaughs of the world continue to peddle that antique canard.)

Why the Internet is so popular and so important

Originally envisioned as a way to improve information exchange between campuses and research institutes, the Internet turned out to make it possible for businesses to flatten the organization and communicate better, internally and externally. Twenty years ago, an employee would have had a hard time getting a message to the CEO of even a small company. Today it's not uncommon for CEOs to read e-mail from all levels of the company.

Creative people use the pipes and technology for commerce, music, and TV. Record labels are dying but independent musicians see the Internet as the best possible advertising medium. They make their money at live concerts.

Andy Marken says, based on research by Mindshare, "Young people have been raised on the Internet and can’t imagine a world without its instant connectivity. It is used for personal and business communications. It's the first place we go for information, music, photos, video, and data."

Monetizing the Internet

People raised on the Internet expect it to be free. Stewart Brand at the first Hackers’ Conference in 1984 spelled out the dilemma that remains a battleground even today: "On the one hand information wants to be expensive, because it's so valuable. The right information in the right place just changes your life. On the other hand, information wants to be free, because the cost of getting it out is getting lower and lower all the time. So you have these two fighting against each other."

But free isn’t an option, says Marken. Not in our free enterprise world. "Especially if really expect personalized entertainment to be the new frontier."

IPTV (also known as video on demand) is a good way to watch what you want, where you want, and when you want. Producing that stuff takes time, effort, and money even if you distribute it on YouTube or MySpace. Broadband is almost universally available in most countries. In Iceland, almost 1 in 3 inhabitants is a high-speed Internet subscriber. Assume 2 to 3 people per family and you'll see that 60 to 90 percent of the population has a high-speed connection. In the US, it's around 20 of every 100, which puts high-speed penetration at 40 to 60 percent. The lowest rate in the developed world, down around 2 percent, is in Greece.

Dark fiber

That's the term used to describe fiber optic cable that's been installed but is still waiting to be used. In the US and Canada, there is enough dark fiber in the ground to handle the most aggressive video demand growth—including HighDef—to homes. One trouble is that the final few feet—from the pole to your home or within the home—still needs work.

The Internet has delivered on its initial promise of allowing anyone, anywhere to connect for business, information, education, and entertainment. The challenge for most organizations, especially sellers reaching out to buyers, is delivering information and content that can be monetized without being stolen.

Digital Rights Management is not the answer and that has been my opinion from the beginning. Marken puts it this way: "As quickly as a new and better DRM solution is unveiled, another kid cracks it and offers the picklocks to the world. The minority who feel they deserve everything free will steal."

Marken and I differ a bit here. First, it's not always kids. But we agree that the minority who feel they deserve everything free will steal. Key word: Minority. Most people are willing to pay fair prices. Fair prices. Fair. Not $90 for a DVD, which is what Hollywood originally felt was fair. Not $20 for a CD. You're never going to straighten out the crooked, so it's better to educate the honest and price your wares fairly and competitively.

The future is all wet

One problem we need to solve is maintaining connectivity around the globe. If you haven't looked at one recently, take a look now. A flat map is OK, if that's all you have, but a globe tells the story better. Look at all the water. You can't put wires on poles in the water. You can't bury cable in the water. Well, you can, but only if you do it on the bottom of the ocean and, in some cases, the bottom is a long way down.

The Pacific Basin is surrounded by a "ring of fire." It's an unstable underwater land mass that is constantly shifting. That's where there are hundreds of small, fragile fiber-optic cables. It's expensive to put there. It's expensive to monitor. And it's expensive to repair when something goes wrong.

Remember the underwater earthquake a few months ago that severed some of the lines in Asia? Life and business continued, but it was inconvenient because communications were delayed or lost.

What does this mean for the future? It means that we'll be paying for bandwidth and reliability. The jury is out at the moment on whether that can be done while maintaining "Net Neutrality".

Nerdly News

Maybe they waited a day because if they'd announced it on April 1,
nobody would have believed it

Apple and EMI announced this week that EMI will begin selling all of its music through the Itunes Store without digital rights management (DRM) code. All of the unprotected tracks will be available starting in May. Instead of 99 cents, the tracks will sell for $1.29 and customers who purchased DRM-protected tracks will be able to upgrade those tracks by paying an additional 30 cents.

The quality of DRM-free tracks will be higher, too—256Kbps instead of 128Kbps. EMI CEO Eric Nicoli said, "We believe that offering consumers the opportunity to buy higher quality tracks and listen to them on the device or platform of their choice will boost sales of digital music." DRM-protected lower-bitrate files will continue to be available for 99 cents.

The change from Apple's flat-rate pricing makes it possible for other artists to set specific prices for their tracks and the even better news for consumers is that EMI's bold (for a record company) move may pressure other labels to drop DRM. Remember when most software was copy protected? Now most isn't, although some does require activation. The circumstances aren't entirely parallel, but there are similarities.

Several weeks ago, Steve Jobs said that if DRM requirements were removed, "the music industry might experience an influx of new companies willing to invest in innovative new stores and players." Of course, there's already a lot of high-bitrate non-DRM music available online. CDs are mostly free of DRM and easy to convert.

ICANN: .xxx porn top-level domain still dead

ICANN, the Internet Corporation for Assigned Names and Numbers, is again refusing to establish an "xxx" top-level domain to be used for pornography. Porn merchants and porn fighters are on the same side. Porn merchants don't want it because it would segregate their businesses to what would essentially be a red-light district. Anti-porn forces don't want it because it would "send the wrong message". What's more important, action or symbolism? Talk about being "symbol minded"!

If porn sites were relegated to xxx domains, they would be easy to find. But they would also be easy to block. For the anti-porn folks, I have this message: Pornography has been around for a long time. It's here to stay. It will not go away anytime soon. If you want to protect children from porn on the Internet, the best way to do it is to be adult about porn and admit that it exists. Create a specific red-light domain and then block that top-level domain from your computers.

ICANN chairman Vint Cerf stunned an open meeting of the governmental advisory committee in Vancouver recently when he announced that ICANN would not set up the xxx top-level domain. Most of us thought that the red-light district had been given a green light.

Why? One theory suggests that the US government intervened but doesn't want to be seen as the hand behind the puppet. The US government retains unilateral control of the Internet but claims never to use use it. Yep. And I still believe in the Easter Bunny, the tooth fairy, Chickenman, and Santa Claus.

This is the only ad you'll ever see on this site. It's for my website host, BlueHost in Orem, Utah. Over the past several years, they have proven to be honest, reliable, and progressive. If you need to host a website, please click the banner below to see what BlueHost has to offer.

TechByter Worldwide receives a small advertising payment for each new client that signs up with BlueHost but I would make the same recommendation even if the affiliate program didn't exist. (If you don't see a banner ad above and you would like to know more, this link takes you to BlueHost.)