June 2002

Real World
Web-wide World
Wired World
Wireless World
Hard World
Soft World

Real World

  • The main IT story of the week was, of course, the Government backtracking on its attempt to allow everyone and her husband free access to a host of our personal communications data. Just for fun, let's take the time to retread the path taken by the controversy.

    Back in the year 2000 the Government passed, under a good deal of criticism, the Regulation of Investigatory Powers Act (RIPA). One effect of this law was to give to various official people the power to access telecommunications 'traffic data' without having to get a court order.

    To expand on this point: traffic data comprises all the information available about a communications event if you strip out the content of the communication - so, for instance, it includes the addresses of the websites you visit, the location of your mobile phone, the telephone numbers you ring, the addresses you send email to, etc. The RIPA initially allowed easy access to this traffic data to folk like the police, the intelligence agencies, etc. (who were only supposed to access the data on important grounds like national security, public health, tax-collection, crime-detection, etc). But on top of the given list of officials granted access to traffic data, the RIPA also allows for new additions given 'an order made by the Secretary of State'. Such orders are subject to parliamentary oversight, but much less so than the passage of new acts of parliament. In any case, what kicked off the fuss was just such an order.

    According to the proposed order, the list of people able to access traffic data was to be extended to include, amongst others: councils; district councils; fire authorities; the Food Standards agency; the The United Kingdom Atomic Energy Authority Constabulary; and the post office (ie. 'Consignia', or whatever it's calling itself this week). No justification was offered for these inclusions, and people were left scratching their heads as to why the Food Standards Agency, for instance, needs to know the position of people's mobile phones and the addresses of their favourite websites.

    The negative reaction to the proposed order grew rapidly, initially across the Internet, and then taken up by the general media. Within a short time people were organised to send faxes and emails to their local MPs, and opposition politicians were jumping on the bandwagon. But before the tide of righteous indignation had grown much beyond a mild swell, David Blunkett spoiled everybody's fun by announcing that he had seen the error of his ways. Or at least, he announced a moratorium for further debate, which was generally taken to be a U-turn.

    This may not, however, be the end of the story. The Stand website (http://www.stand.org.uk/) has covered the issue from the start, and has joined other commentators in noting an odd response by Home Office minister Bob Ainsworth during the height of the frenzy, in which he seemed to claim that the criticisms of the order were misguided because the various bodies *already had the powers in question*. And it turns out under furth investigation (see http://www.stand.org.uk/privacy/isp1.html) that in restricted cases this is true; some such powers have been slipped into other legislation without anyone noticing. So, for instance, a Trading Standards Officer is currently able to get at traffic data on the basis of the Consumer Protection Act.

    This doesn't mean that the whole RIPA order episode was pointless, however. The effect of the RIPA would have been to extend and broaden the powers of access to traffic data, and so it is a genuine victory to have defeated the proposals. The worry now is that the Government will attempt to sneak these powers in in some other way - although perhaps its forthcoming attempt to introduce identity cards will keep it happy on the whole erosion of civil liberties front.
  • On a related topic, an umbrella group called 'European Digital Rights' has just set itself up - see http://www.edri.org/. This takes membership from "10 privacy and civil rights organisations from 7 different countries in the European Union." There are no details yet of any plans, but we wait with interest.
  • If you're buying items online in the UK, be aware that the Distance Selling Regulations apply. For most goods this gives you a 'cooling-off' period of seven working days, during which you can cancel the contract and get your money back. Furthermore, the Office of Fair Trading has recently enforced its view (on Amazon.co.uk and BOL.com) that whatever you paid in postage and packing (although not the costs of returning the goods) should be included in your recompense.
  • Oh, and a number of huge American new tech. companies were discovered this month to have vastly inflated their apparent worth via overly-creative accounting. Among the consequences of these revelations have been stock-market slumps and articles proclaiming the end of the US business hegemony. Apparently it couldn't happen over here because of the civilising effect of cricket.

Web-Wide World

Wired World

  • Most people have administrative access to their home computers. They can decide what gets installed and run on those computers, and they have access to all of the files stored on them (including the ripped audio files that they downloaded from Napster back in the day).

    At work, on the other hand, most people outside the IT department don't have administrative privileges. After logging on to the network their actions are subject to controlled authorisation; some files they can view, others they can amend, and others are just closed to them.

    With future Microsoft Operating Systems, however, you may well lose some of the administrative privileges you currently enjoy on your home computer. The plan is to incorporate into these OSs an element called 'Palladium'. This will provide an area on your computer in which all data is held in an encrypted format specific to your machine. If Palladium thinks that you have the right to view this data then it will yield it up to you, but it will make this decision based on policies stored with the data, not on your user status.

    One clear example of Palladium's intended use is for Digital Rights Management. For instance, you might download a trial audio track from a music company's website, and then only be able to listen to it once. Or Microsoft might decide that future editions of Word will be licenced for a year only, after which point they will fail to run.

    Evading the protection provided by Palladium will be hard-to-impossible, because the underlying cryptographic procedures will be part of the computer's hardware, written into the Central Processing Unit. We can be fairly sure that this hardware will be forthcoming, since AMD and Intel have been on board for a while (see http://www.trustedcomputing.org/, the homepage of the Trusted Computing Platform Alliance (TCPA), on which Palladium is based).

    Microsoft announced Palladium by getting a hagiographic piece written at Newsweek (see http://www.msnbc.com/news/770511.asp?0si=-). The spin in this piece is that Palladium is part of Microsoft's recently announced war on insecure systems. For instance, Palladium not only 'Stops viruses and worms', but also 'Cans spam'. The fact that it would do this by code-signing, which has been around for ages, doesn't seem pertinent. Nor the fact that many viruses and worms take advantage of programs which would anyway be given rights to run (to take examples at random, Microsoft Word, Microsoft Outlook...).

    And even if it did successfully eliminate viruses and worms, Palladium might still prove worse than that which it cured. Basically, it would set up a Microsoft-based tollbooth through which all your data would have to flow (we can safely assume that the part of your computer dedicated to Palladium would expand to 100 percent once it got a toe-hold). And then you would have to rely on the good will of convicted monopolist Microsoft for every purpose that you wanted to use your computer.

    According to Ross Anderson of Cambridge University, who has written a useful FAQ on Palladium (see http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html),

    "TCPA and Palladium do not so much provide security for the user, but for the PC vendor, the software supplier, and the content industry. They do not add value for the user. Rather, they destroy it, by constraining what you can do with your PC - in order to enable application and service vendors to extract more money from you."

    A further worry is the effect that Palladium could have on free-software projects. These projects are generally covered by the Gnu Public Licence (GPL), which grants everyone rights to access and amend the projects' source code (and requires such amendments themselves to be released under the GPL). The idea behind the GPL is that anyone can tinker with GPL'd programs as they please, but can't then exploit them for commercial purposes by incorporating them into saleable products.

    Palladium, however, offers a way to restrict the freedoms offered by the GPL. For suppose that you release a piece of code under the GPL but lock it with Palladium. Then if someone else tinkers with it there is no guarantee that they'll be able to execute the result - their computer might just refuse them that right. In order to get it to run, they may have to buy certification, thus making the software less than free (in the monetary sense as well as the rights sense).
  • There have been a number of KaZaA-related stories recently, which we haven't reported on. So, here's a quick roundup as to what's been happening.

    KaZaA is a peer-to-peer file sharing system a little like Napster, except that it doesn't have the same reliance upon Napster's central file searching databases. Instead, at any time any of the (more powerful) computers that have KaZaA installed, and are online, can be coopted into such a role. In principle this should have provided protection from the kind of legal attacks that scuttled Napster, but KaZaA.com, the creator of KaZaA, has now been forced into shutting down on the basis of what it describes as 'Rambo-style litigation' from the kind of big entertainment businesses that shut down Napster.

    (This 'Rambo' quote is from an Associated Press report, but on second thoughts it doesn't seem all that apt. I mean, in the first Rambo flick the hero took to the forest to fight a one-man war against a vast array of state police, which doesn't really provide an illuminating analogue for the legal opposition ot KaZaA, unless they're being defeated by just one lawyer whom they can't see because of his camoflage skills. But we digress).

    This doesn't mean that the KaZaA network is closing down, however. It is now under new management, and has come up with an interesting way of making money. Inserted now into the peer-to-peer content available over KaZaA is commercial content from a company called AltNet, whose files are now returned at the top of searches. At present these commercial files are held on dedicated computers, but the eventual plan is to provide incentives for the numerous ordinary users to make disk space available for the AltNet content.

    KaZaA hasn't gained many friends from the way it distributed the software to enable AltNet, however; it just sent it out with the KaZaA binary without telling anyone and giving them the chance to refuse it. Furthermore, there have been a number of worms recently aimed squarely at KaZaA users, and a decent percentage of the files available for download are reportedly dirty. So if you really want to use KaZaA we suggest that you put worries about sneakware firmly to the back of your mind and make sure that your virus protection is really tight.

Wireless World

  • In a widely trailed move, the Government this month updated the Wireless Telegraphy Act to allow the commercial provision of public 802.11b ('wi-fi') wireless networks. BT immediately announced the provision of several pilot areas - 'BT Openzones' - to be served by these networks. It plans to have twenty zones up and running by August 1st, at which point we'll return to the story.
  • Perhaps the author of this item is just a wide-eyed ingenue, but he was shocked to his innocent core to discover that you can be charged for *receiving* phone calls on mobiles when abroad and roaming on different networks. It seems that the other members of the Softsteel team were already cooly aware of this fact, but still. Receiving calls. Can't be right. Anyway, there's some top tips about this at http://www.oftel.gov.uk/publications/mobile/roam1101.htm.

Hard World

  • Sorry, no hardware-related stories this month, due to excessive World Cup watching.

Soft World

  • Microsoft has made available a free ASP.NET development tool (for Windows 2000 and XP) called 'Web Matrix', currently available at http://www.asp.net/. We haven't assessed it yet, but we'll let you know what we think of it when we do. And should you be in need of a reason for trying it out, we note a recent article from IT Analysis - see: http://www.it-analysis.com/article.php?id=2270 - suggesting that there has been a big increase in 'web-native ASPs' (where ASP here stands for Application Service Providers, rather than Active Server Pages, and 'web-native' means that they serve up applications to run in your browser, not on your desktop).
  • Although - following on from the above - we note that Sun has recently introduced the idea of 'Java Web Start' applications, which are programs served up to your computer like browser applets, but which run on the desktop instead of in your browser. The main difference between these programs and standard Java executables is that the web-starters come with version control: when you run previously downloaded programs they check first over the Internet for updated versions, and preferentially download these. There is a prima facie worry here about security problems (as with the automated Windows update mechanism), but Java is pretty good about running processes in a sandbox to keep them away from any important internals.
  • The seminal open-source browser Mozilla has finally been released in a stable version 1.0. Famed for overrunning, the Mozilla project wasn't done any favours by Netscape 6.0 incorporating an early and not too great version of its Gecko rendering engine. Mozilla is apparently better, but to us it still has a somewhat clunky feel as opposed to the other main threat to Internet Explorer, Opera.

    The unique (non-)selling point of Mozilla is that it claims to be more standards compliant than the alternatives, and fully supports a veritable alphabet of protocols, such as: HTML 4.0, XML 1.0, RDF, CSS1, DOM1, SOAP 1.1, XSLT, and XPath 1.0 (as well as some that we aren't at all familiar with). Because of all this technology support, Mozilla's hope is that it will be adopted as a platform for application development rather than simply as another web browser. To further this aim, Mozilla provides an XML-based specification language (XUL) for building windows, menus etc. Downloads and more information about all this is available (if not particuarly well signposted) at: http://www.mozilla.org/.

Link Building Information