Gravity is not the main obstacle for America’s space business. Government is

IN THE spring of 2006 Robert Bigelow needed to take a stand on a trip to Russia to keep a satellite off the floor. The stand was made of aluminium. It had a circular base and legs. It was, says the entrepreneur and head of Bigelow Aerospace in Nevada, “indistinguishable from a common coffee table”. Nonetheless, the American authorities told Mr Bigelow that this coffee table was part of a satellite assembly and so counted as a munition. During the trip it would have to be guarded by two security officers at all times.

Exporting technology has always presented a dilemma for America. The country leads the world in most technologies and some of these give it a military advantage. If export rules are too lax, foreign powers will be able to put American technology in their systems, or copy it. But if the rules are too tight, then it will stifle the industries that depend upon sales to create the next generation of technology.

It is a difficult balance to strike and critics charge that America has erred on the side of stifling. They claim that overly strict export controls have so damaged the space industry that America’s national security is now threatened by its dwindling leadership in space technology. The system, they complain, fails to distinguish between militarily sensitive hardware that should be controlled and widely available commercial technologies, such as lithium-ion batteries and solar cells. The zealous application of the export rules is the American space industry’s biggest handicap.

Staff promised to keep the phone safely until [the couple came to retrieve it].

However, after Philip Sherman retrieved the phone, his wife began receiving threatening calls and messages from strangers. This caused the Shermans’ to become suspicious about what had occurred with the phone.

Soon afterward the Shermans’ found the private photos that Tina Sherman had sent to her husband’s phone published on the Internet along with their names, address, and phone numbers. Pictures of Tina Sherman were altered to contain McDonald’s franchise logos, along with slogans such as, “I’m lovin’ it,” and “Hot as McDonald’s coffee.” The photos were located on several different sites online, but have since been removed.

The Shermans are suing for over 3 million dollars in damages, along with relocation costs.

Read the full article here.

This reality of the information age might be particularly stark for the president, but it's no less true for all of us. Conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was just assumed.

This has changed. We chat in e-mail, over SMS and IM, and on social networking websites like Facebook, MySpace, and LiveJournal. We blog and we Twitter. These conversations -- with friends, lovers, colleagues, members of our cabinet -- are not ephemeral; they leave their own electronic trails.

We know this intellectually, but we haven't truly internalized it. We type on, engrossed in conversation, forgetting we're being recorded and those recordings might come back to haunt us later.

Oliver North learned this, way back in 1987, when messages he thought he had deleted were saved by the White House PROFS system, and then subpoenaed in the Iran-Contra affair. Bill Gates learned this in 1998 when his conversational e-mails were provided to opposing counsel as part of the antitrust litigation discovery process. Mark Foley learned this in 2006 when his instant messages were saved and made public by the underage men he talked to. Paris Hilton learned this in 2005 when her cell phone account was hacked, and Sarah Palin learned it earlier this year when her Yahoo e-mail account was hacked. Someone in George W. Bush's administration learned this, and millions of e-mails went mysteriously and conveniently missing.

Ephemeral conversation is dying.

Cardinal Richelieu famously said, :If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all our ephemeral conversations can be saved for later examination, different rules have to apply. Conversation is not the same thing as correspondence. Words uttered in haste over morning coffee, whether spoken in a coffee shop or thumbed on a Blackberry, are not official pronouncements. Discussions in a meeting, whether held in a boardroom or a chat room, are not the same as answers at a press conference. And privacy isn't just about having something to hide; it has enormous value to democracy, liberty, and our basic humanity.

We can't turn back technology; electronic communications are here to stay and even our voice conversations are threatened. But as technology makes our conversations less ephemeral, we need laws to step in and safeguard ephemeral conversation. We need a comprehensive data privacy law, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and delete it as soon as it is no longer needed. Laws requiring ISPs to store e-mails and other personal communications are exactly what we don't need.

Rules pertaining to government need to be different, because of the power differential. Subjecting the president's communications to eventual public review increases liberty because it reduces the government's power with respect to the people. Subjecting our communications to government review decreases liberty because it reduces our power with respect to the government. The president, as well as other members of government, need some ability to converse ephemerally -- just as they're allowed to have unrecorded meetings and phone calls -- but more of their actions need to be subject to public scrutiny.

But laws can only go so far. Law or no law, when something is made public it's too late. And many of us like having complete records of all our e-mail at our fingertips; it's like our offline brains.

In the end, this is cultural.

The Internet is the greatest generation gap since rock and roll. We're now witnessing one aspect of that generation gap: the younger generation chats digitally, and the older generation treats those chats as written correspondence. Until our CEOs blog, our Congressmen Twitter, and our world leaders send each other LOLcats – until we have a Presidential election where both candidates have a complete history on social networking sites from before they were teenagers– we aren't fully an information age society.

When everyone leaves a public digital trail of their personal thoughts since birth, no one will think twice about it being there. Obama might be on the younger side of the generation gap, but the rules he's operating under were written by the older side. It will take another generation before society's tolerance for digital ephemera changes.

This essay previously appeared on The Wall Street Journal website (not the print newspaper), and is an update of something I wrote previously.

First, I enjoyed DeepSec conference and I am grateful for the invitation to speak there. I love European conferences – and not only for having infinitely (with that being an under-statement of the year) superior coffee during breaks :-)  In particular, I liked the audience for my presentation (slides will be posted here soon) and I think the audience liked my material and myself too :-)

What also impressed me a lot was Ivan Ristic speech, which was the second day keynote. He started by simply stating that ‘security industry has failed’ and that ‘a desktop is lost.’ His proof was in typical numbers like “75% of corporate systems are infected with at least 1 malware piece per system”, “1 million of malware types” and “25,000 unique malware samples a day seen.”  However, he then broadened the subject and talked about how not only “a trusted desktop” is gone, but the entire world of “trust everything [on a system], all the time” is gone (his ideas were similar to what I planned to present in my HITB 2008 presentation about “the 0wned world”)

I also like how he positioned all those “security user prompts” (in Vista and even before) as a proof that security technologies have failed and now we have to rely on the user to make security decisions (which will obviously fail as well since users are now fully conditioned to “see a chunk of technical mumbo-jumbo, then click OK”)

It was also interesting how he connected a lot of security failures to his “#1 reason: all programs run with all privileges of the user that runs them.”  In fact, he illustrated it by reminding the audience that “everybody runs untrusted code every day today [web browser + Javascript, etc] while nobody did this 30 years ago.”  He also beat up blackisting as an approach to security (but then again, everybody does it today :-)) - what was interesting that he opined that “we will spend the next 10 years proving that whitelisting will fail just as we spent previous 10 years proving that blacklisting fail.” His main point was that global “onslaught” of whitelisting and code signing will kill all sorts of useful things AND provide little security.

He then called for everybody to think about solving the hard, possibly non-sexy problems. This is the part where I could have used more details :-)

So, a fun speech (even though my telling of it is a bit jumbled… check out his slides whenever they are posted) – and a fun conference overall. Worth a 12 hour flight :-)

UPDATE:  @MYRCURIAL from the great site Liquidmatrix says that I need to post the following warning:

YOU MAY NOT WANT TO PROCESS THIS PRIOR TO YOUR 11TH CUP OF COFFEE

==================================

Carrying on from yesterday’s post a bit, I’m happy to admit that Chris’ poem is right: we don’t have nearly the information we need now when we’re supposed to have “control” over our assets, putting things in a hosted/asp/cloud/buzzword model ain’t going to help our quest for visibility. My intention was/is to show that you need visibility (in part one) and then today explain that unfortunately, that’s only half the picture.

Today’s follow-on is about the fact that whatever visibility we can contractually enforce (be it in the “cloud” or in our own perimeter) has to be informative (Amrit, this is why I was plugging you with those variance questions on Twitter yesterday).  That is, we can ask whatever IT department (ours, theirs, whomever) for all sorts of information, and maybe they’ll even give it to us.  But we’re not really ready to:

• Know what to ask for
• Use it to create wisdom

A really salient example of this from outside IT hit my browser this morning.  Now it’s not at all my intention to be political or endorse one candidate over another.  Those who know me know I’m fiercely independent.  But this morning there’s a headline on a well-read news website about how one candidate is now “+2″ over another in a Gallup poll of “likely voters”. The source is here.

That is a screen grab from Gallup’s website that shows the “+2″.   I have to ask - how informative is this information?  Part of the problem is that Gallup’s methods are hidden as some sort of “secret sauce” (their FAQ section doesn’t help much, either).  But regardless of the quality of the measurement, this “+2″ has no context - we don’t really know what this information means with regards to an actual election.  Nor is there any predictive element (I hate the using the word predictive, but it’s common nomenclature - so there you go).  We don’t have what we need from this Gallup poll to create wisdom about the ability of either candidate to be elected.

Allow me show you what I mean by way of contrast.  Take a look at Nate Silver’s work at http://www.fivethirtyeight.com/.  Now I’ve been long familiar with Nate due to his work in baseball.  He’s been at these sorts of ‘predictive’ analytics around our shared passion: creating wisdom from baseball statistics.

What Nate is doing at 538 is applying that acumen from his baseball work to the political process.  He’s breaking down the vote not just on popularity among likely voters, but in the context of the electoral college, accounting for variance and uncertainty, running Monte Carlo simulations and taking into account all sorts of polling information.  The result is really quite amazing. Here’s just one graph he presents - it’s the most similar to the Gallup one above, but you should really visit the site to understand the difference in quality of information and to check out the predictive elements he creates.

NOT ALL INFORMATION IS CREATED EQUAL, AND NOT ALL  JUDGMENTS ARE CREATED EQUALLY

And take a look at the contrast, here:

On one hand you have Gallup giving us a “+2″ advantage to a particular candidate.  Now Gallup themselves draws no conclusion but, as digested, how many readers do you think take this as evidence that the election is *really* close?

On the other hand, 538’s predictions show a 348/189 electoral college split, and one candidate winning 96% of the time in simulated elections.  That doesn’t seem close at all!

RISK MANAGEMENT

It is these predictive elements that we need in order to make better strategy and decisions.  I’ve been talking in the past about risk management’s inability to link current state to systemic causes, and this “context” is what predictive analytics provide.  We might have all sorts of visibility into our environment, and measurement of various amounts of variability that visibility gives us. But unless we have context to create wisdom, it’s all just, as Chris says, “machinations”.  We have to move beyond “+2″.

So Cloud/Grid/Utility/ASP/TimeShare/Whatever you want to call it - security will have to clean up our own mess first before we can do a good job with or without a perimeter.  Once we can start moving beyond “+2″ statements, then we can know what sort of visibility we require into an ability to Prevent, Detect, and Respond.

You'll have to pardon me this morning if the round-up seems a bit off. I'm still a little stunned at the spectacle of an arena full of (seemingly sober and sane) adults chanting, "Drill, baby, drill".

So let's see, what's in the news? Well, last night Republicans trotted out a Massachusetts venture capitalist and governor, the former mayor of New York City, former executives of eBay and HP, and an Alaskan neophyte pol who as mayor of a small town delivered $4,000 in federal pork for every man, woman, and child, in railing against coastal elites and Washington politics, while supporting a candidate who's been in the Senate for 26 years.

Fourth US airline to go Wi-Fi: Aircell says they have a fourth airline--after American, Delta, and Virgin America--on board for its in-flight Wi-Fi service. The aerial broadband provider's latest partner will be announced soon. Aircell's service went live in 15 American Airlines planes two weeks ago, and there's been a surprising lack of reporting from regular travelers or journalists since the big splash at the launch.

Microsoft, two universities research methods for better Wi-Fi handoff for vehicles: The researchers developed a method they call Vi-Fi, writes the Seattle Post-Intelligencer's Todd Bishop, which allows a system to maintain connections with several base stations at once, using a primary access point for traffic until a discontinuity is predicted or encountered. This allows seamless handoffs and continuous voice conversations.

Speaking of autos and Wi-Fi, concerns raised about Chrysler's in-car Wi-Fi option: Randall Stross wrote nearly two weeks ago in The New York Times about the problem of distraction. With the Internet at your fingertips, can you restrain yourself? The only problem with the humorous and accurate analysis is that millions of business travelers have 3G access via laptop cards already, so you'd think we'd already be seeing the bad effects of automotive area networks.

A Wi-Fi booster can't post availability signs on highway: The Nebraska town of Louisville has free Wi-Fi downtown, and wanted to post "Visitor Wi-Fi" on a highway sign as another amenity. The state highway department has a policy that doesn't allow the promotion of Wi-Fi, because they believe they'd be inundated. A resident who runs a local Internet firm installed his own signs on the highway; the roads department removed them; he remounted them; they were removed again. The idea of zoning and mounting a billboard apparently hasn't come to the city officials' minds (or perhaps they're prohibited).

The folks spreading misinformation about Wi-Fi health effects cause Ulster school to disable network: I can understand why non-technical folks might think that Wi-Fi has been proven to be unsafe, given the kind of information that's available on the Internet about wireless safety. While there are ongoing studies about the safety of cellular signals--and I'm convinced at this point there's no increased risk to an adult's health by using a cell phone--there is no specific and credible research linked to Wi-Fi, which broadcasts signals at a far lower level than a cell phone, most of the time in most uses.

Washington state shuts down rest-area Wi-Fi: The $3 for 15 minutes, $7 per day, or $30 per month Wi-Fi service at 28 of Washington's 42 rest areas has been turned off after a year for lack of use. Figures. The fees charged by Parsons and Road Connect aren't unreasonable for a nationally scoped plan, but are ridiculous for limited use. States should either bite the bullet and offer these service for free, partner with national roaming operators who can resell service into large networks of business travelers, or use ads to support the service. Highways in remote areas can typically pick up cell data networks, and ongoing costs should be minimal to operate such networks.

IEEE approves fast-roaming standard, 802.11r: This new standard is designed to improve the handoff of devices between base stations. This is accomplished in part by allowing base stations to communicate security and quality of service information so that a VoIP over WLAN phone can immediately reassociate without the delay of authentication and other handshaking.

Denver airport sees 7,000 connections on a single day last week due to Democratic National Convention: FreeFi released the usage figures recently to show how their service is operating. The network started with about 600 daily users when the switchover from fee to free happened 10 months ago, and now carries about 3,500 daily connections.

Coffee Bean & Tea Leaf goes free: The chain of about 700 cafes will have free Wi-Fi installed by now in all its company-owned stores (about 300).