Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

November 11 2011

Publishing News: The standards of aggregation

Here are a few stories that caught my eye in the publishing space this week.

Jim Romenesko and the standards of aggregation

Quote.pngIn a bizarre turn of events, Jim Romenesko, the renowned blogger at Poynter who was on the brink of retirement, quit his post after Poynter ran a story about attribution inconsistencies in his writing — 12 years into his blog.

The Poynter post states:

Though information sources have always been displayed prominently in Jim's posts and are always linked at least once (often multiple times), too many of those posts also included the original author's verbatim language without containing his or her words in quotation marks, as they should have.

Calling Romenesko out raised eyebrows and ire. No one ever thought Romenesko was trying to take credit for others' work, but then again, some argue that aggregation should be held to journalistic standards. This is a much larger question than it may appear on the surface. Felix Salmon over at Reuters has a nice analysis on the issue and points out, "[Poynter's Julie] Moos is using the standards of original journalism, here, to judge a blogger who was never about original journalism." (He's referring to Moos' original post about the offending attribution errors and Poynter's guidelines.)

So, does aggregation require a new set of rules and standards, or should the traditional journalism guidelines apply? Please share your thoughts in the comments.

Kobo gets new owners — and perhaps a larger playing field

Kobo.pngProbably the biggest industry news this week was the sale of Kobo to Japanese e-retailer Rakuten. The deal was summed up nicely in an All Things Digital headline: "The Amazon of Japan Buys the Kindle of Canada."

For Indigo, the majority shareholder in Kobo, the sale was about refocusing its core business. Brand strategist Anthony Campbell told the Globe and Mail:

Taking on Apple and Amazon and Google isn't just a distraction, it puts Indigo in a position where the brand would completely lose focus. By maintaining its focus, Indigo's better prepared to take on the likes of Target and other retailers who are trying to corner the lifestyle space.

For Kobo and Rakuten, the acquisition means expansion — for Kobo, geographic expansion; for Rakuten, market expansion. Michael Serbinis, Kobo's CEO, told the Wall Street Journal: "This is not a one-country game. Two-thirds of the book market is outside North America. We're going into countries where we will be No. 1." And according to All Things Digital, "[Rakuten] said the acquisition of Kobo will assist the company in its move to provide downloadable media to consumers, starting with e-books." Perhaps it won't be long before the "Japanese Amazon" is making a major play against the U.S. Amazon.

For more on the situation, there's a nice Q&A over at Canadian Business with Serbinis and Indigo CEO Heather Reisman about the sale and what comes next for both companies.

BISG study highlights the growth of ereading

BISGStudyCover.jpgThe Book Industry Study Group (BISG) is getting ready to release results from a new study that show the rapid growth of ereading. Highlights from the final survey in volume two of the "Consumer Attitudes Toward E-Book Reading" report include:

  • "... nearly 50% of print book consumers who have also acquired an e-book in the past 18 months would wait up to three months for the e-version of a book from a favorite author, rather than immediately read it in print."
  • " continues to be the preferred source for ebook acquisition (holding steady at 70%) and ebook information (44%). Barnes & Noble comes in second at 26%, with Apple in third."
  • "... although the cost of e-reading devices remains a reported concern, the single most popular answer to the question of what hinders respondents from reading more e-books was "nothing" at 33% (up from 17.6% a year ago)"

The full report is available for pre-order now. It will be published on November 21.

TOC NY 2012 — O'Reilly's TOC Conference, being held Feb. 13-15, 2012 in New York City, is where the publishing and tech industries converge. Practitioners and executives from both camps will share what they've learned and join together to navigate publishing's ongoing transformation.

Register to attend TOC 2012


November 29 2010

Susan Landau explores Internet security and the attribution problem

Susan Landau gave a talk at Harvard today on her latest policy work on
cybersecurity. Landau is a noted privacy advocate whose public
advocacy work goes back to the crypto wars of the 1990s. Together with
the renowned Whitfield Diffie, she wrote

Privacy on the Line: the Politics of Wiretapping and Encryption
and she's about to release a new book,

Surveillance or Security? The Risks Posed by New Wiretapping Technologies
She didn't have far to travel to deliver her talk today, because she's currently a

Radcliffe fellow
. The audience, mostly of Harvard CS students and
postdocs, was appropriately prepped to follow her through cramped and
twisting paths of tech policy.

You'd expect a researcher of Landau's experience to tackle
increasingly difficult problems, and her outline of her current
research certainly fits the expectation. The trigger for this research
is the call by many people, ranging from computer scientists working
on core networking protocols to members of Congress, for an Internet
where people can be tracked. This is called attribution, and
it means that I can be found if I place a threatening anonymous
comment on a blog, or download illegal pornographic material, or
release a virus that places identity-stealing software on ten thousand
computer systems.

The parameters of attribution

A lot of attribution can already be done already. A warrant from law
enforcement or a simple request from the RIAA can force ISPs to
surrender information on who used a particular IP address at a
particular time. ISPs keep this information for a period of time, and
even Internet cafes or public libraries could do this too.

People with a bit of sophistication can evade attribution, though. The
virus that's causing your computer to send out spam or launch a
distributed Denial-of-Service attack may have been placed there
through an unwise visit to a web site years earlier. Security breaches
that pass through multiple systems are called "multi-stage"
attributions problems by Landau. Proxy servers used by people in
countries that block web traffic, and onion routing networks used by
people sending anonymous email, complicate the security picture too.

Attribution, like the whole larger area of cybersecurity, occupies an
ethical hall of mirror where no one's true position is easy to
determine. Obviously, what I consider a crime that I have to uncover
is considered by my quarry to be a liberating act that calls for
protection. We can't let the RIAA find copyright infringers or help
the FBI trace terrorist networks without letting China and Saudi
Arabia arrest online protesters.

Landau rhetorically asked why the United States has not proposed a
cybersecurity, anti-hacking treaty, and answered by suggesting that
the NSA has been engaging in its own cyber-break-ins for a couple
decades. The view of international cybersecurity she laid out, and
that I've read about elsewhere, is quite a jungle. Numerous actors of
varying intent and with varying relationships to the law move in and
out of favor with various governments. Governments spy on companies
for commercial advantage and help companies spy on foreign companies.
Everybody wants just enough security to keep trust in the Internet
from collapsing, without losing competitive advantage in the hacking

Attribution lies at many levels. For some attacks, Landau says, we
need to know only which machine has launched it. Other attacks need to
be tied to a person, and still others to entities such as corporations
or governments.

Landau's recommendations, and reactions

In this kind of fast-shifting environment with so many competing
agendas, no prim and elegant solutions will be found. The insights
Landau presented today are a work in progress, and several aspects
were challenged from the floor.

Her main point is that we don't need to re-architect the Internet to
make use more attributable, and that we shouldn't try because it could
remove much of what's good about the Internet. As I mentioned before,
we have a good deal of attribution already. Landau recommends we
refine and expand our legal regimes to deal with current attribution
techniques justly, and extend them a bit.

Her most far-reaching proposal was to run software on ordinary users'
PCs to log Internet traffic for a limited time (30 days, for
instance). This can benefit users by helping them figure out where
some malware might have come from. But it mostly benefits
investigators. When they ask the ISP for traffic information (which
faces a low legal threshold, such as a subpoena), the ISP can ask an
end-user for log files from a short time period. If the user refuses
to keep logs, the ISP would be legally entitled to log all traffic
coming from and to the user.

The whole point of this technical and policy change is to help trace
multi-stage attacks. I'm not sure this would help reduce the fifteen
percent or more US computers estimated to be infected by malware,
because as I said earlier, the intruders are quite capable of lying
dormant long past the deadline for discarding Internet traffic. Landau
put forward a scenario where an ISP gets a list of infected web sites
that place malware on client systems, and then sends out email to its
customers asking who has visited that web site recently. But its
customers wouldn't need log files to know whether they had visited the

Landau distinguishes tiers of attribution. The simplest is
single-stage attribution, as when the RIAA identifies a file-sharer or
a blog site identifies a defamatory poster.

Single jurisdiction, multi-stage attribution occurs when a breach has
to be traced across two or more links between computer systems, but
they are both in the same country or in cooperating countries.
Currently, the US works cooperatively with most of Europe and some
Middle Eastern countries to trace illegal traffic. Landau wishes we
could get Russia into the jurisdiction as well. But as she pointed
out, each government has conflicting goals that push and pull it
toward and away from cybersecurity. Diplomacy will be required to
expand cooperation.

The most complex scenario is multiple jurisdiction, multi-stage
attribution. This can be accomplished through treaties and policy

I wonder whether we should look outside the Internet for solutions to
many security problems, just as e-commerce sites depend on a vast and
sophisticated credit system to protect online transactions. Here's an
example: spam can be sent anonymously. But if the spammer is also a
scammer, he needs to provide an address where victims send their
money. If your money can find a scammer, so can law enforcement.

Landau took several challenges from the audience, who wondered whether
her solution would be too weak to cover more than a few scenarios or
just, as one person put it, a way to make the RIAA's work easier. As a
privacy advocate, why is Landau working so hard on technical solutions
to help law enforcement find people?

First, we face many serious cyberthreats that none of us can afford to
ignore, regardless of our love of freedom. Second, Landau wants to
propose low-impact solutions in order to stave off high-impact
ones. She admires the work that organizations such as the
Electronic Privacy Information Center
and the
do from a public-interest angle on privacy, and understands that
technology companies can be motivated to oppose bad policies because
of their crimp on innovation. But in Washington, security trumps all
these concerns. Nobody wants to be caught napping in the event of a
major terror attack or other security breach. Landau is asking them to
try on a new and lighter framework for improving attribution.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.
Get rid of the ads (sfw)

Don't be the product, buy the product!