Is this link illegal?

Germany has apparently adopted a new copyright provision that does not cause deep links to news content to be copyright infringement.  The Wall Street Journal (WSJ) covered this in an article March 4, 2013 which you can find here.
So, apparently, this link to the news article is "legal" (or at least not a copyright violation in Germany at this time)
Now mind you, Blogger's treatment of embedded links (and most Blog sites) ... does not present any of the content from that site in an embedded way.  However, if I use the same URL as part of a posting on LinkedIn or Facebook, they often do include an automated extract from the site, which is one of the factors upsetting the German News folks.
I notice that the WSJ seems to allow public access to this Google related article, but not so with a somewhat related article on how the TV Studios dealing with their concerns: "As Pirates Run Rampant, TV Studios Dial Up Pursuit."  For this article, from what I can tell, you  need to be a subscriber or pay for access.  --- It is a more detailed article with nice color pictures  graphs, etc.  (I remember the Pre NewsCorp/Rupert Murdoch (also owning Fox News)  days when the Journal only had Black & White, and used sketches of folks faces rather than pictures. ... for better or worse, the change in ownership and editorial bias has 'colored' the content) -- It is interesting in terms of transparency (or lack thereof) that the WSJ site does not have clear indicators of the News Corporation Ownership.  The articles on the TV Studios (but also ties into related movie studio interests -- (20th Century Fox in the case of News Corp) -- does not identify the related editorial/ownership interests of the WSJ in the topic.  It would surprise me if News Corp did not also join the   German law suit with some level of input, and failed to disclose this in their coverage of the issue.

There are a couple of real problems here:
a) there is real abuse of copyright that is occurring
b) traditional media outlets often spend more effort (in lobbying, legal activity, monitoring, etc.) than in developing new business models that work profitably in this new environment.
c) content owners do not make content available though broadband media in a timely fashion
    so to watch  live sporting events (as mentioned in the TV Studios article) ... you have to buy access via a paid cable channel -- typically having to buy access to many items you don't want for an extended contract period, with installation and other fees --- if they allowed folks to pay a reasonable amount online, or followed the "old" broadcast model (with inserted ads) they would find much less incentive for piracy.

The Journals TV article ends with the question from a media representative "How do we protect ourselves?", by which he seems to mean "How do we protect our preferred or traditional business models?" ... It might be a more effective use of time to ask "How can we maximize access to our content in ways that provide profitable income?"   It is an old rule of economics that the cost of a commodity will drop (in a free market) to the incremental cost of providing that commodity.   The problem with digital delivery is that the costs for providing content approach zero.  If you are producing a news story, or a blog, then the creation costs are fairly low.  If you are producing a TV show they are higher, and of course major studios spend rather massive amounts of money creating feature films.  But this affects every author, musician, etc. and until we learn how to fund our entertainment and creative artists we will be caught in a tension between old models and new technology.


The Future 1.0 - The Job Limit

I've started working my way though @AlGore s The Future.  It is dense with interesting concept's and pithy observations.  Some directly relate to "our fields" as technologists and warrant our consideration and awareness.  So here is concept 1.0 (with more to follow):

There are not (or won't be) enough jobs for all of us.

And it is our fault -- that is to say, the result of technology improving productivity.
First, you have to get into a global perspective. If you view the entire planet as a closed economic system, then it does not matter where a job is done, it is "x" hours used to product "y". Gore makes the point that even in the "off-shore" targets for "moving jobs" there is a strong trend towards "Robosourcing" -- incorporating machines to improve productivity -- which is to say reduce the person-hours needed to accomplish the task.  So, no matter where a person is being paid to do a specific task, technology is being applied to increase the productivity of that person and reduce the total number of persons needed to do that task -- globally.
In his book he gives the example of the US labor force involved in agricultural production dropping from 90% in 1776 to 2% in 1993. If you consider how the work force (total person hours) have migrated, they moved from farm to factory to industry to professional jobs to service jobs to ...  Gore suggests that since the economic crash of 2008, productivity has boomed, with increased production in the US just not increased employment.  We may have crossed a critical tipping point for employment. Once upon a time, 4% unemployment was considered :"full employment" -- that many persons were available for employment. It may well be that within the U.S. the percent of unemployed persons associated with full employment may be rising.  Notice that we have to recognize these numbers in their more basic form, which is hours of labor.  A self run business, or exempt employee puts in hours that are unpaid, are part of the actual hours invested.

An interesting model is to consider the global picture here:
There is some "Gross World Product" -- presumably the market value for every good or service created on Earth. (Treated as an annual value akin to GNP.) 
There are the labor hours invested to create GWP which can be viewed three different ways:
  • Hours paid (P) for in the production (excludes owners, exempt employees, externalized factors)
  • Hours actually invested (I) (includes the above items)
  • Hours required (R) to produce the goods and services actually sold/consumed
    (excludes idle hours, production of goods not sold (food trashed at a hamburger stand, etc.))
These are interesting since we can identify some key concepts:
  • Productivity is the value of goods & services actually sold divided by hours paid for.
    (I suspect GNP, etc. includes unproductive production as well -- items sold, trashed, failing QA...)
  • Efficiency would seek to have "I" approach "R" (hours invested to hours required),
    and also reduce "R" hours required.  Robosoucing is both a productivity tool and an efficiency.
It is interesting that productivity and efficiency viewed this way actually have no overlapping terms. You can increase productivity without increasing efficiency -- for example, by paying persons less money (out-sourcing), externalizing costs (crowd sourcing, or leaving QA to consumers), or making more employees exempt and demanding more hours. Since I>P, efficiency also can improve productivity. 

But consider a key value here, which is the GWR ... the gross world hours required to produce the actually used products and services.  Technology can reduce this number. This reduces the total number of hours available for employment.  If employee work hours and salaries were adjusted to maintain income levels and "full" employment, then we would not see an improvement in "productivity" in terms of paid hours to generate the goods and services. However, employees are laid off, jobs outsourced and other paths taken that reduce costs and improve profits which results in job losses and underemployment.
The long term picture at the global level indicates improved productivity and reduced paid hours of work available.   We need to consider what this means as underemployed persons can't afford the same level of goods and services (potentially creating a negative feedback loop), and unemployed persons may civil unrest or social upheaval  (presumably at some point the majority of voters in a democracy will find their situation favoring a different approach to labor laws, taxation, inheritance taxes, property ownership, etc.)


A Problem with Peer Review

"A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather its opponents eventually die, and a new generation grows up that is familiar with it." Max Planck

Nov. 10th's Wall Street Journal had an article on "An Outcast Among Peers Gains Traction on Alzheimer's Cure". A paraphrasing of key comments from the article are:

  • Science is politics, and the politics of xyz is winning
  • non xyz researchers found it hard to get money, or papers published
  • American and British venture capitalists wanted to invest in xyz projects, not zyx
  • and noting the comment of a competing researcher:
    if our xyz medical trial results don't fit the hypothesis, we will keep going until they do

We cannot afford for science to become politics, either dominated by public politicians or by peers whose reputations or funding depend on competing approaches. Innovation, technology and science are moving too quickly to wait for the older generation to die off.  I do not know if the xyz, zyx, or mnop approach to curing Alzheimer's will yield the most effective results, but I do know I want all reasonable paths pursued, with a strong outcome oriented approach.

Unfortunately, our research model carries much of the same baggage.  Peer review means seeking input from experts in the field -- often folks who are competing for the same research dollars and whose reputation is tied to years of investment in alternative approaches. No papers published => no funding => no results =>  no start-up (upstart?) company to produce the better mousetrap.

There is a potential path forward here. The web provides a means for publication and commentary -- unfortunately with little quality control (the real purpose of peer-review) to help separate the wheat from the chaff. Professional societies could facilitate the creation of online communities to provide a more open dialog about key topics, and ideally allow "a thousand blossoms to bloom".  This is risky, since it really is simply a "larger" peer review community in some ways, and there is a tendency to place greater credibility on the pronouncements of the venerable icons than may be warranted. However, by providing transparency and open involvement it will be possible for birds-of-a-feather to spin out related communities where they can pursue alternatives.  In such a model we should expect a high failure rate -- however, as many high growth companies know, it is not failing that is a problem -- you want to fail quickly, and at fairly low cost so you can move on to a future success.

There already are online communities of interested persons in many areas.  The advantage of the professional society engagement is two fold: it provides a prima facia pool of qualified experts, and a perceived credibility for the dialog.  No doubt colleagues of mine will argue that this credibility will be lost if the ratio of  'failures' increases, and there is a risk there as well. However, given some high visibility errors from the old guard, it is clear that credibility can be lost in any case.  A few examples may help to clarify the problems we face:

  • 100 Scientists Against Einstein (A politically inspired effort in part)
    (Einstein's famous rebuttal -- "If I were wrong it would only take one.")
    [Would Einstein have published his famous 1905 papers if he had been in academia vs the patent office?]
  • Lord Kelvins rejection of Darwin's implied age of the earth (it would have cooled off if it were more than 40 million years old)
    and also his skepticism about flight by heavier than air devices
  • And similar predictions about horseless carriages, locomotives, and no doubt the wheel and fire
The bottom line is that we can no longer wait for the old guard to die,  nor can we let 'politics' within our communities or from the outside block our progress towards effective solutions.


Kaspersky concepts for Web Security

Wired's August issue (OMG, yes, I do actually read paper documents) has an article: "Eugene Kaspersky, Virus Hunter" which is worth reading. It raises many interesting questions, but I want to focus on a point raised in that article: "Kaspersky and the Moscow government have espoused strikingly similar views on cybersecurity. This goes beyond the security industry’s basic mission of keeping data safe. When Kaspersky or Kremlin officials talk about responses to online threats, they’re not just talking about restricting malicious data—they also want to restrict what they consider malicious information, including words and ideas that can spur unrest."

In essence, this concept deals with the management of memes.  For a delightful  discussion of Memes, see Susan Blackmore's TED presentation.  A key concept associated with Memes is that their replication/propagation bears no relationship to their validity or usefulness.  A good lie often gets more traction than the truth.  (Something that politicians and marketing folks recognize.)  Needless to say, the web and Internet are very effective channels for distribution of mis-information, and there are basically no tools that help persons distinguish the good from the bad from the ugly.    When teaching IT I often included a series of web sites for my students to evaluate, these included:

These are fairly easy sites to enjoy and discuss, they pose little risk of abuse or social unrest.

Clearly, at least in the U.S., there is an issue of freedom of speech.  A recent US Supreme Court ruling struck down the "Stolen Valor Act", upholding the "right" of a political candidate (in the specific case) to lie about having received the Congressional Medal of Honor.  Needless to say there are many other political lies -- claims and accusations --  that have significant sticking power in the public mind, but apparently some levels of misrepresentation are permissible within the US.  Other cultures will have other values, some less demanding, some more demanding. 

There is a two fold problem here: "who decides what information is malicious?"  -- note that true statements may be considered malicious, and false statements not considered to be malicious. And the second problem, which gets back to Blackmore's approach --- there may be no way to "stop" the replication of highly successful memes, even if they are lies or are malicious.  Governments in China and Singapore try to control the Internet in their domains for similar reasons -- and with varying degrees of success.

At the same time, people die from mis-information.  An mis-leading (and perhaps fraudulent) article on the MMR Vaccine, associating this with Autism has been clearly discredited, but the residual "public memory" still has parents refusing the vaccine -- which creates a potential health risk for not just the children who are not protected, but for larger communities where epidemics may occur and in the worst case yield resistant strains or even ones that can affect immunized individuals. A quick search yields even recent articles reinforcing this meme, helping parents justify their refusal.  (I won't provide any additional credibility or improved search ranking to such articles by linking to them.)

Needless to say topics like Evolution vs Creationism (and implicit issues related to "the young earth", and the validity of various dating systems (carbon 14, et al) ) all can enter into this domain of valid, malicious, mis-leading, etc. information.  Efforts to control/restrict information and mis-information run deep in many cultures, and the criteria for decision making in this area is at best unclear.  What is clear is the passion that communities have for their perceptions, and that in some cases, these perceptions can be damaging to individuals and governments.  The U.S. revolution was driven by ideas -- many of which are in the Declaration of Independence . The writings and rhetoric of Marx and Lenin fed the 1917 Russian Revolution. So the concern of governments about the spread of the dangerous memes has some basis in history.


Cyber-security "Scare"

A recent post via Information Age suggests that a chip made in China and used in US Military systems has a backdoor that could allow a problematic source of cyber attacks on systems using these devices.  A subsequent posting from Errata Security suggests this is a bogus story and there is not a deliberate Chinese effort to modify the chips to gain access to US Military systems.
However, the same Errata Security posting acknowledges that the backdoor exists and that the chip is used in some military systems -- particularly those that use COTS (commercial off the shelf) technology, and even that the the chips are made in China.
It seems to me that the back-door exists, and is available for abuse for those who know how ... it isn't clear to me that field programmable gate array devices (FGPAs), where this apparently exists, is the type of device that script-kiddies are likely to target.  But, there are more sophisticated bad guys out there -- the June 2010 Stuxnet virus is a proof of this, and the potential for attacking military targets.
The only thing "bogus" about this report as far as I can tell is that it suggested that the Chinese deliberately re-engineered the design to incorporate the back-door ... that would be a painful thing to do without the CAD files needed to edit the design. But it is either optimistic, or overly nationalistic to assume that China or any other high technology country might not have the capability to utilize such a "feature" or to modify designs to incorporate such features.
This is quite parallel to the 1988 Morris Worm situation where back-door aspects of tools in UNIX, some of which were 'debug' features, were used to penetrate and then propagate one of the first computer worms. That these aspects of the systems were not created for malicious use, did not prevent their abuse. Fortunately in that case the intent of the abuse was not malicious, the Internet was new and UNIX a fairly rare beast. Today's world is different, and we might be wise to be a bit scared of cyber abuse and attack vectors.
Two key messages for computing professionals are to be found in this tale:

  1. Don't leave in back-doors and debug paths - the "enable" for these need to be carefully considered, and disclosed to buyers/users so they can lock down these paths.
  2. If you happen to be using electronic devices -- be aware that there are attack paths you may not have anticipated and are beyond the scope of your "firewall" security.  
If this feels uncomfortable, it should. Cyber-security is both non-trivial, and has high potential for abuse and damage. The motives of the potential bad-actors are varied, from financial gain to military or quasi-military objectives. It is not clear to me that we are really well informed, much less sufficiently protected.


Got Klout?

Ok, I figured I had to find out what Klout is about. Could I match Justin Bieber? He has a 100 rating on Klout, rumor has it that he can get free upgrades, restaurant meals, etc. -- the bottom line is that he had klout before Klout existed -- so to speak.
Klout evaluates your online presence in the areas where Klout evaluates your online presence -- such as Facebook, LinkedIn (although I'm not as sure of this), Twitter, Google+, -- yea verily, even Blogger. It looks for followers and friends, but even more for re-tweets, references, etc.  When other folks point to your stuff and tell others about it, it increases your Klout.  All of which makes real sense.
Once upon a time there was Google, and they made money by associating the things sought (search) with things that could be bought (ads)
Then there was Facebook -- where friends count.  Or more specifically, when you "l.ike" something, your friends find out. -- sort of an online "word-of-mouth" recommender system. Logic, folks will take more interest in the things their friends find interesting. [Result -- massive IPO valuation expected.]
Klout is a logical extension of this -- evaluating how influential your web presence is, and assigning it a number. I understand that 50 is the magic target (for those under 50) -- and if your Klout is low you may not get that job, or upgrade -- well let's face it, why treat someone well if their Klout is zero?
So there is a new game to play ... for Klout score ... room for mutual backscratching (I'll K+ you if you K+ me, or I'll cite your blog, etc. etc.) -- and it could make sense, if Klout has any Klout.
For example, members of IEEE (or AMA, or the Sierra Club) could create Klout Klubs, endorsing, recommending, and otherwise promoting each other on Klout.  From this both the individuals Klout would raise, and there is the potential to establish visibility for the overall Klout of the organization.
There is the other side of this ... I find that Vint Cerf has no Klout. -- this doesn't make sense in my book. At least Tim Berners-Lee has Klout ... although it seems to have been declining according to their graphing. These are two folks I'd listen to any time they choose to speak.

What Klout misses is the dialog that occurs outside of the "big 10" social media sites.  Besides the Reddit, Wired and Technorati sites; there are the thousands of sites where folks interact outside of the public eye.  Somehow I think the folks that really have Klout tend to interact there, not on "main street".  But, for a certain class of influence (think People Magazine, not Nature) I suspect Klout has -- well, some impact.


Test "Drive"

I've started to play with Google Drive, which promises to be rather interesting.  I tweeted this yesterday and got a response about checking the Service Agreement. This is always wise for any product, and I've periodically checked Google's and found it to always acknowledge the users ongoing copyright ownership. But then there is also a problem, which Google has tried to address, but starts to become problematic when we look at Google Docs, Drive and other "cloud storage" areas.
Google has to make and hold certain copies of content to provide the service.  Clearly if I create or upload a document, it must have at least one copy on a Google server and probably backup copies as well.  If I put a video up on Youtube, I must grant Google the performance rights to present that to the public since that is the  intended use.  And this blog entry is another example, Google must be able to display it publicly --- and in reality that means a copy gets transferred to every viewer's browser (and may reside there in a cache or temp file for some period even if they do not chose to "save" the web page -- which of course is an apparent copyright violation as well.
But, Google Docs and Drive have a different objective (in my mind) and should have different rules.  I want to have a spot where I can have content stored in the cloud, accessible by more than one of my computers, and in some cases shared with family or associates, etc.  It is not my intent to allow this content to become available on the public web, etc. In fact, some content I have with financial and/or other personal information is content I'd like to store on the cloud, share between my computers but not have visible for any other users.
So here is an excerpt from the March 1, 2012 version of Google's Service Agreement:
Some of our Services allow you to submit content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.
And herein some problems lie.  The right granted to Google to create derivative works is un-bounded (I'm an author, I might want to store my short stories or novel in the cloud); the public display and distribution of content is antithetical to my desire to have content I consider private stored in the cloud.  
There are additional terms of service for Apps:
By submitting, posting or displaying Content on or through Google services which are intended to be available to the members of the public, you grant Google a worldwide, non-exclusive, royalty-free license to reproduce, adapt, modify, publish and distribute such Content on Google services for the purpose of displaying, distributing and promoting Google services. Google reserves the right to syndicate Content submitted, posted or displayed by you on or through Google services and use that Content in connection with any service offered by Google.
This at least acknowledges the issue of "which are intended to be available to members of the public".  There is also additional wording about confidential materials, but it is unclear how I might flag content as confidential, and without such indication, how I could hold Google responsible for treating it the same way they might treat other materials.
I'm not alone in my concerns here, other articles have been posted related to concerns with the terms of service. Security Watch, ZDNet which has it wrong -- Google is not assuming ownership, just too many non-exclusive rights. New Legal Review provides some feedback from Google on these matters -- pointing to one underlying issue which is the use of commonly applied legal phrasing that is out of date with respect to the kinds of services being offered.
Some folks are paranoid about  Google being forced to share content with US Government agencies (or other legal jurisdictions depending on where the data/user reside) ... which is simply a fact of life.  Government entities have some rights (ideally with due process, but not always) that they can exercise to obtain your files.  A recent Wired Magazine alluded to an NSA facility being built in Utah, which they say will have a copy of everything on the web, all emails, all phone calls, etc - world wide.  That appears to be a bit beyond NSA's remit at this point, but some subset of this is likely to be true. There is a revenue opportunity for the US Government in this --- NSA could provide a cloud data storage service, it would avoid redundancy.  Moreover, I suspect they have better security than Google, and their terms of service are likely to be less ambiguous.