Should you worry about the IRS reading your email?

A new ACLU report claims the IRS has been accessing emails without a warrant. According to Keith Wagstaff, you might want to reconsider that email to your accountant with the subject line "Hey, thanks for helping me commit tax fraud!" According to the ACLU, the IRS could be reading your emails — even if they don't have a warrant.

The ACLU studied documents released by the Freedom of Information Act and found that, despite the Fourth Amendment's prohibitions against unreasonable searches and seizures, it has been IRS policy "to read people's email without getting a warrant."

Doing so wasn't always illegal because of the Electronic Communications Privacy Act (ECPA), which says that email that has been stored on a provider's server for more than 180 days can be accessed without a warrant. But that should have changed in 2010 when, after hearing United States v. Warshak, the Sixth Circuit Court of Appeals found that "the government must obtain a probable cause warrant before compelling email providers to turn over messages."

The vital question is whether the IRS continued reading private emails without a warrant after that case was decided. The ACLU's report says that the IRS still tells its employees "that no warrant is required for emails that are stored by an ISP for more than 180 days."

So, is it time to start conducting all of your business via carrier pigeon?

Not if you use certain email services. Ryan Gallagher at Slate writes that "not all providers will play along if the IRS is still attempting to obtain emails without a warrant," noting that earlier this year "Google said that it is effectively ignoring the 180-days ECPA loophole by always requiring a search warrant from authorities seeking to obtain user content stored using its Gmail, Google Drive, or other services." Microsoft, Yahoo, and Facebook all told The Hill they adopted similar policies after 2010.

Still, that leaves a lot of people unprotected. CNET's Declan McCullagh points out that the ECPA "was adopted in the era of telephone modems, BBSs, and UUCP links, long before gigabytes of e-mail stored in the cloud was ever envisioned." That's why corporate America wants Washington to change the policy:

A phalanx of companies, including Amazon, Apple, AT&T, eBay, Google, Intel, Microsoft, and Twitter, as well as liberal, conservative, and libertarian advocacy groups, have asked Congress to update the 1986 Electronic Communications Privacy Act to make it clear that law enforcement needs warrants to access private communications and the locations of mobile devices. [CNET]

Until the law is changed, you will just have to, in the words of ACLU staff attorney Nathan Freed Wessler, "hope you never end up on the wrong end of an IRS criminal tax investigation." Good luck with that.

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Calligraphy in the Age of Texting

China is in the midst of a “handwriting crisis” according to Sheng Hui of Yanzhao Evening News.

We already know that many adults have begun to forget how to draw basic Chinese characters since, in this computer age, they type far more often than they write by hand. But an expose has revealed that our children aren’t even learning the characters in the first place. In one high school class, for example, fully one third of students couldn’t write “sauce,” and half couldn’t even draw the characters for something as basic as “acupuncture.”

Part of the reason is simply our technological society: Students communicate with each other and their parents via text message and email. But our schools are to blame as well. Calligraphy classes have been widely dropped in favor of math and science. And in urban areas, teachers hardly ever write on blackboards anymore; “they just click the mouse to display their lesson plans” on a screen.
Students simply aren’t exposed to the sight of an adult hand drawing the character strokes. China will have to set standards for handwriting education, including competitions and mandatory testing, at both primary and secondary levels. If we don’t, we will soon have to “apply for world cultural heritage status” for Chinese characters.

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

In love with a bot

When robots look like people or pets, says Robert Ito, it’s hard not to develop feelings for them.

"The robot is smiling at me, his red rubbery lips curved in a cheery grin. I’m seated in front of a panel with 10 numbered buttons, and the robot, a 3-foot-tall, legless automaton with an impish face, is telling me which buttons to push and which hand to push them with: “Touch seven with your right hand; touch three with your left.”

The idea is to go as fast as I can. When I make a mistake, he corrects me; when I speed up, he tells me how much better I’m doing. Despite the simplicity of our interactions, I’m starting to like the little guy. Maybe it’s his round silvery eyes and moon-shaped face; maybe it’s his soothing voice—not quite human, yet warm all the same. Even though I know he’s just a jumble of wires and circuitry, I want to do better on these tests, to please him.

The robot’s name is Bandit. We’re together in a tiny room at Rancho Los Amigos National Rehabilitation Center in Downey, Calif., where Bandit regularly puts stroke victims through their paces. They’re very fond of him, says University of Southern California researcher Eric Wade, who has worked with Bandit and his predecessors for five years. The stroke victims chitchat with Bandit, chide him, smile when he congratulates them. “People will try to hug the robots,” says Wade. “We go out to nursing homes, and people ask, ‘When’s the robot coming back?’”

Bandit is one of a growing number of social robots designed to help humans in both hospitals and homes. There are robots that comfort lonely shut-ins, assist patients suffering from dementia, and help autistic kids learn how to interact with their human peers. They’re popular, and engineered to be so. If we didn’t like them, we wouldn’t want them listening to our problems or pestering us to take our meds. So it’s no surprise that people become attached to these robots. What is surprising is just how attached some have become. Researchers have documented people kissing their mechanized companions, confiding in them, giving them gifts—and being heartbroken when the robot breaks, or the study ends and it’s time to say goodbye.

And this is just the beginning. What happens as robots become ever more responsive, more human-like? Some researchers worry that people—especially groups like autistic kids or elderly shut-ins who already are less apt to interact with others—may come to prefer their mechanical friends over their human ones.

Are we really ready for this relationship?

There are over 100 different models of social robots worldwide. The family includes machines that can act as nursemaids and housekeepers, provide companionship, talk patients through physical rehabilitation, and act as surrogate pets. The most popular, Sony’s Aibo (Artificial Intelligence Bot) robot dog, sold more than 140,000 units before it was discontinued. The Japan Robot Association, an industry trade group, predicts that today’s $5 billion a year market for social robots will top $50 billion a year by 2025.

What makes these machines’ popularity all the more remarkable is that they are a long way from the charming pseudo-humans of science fiction, your chatty C-3POs or cuddly WALL-Es. Many of these helpmates are little more than animatronic Pillow Pets.

The Japanese-made Paro, for instance, looks like a plush-toy version of a baby harp seal. It coos, moves its head and tail, bats its long lashes—and that’s about it. Even so, people adore it. More than a thousand Paros have been sold since its creation in 2003, making it one of the most popular therapeutic robots ever produced. In one study, a few people in two nursing homes seemed to believe that the Paro was a real animal; others spoke to it and were convinced that the Paro, which can only squeak and purr, was speaking back to them.

Or consider the Roomba, a robot vacuum cleaner that has sold more than 6 million units. In a 2007 study, researchers from Georgia Tech’s College of Computing looked at the ways in which Roomba owners bonded with their gadgets. Though the machines have neither faces nor limbs, and do little more than scuttle around and pick up lint, users were noted speaking to them, describing them as family members, even expressing grief when they needed to be “hospitalized.”

“I love the silly thing,” says Jill Cooper, co-founder of the frugal-living website Cooper, like many Roomba owners, gave her robot a name (Bob), speaks to him, and shows him off to visitors. “I hate to get too deep here,” she says, “but it’s like trying to explain what it feels like to be in love to somebody who’s never been in love before.”

“I’ve had to say goodbye to a lot of robots,” laments Kjerstin Williams, a senior robotics engineer at the research-and-development firm Applied Minds in Glendale, Calif. “If you have animals as pets, you go through the same process: You grieve and move on, and you try to re-engage with the next animal, or the next set of robots. It’s just that socially, it’s perfectly acceptable to grieve over a dog and maybe never get another one. If you’re a roboticist, you can’t do that.”

And it’s not just social robots spawning teary farewells. When a U.S. Marines explosives technician in Iraq brought the blasted remains of Scooby-Doo, his bomb-disabling robot, to the repair shop, Ted Bogosh, the master sergeant in charge of the shop, told him the machine was beyond repair. Bogosh offered the Marine a new robot, but the mournful man insisted he didn’t want a new robot—he wanted Scooby-Doo back. “Sometimes they get a little emotional,” Bogosh told The Washington Post.

In another instance reported by the Post, a U.S. Army colonel halted an experiment at the Yuma Proving Ground in Arizona in which a 5-foot-long, insect-like robot was getting its many limbs blown off one at a time. The colonel, according to Mark Tilden, the robotics physicist at the site, deemed the spectacle “inhumane.”

If veteran military officers can get choked up over a mechanized centipede, how hard might, say, a stroke patient fall for an artificial roommate? “Imagine a household robot that looks like a person,” says Matthias Scheutz, a computer science professor at Tufts University. “It’s nice, because it’s programmed to be nice. You’re going to be looking for friendship in that robot, because the robot is just like a friend. That’s what I find really problematic.”

Robots already are used extensively in Japan to help take care of older people, which concerns Sherry Turkle, director of the MIT Initiative on Technology and Self.

“The elderly, at the end of their lives, deserve to work out the meaning of their lives with someone who understands what it means to be born, to have parents, to consider the question of children, to fear death,” says Turkle. “That someone has to be a person. That doesn’t mean that robots can’t help with household chores. But as companions, I think it is the wrong choice.”

Then again, assistive robots for the elderly are a hot topic precisely because, as populations age, there are fewer human caregivers to go around. “Our work never aims to replace human care,” says Maja Mataric, director of USC’s Center for Robotics and Embedded Systems. “There is a vast gap in human care for all ages and various special needs. The notion that people should do the caring is not realistic. There simply aren’t enough people. We must find other ways to care for those in need.”

And the robots do seem to help. A 2009 review of 43 studies published in the journal Gerontechnology found that social robots increase positive mood and ease stress in the elderly. Some studies also reported decreases in loneliness and a strengthening of ties between the subjects and their family members.

But Turkle wonders if such human-robot relationships are inherently deceptive, because they encourage people to feel things for machines that can’t feel anything. Robots are programmed to say “I love you” when they can’t love; therapeutic robot pets, like Aibos and Paros, feign pleasure they don’t feel. Are programmers deluding people with their lovable but unloving creations?

“People can’t help falling for these robots,” says Scheutz. “So if we can avoid it, let’s not design them with faces and humanoid forms. There’s no reason that everything has to have two legs and look like a person.”

Unfeeling or not, a robot and its charms can be hard to resist. In the weeks following my meeting with Bandit, I find myself Googling his name and USC just to see if there’s been any news about him. I don’t think I miss him, really. I just want to know what he’s been up to.

Williams, the roboticist at Applied Minds, understands what I’m going through. As a graduate student at Caltech, Williams became attached to an Aibo, one of many that she would take around to local schools to get kids interested in robotics. She took this particular Aibo home, named him Rhodium (her husband is a chemist), played with him, learned his likes (a pink ball) and dislikes (having the antenna on his ear pushed the wrong way). But after graduation, she had to return Rhodium to the university.

“I do wonder where he went,” says Williams. “And I hope he still has his pink ball, because he’d be awfully sad if he couldn’t find it.” Sorry to say, the little robot dog undoubtedly misses his pink ball as much as he misses Williams—which is not at all.

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

China’s Cyberwarriors and the Pursuit of Information Dominance

An ongoing campaign of computer attacks on the U.S. this year has been traced to China. What are the hackers after?

Who has been hacked?
Government agencies, newspapers, utilities, and private companies—literally hundreds of targets. The cybersecurity firm Mandiant, which has been tracking these attacks since 2004, says data has been stolen from at least 140 companies, mostly American, including Google, DuPont, Apple, The New York Times, and The Washington Post, as well as think tanks, law firms, human-rights groups, and foreign embassies. A company that provides Internet security for U.S. intelligence was attacked; so was one that holds blueprints for the nation’s pipelines and power grids. Hackers even stole classified information about the development of the F-35 stealth fighter jet from subcontractors working with the plane’s producer, Lockheed Martin. Congressional and federal offices have reported breaches. In 2007, the Pentagon itself was attacked—and it won’t say what was stolen.

Who’s doing it?
Ten years ago, Chinese patriots working independently were behind many of the attacks. These young hackers were outraged by the 1999 U.S. bombing of the Chinese Embassy in Belgrade, Serbia, an accident during the Kosovo War. Using the name Honkers, or Red Guests, they launched a series of denial-of-service attacks on U.S. government websites. But within a few years some of them had begun working with the Chinese government, targeting Tibetan and Taiwanese independence groups, the religious group Falun Gong, and anyone in the West who communicated with Chinese dissidents. In recent years, says anti-malware specialist Joe Stewart, the number of hackers has doubled, with 10 major hacking groups in China. “There is a tremendous amount of manpower being thrown at this from their side,” Stewart told Bloomberg Businessweek. China’s government now appears to be directing the attacks. “We’ve moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime,” said Graham Cluley, a British security expert.

Why is China doing this?
China sees cyberwarfare as a valid form of international business and military competition, and is pursuing what it calls “information dominance.’’ Mandiant has traced many of the U.S. attacks to a Shanghai office building that appears to be the home of the People’s Liberation Army’s cyberwarfare unit. Thousands of hacks, including ones by two of the prominent aliases, Ugly Gorilla and SuperHard, were traced definitively to the district, and in recent years, that building has installed super-high-tech fiber-optic cables able to handle massive data traffic. About 2,000 people are estimated to be working in the building. This group appears to specialize in English-language computers, and hackers seem well versed in Western pop culture; one of the hackers used Harry Potter references for his passwords. China has issued a blanket denial, calling Mandiant’s claims “groundless” and “irresponsible.”

How do the hackers get access?
Mostly by the technique known as “spear phishing”. They send an email with a link that an employee of a targeted company then opens, activating malware programs that sweep through databases, vacuuming up information, including emails, blueprints, and other documents. Some phishing emails are recognized as spam by the recipients—but the Chinese are getting better at disguising them, sometimes using email accounts with real people’s names that are known to the recipient, and using colloquial English, so the emails read as plausible company business.

What does China do with the information?
The corporate secrets are worth a lot of money to Chinese business. Blueprints of advanced plants or machinery could help many Chinese industries, and so could data on corporate finances and policies. Energy companies, for example, can benefit from knowing what their foreign competitors are willing to bid for oil field sites. Chinese companies have already been sued for allegedly stealing DuPont’s proprietary method for making chemicals used in plastics and paints. More ominously, some of the information could be used to disrupt U.S. industry or infrastructure (see below). And while China is the main source of attacks, other countries also frequently hack U.S. sites, including Russia, North Korea, and Iran.

What is the U.S. doing to protect itself?
Congress refused to pass a comprehensive cybersecurity act last year because of opposition from business groups, which complained that new computer regulations would be costly and onerous. As a result, President Obama recently issued an executive order requiring Homeland Security to identify “critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” Those companies will have to beef up their cybersecurity by installing multiple layers of protection for the most sensitive systems. Right now, some companies have only a single firewall, and once that is breached, all the data is available. “The dirty little secret in these control systems is once you get through the perimeter, they have no security at all,” said Dale Peterson of security company Digital Bond. Hackers “can do anything they want.”

A worst-case scenario
Derailed trains. Air traffic control systems suddenly shut down with thousands of planes in the air. Exploding chemical plants and gas pipelines. Blackouts over large parts of the country, lasting weeks or even months. These are some of the apocalyptic events cybersecurity experts fear—hacks that could kill people and sow widespread panic. But what might be even more damaging, the experts say, is a coordinated attack on multiple banks in which hackers alter—not wipe—much of the financial data stored on their computers. With balances, debts, and other data changed, no transaction would be trustworthy. Nobody’s bank account or mortgage statement could be deemed accurate. “It would be impossible to roll that back,” said Dmitri Alperovitch of the computer security company CrowdStrike. “You could wreak absolute havoc on the world’s financial system for years.” Leon Panetta, the outgoing defense secretary, warns that hackers are now testing the defenses of banks, utilities, and government agencies, and figuring out how to launch a paralyzing attack. “This is a pre-9/11 moment,” Panetta recently told business executives in New York. “The attackers are plotting.”

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Google Glass: Wearing the Internet

Google Glass is no longer a rumor, said Tim Parker in “It’s real.”

The company unveiled a prototype of its Internet-equipped eyeglasses in March 2013, announcing that it would give a selected bunch of “bold, creative individuals” the chance to purchase the first version this year for $1,500. The futuristic spectacles have a tiny screen located in the top right-hand corner of the frame, where Web data can be projected in front of the user’s eyeball. Using voice-activated technology, you can do a Google search, call up GPS directions, video chat with your friends, and even record what you’re seeing with a tiny mounted camera—all without fumbling for a cell phone. “Welcome to the future,” said John Moltz in “Wearable computing technology” is finally here.

If this is the future, then count me out, said Andrew Keen in Google Glass significantly steps up the company’s “digital war against privacy.” Not only will users be able to record or take pictures of people without their knowledge or consent, the “all-seeing eyeglasses” will act like all Google products and collect data to send back to the “Googleplex,” with no way to opt out. A “pooling of all our most intimate data” is the “holy grail” for advertisers. Before we know it, personalized ads will magically appear whenever our gaze lands upon a particular product. What a “terrifyingly dystopian” idea. And just think of what it will mean for walking down the street, said Caille Millner in Too many people already bump into me because they can’t tear their gazes away from their beloved cellphones. What happens when these tech-heads start “wandering the streets with a computer plugged into their eyes?”

Try it—you’ll like it, said Joshua Topolsky in I was given a test trial of Glass, and found it to have “tremendous value and potential.” As I walked around Manhattan, I was able to get instant directions, following a “real-time, turn-by-turn overlay” of my own line of sight. The screen does not interfere with your vision, and the ability to get information like the weather forecast or a new email as you walk makes you feel “better equipped, and definitely less diverted.” Yes, it remains to be seen how quickly consumers will warm to this “alien and unfashionable” technology. But after a few hours of using Glass, for me “the question is no longer ‘if’ but ‘when.’”

See also: digital jewelry, smart clothes

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Tendons, Bones, Phones & Smart Clothes

Who needs pockets? Thanks to a new fabric developed by Swiss scientists, cell phones, tablets, and other mobile devices may soon be woven directly into clothing, said Chris Wickham in

By mimicking “the way tendons connect to bones,” the polyurethane-based material is flexible enough to stretch without breaking but stiff enough to protect delicate circuits. The material “could revolutionize devices from smart phones and solar cells to medical implants.”

A Massachusetts start-up has used similar technology for a “flexible skullcap that monitors impacts to the head during sports.” The Swiss researchers say their product can also be used for artificial cartilage. “The vision is that you will be able to make materials that are as heterogeneous as the biological ones,” said Andre Studart of the Swiss Federal Institute of Technology.

See also: digital jewelry, smart clothes, epidermal electronic systems

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Seduced by the Illusion of Privacy

When we send a text or an email, we imagine ourselves in a “protected and anonymous” cocoon, says Frank Bruni of The New York Times.

"You’d think by now it would be screamingly obvious that “there’s no true, dependable privacy when we’re tapping or typing,” said Frank Bruni. Yet Gen. David Petraeus—like Rep. Anthony Weiner, Tiger Woods, and so many others before them—has fallen prey to “the greatest contradiction of contemporary life: how safe we feel at our touchpads and keyboards” versus “how exposed and imperiled we really are.” When we send a text or an email, we imagine ourselves in a “protected and anonymous” cocoon. No one seems to be watching, so “with a reckless velocity,” we express anger, share gossip and criticism, or indulge in flirtations and sex talk we’d never put into words in person or even on the phone. Who hasn’t said something in an email about a friend, colleague, or boss that, if revealed to the world, would cause great embarrassment—or even the loss of a job or a marriage? We succumb to this temptation for the same reason Petraeus and the other fallen stars did: “That glowing and treacherous screen in front of you is somehow the greenest light of all.”

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Frank Langella’s Technological Complaint

Frank Langella thinks young people rely too much on technology when courting each other.

Frank Langella is worried about the state of romance, said Catherine Shoard in The Guardian (U.K.). Part of the problem, says the 75-year-old actor, is that young people rely on technology when wooing each other. “I think walking up to a pretty girl at a party and saying, ‘How are you? I’d like to take you for a cup of coffee,’ is much more exciting than, ‘Hey, I saw you last night at the whatever. Text me,’” he says. “Tech is giving people the opportunity to protect themselves from saying, ‘Thank you very much but I don’t like your looks and don’t want to go out with you.’”

Langella also thinks that technology is interfering with true intimacy. “I work with a lot of younger actors, and so many of my young friends fall crazy for each other, go to bed, and then within a couple of days they’re lying in bed and each is texting. God, when I was a young man, when you got into bed you were there for years. You lusted for each other, loved each other, were interested in each other. In the morning you made breakfast for each other, all the natural courtship things.” But today, he says, young people view sex the same way they would an interesting new app. “Let’s get the business done, then do something else.” I think Frank's right, don't you?

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Music Royalties in the Web era

In the first three months of 2012, the song “Tugboat” was played 7,800 times on Pandora. Tugboat's three songwriters earned 7 cents each.

The rise of streaming sites has made it impossible for most musicians “to earn even a modest wage through our recordings,” said Damon Krukowski in My band, Galaxie 500, broke up in 1991, yet our single “Tugboat” was played 7,800 times on Pandora in the first three months of 2012. For that privilege, the song’s three songwriters earned 7 cents each.

“Spotify pays better”; the three of us earned a collective $1.05 for 5,960 plays there. In other words, “it would take songwriting royalties for roughly 312,000 plays on Pandora to earn us the profit of one—one—LP sale.” When I began making records, the idea was simple: You priced your recording at slightly more than the manufacturing cost and hoped it sold. Now streaming sites are simply “selling access” and aim only to attract speculative capital for themselves.

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Our Future Lies with Robots

Robots are the only hope for “an aging country with more people who need help and fewer people to do the helping.”

The “robots are coming,” said Holman Jenkins in The Wall Street Journal. They’re the only hope, in fact, for “an aging country with more people who need help and fewer people to do the helping.” We’ve long known that aging Baby Boomers will trigger “giant unfunded long-term liabilities” for Social Security and Medicare. But a severe labor shortage could also keep those old people from getting the goods and services they want. Some businesses see opportunity here. “Following the logic of need,” an entrepreneur in Baltimore has spent seven years and $30 million developing robots that package prescription drugs for long-term patients in nursing homes and hospitals. Google is spending millions to develop a driverless car largely because it expects big demand from America’s retirees. Robots alone won’t save us, of course. We also need better incentives for people to “depend less on Uncle Sam.” And instead of “burying entrepreneurs in taxes” so we can pay for entitlements, we have to encourage “investors to bring us the robots that will make the future bearable.” The grim alternative is “a future in which older people receive Social Security checks but still go hungry.”

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Please Turn Off Your Electronic Devices

Aviation authorities are finally considering lifting the ban on passenger use of cell phones, e-readers, tablets, and other electronics. Why?

Why is there a ban in the first place?
The airline industry and the Federal Aviation Administration worry that electromagnetic waves emitted by passengers’ personal electronic devices—including MP3 players, laptops, smart phones, and cell phones—could interfere with an aircraft’s electronic controls, or avionics. Commercial pilots file dozens of reports every year detailing how their radios, GPS navigation systems, and collision-avoidance boxes suddenly went haywire, but began functioning again when passengers were asked to check that all their devices were turned off. That kind of circumstantial evidence led the FAA in 1993 to urge that laptops, audio players, and other electronic distractions not be used during takeoff and landing. Once an aircraft is above 10,000 feet, aviation officials say, a flight crew would have enough time and altitude to safely react to any electronic problem. The risk in allowing passengers to use their electronics at lower altitudes is tiny, said Boeing engineer David Carson, but since a freak occurrence could end in disaster, “why take that risk?”

Is there any evidence to support this fear?
It’s mostly theoretical. Any electrical device can generate interference as electricity flows through its wiring. Even those without wireless signals, like portable CD players, can emit potentially troublesome electromagnetic radiation. Devices that intentionally transmit radio waves, like cellphones, pose even greater problems. Some engineers think that such emissions could potentially drown out weak signals from radio navigation beacons on the ground or GPS satellites in space. Wireless industry spokesman Michael Altschul says such fears are baseless, since separate radio frequencies are assigned for aviation and commercial use. “Plus,” he said, “the wiring and instruments for aircraft are shielded to protect them from interference from commercial wireless devices.” In two decades of tests, government scientists and experts at Boeing and Airbus have bombarded planes with electromagnetic radiation, but have never succeeded in replicating the problems reported by pilots, or confirmed that electronic devices caused any equipment failure.

Do some fliers ignore the ban?
A recent survey found that 40 percent of air passengers didn’t bother to turn their phones off during takeoff or landing; 7 percent left their devices’ Wi-Fi and cellular communications functions active, and 2 percent surreptitiously used their phones to talk or text onboard. University of Illinois psychologist Daniel Simons estimates the odds of all 78 passengers on an average-size U.S. domestic flight powering down their phones completely as “infinitesimal: less than one in 100 quadrillion.” If personal electronics were as dangerous as the FAA rules suggest, “navigation and communication would be disrupted every day on domestic flights,” he said. “But we don’t see that.” In addition, flight crews now freely use iPads in the cockpit instead of bulky paper operating manuals. And above 10,000 feet, many U.S. airlines happily allow passengers to use the Internet via onboard Wi-Fi systems for a fee, with no reports of dangerous interference with airplane avionics.

Will the FAA ever ease up its rules?
It’s considering doing just that. As more and more people replace books and magazines with Kindles, iPads, and smartphones, pressure is growing to lift the ban. The FAA announced last year that it would conduct a thorough review of its electronic device policy—but didn’t say when that review would be completed. Sen. Claire McCaskill (D–Mo.) has warned the FAA that if it doesn’t soon relax its rules on e-readers and other portable electronics, she will introduce legislation forcing it to do so. “I’m big on getting rid of regulations that make no sense,” she said, “and I think this is one.”

When might the ban end?
Conceivably, within a year, although bureaucracies can move very slowly. Current guidelines require each airline to test every make and model of each electronic device it wants the FAA to approve for each type of aircraft in its fleet. But the FAA is now seeking to bring together airlines, aircraft manufacturers, technology firms, and the Federal Communications Commission to streamline the certification process for tablets, e-readers, and other gadgets, so entire classes of devices could be approved at one time. The ban on using cellphones to make calls or send texts in the air, however, is likely to remain for the foreseeable future.

Why single out cellphones?
The trouble there is possible interference with cellular networks, not with aircraft avionics. Cell networks operate on the principle that a cellphone is only within range of one or two cellular towers. A phone that’s moving at 500 mph at 30,000 feet, however, can shower signals on any number of masts, confusing the network’s software and potentially leading to dropped calls between land-based customers. Besides, surveys show that most passengers dread the thought of some jerk in the next seat being free to conduct annoying cellphone conversations from New York to Los Angeles. “An aircraft is one of the few places left on earth where you can actually escape from mobile phones,” said aviation and travel writer Benet Wilson. “I hope it stays that way.”

P.S. Many passengers ignore the electronics ban in flight, but those who get caught—and remain defiant—can pay a serious price. Actor Alec Baldwin was booted from an American Airlines flight in 2011 after he ignored a flight attendant’s repeated requests that he stop playing a game on his smartphone. Last November, half a dozen police cars raced onto the tarmac and surrounded a plane at New York’s La Guardia Airport as if there were a terrorist onboard. They were there to arrest a 30-year-old passenger who had refused to turn off his phone during taxiing. Scofflaws on foreign flights can risk more than ejection. In 1999, oil worker Neil Whitehouse refused to switch off and hand over his phone to a British Airways flight attendant, earning a year in jail. A Saudi Arabian passenger who flouted the cellphone ban two years later received an even harsher punishment: 70 lashes.

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

The Devastating Consequences of Facebook Unfriending

If you want to trim your list of Facebook contacts, think twice before hitting unfriend, says Cassandra Garrison in Metro. That person may never forgive you, according to a new academic study.

Around 40% of people would avoid seeing someone in real life that had unfriended them, with a further 10% unsure. A higher ratio of women said they would avoid contact than men. The study also found the likeliest determining factor for a decision to avoid was if the unfriending had been discussed with other people.

“People think social networks are just for fun,” said study author Christopher Sibona, a PhD student at the University of Colorado Denver Business School. “But the study makes clear that unfriending is meaningful and has important psychological consequences for those to whom it occurs.”

Social networks are especially attractive to narcissists and people with low self-esteem, but they are vulnerable. “Unfriending could damage people with anxiety and confidence issues,” Dr. Gregory Webster, psychologist and social media expert of the University of Florida, told Metro. “These networks can distort reality, particularly if you don’t have much of a social life in the real world.”

Sibona had also researched the causes of unfriending in a 2010 study. Leading factors were “frequent, unimportant posts”, such as on children or family, and controversial posts on politics or religion. But Webster believes unfriending is also for “public presentation and wanting to appear very selective about our social set.”

Given the looser ties of virtual friendships, almost every user faces being unfriended at some point. If that is too much to take, Twitter may be a better choice with the milder unfollow less likely to cause trauma. (Kieron Monks/Metro World News)

- As seen in Metro
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Weekend Tidbits from the Tech Front

This weekend NetLingo presents a round-up of tidbits from the tech front, enjoy!

Apps Review
Here are some of the best apps for discouraging texting while driving:

DriveMode blocks all calls, texts, and emails, and prevents drivers from reading or typing. When you select the app, it sends out auto replies to let people know that you’re driving. (Free; AT&T only)

Textecution automatically disables texting whenever your phone is traveling at speeds exceeding 10 mph. But you can send a request to the admin to override the block if you’re just riding in a fast-moving car, not driving it. ($30; Android)

text-STAR uses the same 10 mph speed limit as Textecution, and also allows you to schedule auto-reply texts in advance, for periods when you know you’ll be on the road or otherwise occupied. (Free; Android) doesn’t block incoming texts; instead it reads them aloud. It allows you to respond by voice instead of with your fingers. (Free; iOS, Android, Blackberry) Source:

Latest Online Trend

Have you heard about Japan's new teenage fad?
In a new fad sweeping Japanese teenagers, girls are going out in public with their panties over their heads, says The teens are using social media to send out photos of themselves wearing panties as unusual face masks, and are even showing up at school or in clubs thus attired. The fad is apparently based on a teen comic book about a character called “the abnormal superhero,” who also wears ladies’ undergarments over his head as a mask. “I really worry about this country,” one Japanese commenter said.

Book Review
Give Me Everything You Have: On Being Stalked by James Lasdun

Cyberbullying isn’t just a teenage phenomenon, said Emma Garman in Novelist and poet James Lasdun was a married, middle-aged father of two when he suddenly became the target of a former pupil’s campaign to destroy him from afar. “Nasreen,” as he calls his tormenter, opened the assault with a flood of vicious, anti-Semitic emails before disseminating her allegations of plagiarism, philandering, and even rape via emails to his colleagues and comment sections linked to his books. Lasdun’s “stunningly well-written” account reads like a warning: “What befell him could befall anyone.”

His book “deftly evokes the chill power of cyberstalking,” said Edward Kosner in The Wall Street Journal. When Nasreen’s campaign ignited, the simple task of checking his email was, Lasdun writes, “like swallowing a cup of poison every morning.” The young Iranian-American woman had been a standout student in a 2003 fiction workshop he taught and, after the pair started a friendly correspondence, she initially responded reasonably when he rebuffed her flirtations. After the abuse began, Lasdun got little to no help from the FBI and the police—in part because his stalker was a nonviolent harasser who lived in another state. But Lasdun’s anxiety about how Nasreen might be destroying others’ trust in him was real. This was an asymmetric war, and he never does find a way to give the story a satisfactory conclusion.

That’s partly because he never accepts that Nasreen is probably mentally ill, said Jenny Turner in The Guardian (U.K.). He even admits that labeling her as simply mad would make his story, “for literary purposes, less interesting.” Yet doing otherwise makes him seem more concerned with being a victim than with getting answers. Still, you can’t fault him for refusing to blame the whole episode on a meaningless mix of chemicals in Nasreen’s brain, said Laura Miller in After all, “insisting that the tribulations people live through amount to more than an accident of biology” is “essentially what writers do.”
(Farrar, Straus and Giroux, $25)

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Twitter's Weird Plan to Become an Online Shopping Mall

The popular social-messaging service is partnering with American Express to let you make purchases just by tweeting. Twitter, in its seemingly endless quest to effectively monetize itself, is looking across the Internet to Amazon for a little inspiration. The social-messaging network now wants to become something of an e-tailer, and is partnering with American Express to let consumers purchase products by — you guessed it — tweeting.

The project is still in the experimental phase, but so far, here's what The Week knows about how Amex Sync would work: Retailers would make deals with Twitter to sell specific products and services at a discount to Twitter users. Then on the consumer end, you'd link your Amex credit card with your Twitter handle. Once signed in, you'd send a tweet containing a special hashtag to make a purchase, something like #BuyAmexGiftCard25. A reply to @AmexSync confirms the purchase, and — tada! — you are now the owner of a $25 American Express Gift Card.

Twitter believes this initiative could help the company diversify its revenue streams, which are currently heavily reliant on online advertising. "We're convinced that commerce is going to be one of the areas (for which) advertisers are going to start using our platform," Joel Lunenfeld, Twitter’s vice president of global brand strategy, told The Wall Street Journal. It's unclear, however, if or how much of a cut Twitter will take from each transaction.

But tweets could just be the beginning. According to All Things D, Amex is bringing the initiative over to Facebook, Foursquare, and Microsoft's Xbox Live, too.

So what's in it for you? Discounts on a range of products — Amex gift cards, Kindle Fire tablets from Amazon, jewelry from designer Donna Karan, and the like. Of course, that means you'll have to openly advertise to your followers what it is you're buying, which many consumers will understandably see as a dealbreaker.

For marketers, it establishes that almighty link between the mysterious value of a tweet and a measurable purchase at the end of the online retail funnel. Expect the service to roll out slowly over the next few days
- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

The Dark Side of Meeting People Online

Not a day goes by in New York City that I don't hear about some kind of abduction. But when it happens because people get to know each other online and then meet in real life, I must report on it so you know the dangers, even if you're an adult!

According to Alison Bowen of Metro New York, police are searching for a suspect they think may have murdered a Queens teacher after they met online. David Rangel, 53, was found choked to death and shoved under his couch in his Jackson Heights apartment Sunday, officials said. A police spokesman said cops responded to a 911 call, after a friend checking on him found the door unlocked and ajar.
Police found Rangel with trauma to his head and blood on the floor and the walls. Councilman Daniel Dromm asked the NYPD to investigate the murder as a hate crime. “The horrific crime committed against David Rangel, an openly gay public school teacher who lived in one of the city's most tolerant communities, is deeply distressing,” Dromm said. Dromm spokesman Alex Florez said Rangel appears to have met someone online. The councilman's concern is that someone may have targeted him because he is openly gay, and that this perhaps led into a potential bias-motivated murder. “Something obviously went terribly wrong there,” Florez said. Rangel taught seventh- and eighth-grade Spanish at P.S. 219. “We are deeply saddened by the loss of a well-liked and respected teacher, David Rangel,” the school’s president, Fred Wright, wrote on Twitter yesterday.

Meanwhile, the family of a Staten Island woman, Sarai Sierra, is searching for her in Turkey, where she disappeared while traveling this month. They, too, are concerned she may have met someone online. She had planned to meet with strangers she met through Instagram, according to the Daily News. Online safety expert Hemu Nigam said that when people sit behind a computer screen, they may wrongly lower their guard.

“When you’re going online, it’s very much like you’re going down a New York alley,” he said. “You don’t know where you’re going, you don’t know what might pop up … yet when you’re on a computer, you do it without thinking twice.”
“If you’re connecting with somebody in the online world, unless you are seeing the whites of their eyes, they should be treated as a stranger to you,” Nigam said. Instead, he said, when people talk online, they can feel very comfortable, because they are in the comfort of their own home. But people should have the opposite reaction. If something seems off, ask for clarification, he advised. “I think your first best friend in all of this is Google,” he said. “You can see if the job they’re talking about actually exists. … if your instincts say there’s something wrong, you’ve got to go with it.”

He also suggests a face-to-face chat on the computer or phone. “If the person refuses because they’re giving you examples like, ‘My hair doesn’t look good today, I’m just not feeling well,’ your senses should go up,” he said. If you do meet someone, perhaps through an online dating website, make sure it is in a public place, and consider having a friend show up two or three tables down or suggesting a group setting.

- As seen in Metro New York Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

The 25 Most Popular Passwords of 2012

Happy New Year, it's time to change your passwords again. You can't go anywhere online without a password these days. Want to access Xbox Live through your PC? You'll need a password. Logging onto the PlayStation Store? Cough it up. Playing any online games? You know what to do. Not to mention all of your social networking, email, website, and e-commerce passwords.

The problem though, according to Chris Morris at Plugged In, is that most of us just aren't very password-creative. hacker delight in posting usernames and passwords online when they raid a database. To prove the point -- and to help us all make better password decisions -- SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.

The top passwords of 2012 are the same three from a year ago - "password," "123456," and "12345678." In 2012, however, there were some new additions, including "welcome, " "jesus," "ninja," and "mustang." Our favorite newcomer to the list (and yes, we're being sarcastic here), is "password1," a particularly weak attempt at pleasing providers who require a number in your password somewhere.

"At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password," said Morgan Slain, CEO of SplashData. "We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."

Gamers in particular need to be vigilant in keeping their passwords strong and safe. Hackers have targeted a number of game companies in recent years, including Blizzard, Bethesda, and, most famously, Sony. Earlier this month, PlaySpan, who handles microtransactions for hundreds of online games, was breached.

If you've got any of these phrases as your password on any system — be it a gaming network, email client, or especially an online banking account -- change it. Change it fast. You're leaving yourself open for hacking that could result in the loss of everything, from hard-won Diablo III items to Microsoft Points you spent real-world money acquiring.

Here's the full 2012 list, along with how the popularity of the phrase has increased or decreased in the past year:

1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)

Keep creating the same old passwords? Here's a few tips on how to create an cryptic password:

- Use the first letter from each word in a phrase or line from a song. For example, "Hey, I just met you... And this is crazy... But here's my number... So call me maybe" could be "hijmyaticbhmnscmm." Of course, you'll be stuck singing the damn thing in your head every time you log in.

- Combine two words, such as "hungrydog" or "choppywater." For added security, separate those words with symbols or numbers, or swap numbers in place of certain letters. So instead of "hungrydog," use"hungry$d0g."

- If the site is case-sensitive, vary upper and lower case letters, as well as using numbers and symbols. ("ViDeOgAmE," for example, is much more secure than "videogame.")

- As seen in Plugged In
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Your Life Is Fully Mobile: We walk, talk and sleep with our phones, but are we more or less connected?

Just as remarkable as the power of mobility, over everything from love to learning to global development, is how fast it all happened.

Nancy Gibbs of Time points out, it is hard to think of any tool, any instrument, any object in history with which so many developed so close a relationship so quickly as we have with our phones. Not the knife or match, the pen or page. Only money comes close—always at hand, don’t leave home without it. But most of us don’t take a wallet to bed with us, don’t reach for it and check it every few minutes, and however useful money is in pursuit of fame, romance, revolution, it is inert compared with a smart phone—which can replace your wallet now anyway.

Whatever people thought the first time they held a portable phone the size of a shoe in their hands, it was nothing like where we are now, accustomed to having all knowledge at our fingertips. A typical smart phone has more computing power than Apollo 11 when it landed a man on the moon. In many parts of the world, more people have access to a mobile device than to a toilet or running water; for millions, this is the first phone they’ve ever had. In the U.S., close to 9 in 10 adults carry a mobile, leaving its marks on body, mind, spirit. There’s a smart-phone gait: the slow sidewalk weave that comes from being lost in conversation rather than looking where you’re going. Thumbs are stronger, attention shorter, temptation everywhere: we can always be, mentally, digitally, someplace other than where we are.

So how do we feel about this? To better understand attitudes about mass mobility, Time, in cooperation with Qualcomm, launched the Time Mobility Poll, a survey of close to 5,000 people of all age groups and income levels in eight countries: the U.S., the U.K., China, India, South Korea, South Africa, Indonesia and Brazil. Even the best survey can be only a snapshot in time, but this is a crisp and textured one, revealing a lot about both where we are now and where the mobile wave is taking us next.

A tool our parents could not have imagined has become a lifeline we can’t do without. Not for a day—in most cases not even for an hour. In Time’s poll, 1 in 4 people check it every 30 minutes, 1 in 5 every 10 minutes. A third of respondents admitted that being without their mobile for even short periods leaves them feeling anxious. It is a form of sustenance, that constant feed of news and notes and nonsense, to the point that twice as many people would pick their phone over their lunch if forced to choose. Three-quarters of 25-to-29-year-olds sleep with their phones.

If Americans have developed surprisingly intimate relationships with their gadgets, they are still modest compared with people in other countries. The Time Mobility Poll found that 1 in 5 Americans has asked someone on a date by text, compared with three times as many Brazilians and four times as many Chinese. Fewer than 1 in 10 married U.S. respondents admitted to using texting to coordinate adultery, vs. one-third of Indians and a majority of Chinese. It may be shocking that nearly a quarter of all U.S. respondents, including a majority of 18-to-35-year-old men, have sent a sexually provocative picture to a partner or loved one. But that trails South Africans’ 45% and Indians’ 54%. Brazilians are especially exuberant, with 64% baring and sharing all.

In most respects, overseas mobile users value their devices the same way Americans do but with a few revealing exceptions. Americans are grateful for the connection and convenience their phones provide, helping them search for a lower price, navigate a strange city, expand a customer base or track their health and finances, their family and friends. But in some ways Americans are still ambivalent; more than 9 in 10 Brazilians and Indians agreed that being constantly connected is mostly a good thing. America’s 76% was actually the lowest score.

Carve up the U.S. population into the general public vs. high-income, highly educated elites and some contrasts come into focus. Elites are more likely to say that they work longer hours and have less time to think but also that mobile has made them more efficient and productive, able to manage more, be away from the office, stay informed about the news and be a better parent. Four in 10 Americans think mobility has helped them achieve a better work-life balance, vs. three-quarters or more of Indians, Indonesians, Chinese and South Africans.

Like any romance moving from infatuation to commitment, the connection between people and their mobile devices reflects what they brought into the relationship in the first place. In countries where connection and convenience were difficult, these mobiles offer a kind of time travel, delivering in the push of a button or touch of a screen the kind of progress other countries built over decades. Which makes you wonder: Just how much smaller and smarter and faster and better might our devices be a decade from now? And how much about our lives and work and relationships is left to be completely transformed as a result? What do you think?!

- As seen in Time
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

How Companies and Cops Snoop on Your Digital Life – Whether You Realize It or Not!

If someone wanted to create a global system for tracking human beings and collecting information about them, it would look a lot like the digital mobile-device network. It knows where you are, and--the more you text, tweet, shop, take pictures and navigate your surroundings using a smart phone--it knows an awful lot about what you're doing.

Which is one reason federal officials turned to Sprint, Verizon, AT&T and T-Mobile in early 2009 when they needed to solve the robbery of a Berlin, Conn., branch of Webster Bank. Using a loophole in a 1986 law that allows warrantless searches of stored communications, the feds ordered the carriers to provide records of phones that used a nearby cell tower on the day of the crime. The carriers turned over to the prosecutors the identities, call records and other personal information of 169 cell-phone users--including two men who were eventually sentenced to prison for the robbery. With a simple request, the feds cracked a case that might have otherwise taken years to solve. In the process, they collected information on 167 people who they had no reason to believe had committed a crime, including details like numbers dialed and times of calls that would have been protected as private on a landline.

Such cases are common. In response to a request from Representative Ed Markey, major cell carriers revealed in July, 2012 that they had received more than 1.3 million requests for cell-phone tracking data from federal, state and local law-enforcement officials in 2011. By comparison, there were 3,000 wiretap warrants issued nationwide in 2010. That revelation has added to a growing debate over how to balance the convenience and security consumers now expect from their smart phones with the privacy they traditionally have wanted to protect. Every second we enjoy their convenience, smart phones are collecting information, recording literally millions of data points every day.

The potential for good is undeniable. In recent years, the average time it takes the U.S. Marshals Service to find a fugitive has dropped from 42 days to two, according to congressional testimony from Susan Landau, a Guggenheim fellow. Cell phones have changed criminal investigation from the ground up. "There is a mobile device connected to every crime scene," says Peter Modafferi, the chief of detectives in Rockland County, New York.

But as smart phones' tracking abilities have become more sophisticated, law enforcement, phonemakers, cell carriers and software makers have come under fire for exploiting personal data without the knowledge of the average user. Much of the law protecting mobile privacy in the U.S. was written at the dawn of the cell-phone era in the 1980s, and it can vary from state to state. Companies have widely differing privacy policies. Now conservatives and liberals on Capitol Hill are pushing legislation that would set new privacy standards, limiting law-enforcement searches and restricting what kinds of information companies can collect.

Government snooping is part of the worry. But market demand is driving some of the biggest collectors of data. Mobile advertising is now a $6 billion industry, and identifying potential customers based on their personal information is the new frontier. Last year, reports showed that free and cheap apps were capable of everything from collecting location information to images a phone is seeing. One app with image-collection capabilities, Tiny Flashlight, uses a phone's camera as a flashlight and has been installed at least 50 million times on phones around the world. Tiny Flashlight's author, Bulgarian programmer Nikolay Ananiyev, tells Time that his program does not collect the images or send them to third parties.

In November 2012, news broke that a company named Carrier IQ had installed software on as many as 150 million phones that accesses users' texts, call histories, Web usage and location histories without users' knowing consent. Carrier IQ says it does not record, store or transmit the data but uses it to measure performance. In February, Facebook, Yelp, Foursquare and Instagram apps, among others, were reported to be uploading contact information from iPhones and iPads. The software makers told the blog VentureBeat that they only use the contact information when prompted by users. "No app is free," says one senior executive at a phone carrier. "You pay for them with your privacy."

Many consumers are happy to do so, and so far there hasn't been much actual damage, at least not that privacy advocates can point to. The question is where to draw the line. For instance, half of smart-phone users make banking transactions via their mobile device. The Federal Trade Commission has brought 40 enforcement cases in recent years against companies for improperly storing customers' private information.

Law enforcement is subject to some oversight. Absent an emergency, prosecutors and police must convince a judge that the cell information they are seeking from wireless companies is material to a criminal case under investigation. An unusual alliance between liberals and conservatives is pushing a bill to impose the same requirements for getting cell tracking data as those that are in place when cops want to get a warrant to search a house. Another bill would increase restrictions on what app writers can do with personal information. Cases moving through the courts may limit what law enforcement can do with GPS tracking.

Tech companies are trying to get a handle on the issue. Apple has a single customer-privacy policy. Google posts the permissions that consumers give each app to operate their phones' hardware and software, including authorization to access camera and audio feeds and pass on locations or contact info. The rush to keep up with technology will only get harder: the next surge in surveillance is text messaging, industry experts say, as companies and cops look for new ways to tap technology for their own purposes.
- As seen in Time
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

Happy New Year: Now Measure My Results, Not My Hours

Too many businesses judge an employee’s performance by hours worked rather than by value created. It's time to get with the program and understand that "face time" is beyond overrated.

Accolades to Robert Pozen of The New York Times who, yet again, brings up the fact too many businesses judge an employee’s performance by hours worked rather than by value created. As a result, workers who complete their tasks faster wind up procrastinating, surfing the Web, or rereading emails long after the clock strikes five, simply in order to be seen in the office.

Studies suggest that workers are right to believe they are better off sticking around to avoid getting labeled as slackers. Managers in one recent study described employees seen in the office as “dependable” and “reliable,” and those who came in over the weekend as “committed” and “dedicated.” These reactions are unfortunate “remnants of the industrial age,” when hours logged on the assembly line translated directly into more products.

But measuring performance by hours worked “makes no sense for knowledge workers” in the 21st century, and bosses who implicitly reward those who stay late “are undermining incentives for workers to be efficient.” Many organizations will struggle with learning to focus on results rather than hours. But if you can convince your boss to make that switch, it “will help you accomplish more at work”—and that’s something any boss can value.

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS

My Digital Nightmare: A Hacker Stole My Family Photos and Upended My Life, and It Could Easily Happen to You

In the space of one hour, my entire digital life was destroyed, said Mat Honan of Wired. "First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

This isn’t just my problem. Since Friday, Aug. 3, 2012, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group. The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.

Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.

I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.

It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed.

I went to connect the iPhone to my computer and restore from that backup — which I had just happened to do the other day. When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.

I didn’t have a four-digit PIN.

By now, I knew something was very, very wrong. For the first time it occurred to me that I was being hacked. Unsure of exactly what was happening, I unplugged my router and cable modem, turned off the Mac Mini we use as an entertainment center, grabbed my wife’s phone, and called AppleCare, the company’s tech support service, and spoke with a rep for the next hour and a half.

It wasn’t the first call they had had that day about my account. In fact, I later found out that a call had been placed just a little more than a half an hour before my own. But the Apple rep didn’t bother to tell me about the first call concerning my account, despite the 90 minutes I spent on the phone with tech support. Nor would Apple tech support ever tell me about the first call voluntarily — it only shared this information after I asked about it. And I only knew about the first call because a hacker told me he had made the call himself.

At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn’t get into his e-mail — which, of course was my e-mail.

In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.

At 4:50 p.m., a password reset confirmation arrived in my inbox. I don’t really use my e-mail, and rarely check it. But even if I did, I might not have noticed the message because the hackers immediately sent it to the trash. They then were able to follow the link in that e-mail to permanently reset my AppleID password.

At 4:52 p.m., a Gmail password recovery e-mail arrived in my mailbox. Two minutes later, another e-mail arrived notifying me that my Google account password had changed.

At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.

By wiping my MacBook and deleting my Google account, they now not only had the ability to control my account, but were able to prevent me from regaining access. And crazily, in ways that I don’t and never will understand, those deletions were just collateral damage. My MacBook data — including those irreplaceable pictures of my family, of my child’s first year and relatives who have now passed from this life — weren’t the target. Nor were the eight years of messages in my Gmail account. The target was always Twitter. My MacBook data was torched simply to prevent me from getting back in.


I spent an hour and a half talking to AppleCare. One of the reasons it took me so long to get anything resolved with Apple during my initial phone call was because I couldn’t answer the security questions it had on file for me. It turned out there’s a good reason for that. Perhaps an hour or so into the call, the Apple representative on the line said “Mr. Herman, I….”

“Wait. What did you call me?”

“Mr. Herman?”

“My name is Honan.”

Apple had been looking at the wrong account all along. Because of that, I couldn’t answer my security questions. And because of that, it asked me an alternate set of questions that it said would let tech support let me into my account: a billing address and the last four digits of my credit card. (Of course, when I gave them those, it was no use, because tech support had misheard my last name.)

It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud.

Apple tech support confirmed to me twice over the weekend that all you need to access someone’s AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file. I was very clear about this. During my second tech support call to AppleCare, the representative confirmed this to me. “That’s really all you have to have to verify something with us,” he said.

We talked to Apple directly about its security policy, and company spokesperson Natalie Kerris told Wired, “Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file. Here’s the story of how the hackers got them.

By exploiting the customer service procedures employed by Apple and Amazon, hackers were able to get into iCloud and take over all of Mat Honan’s digital devices — and data.

On the night of the hack, I tried to make sense of the ruin that was my digital life. My Google account was nuked, my Twitter account was suspended, my phone was in a useless state of restore, and (for obvious reasons) I was highly paranoid about using my Apple email account for communication.

I decided to set up a new Twitter account until my old one could be restored, just to let people know what was happening. I logged into Tumblr and posted an account of how I thought the takedown occurred. At this point, I was assuming that my seven-digit alphanumeric AppleID password had been hacked by brute force. In the comments (and, oh, the comments) others guessed that hackers had used some sort of keystroke logger. At the end of the post, I linked to my new Twitter account.

And then, one of my hackers @ messaged me. He would later identify himself as Phobia. I followed him. He followed me back.

We started a dialogue via Twitter direct messaging that later continued via e-mail and AIM. Phobia was able to reveal enough detail about the hack and my compromised accounts that it became clear he was, at the very least, a party to how it went down. I agreed not to press charges, and in return he laid out exactly how the hack worked. But first, he wanted to clear something up:

“didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”

I asked him why. Was I targeted specifically? Was this just to get to Gizmodo’s Twitter account? No, Phobia said they hadn’t even been aware that my account was linked to Gizmodo’s, that the Gizmodo linkage was just gravy. He said the hack was simply a grab for my three-character Twitter handle. That’s all they wanted. They just wanted to take it, and fuck shit up, and watch it burn. It wasn’t personal.

“I honestly didn’t have any heat towards you before this. i just liked your username like I said before” he told me via Twitter Direct Message.

After coming across my account, the hackers did some background research. My Twitter account linked to my personal website, where they found my Gmail address. Guessing that this was also the e-mail address I used for Twitter, Phobia went to Google’s account recovery page. He didn’t even have to actually attempt a recovery. This was just a recon mission.

Because I didn’t have Google’s two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, m•••• Jackpot.

This was how the hack progressed. If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here. But using that Apple-run e-mail account as a backup meant told the hacker I had an AppleID account, which meant I was vulnerable to being hacked.

Be careful with your Amazon account — or someone might buy merchandise on your credit card, but send it to their home.

“You honestly can get into any email associated with apple,” Phobia claimed in an e-mail. And while it’s work, that seems to be largely true.

Since he already had the e-mail, all he needed was my billing address and the last four digits of my credit card number to have Apple’s tech support issue him the keys to my account.

So how did he get this vital information? He began with the easy one. He got the billing address by doing a whois search on my personal web domain. If someone doesn’t have a domain, you can also look up his or her information on Spokeo, WhitePages, and PeopleSmart.

Getting a credit card number is tricker, but it also relies on taking advantage of a company’s back-end systems. Phobia says that a partner performed this part of the hack, but described the technique to us, which we were able to verify via our own tech support phone calls. It’s remarkably easy — so easy that Wired was able to duplicate the exploit twice in minutes.

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn’t have anything to share by press time.

And it’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example. If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.

And so, with my name, address, and the last four digits of my credit card number in hand, Phobia called AppleCare, and my digital life was laid waste. Yet still I was actually quite fortunate.

They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too.

Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.

I had done some pretty stupid things. Things you shouldn’t do.

I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. I shouldn’t have daisy-chained two such vital accounts — my Google and my iCloud account — together. I shouldn’t have used the same e-mail prefix across multiple accounts —,, and And I should have had a recovery address that’s only used for recovery without being tied to core services.

But, mostly, I shouldn’t have used Find My Mac. Find My iPhone has been a brilliant Apple service. If you lose your iPhone, or have it stolen, the service lets you see where it is on a map. The New York Times’ David Pogue recovered his lost iPhone just last week thanks to the service. And so, when Apple introduced Find My Mac in the update to its Lion operating system last year, I added that to my iCloud options too.

After all, as a reporter, often on the go, my laptop is my most important tool.

But as a friend pointed out to me, while that service makes sense for phones (which are quite likely to be lost) it makes less sense for computers. You are almost certainly more likely to have your computer accessed remotely than physically. And even worse is the way Find My Mac is implemented.

When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed. But here’s the thing: If someone else performs that wipe — someone who gained access to your iCloud account through malicious means — there’s no way for you to enter that PIN.

A better way to have this set up would be to require a second method of authentication when Find My Mac is initially set up. If this were the case, someone who was able to get into an iCloud account wouldn’t be able to remotely wipe devices with malicious intent. It would also mean that you could potentially have a way to stop a remote wipe in progress.

But that’s not how it works. And Apple would not comment as to whether stronger authentification is being considered.

As of Monday, both of these exploits used by the hackers were still functioning. Wired was able to duplicate them. Apple says its internal tech support processes weren’t followed, and this is how my account was compromised. However, this contradicts what AppleCare told me twice that weekend. If that is, in fact, the case — that I was the victim of Apple not following its own internal processes — then the problem is widespread.

I asked Phobia why he did this to me. His answer wasn’t satisfying. He says he likes to publicize security exploits, so companies will fix them. He says it’s the same reason he told me how it was done. He claims his partner in the attack was the person who wiped my MacBook. Phobia expressed remorse for this, and says he would have stopped it had he known.

“yea i really am a nice guy idk why i do some of the things i do,” he told me via AIM. “idk my goal is to get it out there to other people so eventually every1 can over come hackers”

I asked specifically about the photos of my little girl, which are, to me, the greatest tragedy in all this. Unless I can recover those photos via data recovery services, they are gone forever. On AIM, I asked him if he was sorry for doing that. Phobia replied, “even though i wasnt the one that did it i feel sorry about that. Thats alot of memories im only 19 but if my parents lost and the footage of me and pics i would be beyond sad and im sure they would be too.”

But let’s say he did know, and failed to stop it. Hell, for the sake of argument, let’s say he did it. Let’s say he pulled the trigger. The weird thing is, I’m not even especially angry at Phobia, or his partner in the attack. I’m mostly mad at myself. I’m mad as hell for not backing up my data. I’m sad, and shocked, and feel that I am ultimately to blame for that loss.

But I’m also upset that this ecosystem that I’ve placed so much of my trust in has let me down so thoroughly. I’m angry that Amazon makes it so remarkably easy to allow someone into your account, which has obvious financial consequences. And then there’s Apple. I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on."

Additional reporting by Roberto Baldwin and Christina Bonnington. Portions of this story originally appeared on Mat Honan’s Tumblr.
- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS