IT Management » The UK Riots, RIM and the Price of Privacy

As rioters in the UK use devices like BlackBerry phones to exchange messages, Research In Motion says it will help police in monitoring its communication systems. Though its decision has drawn some support, critics question whether assisting police to peek in on personal messages is an invasion of privacy.

London's burning, and it may lead to a clampdown on social media 6 Ways to Use Social Media for Business. Free Guide. in the UK.

UK Prime Minister David Cameron on Thursday suggested censoring social media in response to the violence.

Mobs reportedly communicating in part through BlackBerry Messenger, and later social media sites, wreaked havoc throughout the UK.

Research In Motion's (Nasdaq: RIMM) UK office responded to news of the disturbances by tweeting that it would help the authorities in any way it could.

That led to a storm of protest and the hijacking of RIM's Inside BlackBerry blog page by hacker group TeamPoison.

"RIM is in an unenviable position, being forced to be the arbiter between two powerful factors," Azita Arvani, principal at the Arvani Group, told TechNewsWorld.

"On the one hand, they're facing individual users, information privacy values and concerns; on the other, they're facing governments, which legislate the rules of the game for businesses," Arvani elaborated.

RIM did not respond to requests for comment by press time.

The Flames of Freedom, or Madness Rising?

News clips from the UK are eerily reminiscent of those from the Middle East during the so-called Jasmine Revolution, when rioting crowds toppled governments throughout the region, including that of Egyptian strongman Hosni Mubarak, who's now on trial.

Rampaging mobs are roaming through the streets of London, Birmingham, Liverpool and other areas, burning and looting buildings, fighting and indulging in other acts of violence.

What's the difference between the rampaging mobs here and the so-called protesters for democracy in the Middle East?

Some of the depictions of the events in the UK might be skewed, Jillian York, director for international freedom of expression at the Electronic Frontier Foundation, suggested to TechNewsWorld.

"I think the framing being seen in some media is incredibly problematic," York said.

The Messenger Makes the Medium

The UK authorities said earlier this week that the rioters were coordinating their efforts through BlackBerry Messenger, which lets users send text messages to anyone else with the service at no charge.

The BlackBerry is the most popular choice among younger consumers, according to the UK's Office of Communications, aka "OfCom."

Almost half of UK teens and more than one in four adults -- who are defined as anyone over 16 -- own a smartphone, OfCom found.

The mobs are also using social media, particularly Twitter, to coordinate their efforts, but BlackBerry Messenger is the biggest thorn in the side of law enforcement because messages sent over that service are encrypted.

Taking Potshots at RIM

After RIM announced that it would work with law enforcement, TeamPoison hit its UK blog site, taking over its landing page.

A shot of the hijacked page, posted on Twitter by Jonathan Fisher, can be seen here.

The page includes a plea to RIM from TeamPoison.

The hackers claimed RIM's actions would result in innocent people being charged and threatened to give personal information about RIM employees to rioters if RIM cooperated with the police.

However, TeamPoison stated it was against looting and attacks on small businesses, and only supported rioters attacking the police and the government.

Helping Police Is a Good Thing

Perhaps RIM might come out of this mess relatively unscathed.

"Almost all governments ask technology companies, including RIM, to assist with access to communications," Cynthia Wong, director of the Center for Democracy and Technology's Global Internet Freedom Project, told TechNewsWorld.

The real question is whether the UK government is following established legal processes or issuing "clearly overbroad" requests, Wong pointed out.

How much RIM's credibility will be impacted will depend on the nature of its cooperation with the UK authorities, and "it would help if RIM were more transparent about what it is or isn't doing" Wong added.

News that RIM is helping law enforcement locate those who orchestrated the UK riots through BlackBerry Messenger "is actually good press for the company, as the vast majority of British people, especially in London, want these criminals to be brought to justice," Darren Hayes, CIS program chair at Pace University, told TechNewsWorld.

Many recipients of BlackBerry messages have reportedly forwarded them to the police, Hayes remarked.

What About Privacy, Then?

One of the objections to RIM's agreeing to help the UK government is that it impinges on the rioters' right to privacy. However, that stance may not hold up to examination.

The right to privacy in personal communications isn't absolute and can be limited in certain circumstances, such as in the course of a legitimate investigation by law enforcement, the CDT's Wong said.

Further, the right to privacy may depend on who's being targeted.

"There is a tremendous difference between capturing the contents of people's emails, Internet searches, purchases and other personal and working to apprehend individuals involved with arson, theft and violence," Pace University's Hayes pointed out.

"The greater good overrides any claim to privacy," Hayes added.

IT Management » New CRM Chat Tools Give Instant Gratification

LiveChat adoption has been growing exponentially as customer support services look for more efficiency in their call center environments, SAID CEO Mariusz Cieply. "First of all, one agent can talk to up to five customers at a time, and users love having a way to chat via instant messaging." Facebook Connect promises to increase that efficiency even more.

Recent announcements in the CRM space have been all about crossing bridges to streamline customer contact functions and making customer service representatives' lives easier and more productive. And all it's taking is a click of the mouse.

LiveChat, a developer of real-time software and Web analytics tools for e-commerce sales and support teams, has given word that it is rolling out a new Facebook Connect integration capability. With this new feature, customer support and online sales services can instantly access a more detailed and comprehensive view of the customer to improve online interactions at the beginning of a LiveChat engagement.

Greater Efficiency

The process is simple. When a Web visitor requests a LiveChat session for the first time, a pop-up appears with a prompt to sign up via Facebook Connect. The LiveChat operator who comes on board already has information on the visitor's name, picture, email and personal preference data. A customer who signs into LiveChat using Facebook credentials will automatically be recognized by a service representative on any website that has installed LiveChat.

LiveChat adoption has been growing exponentially as customer support services look for more efficiency in their call center environments, CEO Mariusz Cieply told CRM Buyer.

"First of all, one agent can talk to up to five customers at a time, and users love having a way to chat via instant messaging," he said.

Facebook Connect promises to increase that efficiency even more, Cieply added.

"Customers won't have to be asked preliminary questions before the chat begins," he pointed out. "The representative can simply get the pictorial ID of who that person is. Early indications show a definite increase in conversion rates and the quality of online service."

Productivity Boost

M5 Networks a provider of VoIP managed services, has partnered with LinkPoint360, a provider of enterprise email integration software applications to the CRM industry, to develop a new telephony integration capability for M5 customers from the LinkPoint360 Outlook Add-in. This new integration bridges what the company calls "the formidable gap" between Microsoft (Nasdaq: MSFT) Outlook and CRM programs like Salesforce.com (NYSE: CRM), Microsoft Dynamics CRM and SalesLogix.

Users can now view contact information from their CRM application within Outlook for each email recipient, then click-to-record the email to create contact, lead, opportunity or support cases. The added automated functionality means users can respond to a customer email query and create a record of the call without leaving Outlook, as well as post a completed call activity directly into the CRM program.

The plug-in can deliver a significant productivity boost for sales personnel, Brent Barbara, vice president of client solutions and alliances for M5 Networks, told CRM Buyer.

"It's a simple solution that addresses an important need," he said. "A lot of sales and service teams are tied to Outlook and still spend a lot of time toggling between that and their CRM data. Now they can connect their phone to their customer information and emails and contact them by phone with one click."

Stronger Integration

The motivation behind integration with Outlook is twofold. "One sales manager I spoke to said they just don't want their representatives doing data entry," said Barbara. "Let's take that off their plate. Something as simple as click-to-dial [from Outlook] in the telemarketing world could save a person 30 to 45 seconds of time per call. If that person made 100 calls a day, that translates into 30 to 45 minutes. The savings can get into big numbers in highly productive environments."

This is just one of an increasing number of integration initiatives that are transforming efficiency for customer service and sales staff, he added. "Cloud models and other Web-based applications are ripe for this type of integration because they have remarkably easy APIs. Applications like Salesforce.com are doing all sorts of mashups with calling and instant messaging. And we're only beginning to see how Facebook APIs can be used to help the business community."

IT Management » A Standard Is Born

Open Automated Compliance Expert Markup Language is built to automate security and save costs. "If you think about PCI DSS, it defines pretty tightly what your cardholder data environment consists of," said The Open Group's Jim Hietala. "In terms of O-ACEML, it could be networking devices, servers, storage equipment, or any sort of IT device."

The Open Automated Compliance Expert Markup Language (O-ACEML) is a new standard that helps enterprises automate security compliance across their systems in a consistent and cost-saving manner.

O-ACEML helps to achieve compliance with applicable regulations but also achieves major cost savings. From the compliance audit viewpoint, auditors can carry out similarly consistent and more capable audits in less time.

Here to help us understand O-ACEML and managing automated security compliance issues and how the standard is evolving are Jim Hietala, vice president of security at The Open Group; and Shawn Mullen, a Power software security architect at IBM (NYSE: IBM). The discussion is moderated by Dana Gardner, principal analyst at Interarbor Solutions.

Listen to the podcast (29:23 minutes).

Here are some excerpts:

Jim Hietala: One of the things you've seen in last 10 or 12 years -- since the compliance regulations have really come to the fore -- is that the more regulation there is, more specific requirements are put down, and the more challenging it is for organizations to manage. Their IT infrastructure needs to be in compliance with whatever regulations impact them, and the cost of doing so becomes significant.

So anything that could be done to help automate, to drive out cost, and maybe make organizations more effective in complying with the regulations that affect them -- whether it's PCI, HIPAA, or whatever -- there's lot of benefit to large IT organizations in doing that. That's really what drove us to look at adopting a standard in this area.

We're moving to enable compliance of IT devices specifically around security constraints and the security configuration settings and to some extent, the process. If you look at how people did compliance or managed to compliance without a standard like this, without automation, it tended to be a manual process of setting configuration settings and auditors manually checking on settings. O-ACEML goes to the heart of trying to automate that process and drive some cost out of an equation.

Shawn Mullen: This has been going on a while, and we're seeing it on both classes of customers. On the high end, we would go from customer-to-customer and they would have their own hardening scripts, their own view of what should be hardened. It may conflict with what compliance organization wanted as far as the settings. This was a standard way of taking what the compliance organization wanted, and also it has an easy way to author it, to change it.

If your own corporate security requirements are more stringent, you can easily change the O-ACEML configuration, so that is satisfies your more stringent corporate compliance or security policy, as well as satisfying the regulatory compliance organization in an easy way to monitor it, to report, and see it.

In addition, on the low end, the small businesses don't have the expertise to know how to configure their systems. Quite frankly, they don't want to be security experts. Here is an easy way to print an XML file to harden their systems as it needs to be hardened to meet compliance or just the regular good security practices.

One of the things that we're seeing in the industry is server consolidation. If you have these hundreds, or in large organizations thousands, of systems and you have to manually configure them, it becomes a very daunting task. Because of that, it's a one-time shot at doing this, and then the monitoring is even more difficult. With O-ACEML, it's a way of authoring your security policy as it meets compliance or for your own security policy in pushing that out.

This allows you to have a single XML and push it onto heterogeneous platforms. Everything is configured securely and consistently and it gives you a very easy way to get the tooling to monitor those systems, so they are configured correctly today. You're checking them weekly or daily to ensure that they remain in that desired state.

[As an example], let's take a single rule, and we'll use a simple case like the minimum password length. In PCI the minimum password length, for example, is seven. Sarbanes-Oxley, which relies on COBiT password length would be eight.

But with an O-ACEML XML, it's very easy to author a rule, and there are three segments to it. The first segment is, it's very human understandable, where you would put something like "password length equals seven." You can add a descriptive text with it, and that's all you have to author.

When that is pushed down on to the platform or the system that's O-ACEML-aware, it's able to take that simple ACEML word or directive and map that into an actionable command relevant to that system. When it finds the map into the actionable command, it writes it back into the XML. So that's completing the second phase of the rule. It executes that command either to implement the setting or to check the setting.

The result of the command is then written back into the XML. So now the XML for particular rule has the first part, the authored high-level directive as a compliance organization, how that particular system mapped into a command, and the result of executing that command either in a setting or checking format.

Now we have all of the artifacts we need to ensure that the system is configured correctly, and to generate audit reports. So when the auditor comes in we can say, "This is exactly how any particular system is configured and we know it to be consistent, because we can point to any particular system, get the O-ACEML XML and see all the artifacts and generate reports from that."

What's interesting about O-ACEML -- and this is one of our differences from, for example, the security content automation protocol (SCAP) -- is that instead of the vendor saying, "This is how we do it -- it has a repository of how the checking goes and everything like that," you let the end point make the determination. The end point is aware of what OS it is and it's aware of what version it is.

For example, with IBM UNIX, which is AIX, you would say "password check at this different level." We've increased our password strength, we've done a lot of security enhancements around that. If you push the ACEML to a newer level of AIX, it would do the checking slightly differently. So, it really relies on the platform, the device itself, to understand ACEML and understand how best to do its checking.

We see with small businesses and even some of the larger corporations that they're maintaining their own scripts. They're doing everything manually. They're logging on to a system and running some of those scripts. Or, they're not running scripts at all, but are manually making all of these settings.

It's an extremely long and burdensome process, when you start considering that there are hundreds of thousands of these systems. There are different OSes. You have to find experts for your Linux systems or your HP-UX or AIX. You have to have all those different talents and skills in these different areas, and again the process is quite lengthy.

Hietala: The way to think about it is the universe of IT devices that are in scope for these various compliance regulations. If you think about PCI DSS, it defines pretty tightly what your cardholder data environment consists of. In terms of O-ACEML, it could be networking devices, servers, storage equipment, or any sort of IT device. Broadly speaking, it could apply to lots of different classes of computing devices.

O-ACEML is relatively new. It was just published 60 days ago by The Open Group. The actual specification is on The Open Group website. It's downloadable, and we would encourage both, system vendors and platform vendors, as well as folks in the security management space or maybe the IT-GRC space, to check it out, take a look at it, and think about adopting it as a way to exchange compliance configuration information with platforms.

We want to encourage adoption by as broad a set of vendors as we can, and we think that having more adoption by the industry, will help make this more available so that end-users can take advantage of it.

Mullen: We had a very interesting presentation here at The Open Group Conference in Austin. Customers are finding the best way they can lower their compliance or their cost of meeting compliance is through automation. If you can automate any part of that compliance process, that's going to save you time and money. If you can get rid of the manual effort with automation, it greatly reduces your cost.

There was a very good study [we released and discussed this week]. It found that the average cost of an organization to be compliant is (US)$3 million. That's annual cost. What was also interesting was that the cost of being non-compliant, as they called it, was $9 million.

Hietala: The figures that Shawn is referencing come out of the study by the Ponemon Institute. Larry Ponemon does lots of studies around security risk compliance cost. He authors an annual data breach study that's pretty widely quoted in the security industry that gets to the cost of data breaches on average for companies.

In the numbers that were presented, he recently studied 46 very large companies, looking at their cost to be in compliance with the relevant regulations. It's like $3.5 million a year, and over $9 million for companies that weren't compliant, which suggests that companies that are actually actively managing toward compliance are probably little more efficient than those that aren't.

What O-ACEML has the opportunity to do for those companies that are in compliance is help drive that $3.5 million down to something much less than that by automating and taking manual labor out of process.

Mullen: One of the things that we're hoping vendors will gravitate toward is the ability to have a central console controlling their IT environment or configuring and monitoring their IT environment. It just has to push out a single XML file. It doesn't have to push out a special XML for Linux versus AIX versus a network device. It can push out that O-ACEML file to all of the devices. It's a singular descriptive XML, and each device, in turn, knows how to map it to its own particular platform in security configuring.

Hietala: And O-ACEML goes beyond just the compliance regulations that are inflicted on us or put on us by government organizations to defining a best practice instead of security policies in the organization. Then, using this as a mechanism to push those out to your environment and to ensure that they are being followed and implemented on all the devices in their IT environment.

So, it definitely goes beyond just managing compliance to these external regulations, but to doing a better job of implementing the ideal security configuration settings across your environment.

If you think about how this sort of a standard might apply toward services that are built in somebody's cloud, you could see using this as a way to both set configuration settings and check on the status of configuration settings and instances of machines that are running in a cloud environment. Shawn, maybe you want to expand on that?

Mullen: It's interesting that you brought this up, because this is the exact conversation we had earlier today in one of the plenary sessions. They were talking about moving your IT out into the cloud. One of the issues, aside from just the security, was how do you prove that you are meeting these compliance requirements?

ACEML is a way to reach into the cloud to find your particular system and bring back a report that you can present to your auditor. Even though you don't own the system --it's not in the data center here in the next office, it's off in the cloud somewhere -- you can bring back all the artifacts necessary to prove to the auditor that you are meeting the regulatory requirements.

Hietala: The standard specification is up on our website. You can go to the "Publications" tab on our website, and do a search for O-ACEML, and you should find the actual technical standard document. Then, you can get involved directly in the security forum by joining The Open Group . As the standard evolves, and as we do more with it, we certainly want more members involved in helping to guide the progress of it over time.

Mullen: That's a perfect way to start. We do want to invite different compliance organization, everybody from the electrical power grid -- they have their own view of security -- to ISO, to payment card industry. For the electrical power grid standard, for example -- and ISO is the same way -- what ACEML helps them with is they don't need to understand how Linux does it, how AIX does it. They don't need to have that deep understanding.

In fact, the way ISO describes it in their PDF around password settings, it basically says, use good password settings, and it doesn't go into any depth beyond that. The way we architected and designed O-ACEML is that you can just say, "I want good password settings," and it will default to what we decided. What we focused in on collectively as an international standard in The Open Group was, that good password hygiene means you change your password every six months. It should at least carry this many characters, there should be a non-alpha/numeric.

It removes the burden of these different compliance groups from being security experts and it let's them just use O-ACEML and the default settings that The Open Group came up with.

We want to reach out to those groups and show them the benefits of publishing some of their security standards in O-ACEML. Beyond that, we'll work with them to have that standard up, and hopefully they can publish it on their website, or maybe we can publish it on The Open Group website. ...

It's an international standard, we want it to be used by multiple compliance organizations. And compliance is a good thing. It's just good IT governance. It will save companies money in the long run, as we saw with these statistics. The goal is to lower the cost of being compliant, so you get good IT governance, just with a lower cost.

Hietala: You'll see more from us in terms of adoption of the standard. We're looking already at case studies and so forth to really describe in terms that everyone can understand what benefits organizations are seeing from using O-ACEML. Given the environment we're in today, we're seeing about security breaches and hacktivism and so forth everyday in the newspapers.

I think we can expect to see more regulation and more frequent revisions of regulations and standards affecting IT organizations and their security, which really makes it imperative for engineers in IT environment in such a way that you can accommodate those changes, as they are brought to your organization, do so in an effective way, and at the least cost. Those are really the kinds of things that O-ACEML has targeted, and I think there is a lot of benefit to organizations to using it.

IT Management » Why Video Conferencing Sucks

Understanding human interaction isn't easy. We tend to be complex and very different. The reason we aren't doing video conferencing calls regularly is partially because these systems don't interoperate, but it is mostly because these systems don't embrace the way we actually like to communicate.

I've been covering video conferencing (now often called "telepresence") products since the late 80s and saw my first offering in the mid-60s as a child at Disneyland. Over the years, product wave after product wave has come to market with the promise of the next big thing in telecommunications only to fail to meet even reasonable expectations for deployment in a market where users are measured in billions.

Andy Grove, one of the smartest people I've ever met, referred to Intel's (Nasdaq: INTC) axed video conferencing effort as his biggest mistake while running that company. We have laptops, tablets and, most recently, smartphones capable of video conferencing, but only a tiny percentage use them for it, and even fewer do so regularly. It isn't technology, availability or cost that is the problem -- it is people, and I'd like to explore that this week.

I was briefed on what may be the best video conferencing system in the world recently -- a product called Vidyo, which got me thinking about this. So, with some irony, it will be my product of the week.

Video Conferencing to Telepresence: a Brief History

AT&T (NYSE: T) first showcased video conferencing in the middle of the last century. It was incredibly impractical because networks weren't yet digital, but you could walk into a booth at Disneyland and talk to someone in another booth and see that person on a camera. Granted, since the booths were next to each other it wasn't that stunning as a communications technology, but everyone seemed to agree it was the near-term future. It was crafted into Disney's (NYSE: DIS) home of the future and written into the "The Jetsons" (predecessor to "Futurama").

Jump ahead to the late 80s, when there was a wave of room conferencing system companies. They proliferated like rabbits during the 90s and then largely vanished into Polycom by the beginning of this century. The promise of saved travel expenses was replaced by the image of little-used rooms full of largely nonfunctioning hardware that was never used (and to my recollection rarely dusted).

Last decade, we saw the birth of HD video conferencing systems because hardware makers figured that the problem was that we couldn't see each other clearly enough. They did address some of the more troubling aspects -- like the fact it took a near graduate degree to operate some of the older systems -- but one known problem remained.

The systems largely wouldn't interoperate. This interoperability issue kept them from being used for anything but in-company meetings -- and given the good ones cost upwards of half a million dollars, this meant that small remote offices and home workers (Jerry Seinfeld had one) generally couldn't afford them.

The systems were used more, but video conferencing didn't even look like it was getting close to critical mass. This year HP (NYSE: HPQ) -- which had one of the best systems -- exited the market. It sold its solution to Polycom, which has kind of become the great video conferencing system graveyard.

The big problem that no one seems to want to address is that we generally don't like conversing for long looking someone else in the eye. Try this: Sit across a table and look right at someone for an extended period of time while working with them. We had an exercise in college that put students together this way to emphasize human interaction. Generally, particularly for guys, this is not only uncomfortable, but also leads to confrontational behavior. It is OK for a few minutes -- but for longer meetings, you have this increasing feeling of discomfort.

I think this response can be unlearned, but I also think this is why people generally need to be forced to use these systems.

Where It's Successful

The real test is whether people just use these systems naturally when given the choice, and most don't. Even though airline travel is anything but fun these days, it is generally preferable to using a video conferencing room based on employee behavior. How companies get folks to use the system is to restrict air travel and force the rooms as the only option for in-face meetings that otherwise would involve travel.
The clue that most seem to have missed is that people generally have to be forced to use the systems, and that wasn't the case with phones or audio conference room systems. It isn't that people don't want to talk to each other -- it is that they don't like to stare at each other for long periods of time.

Other Problems

Over the years, other problems have become evident as well. The folks who are remote have the greatest affinity for a video solution, but what they need is to feel they can see into a meeting without being a head on a screen where folks focus their attention.

In short, they want to feel like they are part of the meeting but not the presentation themselves. Desktop users worry that executives are using desktop video systems to watch them in secret, and women generally feel very uncomfortable that someone can see their face before they've had a chance to check their makeup.

Oh, I'm not making this up -- we did a ton of surveys over a period of about 10 years as to why this stuff wasn't being used, and these are the things that came up.

Wrapping Up: Lessons Learned

Understanding human interaction isn't easy. We tend to be complex and very different. The reason we aren't doing video conferencing calls regularly is partially because these systems don't interoperate, but it is mostly because these systems don't embrace the way we actually like to communicate.

One final thought: If you look at how this is implemented, even by Apple (Nasdaq: AAPL) on smartphones, the focus is on the camera looking at the speaker rather than the camera looking at what the speaker is seeing -- the vastly more interesting subject matter. I mean wouldn't you rather see a vista than a wobbly close up of someone's nose hairs?

The most interesting test I've seen recently was when Marvell took a 65-inch HDTV, stood it on its edge on the floor, put a camera on the upper edge, and made it a video conferencing demo. This allowed people to chat like they would in a hallway. It seemed to shorten the conversations, and it also seemed vastly more natural for both speakers and for teachers.

Something to ponder this week as we see our retirement funds melt down.

Product of the Week: Vidyo

Every few years, I pick what I think is the best video conferencing product in the market; this time, Vidyo wins by a mile. Part of the reason is massive scalability, starting with a PC client at the low end and graduating up to systems that can have nine screens. This last is particularly interesting, because HDTVs are relatively cheap, and while some of the systems use proprietary TVs costing upwards of US$30K, Vidyo uses off-the-shelf HDTVs.

The system engages through email. You send emails out and folks click on the links, which can be put into calendars to enable the session, making it very easy to use.

If you were wondering about the 9+ screen part, this is particularly useful for department meetings where the employees are remote, because each employee gets a screen. Typical three-screen high end systems are limited to three people. Anything more than that puts the extras on an audio-only call.

Vidyo's highest-end system, the Panorama, goes up to 20 screens and costs $40K -- which is still a fraction of what most systems in its class cost, and it doesn't require a dedicated network.

Vidyo is currently working to put the client on tablets and smartphones. Hey, I've been traveling all week, and if telepresence/video conferencing systems ever take off, my tired butt will stay at home more often. The Vidyo system is the best yet, and it's a great candidate for my product of the week.

IT Management » FCC to Scrutinize BART's Cellphone Block

The Bay Area Rapid Transit system, or BART, will reportedly come under the FCC's microscope following the block that the public transportation system put on mobile devices inside its stations. BART says it instituted the block to keep a public protest from growing out of hand. That decision spawned further protests and may have violated the law.

The U.S. Federal Communications Communication (FCC) reportedly intends to investigate the Bay Area Rapid Transit system (BART) over the San Francisco-area public transportation system's recent shutdown of cellphone service at four stations in the face of a public protest.

BART cut cell phone services for several hours on Aug. 11 when a public demonstration began moving from station to station. The demonstrators were protesting the shooting of homeless man Charles Hill by BART police last month.

The move cut off cellphone service, including emergency calls, and outraged civil libertarians, who pointed out that it endangered public safety and stifled free speech.

It also sparked more protests, as well as an attack by hacker community Anonymous, which targeted a BART website.

It's possible that the cellular service shutdown contravened provisions of the Communications Act of 1934, which expressly prohibits local and state law enforcement agencies from jamming transmissions to thwart criminal and terrorist acts.

FCC spokesperson Neil Grace didn't respond to requests for comment by press time.

All Your Speech Are Belong to Us

BART gave different explanations as to how it shut down cellular communications.

At first, it said it had approached wireless carriers directly and asked them to turn off service, but later, BART said its staff or contractors shut down power to the nodes and alerted the cell carriers.

BART says it owns and controls the underground cellphone network, which runs from Balboa Park Station through the Transbay Tube. It indicated that it shut down the service to essentially prevent a repeat of what had happened recently in England, where mobs used mobile communications to coordinate their riots.

Further, BART claimed that the shutdown only affected its stations and that cellphone service was not disrupted outside its stations. It also stated that intercoms and courtesy phones in areas where cellular service had been shut off continued to work.

BART spokesman Linton Johnson reportedly said that riders do not have the right to free speech inside the fare gates, and he indicated that cellular service might be cut again.

"BART should focus on keeping the trains running and the passengers safe," Rebecca Jeschke, a spokesperson for the Electronic Frontier Foundation, told TechNewsWorld. "It did not need to cut out phone service in order to do this."

While the cellular service shutdown might have stopped a protest, it cut off "a lot of other communication as well," Jeschke pointed out.

BART did not respond to requests for comment by press time.

Fallout From the Shutdown

BART's cellular service shutdown prompted hacker community Anonymous to threaten retaliatory action.

Earlier this week, it made good on the threat, hacking into BART's servers. However, what it did next drew a degree of backlash -- it published the personal information of about 2,000 BART users in the database.

Did Anonymous shoot itself in foot with that move?

"This is collateral damage," Todd Feinman, CEO of Identity Finder, which discovered details about the personal information shortly after the Anonymous hack, told TechNewsWorld.

"Anonymous doesn't care who they hurt, they just want to get press," Feinman said. "They would've shot themselves in the foot if they hadn't got any press."

Anonymous also called for a peaceful protest against BART on Monday.

That protest was well attended and apparently went off without any reports of serious trouble, possibly because of the heavy police presence at the site. Video of this protest has been posted here.

The Cause of the Unrest

The protests and the hacking of BART's website were sparked by the July shooting of homeless man Charles Hill at the BART Civic Center station. Hill was reportedly shot while wielding a knife, though witnesses claimed he could have been subdued by less lethal means.

The ensuing protests have caused the issue to grow into one involving free speech.

"The real question is, do we want government agencies to be able to shut down wide swaths of phone service on claims of a rumor that there might be a protest?" the EFF's Jeschke asked.

"I think it's pretty clear the answer to that is no," Jeschke said.

Internet » The Google+ Gaming Gold Rush

"Developers seem to think that [Google+] is not going to go the way of Buzz or Orkut, and that Google+ does have a future, so ultimately what they're trying to do is be there before the flood of competition arrives and ... it'll be hard to shake them loose. They'll have loyal fans, and that way when it's time to launch titles 2, 3, 4 and 5 -- when there are 100 million users -- they'll be in a much better position."

Technology analyst Scott Steinberg answers a viewer's question about Google+'s foray into social games: Is it really going to give Facebook a run for its money?

In the short term, the answer is no. There are about 25 million users on Google+ versus roughly 750 million on Facebook, so when it comes to making money, there's really no contest between the two.

However, for game developers, it's crucial to be noticed. Right now, there are thousands of casual games on Facebook, with new ones appearing every day. It's pretty hard to get discovered there without spending big marketing 6 Ways to Use Social Media for Business. Free Guide. bucks.

Being among the early entrants on Google+ makes getting noticed easy -- and that could pay off big time when Google+'s membership numbers grow.

Internet » Kindle Cloud Reader Takes Web Apps to New Heights

Amazon has released a Web version of its popular Kindle e-reader app that's optimized for the iPad. Of course, Amazon also has a native Kindle app in Apple's App Store. But in releasing a Web-based version, Amazon isn't held to certain Apple rules regarding how it sells Kindle books. And the Web version of Kindle is so similar to the native app that it's definitely worth a look.

It's been a really long time since I've used a Web app on iOS. Before the App Store was launched, that used to be the only way to use anything resembling third-party software on an iPhone. In Year 1, nobody but Apple (Nasdaq: AAPL) could develop directly for iOS ("iPhone OS" back in the day), so the best anyone could do was build a site that fit nicely on a 3.5-inch screen.

Naturally, most of the results were kind of lame, at least when compared to the software app makers can write when they're building native applications. Web apps couldn't use many of the phone's hardware resources or sensors, and they were reliant on having an Internet connection (if not WiFi, then EDGE -- this was before iPhones had 3G).

But Web apps did and still do have at least one important advantage: They don't have to play by Apple's rules. Native apps (the ones that aren't built for jailbroken phones, anyway) must live up to certain standards in order to be allowed to sell in the App Store, and they aren't just technical standards. For one thing, Apple demands security. It's also known for saying it'll reject apps it deems too racy, even though some of the stuff you can get through apps like Netflix (Nasdaq: NFLX), HBO Go and now a new Cinemax app isn't exactly Pixar-esque family entertainment.

Another rule Apple recently began enforcing regards in-app purchases, and this is where things get twisty. Say you're a developer and you've made an app through which the user can buy other stuff -- a game that lets them buy new levels after they complete the first 10, for example, or a newsstand that lets them buy and download individual papers every day. If your app is a native app, Apple would prefer you make those sales through iOS' official in-app purchase channel. Apple will handle the transaction on its end, and it's going to keep 30 percent of the revenues.

For some apps, that makes sense. For others, not so much. And app makers that don't want to use in-app purchases don't have to. They can still have their apps access content the user purchases through some other means, like a website. But if an app rejects Apple's in-app purchase system, that app can't give the user easy, one-touch access to that site.

A perfect example of this is Amazon's Kindle app. It's one of the most popular apps in the App Store, it's free, and it lets users sync up their Kindle book libraries to their Apple devices. Amazon decided it didn't want to give Apple 30 cents on every Kindle dollar it earned from iOS users, so it was forced to eliminate a feature in its native Kindle app that took users directly to the Kindle site on Safari. You can still go to Amazon, buy Kindle books and load them into the native app, but the process is a little less smooth.

Perhaps this rule is the main reason Kindle Cloud Reader exists. Regardless, it's a nearly perfect replacement for the Kindle's native iOS app, and it suggests Web apps might have a bright future on iOS.
Save for Later

Since Kindle Cloud Reader is a Web app, you'll need to access it through Safari on an iPad here. It also works on desktop versions of Safari and Chrome.

Once there, you'll need to sign in using your usual Amazon credentials. After that, your Kindle library is available to read.

One of the first things Cloud Reader will do is something that I wasn't aware Web apps could do at all. Judging by what I thought I knew about Web apps, I expected Kindle Cloud Reader to be virtually useless without a data connection. If you're on a plane or a subway -- or anywhere except home if you have a WiFi-only model -- you won't be able to read anything, or so I thought.

But an early step in Cloud Reader's setup brushes that problem aside. You're guided through an easy process to back up and store book data. Tap any book in your library, and it will "download and pin" the whole thing. A little green pin icon will appear under the book on your library page, and now you can read away while in the air, underground or anywhere else. It'll clear when you do a history/cookies/cache wipe in Settings, so just remember to not do that when you're out of data range.
The Store's Front Door

Of course, Kindle Cloud Reader does have that handy "Kindle Store" icon in the upper right-hand corner. That gives it an advantage over the native Kindle app, which was forced to either dump that button or take a potentially very painful revenue cut. But 99 percent of the time spent on a Kindle app is spent actually reading books, so it's very important to get the page interface right. With Cloud Reader, even though you're technically reading a book on a Web page, it certainly doesn't feel like it.

All the important features are here, and they're presented in a way that makes you think you're looking at a native app. You can skip to the cover, TOC, the beginning of a book, or a specific page. Font size is adjustable, as is page color (black on white, white on black and sepia). There's a sync button to snap yourself back into place when you change Kindle-friendly devices. There's a bookmark option in the corner, and the bottom has a scrubber for flipping through pages.

In fact, aside from the different icon locations, I couldn't find a single substantial difference between reading on Kindle the cloud app and Kindle the native app. The only thing that stood out at all was the fact that turning pages on the Web app is done by tapping the left or right sides of the screen; the next page then appears. In the native app, you swipe, and the page slides with you. But I count that as only a minor aesthetic difference.
Bottom Line

If there's a good reason to use the native Kindle app instead of Kindle Cloud Reader, I can't think of it. If there's a reason to go Cloud Reader over native, it's that Kindle Store button in the corner that makes buying new books a step or two easier. All other things being equal, I'll take it.

No doubt certain other companies with well-loved iOS apps share Amazon's distaste for Apple's 30-percent in-app purchase fee. It'll be interesting to see which ones take a similar approach and start building their apps out in the wild Web.

Internet » Feds Stumble on Social Media Security, Privacy

"We want to continue to encourage the federal government to embrace technology, including social media, to better serve the public and save taxpayer dollars," said Sen. Tom Carper. "But as we encourage this utilization of technology, we also have to strive to maintain the security of information."

U.S. government agencies are moving quickly to incorporate social media 6 Ways to Use Social Media for Business. Free Guide. into their IT programs. For organizations with huge public constituencies, adopting Facebook, Twitter and YouTube as major communication channels makes a lot of sense. However, in the rush to utilize social media, federal agencies have had some misfires in their handling of privacy and security requirements.

Twenty-three of 24 major federal agencies had established accounts on Facebook, Twitter, and YouTube as of April 2011, according to the U.S. General Accountability Office (GAO).

Furthermore, the public has increasingly followed the information provided by federal agencies on those same services. For example, by April of this year, the U.S. Department of State had more than 72,000 users following its Facebook page; the National Aeronautics and Space Administration (NASA) had more than 992,000 Twitter followers, and a video uploaded by NASA on YouTube in December 2010 had more than 360,000 views.

Despite varying features of the three platforms, agencies use social media channels for several common purposes: reposting information already available on an agency website; posting original content not available on agency websites; soliciting feedback from the public; responding to comments; and linking to non-government websites.

Cautious Approach Required

The widespread use of social media technologies also introduces risks. Federal agencies have recorded only "mixed progress," reported GAO, in establishing appropriate policies and procedures in three critical areas:

• managing records;
• protecting the privacy of personal information; and
• ensuring the security of federal systems and information.

"Specifically, just over half of the major agencies using social media have established policies and procedures for identifying what content generated by social media is necessary to preserve in order to ensure compliance with the Federal Records Act, and they continue to face challenges in effectively capturing social media content as records," says Gregory Wilshusen, GAO's director of information security issues, in the agency's June report.

Disappointing Results to GAO

"Without clear policies and procedures for properly identifying and managing social media records, potentially important records of government activity may not be appropriately preserved. In addition, most agencies have not updated their privacy policies or assessed the impact their use of social media may have on the protection of personal information from improper collection, disclosure, or use, as called for in recent Office of Management and Budget (OMB) guidance," Wilshusen continues.

GAO listed three vulnerabilities associated with the use of social media channels by federal agencies: spear phishing; social engineering; and Web application attacks.

GAO issued specific recommendations to 21 of the 23 agencies it analyzed, and here again the results were mixed. About half of the agencies agreed with GAO's findings, while others agreed only in part. Some agencies failed to respond at all.

OMB's "Guidance for Agency Use of Third-Party Websites and Applications," however, offers only a broad approach to social media issues.

"It is high-level guidance, so additional, more detailed guidance would certainly seem to be useful," John di Ferrari, assistant director of GAO's information security section, told CRM Buyer.

The federal Chief Information Officers Council released a set of social media guidelines in 2009, he noted, and later a draft privacy guidance regarding third-party applications, which was sent to OMB for final approval.

However, OMB has not yet acted upon the draft, di Ferrari said.

Providers Role Is Limited

The role of IT providers in assisting federal agencies in privacy and security issues is indirect and not subject to specific procurement requirements.

"The federal government has limited leverage with social media 'vendors' because, generally speaking, there is no contractual relationship involved. The government, like individuals, takes advantage of services that are provided at no cost," di Ferrari said.

Although the General Services Administration (GSA) has negotiated generic "terms of service" for social media services to address a number of legal questions about government use of these services, these generally have not included provisions about privacy and security.

"Facebook, YouTube and Twitter representatives told us they were not taking any special steps to address the security and privacy issues of government agency users," noted di Ferrari.

Facebook declined to comment directly on the GAO report.

"Facebook has worked with GSA and the federal Webmasters Council to ensure that Facebook can be used by the U.S. government. Every major federal agency and department has a presence on Facebook along with thousands of offices, bureaus and military units," Andrew Noyes, manager for public policy communications at Facebook, told CRM Buyer.

"GSA has approved Facebook for use by the U.S. government," he added.

Responding to a query from CRM Buyer on whether Facebook could develop a special protocol to assist federal agencies for a fee, Noyes said that "Facebook takes the security of every Facebook user seriously, including government agencies that use Facebook, and the safety of our systems and users is never something that we will charge money for."

Twitter did not respond to a query from CRM Buyer.

GAO issued the report in response to a request from several members of the U.S. Senate and House, including Sen. Tom Carper, D-Del.

"This report shows that while we've made some progress, there's still room for improvement in the effort to secure data in the federal government, including in the use of social media," Carper told CRM Buyer. "We want to continue to encourage the federal government to embrace technology, including social media, to better serve the public and save taxpayer dollars. But as we encourage this utilization of technology, we also have to strive to maintain the security of information."

Computing » Google's Motorola Marriage to Come With Big Patent Dowry

Google wants to pony up $12.5 billion to acquire Android handset maker Motorola Mobility. Buying Motorola would give Google thousands of patents that could provide it with a great deal of protection; it would also give it the ability to produce its own mobile hardware. Other Android phone makers have expressed support for the deal, though privately they may be very nervous.

Google (Nasdaq: GOOG) announced Monday it intends to purchase Motorola Mobility (NYSE: MMI) for US$12.5 billion, pursuant to regulatory approval.

That price is a premium of 63 percent over the closing price of Motorola Mobility shares on Friday.

The deal was unanimously approved by the boards of directors of both companies.

The news sent Motorola Mobility stock prices soaring over 55 percent by the afternoon.

Both Google and Motorola Mobility declined to provide the E-Commerce Times with further comment.

About the Google Bid

The acquisition of Motorola Mobility will let Google supercharge the Android ecosystem and enhance competition in mobile computing, Google told investors.

Google will run Motorola Mobility as a separate business, Motorola Mobility will remain a licensee of Android, and Android will remain open, Google stated.

Google's announcement was accompanied by statements of support from other major Android hardware device makers -- Samsung, Sony (NYSE: SNE) Ericsson (Nasdaq: ERICY), HTC and LG Electronics.

"What I heard on the analysts' call was that all Android's top five vendor partners outside Motorola are happy about this," Ramon Llamas, a senior research analyst at IDC, told the E-Commerce Times. "But if I were one of those guys, I'd look at someone else as well, maybe Windows Phone 7 or webOS."

The deal is subject to regulatory and shareholder approval. It's expected to close by the end of 2011 or early 2012.

The Backdrop to the Deal

Google's bid for Motorola Mobility is widely seen as a bid to acquire patents in order to protect its business.

Google CEO Larry Page referred pointedly to patent lawsuits filed against Android by Microsoft (Nasdaq: MSFT), Apple (Nasdaq: AAPL) and others and said the acquisition of Motorola will strengthen Google's patent portfolio.

Microsoft has several Android device makers paying it royalties, and it's suing Motorola and Barnes & Noble (NYSE: BKS) over patents it claims to hold on Android technologies. In fact, Android royalty payments are reportedly a cash cow for Redmond.

Oracle (Nasdaq: ORCL), too, has filed suit against Google over Android, while digital security solutions firm Gemalto is going after Google in court.

Apple's suing HTC and Samsung for allegedly infringing on its product patents, and it's obtained an injunction blocking shipments of Samsung Galaxy Tabs across Europe.

"The Android ecosystem is under pressure from an IP perspective," Brian Marshall, an analyst at Gleacher, told the E-Commerce Times.

Android's an Easy Target

Google lacks a strong patent defense, Rob Enderle, principal analyst at the Enderle group, previously told the E-Commerce Times.

Google did try earlier this year to buy patents from bankrupt Canadian telecommunications company Nortel (NYSE: NT), but lost out to a consortium that included arch-rivals Apple and Microsoft.

That led David Drummond, the Internet giant's chief legal officer, to accuse Microsoft, Oracle, Apple and other companies of running a hostile organized campaign against Android through the use of "bogus" patents.

The bid for Motorola Mobility may tilt the playing field a little more in Google's favor.

"This [bid for Motorola Mobility] is a patent play," IDC's Llamas told the E-Commerce Times. "Look at how Google got shut out of the Nortel auction and the way they're hit by lawsuits from Microsoft and Apple."

Motorola has 17,000 patents now and another 7,500 patents pending, Llamas said.

With the purchase, Google "may be hoping to beef up its patent portfolio to cross-license with Microsoft, Apple, Oracle and other players," Gleacher's Marshall said. "This is clearly a defensive play on Google's part."

However, the purchase of Motorola Mobility "isn't going to change the dynamics of the handset space," Marshall asserted.

You Can Buy Your Way Into Trouble

Google's attempt to escape from the sandpit of patent suits over Android may land it in another quagmire instead.

"If Google takes the patents and shuts down the Motorola hardware business, that will damage relationships with the other licensees, much like IBM (NYSE: IBM) did with OS/2," Enderle pointed out.

"It's going to be generally good news for Microsoft, which is in the licensing business, because these [other Android] hardware manufacturers are going to be nervous," he added.

"The smart move would be to shut down Motorola Mobility and just go with the patents, but Google has to learn everything the hard way, and I'm going to go with tradition here and say they're going to make the mistake," Enderle said.

Computing » Google-Motorola Deal Rattles the Competition

There's little doubt that Google's acquisition of Motorola will have a dramatic effect on the mobile device competition, but there's precious little consensus as to how that drama will unfold. It could be good news for Nokia. "If the other hardware companies move to Microsoft because of the Motorola deal, they will be behind Nokia," noted 451 Group analyst Chris Hazelton.

The deal Google (Nasdaq: GOOG) announced Monday -- to acquire Motorola Mobility (NYSE: MMI) for US$12.5 billion -- is a stunning seismic event in the already-heated mobile device and operating system market. Google's Android OS has been on a tear lately, rivaling Apple (Nasdaq: AAPL) for the moniker of coolest smartphone system.

Now what? Will Motorola competitors desert Android? Will there be a rush to Microsoft's (Nasdaq: MSFT) Windows Phone 7 as an alternative? Or, will things go pretty much the same, with Samsung, LG and Sony (NYSE: SNE) happily producing Android phones for years to come? Ah, sure.

Chances are, this announcement will mark a major shift in an already turbulent market.

A New Chapter in the Mobile Wars

When looking at how the deal changes the competitive landscape, the first question is whether it helps Google's competitors. That would imply Google somehow stumbled in this move. Certainly, a good number of stock traders initially seemed to think so -- Google's stock tanked on the announcement. However, that reaction may have been misguided.

"The competitors don't benefit from this. That would imply this is a mistake and Google will suffer from it," Allen Nogee, principal analyst for wireless technology at In-Stat, told the E-Commerce Times. "I don't see how buying Motorola will hurt Google. It will probably help. They may scrap all the hardware and just use the patents."

The move will affect each individual competitor in a different way. Some will be untouched, others may benefit, some may lose.

"I don't think this changes RIM," said Nogee. "It could help Microsoft. Microsoft is in the beginning with Phone 7. They will come out with an update soon, and that will help. Microsoft could benefit -- but not immediately."

The deal could result in a weakening of Google's existing partnerships. Companies like Samsung and Sony may be less enamored with the Android operating system if it is intimately tied to Motorola.

"It depends on how much of a role Google takes with Motorola," said Nogee. "Even before this happened, Google was giving early information on its tablet system to Motorola. When they purchase Motorola, that will likely happen to a greater extent. Even if it isn't happening, there will be suspicion that it's happening."

Confusion Reigns

The market was surprised by Google's move, especially since it takes Google's partnerships with other hardware providers into uncharted territory. While the market is accustomed to a hardware-software mix with Apple and RIM, creating it midlife has a Frankenstein feel to it.

"It is definitely out of left field for a software and service company to buy a hardware player," Chris Hazelton, research director for mobile and wireless at the 451 Group, told the E-Commerce Times. "This complicates the relationship Google has with Samsung, LG, Sony and others. These companies made billion-dollar bets on Android. So did Motorola, but now they're the one getting the payoff. Samsung, LG, and Sony may look to another operating system. Right now, Windows Phone 7 looks good."

Nokia (NYSE: NOK) suddenly looks like it made a very sweet deal with Microsoft, in Hazelton's view. Nokia has been working for the last year on Windows Phone 7 device development.

"If the other hardware companies move to Microsoft because of the Motorola deal, they will be behind Nokia," said Hazelton.

There has been speculation that Google's Motorola deal will weaken RIM to the point where it becomes a potential acquisition target, but Hazelton doesn't see that as likely.

"RIM would be a pretty expensive acquisition target," he said. "RIM wants to remain a vertically integrated device center. When RIM comes out with its smartphones, they will be in a slightly better position, because next year there may be fewer Android devices. It could be that Motorola will be the only vendor using Android next year."

Google's stock dive notwithstanding, the company may have rolled a seven. In business, control is the pearl. The Motorola deal may give Google a strong hand in its future: total control of its mobile offering.

"In the end, this is a good move for Google," said Hazelton. "If you own the partner -- by vertically integrating the operating system and hardware -- you can determine what you want to do. That's critically important as smartphones and tablets gain usage over desktops and laptops."