LAWTECH GURU BLOG by Jeff Beard

Palm OS Left Behind

A year ago, I posted what I thought about the various Palm OS announcements, and that it was probably going to be too little, and far too late.

Since then, PalmSource has been acquired by Access, and is stuck with the old Palm OS for at least another year. That will make at least three years from the last Palm OS release -- more like a decade in mobile tech doggy-time. Today I saw CNET News published an equally sober article, "Is the Palm OS Missing the Multimedia Boat?"

Users of mobile devices are increasingly looking for them to do more, and not just to play MP3's either. Business users like more interactive travel aids, maps, remote access to data, etc. Consumers are already primed for mobile multimedia (thanks in no small part to video iPods). Both markets are leaning more toward multitasking devices with better security. The Palm OS lacks native Java, which is required for some new mobile applications. PalmSource relies on external developers to come up with the cool multimedia tools, not a good sign.

Thus it's not surprising the latest Treo is running on Windows Mobile; however, it's not all peaches and cream. Former Treo 650 users tend to prefer their 650 over the new 700, at least from the online comments I've read. Thus it's not so much a prediction as it is an extrapolation these needs will quickly overpower the Palm OS even coupled with newer, faster hardware. Keep an eye out for more mobile applications geared towards Windows Mobile and Symbian platforms. It might just affect your next mobile gadget choice.

NextGen Security Threats

News.com has an interesting article on what the next security threats may be. Botnets and phishing are featured prominently, as intruders are becoming more interested in the money angle than just seeing if they can cause some mischief.

In another News.com article, rootkits are on the rise per McAfee.

Frankly, I was expecting something much sexier and well, "nextgen". However, I think stealthier, and thus perhaps more persistent, system level intrusions will be the norm for awhile, as remote manipulations provide very powerful and useful tools.

300+ Freeware Utilities

Here's a treat: Ask the eConsultant has a list of 300+ freeware programs and utilities. If you're looking for an app that manipulates a common digital format or other PC-related tasks, odds are you'll find one here.

Big Caveat: Be careful with the definition of "freeware". Some programs may only be evals, or may only be licensed as free for personal (as opposed to commercial) use. So just because they're included in the list doesn't necessarily mean they're free. Also, sometimes programs are free because they contain other code (adware, spyware, etc.), so you might get more than you bargained for.

However, with that said, I see many useful apps listed, a number of which I've used at some point. They're also nicely categorized for quick skimming. Nice job, eConsultant.

[Original link courtesy of Lifehacker.]

iPod Used as an Identity Theft Cache -- Only the Beginning

The San Francisco Chronicle reported yet another use for iPods: storing lots of stolen identity-related information. iPod users have known for quite some time that they can be used as portable storage for computer files, just like a thumb drive. Perhaps more troubling than a criminal using it that way is that the San Francisco police sounded surprised and considered this novel -- and that was the fraud division. They got their man through a sting operation, though, and I'm glad to hear it given the details of the identity thefts and other crimes perpetrated.

But it underscores the need for law enforcement and security professionals to consider new uses for everyday tech tools and gadgets, especially when theft of data with iPods is nothing new. As the Tech Law Prof Blog correctly pointed out on this issue, at least four years ago we learned that one could walk up to demo Macs in stores, plug in an iPod, and copy entire software programs for use on other Macs. I remember reading about this on Wired.com ("Have iPod, Will Secretly Bootleg") at the time. So why is this considered something "new"?

With all due respect to our police departments (I mean that sincerely), it sounds like they would benefit from a "Tech Culture 101"-type class. Give them some freebies to go play with -- iPods, thumb drives, camera phones, Treos, BlackBerries, Bluetooth devices, digital cameras, flash cards, etc. Show them how they work, how they capture, store, and transfer information, and perhaps most importantly, how easy it is to hide information on them "in plain sight". I hate to say this, but "you gotta think like a teen".

For example, it would not surprise me to hear one day very soon that someone was caught smuggling confidential information on one of the tiny flash cards inserted into innocuous-looking devices like a cell phone or a PSP (Play Station Portable). In fact, the PSP is quite a useful computer in its own right, well beyond playing games. Heck, you can already remotely control your home with it, not to mention all of these cool uses. Sony is also empowering it with the LocationFree console to stream all kinds of digital media to your PSP at any hotspot.

There's also a new project for porting Linux over to the PSP. As any hacker knows, once you've got Linux running on a capable device with Wi-Fi (yup, it's a Wi-Fi Finder too). . . well, it doesn't take much imagination, does it? Now that makes toting stolen info on your iPod très passé.

Why IP Phones (VOIP) Needs Encryption

On Wired News, crypto expert Bruce Schneier sums up why encryption is a necessary ingredient for VOIP usage. Here's why I'd want crypto for any VOIP solution, but I'd want it baked in as a seamless function:

I use a cable provider for Internet access, which is simply described as a neighborhood network. Although it would take some skill, who wants their neighbors being able to listen in?

Think the Government isn't listening in? Think again.

Just as importantly, sometimes I provide confidential information over the phone, such as a credit card number or my SSN -- many times when I'm asked to verify my identity. You know where I'm going with this -- criminal activity and identity theft. Bruce agrees. Organized crime has simply gone high tech, although a single hacker can also do a lot of damage with identity theft.

Per Schneier: "My greatest worry is the criminal attacks. We already have seen how clever criminals have become over the past several years at stealing account information and personal data. I can imagine them eavesdropping on attorneys, looking for information with which to blackmail people. I can imagine them eavesdropping on bankers, looking for inside information with which to make stock purchases. I can imagine them stealing account information, hijacking telephone calls, committing identity theft. On the business side, I can see them engaging in industrial espionage and stealing trade secrets. In short, I can imagine them doing all the things they could never have done with the traditional telephone network.

This is why encryption for VOIP is so important. VOIP calls are vulnerable to a variety of threats that traditional telephone calls are not. Encryption is one of the essential security technologies for computer data, and it will go a long way toward securing VOIP."

Along those lines, Phil Zimmerman (of PGP fame) has just released the public beta of Zfone, an encryption tool for VOIP. I used PGP for e-mail back in the 90's. While effective for use with a small number of people willing to configure and learn it, it was just too burdensome for many others. While I applaud Phil's efforts, it will be interesting to see if Zfone will be easier to use and ultimately adopt. Regardless, consumer-facing VOIP still needs shoring up in the security department, beyond encryption, but still has to remain easy to use.

Jigsaw & Web 2.0: The Return of Privacy Concerns

As a market trend, Web 2.0 has been getting a lot of buzz, particularly on the social networking slant. Voluntary social networks such as LinkedIn have enjoyed a lot of success (at least in mindshare and user volume, anyway). I've long considered blogging to be a form of networking, and of course Wikis too, especially in the collaboration department.

While Web 2.0 is many different things to many people, one could say that social networking and collaboration are rivers that run straight through it. The main idea has merit: Lots of people contributing their individual knowledge to the whole to create something bigger and more useful than just the sum of its parts. Sounds great, doesn't it?

But just like Web 1.0 in the 90's, along comes something that gives one pause as to what direction the Brave New World will take. Back then, it was emerging privacy concerns from web usage tracking, and plans to link online and offline activities and data (DoubleClick, anyone?). For better and worse, Commercialism invaded the pure collaborative energy of the Net, and things began to take off in a different direction. Spambots, adware, spyware, and other controversial technologies came into existence and changed our online experience, probably for a long, long time.

Most recently, Jigsaw seems to fated to play the role of the privacy heavy. The WiredGC's post, "Hold on to Your Business Card", links to TechCrunch ("Jigsaw is a Really, Really Bad Idea") to get recovering attorney Michael Arrington's savvy take on it. Adding my own opinion, that makes three technically-inclined and informed attorneys who think this is a bad idea. The posted comments at TechCrunch are also a good read.

Basically, people are being paid $1 per business contact they upload into Jigsaw's online database, whether the referenced individual likes it or not. This service aims to provide salespeople, recruiters, and marketers with inside contact information they can't obtain (or as easily obtain) elsewhere. The tagline on the home page states, "Buy, Sell and Trade Business Contacts".

While one can easily see the value proposition, thus far it sounds like there is no way for a person to delete their originally-uploaded information. One can only annotate it, and that's a big difference. This lack of "Opt Out" mechanism runs counter to commonly accepted data privacy principles. One could also dive into a discussion about the business ethics and why an "end justifies the means" rational is usually a slippery slope. I note with mixed feelings that I found my contact information in their database, and if given the option, I'd probably remove it. Again, most of the comments posted at TechCrunch were resoundingly negative.

Thus If Jigsaw wants to play in the Web 2.0 sandbox more for than a brief stint, I seriously suggest they learn to play nice with others' data. Public opinion, particularly in the blogosphere, can make or break a startup, and it would be unwise for them to ignore this reality, even if this generates a "buzz". To me, Web 2.0 is about voluntary collaboration. I could see where some may want their business contact information available, say for new business development opportunities or recruitment. Others may view it much more darkly, and that's their prerogative. For a good discussion of these issues, see Release 1.0's article "Anti-Social Networking", which interestingly I found linked on Jigsaw's site.

In my mind, Jigsaw needs to better sort out the puzzle they've created, and fairly soon. They need to better balance the competing interests. Most importantly, providing an easy and visible Opt Out option should ease some of the tensions and perhaps build back some of the lost goodwill and integrity. Even better: Send an e-mail notification to each person when their contact information has been uploaded to Jigsaw, and give them the option to correct or delete the information. Then Jigsaw could truly boast they have the most accurate information, since the contacts themselves would correct it. Now that sounds much more like Web 2.0 to me.