by Mike Masnick
Wed, Oct 17th 2012 4:13pm
by Mike Masnick
Thu, Aug 2nd 2012 12:53pm
from the but-of-course... dept
For years, we've highlighted stories about how the claims of "losses" from the entertainment industry due to infringement are completely fictitious. In the past, we've seen Julian Sanchez go on a hunt to find the origin of some of the numbers being thrown around, and come up with evidence that they're based on nothing. For example, claims of $200 billion in losses due to counterfeiting... came from a 1993 Forbes article that just makes that claim with no citation and no backing info. But it became gospel among those arguing there was as problem.
With Congress and the President continuing to insist that we need a cybersecurity bill, politicians have been tossing around all sorts of questionable numbers. Just a few weeks ago, we noted that General Keith Alexander, the head of the NSA, had tossed out some numbers and claimed that cybersecurity was the "greatest transfer of wealth in history." Considering that we're living through the aftermath of a financial meltdown that involved a massive transfer of wealth, I find the original claim difficult to believe. Plus, as we noted, he seemed to only cite studies from McAfee and Symantec, two companies who have a massive vested interest in keeping the cybersecurity FUD going, because it helps them sell stuff.
Thankfully, the folks over at Pro Publica decided to take a much closer look at the numbers politicians are relying on in support of the massive "harm" that is already being caused by online security issues... and discovered that the numbers are completely and totally bogus. In fact, the full story (which is fascinating) parallels (very closely) the story with "piracy" stats from the industry.
One popular number is "$1 trillion" in losses due to cybersecurity breaches. That number gets thrown around a lot by politicians (and many in the press who merely parrot such numbers unquestioningly, even as that gives those politicians more cover to claim that there's a reputable source supporting the number). Yet, the Pro Publica report highlights that, not only is this number bogus, but the (quite well respected) researchers who put together the original report for McAfee did not use that number and, more importantly, many of them spoke out publicly with surprise that McAfee put out a press release with such a number -- which they thought was questionable and not supported by their data.
In fact, there were a number of methodological problems, including that the data was based on a self-reported "average" amount of the "worth of sensitive information stored in offshore computer systems." Who knows if the respondents are being accurate, first of all, but even more to the point, the "worth" of such information is a highly subjective number. People can find something "worthwhile" without paying for it, but by focusing on the "worth," they obscure the fact that the market price may be quite different than what people think something is worth. And, what people think something is worth has zero impact on any actual losses. But, from a very small number, McAfee just sprinkled some magic pixie dust on the already questionable number, and proceeded to extrapolate, massively:
“The companies surveyed estimated they lost a combined $4.6 billion worth of intellectual property last year alone, and spent approximately $600 million repairing damage from data breaches,” the release said. “Based on these numbers, McAfee projects that companies worldwide lost more than $1 trillion last year.” The release contained a quote from McAfee’s then-president and chief executive David DeWalt, in which he repeated the $1 trillion estimate. The headline of the news release was “Businesses Lose More than $1 Trillion in Intellectual Property Due to Data Theft and Cybercrime.”Now, remember, this $1 trillion number is just in the press release. It's not in the report at all. And the report's researchers were just as baffled (and even more concerned) about this:
The trillion-dollar estimate was picked up by the media, including Bloomberg and CNET, which expressed no skepticism.
Among [the study's researchers] was Ross Anderson, a security engineering professor at University of Cambridge, who told ProPublica that he did not know about the $1 trillion estimate before it was announced. “I would have objected at the time had I known about it,” he said. “The intellectual quality of this ($1 trillion number) is below abysmal.”I don't know about you, but when a super well respected security researcher tells you that the basis of a particular claim is based on a number whose "intellectual quality ... is below abysmal," that's the point at which you should probably stop using the number. But, instead, politicians and the press continue to parrot the line over and over again.
.... The company’s method did not meet the standards of the Purdue researchers whom it had engaged to analyze the survey responses and help write the report. In phone interviews and emails to ProPublica, associate professor Jackie Rees Ulmer said she was disconcerted when, a few days before the report’s unveiling, she received a draft of the news release that contained the $1 trillion figure. “I expressed my concern with the number as we did not generate it,” Rees Ulmer said in an email. She added that although she couldn’t recall the particulars of the phone conversation in which she made her concerns known, “It is almost certainly the case that I would have told them the number was unsupportable.”
...The news stories got the worried attention of some of the report’s contributors because McAfee was connecting their names to an estimate they had no previous knowledge of and were skeptical about. One of the contributors, Augusto Paes de Barros, a Brazilian security consultant, blogged a week after the news release that although he was glad to have been involved in the report, “I could not find any data in that report that could lead into that number.... I’d like to see how they found this number.”
The slightly smaller number, from Symantec, is still equally questionable. They go with $250 billion... but the number has almost no support. It does come from a real Symantec report, but not from Symatec employees. Instead, they hired another firm to magically come up with the number, and it sounds like magic would have been equally as effective as what was eventually done. It raised concerns from actual experts in the field:
“Far from being broadly-based estimates of losses across the population, the cyber-crime estimates that we have appear to be largely the answers of a handful of people extrapolated to the whole population.”Furthermore, even if we take these numbers at face value, the original reports on both of them say these numbers represent the value of the attacks in question, and not what was actually "lost" or how much it cost to deal with. However, when a politician quotes them, they almost always do so by at least suggesting that these made up "values" are very real "losses" to companies. In other words, the numbers (shocker, shocker) are being twisted by cybersecurity law supporters. For example, just recently, Senator Collins said that General Alexander "believes American companies have lost about $250 billion a year," but that's not true. Already, we know the number is suspect -- but even if we accepted the number, it only represents the "value" that various companies have put on things harmed by security issues, not any sense of actual losses. Claiming that these are losses isn't just misleading, it's wrong.
We've argued for years that actual data should inform the debate on these things -- but that data needs to be accurate and supportable. Unfortunately, with cybersecurity threats, the claims that are being thrown around have no basis in reality. If politicians really want to discuss the "threat" of cybersecurity, the least they can do is get some accurate research on the scope of the problem. Trusting a number from a McAfee press release is not credible and it's certainly no basis for passing a law that wipes out privacy rights of the public.
by Mike Masnick
Mon, Mar 12th 2012 7:30am
from the oh-come-on dept
During a classified briefing in the Office of Senate Security, Homeland Security Secretary Janet Napolitano and White House counterterrorism adviser John Brennan showed lawmakers how a hacker could breach control systems of the city’s electric system and trigger a ripple effect throughout the population and private sector, according to a source familiar with the scenario.Now that's interesting. Just how could a hacker breach control systems of the power grid? Apparently with an email phishing attack:
“The fact that we could be subject to a catastrophic attack under the right circumstances and we now know some of the things that would help us to protect against such an attack, that’s why it’s important now for the Congress to take this up,” Napolitano said in an interview with POLITICO.
During the simulation, the hacker gains access to the electric supply’s control system through a simple “spearphishing” attack, in which a worker merely clicks on a link in an email that appears to be from someone they know.Um, there's your problem. If the NYC power grid is attached to the public internet in such a way that it can be taken down, then um, shouldn't we take it off the internet? This isn't about cybersecurity, this is about common sense, where things like the power grid should not be accessible via the internet -- and I'm pretty sure they're not (back here in reality). But in the world where we need fear, uncertainty, doubt and the ability for the federal government to spy on private networks, we have to pretend such a scenario is likely.
Of course, I also question why the White House chose NYC as the showcase for the simulation and suggested that there would be deaths and other massive harm from such a power grid takedown. After all, it was just about a decade ago that the power grid in the Northeast did, in fact, fail. It was an inconvenience for many people, certainly, but it was hardly damaging in the way the White House seems to have implied with this scare tactic.
So, once again, can we take a step back and ask some simple questions: what's the real threat and the real risk here? If it's that the NYC power grid is accessible by a simple password over the public internet, then the problem isn't cybersecurity, it's whoever was stupid enough to connect the power grid to the internet. Let's fix that. But let's not regulate and spy on large segments of the public internet to cover for a few bad decisions.
by Mike Masnick
Tue, Feb 14th 2012 7:58pm
from the think-they're-scared? dept
The Senators stressed that the Cybersecurity Act of 2012 in no way resembles the Stop Online Piracy Act or the Protect Intellectual Property Act, which involved the piracy of copyrighted information on the internet. The Cybersecurity Act involves the security of systems that control the essential services that keep our nation running—for instance, power, water, and transportation.Indeed, the details make it clear that the bill is much more limited than previous versions (or suggestions). For example it has dropped the idea of a "kill switch" (which was already exaggerated) and made it clear that private companies could appeal any security regulations that they fall under. It certainly appears that the bill is designed to be limited by focusing on core "critical infrastructure" -- such that it only will apply to those facilities where a disruption "would cause mass death, evacuation, or major damage to the economy, national security, or daily life." Of course, that could be interpreted broadly. Hell, the MPAA would argue that file sharing created "major damage to the economy," even if there's little to no evidence to support that.
A bigger question, however, should be whether there is any empirical evidence that we need this cybersecurity bill. I'm not saying that it's absolutely not needed -- and I'm glad that it appears the backers of the bill are trying to bend over backwards to hear from all concerned parties (and to avoid a SOPA-like situation). But one of the key things that we learned from SOPA is that Congress needs to stop pushing legislation without real evidence of the nature of the problem, and the evidence here remains lacking. The article linked above, by Jerry Brito and Tate Watkins, highlights all of the hype around cybersecurity and the near total lack of evidence of a problem, other than ominous "trust us, it's a problem!" scare-mongering. They have three suggestions before moving forward with cybersecurity legislation:
- Stop the apocalyptic rhetoric. The alarmist scenarios dominating policy discourse may be good for the cybersecurity-industrial complex, but they aren’t doing real security any favors.
- Declassify evidence relating to cyber threats. Overclassification is a widely acknowledged problem, and declassification would allow the public to verify the threats rather than blindly trusting self-interested officials.
- Disentangle the disparate dangers that have been lumped together under the “cybersecurity” label. This must be done to determine who is best suited to address which threats. In cases of cybercrime and cyberespionage, for instance, private network owners may be best suited and have the best incentives to protect their own valuable data, information, and reputations.
Of course, who knows if this bill will ever actually get anywhere. Already, many in the Senate are pushing back and asking Senator Harry Reid to slow down with the bill.
by Mike Masnick
Wed, Nov 30th 2011 12:50pm
from the stop-blaming-google dept
Pulling up the data on traffic sources for every site listed there shows that taking the big search engines out of the equation would barely matter. Across all 19 sites listed, 85% DOES NOT come from search (Google, Yahoo and Bing). Specifically, across all of those sites, the big three search engines deliver a whopping 15.2% of the traffic to those sites. Google sends about 11.5% of the traffic. Remove search links... and those sites will see a slight dip -- at best.
Of course, not all of these sites are equal, so we decided to look more closely at the favorite bogeyman of the legacy entertainment industry: The Pirate Bay. To hear the industry tell the story, if Google just blocked The Pirate Bay from its results, traffic would dry up. The evidence there suggests that the entertainment industry doesn't have the facts on their side (do they ever?). Google search drives slightly less than 22% of The Pirate Bay's traffic. Considering how many sites rely on Google for traffic, this is well below average. Add in Yahoo Search and Bing, and we're still talking about less than 28% of TPB's traffic actually coming from search.
And of that search traffic, what are people searching for? Well, most are searching for some variation on "the pirate bay." We looked at all of the search traffic to TPB for the past three months. The top 16 search terms that send traffic to TPB are some variation on the site's name. These are the top eight search terms, for example:
- pirate bay
- the pirate bay
- pirates bay
Take Care, of course, is Drake's high profile new album -- the same one that Drake made clear he didn't mind if people listened to the leaked versions online -- effectively sanctioning people to search for the downloads. It's also been a highly successful album on the sales front, anyway -- selling over 600,000 copies in its debut week. Doesn't sound like Drake is really suffering because of this search. As for the R. Kelly tape... well... let's just not go there.
Still, the point is pretty clear: Google and the other search engines don't really drive that much traffic to TPB (or other so-called "rogue sites"), and an awful lot of the traffic they do drive... is people searching for TPB itself (meaning they're just using Google as a shortcut, rather than to "discover" infringing works). And, when Google does drive people to specific content, it's usually because the person is already looking for what's almost certain to be an unauthorized version. Thus, the picture the industry paints of people doing innocent searches for authorized content, and somehow being waylaid by Google pointing them to TPB just isn't seen in the data. At all.
Force Google, Yahoo and Bing to "block" links to TPB and it will have almost no impact on traffic to TPB. It may annoy some people who use Google for navigation (rather than discovery), but it won't stop them from going to TPB, since that's clearly what they want. The drive to force Google to either block or "warn" people about these links seems entirely pointless based on the data. So, once again, the data suggests that the industry is in hysterics based on reasons not supported by the data. The effort to make search engines block links would be a total and complete waste of time.
by Glyn Moody
Thu, May 12th 2011 1:46pm
from the not-this-again dept
Every May, the BSA puts out its "Bogus Stats Again" report claiming to analyze the "software piracy" issue. And, every year we and many other blogs and reporters debunk the study as being so incredibly misleading (unless you're News.com, I guess, and then you just act like a PR distributor and basically repost the BSA's press release as if it's accurate -- reporting is hard). I was going to write up yet another post debunking it, but Glyn Moody did such an excellent job debunking it at Computerworld that we asked him if we could repost it here, and he agreed.
In the digital world, it seems, there are two certainties: that every year the Business Software Alliance will put out a report that claims huge amounts of software are being “stolen”; and that the methodology employed by that report is deeply flawed.
So, here we go again:
The commercial value of software piracy grew 14 percent globally last year to a record total of $58.8 billion, according to the 2010 BSA Global Software Piracy Study.
Just six years ago, the commercial value of the PC software that was being pirated in emerging economies accounted for less than a third of the world total. Last year, it accounted for more than half — $31.9 billion.
Notice that immediately we have the phrase “commercial value”; just in case you had any doubts what this might mean, it is explained in the methodology section:
The commercial value of pirated software is the value of unlicensed software installed in a given year, as if it had been sold in the market.
“As if it had been sold in the market”: this is, of course, a meaningless figure. The very reason that people pirate software in developing countries - the main focus of the BSA report - is that they cannot afford Western-level prices. So there is no way that pirated software could ever be converted to sales at those prices - it is economically impossible. Using it as a measure is pure fantasy.
A more sophisticated study would attempt to establish at what price people would actually choose to buy from dealers rather than other sources: then that could be used to calculate a realistic estimate of how much revenue is lost in developing countries. To do that, a good place to start would be the recently-published Media Piracy in Emerging Economies, whose results can be summarised thus:
Based on three years of work by some thirty-five researchers, Media Piracy in Emerging Economies tells two overarching stories: one tracing the explosive growth of piracy as digital technologies became cheap and ubiquitous around the world, and another following the growth of industry lobbies that have reshaped laws and law enforcement around copyright protection. The report argues that these efforts have largely failed, and that the problem of piracy is better conceived as a failure of affordable access to media in legal markets.
Exactly the same forces are at work in the world of software: this is a market failure, not a failure of enforcement.
But even if the BSA report had attempted this more realistic analysis, it would still draw the wrong conclusions from its results. Summarised in a section called rather risibly “Anti-piracy equity” - as if Western holders of intellectual monopolies really cared about “equity” when it came to exploiting developing countries:
Reductions in software piracy produce widespread economic benefits. For example, the BSA-IDC Piracy Impact Study found in 2010 that reducing the global piracy rate for PC software by 10 percentage points — 2.5 points per year for four years — would create $142 billion in new economic activity globally by 2013 while adding nearly 500,000 new high-tech jobs and generating $32 billion in new tax revenues for governments. On average, more than 80 percent of these benefits would accrue to local economies.
I debunked this erroneous argument last year:
One thing that is always omitted in these analyses is the fact that the money not paid for software licences does not disappear, but is almost certainly spent elsewhere in the economy (I doubt whether people are banking all these "savings" that they are not even aware of.) As a result, it too creates jobs, local revenues and taxes.
Put another way, if people had to pay for their unlicensed copies of software, they would need to find the money by reducing their expenditure in other sectors. So in looking at the possible benefit of moving people to licensed copies of software, it is also necessary to take into account the losses that would accrue by eliminating these other economic inputs.
Thus the BSA's hypocritical plea for “equity” - how equitable is it trying to extract a month's wages from someone for a copy of Windows whose marginal cost is close to zero, say? - simply doesn't stand up to scrutiny. Eradicating piracy won't generate “new economic activity globally”, nor will it generate new tax revenues for governments. Again, as I pointed out last year:
One important factor is that proprietary software is mainly produced by US companies. So moving to licensed software will tend to move profits and jobs out of local, non-US economies.
Another factor that would tend to exacerbate these problems is that software has generally had a higher profit margin than most other kinds of goods: this means any switching from buying non-software goods locally to buying licensed copies of software would reduce the amount represented by costs (because the price is fixed and profits are now higher). So even if these were mostly incurred locally, switching from unlicensed to licensed copies would still represent a net loss for the local economy.
Similarly, it is probably the case that those working in the IT industry earn more than those in other sectors of the economy, and so switching a given amount of money from industries with lower pay to IT, with its higher wages, would again reduce the overall number of jobs, not increase them, as the report claims.
So, as expected, this year's BSA report rehashes all its old errors, simply introducing even more unrealistic figures in an attempt to frighten governments into even more disproportionate and unjustified attempts to enforce intellectual monopolies.
But to be fair, the 2010 report does sport one novelty:
this year’s study also adds a new dimension: Deeper and richer surveys of PC users in 32 countries, conducted by Ipsos Public Affairs, one of the world’s leading public-opinion research firms.
Here's the context to the first questions:
“The laws that give someone who invents a new product or technology the right to decide how it is sold are called intellectual property rights. Which comes closer to your view...”
Two options were then presented:
“Intellectual property rights benefit people like me by creating jobs and improving the economy.”
“Intellectual property rights hurt people like me by making products I need too expensive.”
Notice how this is framed in terms of “rights” - the word is used twice. This is a biased term, of course - it suggests that it is “right” to have that right. But really the question should have been:
“The laws that give someone who invents a new product or technology a monopoly on how it is sold are called intellectual monopoly rights. Which comes closer to your view...”
Similarly, the questions already bias the response by hammering home the idea that these are “rights”. Reframing the questions as
“Intellectual monopolies benefit people like me by creating jobs and improving the economy.”
“Intellectual monopnolies hurt people like me by making products I need too expensive.”
might well have produced results less favourable to the report's position. Nonetheless, it's interesting that only 61% thought intellectual monopolies benefitted ordinary people, while 37% thought they harmed them - hardly a resounding vote of confidence.
Another question gave these alternatives:
“Intellectual property rights allow companies to generate profits which in turn benefit local economies.”
“Intellectual property rights concentrate wealth in the hands of multinational companies that do not deliver significant local economic benefits.”
Here, there was even more scepticism about the benefits - only 59% agreed with the first, while 40% chose the second option. Imagine what the results would have been had they been phrased thus:
“Intellectual monopolies allow companies to generate profits which in turn benefit local economies.”
“Intellectual monopolies concentrate wealth in the hands of multinational companies that do not deliver significant local economic benefits.”
Here's a third set of alternatives:
“It is important for people who invent new products or technologies to be paid for them, because it creates an incentive for people to produce more innovations. That is good for society because it drives technological progress and economic growth.”
“No company or individual should be allowed to control a product or technology that could benefit the rest of society. Laws like that limit the free flow of ideas, stifle innovation, and give too much power to too few people.”
Of course, the first question is loaded: who doesn't think that it's important for people who create new products or technologies should be paid for them? No wonder 79% chose this option. But that's not the issue: the issue is whether Western companies can charge unrealistic prices for their products in developing countries - prices that are literally unaffordable by the majority of the population there - and expect them to be enforced by local governments against the interests of their citizens.
Despite the bias of these questions, it is, however, interesting that BSA is trying to bolster its case with this supposed support for monopoly-friendly policies from ordinary citizens. It suggests that it knows that the days of its old approach - claiming implausibly large damage to economies based on flawed methodologies - are numbered, and that it must find an alternative soon. Otherwise we may have to forgo the pleasure of reading those entertaining annual reports...
Cross-posted from Computerworld UK.
Thu, Dec 2nd 2010 9:49am
from the The-Fat-Lady's-A-Mute dept
Attention everyone. If I could have all of your eyes looking forward please, I have an announcement to make: the pirating of music on the internet has officially ended. So says Wired's Paul Boutin:
"Mark down the date: The age of stealing music via the Internet is officially over. It’s time for everybody to go legit. The reason: We won. And all you audiophiles and copyfighters, you know who fixed our problems? The record labels and online stores we loved to hate."
That's quite a whopper, isn't it? Particularly from the same esteemed publication that brought you the news that the web is dead. You'd have to imagine there would be something pretty substantial in his article to make the claim that the record labels had somehow fixed things so that online infringement no longer should exist, right? Sadly, not so much. He starts off by listing out a couple of the problems most folks had with things like DRM, transferring legit purchases to multiple devices, etc. Then he tells us all why everything is okay now (and for a fun little game, see if you can spot the demeaning slight he sneaks in on music fans):
"Well played, protesters: In January 2009, Apple announced that it would remove the copyright protection wrapper from every song in its store. Today, Amazon and Walmart both sell music encoded as MP3s, which don’t even have hooks for copyright-protection locks. The battle is over, comrades."
So...because, after years of fighting, iTunes finally stood up and removed the DRM, followed by a few retailers, we're supposed to look to the record labels as our saviors? For not treating us like criminals? And while they're still pushing for new laws and demanding money from ISPs (that will come out of consumers pockets anyway)? That doesn't really pass the smell test. Paul then goes on to declare the joy audiophiles should feel now that MP3s are being sold with 256 Kbps audio quality, compared to the initial 128 Kbps offering, stating that if anyone wants quality better than that, "you can get a pretty good turntable for around $500" and go spin vinyl. Oh, and he wants to make sure you know that if you steal vinyl records, that's called shoplifting. Mmkay. What else you got, Paul?
"That leaves one last war cry: Music should be free! It’s art! Friends, a song costs a dollar...Most download retailers send about 70 percent of each sale to the record companies that own the music. Artists with 15 percent royalty deals get 15 percent of that 70 percent, or about 10.5 cents per dollar of sales. Those who write their own music and own their own music publishing companies—an increasingly common arrangement—get another 9.1 cents in “mechanical royalties.” Every download sends almost 20 cents straight to the band."
Yup, you read that right. This, of course, is pure nonsense. That isn't the way royalties with modern day recording contracts work. Through the magic of recording label accounting, the average musician makes roughly $23 for every $1000 in music sold -- and that's only if they actually recoup, which is difficult to do, thanks to the way the record labels account for things. For those of you who share my math skills and don't want to reach for a calculator, that's barely 2%. Some of that result stems from necessary things the bands may need to spend on: managers, lawyers, taxes. But a good deal of it also comes from neat little, and sometimes recoupable, charges from the record label, things like independent radio promotion, tour support, roughly fifty percent of the music video costs, etc. Other times, the record labels flatout don't pay the royalties from truly successful albums. Bottom line is, at the end of the day, record labels make money off of selling music, musicians do not.
And, even if we go with Paul's bogus number of 20 cents on the dollar, is that really that good of a deal? A musician today can use a service like Bandcamp, and get 85% of whatever money they bring in -- and can do so in more creative ways with pay what you want offerings, that can actually bring in much more money. The idea the "record labels" have solved "piracy" by offering musicians 20 cents that they'll never get because they'll never recoup is laughable.
But Paul chooses to ignore those things and instead offers up a pithy conclusion as to why music is still being pirated:
Uh huh. Nuanced arguments would probably be more appreciated from the group of folks you're talking to, who actually spend more money on music than those who do not "pirate". Funny definition of cheap you're working from...
In the end, there are many reasons why people still file share (and they are still file sharing in droves, which sort of debunks Paul's entire premise), but you don't learn any of that from Paul's article. Since when did Wired switch from thought-provoking analysis to pure trollbait?
by Mike Masnick
Tue, Nov 30th 2010 11:38am
from the feeling-safer? dept
Of course, this is hardly new. There appears to have been a very similar story just a month ago, involving a guy in DC who wanted to bomb Metro stations, but the only actual plotting he was able to do was after federal authorities stepped in and helped him plan everything.
Even that is hardly new. I remember a fascinating episode of This American Life back from the summer of 2009 describing (in great detail) a very similar story of a supposed "arms dealer" that the Justice Department championed as a success story when it arrested and prosecuted him for selling missiles to terrorists. The only problem is that the deeper you dig, the more you realize that the whole plot was also set up by the feds. The guy had no way to get a missile. It was actually provided by the feds themselves.
As that report notes, this is how the government has acted since 9/11. It basically creates its own terrorist plots, and then searches for willing participants... and then arrests them, and hypes how it prevented a terrorist attack, even if there's absolutely no indication that anyone involved would have actually been able to carry out any sort of attack (or arms deal) without the aid of the US government.
We've talked about "security theater," but this appears to be law enforcement theater, complete with actors and props. Feel safer yet?
by Mike Masnick
Fri, Nov 5th 2010 1:12pm
from the making-nothing-out-of-nothing dept
While I doubt any net neutrality legislation is going to get passed anyway (and, that's a good thing, because after the telcos got done with it, it wouldn't be what you wanted anyway), to suggest in any way that this election was a referendum on net neutrality is pure folly. What the "press" left out is that the PCCC's net neutrality pledge was hardly the only such thing out there. Also, the PCCC pledges were not from existing Representatives, but those trying to get elected to Congress against incumbents -- and nearly every one came from historically Republican districts. In other words, nearly every one of those Democrats who "lost," were guaranteed to lose no matter what. On top of that, Broadband Reports took a look at a couple of other "net neutrality" pledges by folks actually in Congress, and noted that a bunch of Democratic Representatives who signed an anti-Net Neutrality pledge still lost their races, and of those who signed on to a pro-net neutrality list, not a single Democrat on that list lost their re-election bid. So, uh, it sorta suggests that a politician's stance on net neutrality had nothing to do with this election, and if you want to make up fake headlines that don't really mean anything, why would the press not mention any of the relevant facts, and simply parrot the fake story by a guy paid for propaganda?
by Mike Masnick
Tue, Oct 19th 2010 6:49am
from the espionage-is-not-war dept
Of course, right before I had read that article, I had been reading an article where the reporter spoke to an energy grid expert, who called such claims "a bunch of hooey." The guy, Seth Blumsack, along with a couple of colleagues, had been hearing all these stories about how "at risk" the electric grid was, so they went looking for the evidence. After looking at the claims and predictions, they realized that those claiming the electrical grid was at risk didn't actually appear to understand the physics of how electric grids actually work.
Blumsack, Hines and Cotilla-Sanchez decided to contrast the performance of a topological model with one based on actual physics - specifically on Ohm's and Kirchoff's Laws governing the flow of electricity in the real world. They tried out both kinds of model on an accurate representation of the North American Eastern Interconnect, the largest and one of the most trouble-prone portions of the US grid, using real-world data from a test case generated in 2005.Seems like, once again, the claims of cyberwar are overblown.
The three engineers say that the physics-driven model was much closer to reality, and that this verifies what physics models show. The results showed that in fact it is major grid components through which a lot of power flows - big generating stations and massive transformers - which are the main points of vulnerability, not the minor installations scattered across the country.
It isn't so much that a minor event on a minor line or installation can't crash the network: such things do happen. But in general there have to be huge numbers of such minor events before one of them happens to hit the miracle weak point and bring everything down. It would be an impossible task for terrorists or other malefactors to know in advance just where and when a minor pinprick could cause massive effects.
"Our system is quite robust to small things failing," says Hines.