Privacy leaks hit Facebook, Google, AT&T

December 28, 2010 4:00 AM PST

by Declan McCullagh

AT&T's Web site leaked the e-mail addresses of about 114,000 iPad owners. A browser extension was discovered to leak your Web history to Amazon.com, and if you didn't configure it properly, Google Buzz initially could leak your correspondents' identities.

YouPorn was sued for allegedly taking advantage of a privacy leak that revealed what Web sites had been visited. The leak of Gawker's user database led LinkedIn to disable passwords of users whose e-mail addresses appeared in the file. The discovery that Facebook leaked some user data to advertisers, prompting embarrassing questions from Congress, didn't stop CEO Mark Zuckerberg from being named Time magazine's person of the year.

Google responded to privacy concerns by allowing encrypted Web searches. Congress' response was less successful: Rep. Rick Boucher, a Virginia Democrat, announced widely panned privacy legislation and lost his bid for re-election a few months later. Democrat Bobby Rush's proposal was no more successful. And after over a decade of discussing the topic, U.S. senators couldn't even begin to agree on what kind of new privacy laws are needed. Politicians also failed to advance a proposal backed by Google, Microsoft, and AT&T to update a 1986 law to protect cloud computing privacy.

The Federal Trade Commission decided a "Do Not Track" mechanism for the Web would be nice, but stopped short of saying it should be mandated by law. Not to be left out, the Commerce Department released its own report two weeks later, which took a small step toward endorsing new federal laws regulating companies' data collection practices and requiring that customers be notified of data breaches. Google's congressional critics called for an FTC investigation of its accidental interception of Wi-Fi data, which did not result in a fine.

Concerns over privacy leaks motivated criticism of the federal government, which admitted that full-body scans of Americans entering a federal courthouse were being permanently recorded, prompting worries that would happen with scanners at airports. The Transportation Security Agency denied it, but leaked internal documents showed machines could be configured to do so. Something akin to a national furor, complete with congressional condemnation and an appearance on the Colbert Report, arose after the TSA said travelers at certain airports would be given the choice of scanners or a police-style pat down with what became known as "genital probing."

The biggest leaks of the year, of course, came from WikiLeaks and its impenitent spokesman Julian Assange. WikiLeaks started with the leak of a video shot by an Apache helicopter, continued with the release of hundreds of thousands of U.S. military files related to Afghanistan and Iraq, and achieved international fame and notoriety with last month's slow-motion release of internal State Department cables. While Washington officialdom has been publicly fuming, complete with calls for Assange to be charged with espionage, the cypherpunk-turned-self-described journalist has been holding press conferences in London while fending off an unrelated extradition attempt from Sweden.

Microsoft taking direct route on Windows Phone updates

The Windows Phone 7 update screen.

(Credit: Josh Lowensohn/CNET)

Good news for those who were worried about getting bottlenecked roll-outs of system software updates onWindows Phone 7 devices: Microsoft, and not the carriers or the device manufacturers, will be in charge of that duty.

In an e-mail exchange with ZDnet, Microsoft reiterated that it will "push Windows Phone 7 software updates to end users," while adding that "all Windows Phone 7 devices will be eligible for updates." These are two very big things that bode well for early adopters of the handset, but also put pressure on Microsoft to keep that promise as the Windows Phone platform ages.

Microsoft's position is of special interest given the current climate of smartphones system software updates, which up until a few years ago had been either few and far between or nonexistent.

To put the current update landscape in perspective, Apple pushes out what has become an annual update directly to iPhoneowners through its iTunes software, instead of through over-the-air carrier updates. Though with its latest OS update, Apple began limiting what features would be available on older models, and even cutting out the original iPhone from getting the newer software.

November 10, 2010 4:27 PM PST

Apple's cycle could be considered generous when compared to Google, which came under fire during most of 2010 for its Android update strategy. Unlike Apple, and now Microsoft, Google has mostly gone through the carriers and device manufacturers to deliver over-the-air software updates. This has led to some considerable delays in getting version 2.2 of its operating system out to users who may have purchased new phones just a few months after the software was released.

There's also the continuing march of Android hardware requirements for each OS iteration, which has left large groups of early adopters unable to get even parts of the updates. RIM faces similar timing challenges in rolling out the sixth version of its OS to BlackBerry users.

Of course the bigger question is how long Microsoft will have to keep up this promise of offering software updates to Windows Phone 7 users as the platform ages. Given what's happened with competitors, it's fair to expect that new features that require additional hardware adjustments simply get saved for the next major version of the OS. But even there, that could get a little sticky given the pace at which new phone hardware is released. And it could end up leaving some wiggle room akin to what we've seen on the PC side for buyers to pick up "Windows Phone next"-ready devices that would be eligible--and more importantly, capable, of the next major upgrade.

November 10, 2010 12:41 PM PST

2011

will be the Year of the X. Next year, Technology Y will kill Technology Z. Something will "die."
These sorts of predictions are commonplace as we approach the end of the year. They have a

satisfying finality to them. They're dramatic. They're also, with few exceptions, rarely correct--certainly not in any literal sense.

That's because IT rarely advances in a way that invokes mass extinctions and spontaneous generation. Rather it's a more evolutionary process. There's lots of change but even when rapid the new stuff often doesn't displace the old--and overnight replacements are rare indeed. For example, proclamations about the death of Bluetoothwere wildly premature even though that technology didn't live up to early promises.

This is especially true of cloud computing, given that it refers as much to the way the industry is moving to implement IT as the technology it uses to do so. Will those changes lead to broad shifts in where and how computing is done? Certainly, that's what makes cloud computing of so much interest after all. But we're mostly talking about transitions rather than sharp inflection points.

(Credit: Gordon Haff)

Within that context though, cloud computing is a rapidly developing set of trends that's generating lots of interest and discussion. And those discussions suggest to me some things that are going to be qualitatively different next year compared to this past one and some that will remain elusive.

Less focus on definitions (and dare we say hype?). If we were to do a survey of presentations, articles, and analyst research reports throughout this past year, we'd find that many of them spent a lot of time defining and categorizing cloud computing. I myself wrote aCloud 101 white paper earlier this year. This sort of content may be old hat to the analysts and vendors who have been writing about or implementing cloud strategies over the past few years. But, as I've discovered to only partial surprise, themes that some of us consider well-worn are still fresh to many mainstream audiences. That said, in 2011, we can collectively start to move on from talking about the big picture while remembering that the future doesn't happen everywhere at the same time.

Getting down to work. Cloud computing in 2011 will be, in a sense, more pragmatic. It will often be more about incrementally leveraging virtualized infrastructure to further automate the management and deployment of applications and workloads. New products that build on top of virtualization will doubtless come to market. However, a lot of organizational energy in 2011 will also go into getting business processes and IT operational procedures in line with the more integrated and autonomic approach to allocating IT resources that cloud computing implies.

"Standards" still won't be. Even in the best case, it's not realistic to expect that all clouds will interoperate perfectly. Proprietary application programming interfaces are often cloaked with a "de facto standard" rubric. But even when standards bodies are involved, cloud standards is still a developing area where one size doesn't fit all. Not all clouds have the same purposes and goals. One might expose lots of options; another might choose to keep things simple. One is most concerned with providing customers with tight controls over service levels; another just concentrates on cost. Regulations in a specific industry can mandate interfaces that relate to audit and compliance that aren't needed by most users. As a result, approaches that maintain portability and interoperability among multiple clouds is going to remain a strategic necessity for the foreseeable future,

Acquisitions of start-ups will continue apace. This one admittedly falls into the "well, duh" category but it's worth highlighting because 2010 has been such an active year, as Andre Yee correctly predicted last year it would be. Cloud computing, to an even greater degree than the server virtualization on which it builds, involves bringing a portfolio of products and solutions to bear on business problems. I'd argue that portfolio is best represented by a loose integration of a lead vendor's products and those of its partners, rather than a monolithic stack. However, it's inevitable that many start-ups end up not having the resources to bring a complete product to market on their own. Or market reach, and therefore value of a given technology may be greater delivered as part of a broader portfolio.

More nuance in security discussions. "Security" often gets used as a sort of catch-all for all manner of concerns that relate to risk in some way, shape, or form. Some of these concerns do in fact relate directly to security--for example, the need for additional layers of protection when multiple organizations are sharing the same physical infrastructure. However, many more "security" concerns are really more about compliance with government regulations and corporate standards, the ability to guarantee service levels, and generally having visibility into how applications run and data is secured. We'll increasingly see cloud-computing discussions move on from generic concerns about risk, privacy, or security to more focused examinations of specific requirements.

Cloud computing brings together trends in both technology and IT operations. It's not something wholesale new but, rather, builds on things like virtualization, automated provisioning tools, and application delivery over public networks. In fact, that it's evolutionary in important respects is precisely an important reason why cloud computing is so interesting. And that evolution will be in full force in 2011.