Archives For Future & Technology

A couple weeks ago my DSL modem broke. No big deal, right? I contacted my landlord, who put in a request with the local Internet Service Provider to get me a new one. My request is still lost somewhere in the bureaucracy, so I’ve had to go hunting around my neighborhood to use the Internet. It’s been an incredible nuisance, but it’s also given me an opportunity to expand my knowledge of the cyber dark arts.

The more I learn about this stuff, the scarier the world is. Most people have no idea how vulnerable they are. I only know a little about networking and hacking, but I am seeing chinks in the armor everywhere I look. It’s a good thing I’m one of the good guys.

From my living room I can access three unsecured wireless access points. The owners of these hotspots probably don’t know how to set up their routers, and don’t realize that almost everything they do online is transmitted cleartext. Even a mildly talented hacker can “sniff” this out of the air. Even worse, two of these routers are still in their default configuration. By typing in a specific IP address, anyone logged onto their network can access the router’s configuration pages, logs, etc. This information is supposed to be protected by a username and password, but these neighbors still have the default username/password. I knew one combo, because the router was the same brand as mine (and it was boldly advertised in the network’s SSID). I was able to look up the other username/combo on Google in about five seconds. I accessed both router configuration pages just to see if I could.

Because I’m not really a hacker, I just logged back out. But if I wanted to, I could have wreaked all kinds of mischief on these users. I could have set up a WEP or WPA password, effectively locking the user out of his or her own network. I could have set up remote access, allowing myself an entrance from anywhere on the net. I could have accessed logs. I probably could have tinkered with DNS settings, and steer the clueless user to fake versions of real web pages and harvest personal information like usernames and passwords. And if I wanted to, I could read the e-mails and instant messages passing through these networks. And all of this is just from my living room.

I repeated this experiment at my local Starbucks. The modem there is also in its default configuration. A hacker there could do a lot of damage to a lot of people.

The flip side of this scary knowledge is my own vulnerability. Until recently, I never realized how exposed I was at a coffee shop, airport, or other public wifi access point. Now I know: almost everything I do on the Internet at a public wifi hotspot can be “sniffed.” All it takes is the right kind of wifi card and a free open source software program that you can download in about two minutes. I thought I would give this a try, so I downloaded the program and did some snooping–on myself. I let the program run in the background while I did my usual activities on the web like read blogs and e-mails. When I was done, I saved the “sniffed” data and began to parse it. It took some time to find my way around the raw data, but I eventually found and reconstructed the HTML for all the websites I visited. I could see all the web addresses and read all the blog posts.

My personal e-mail address is secure (any data passing through a web page beginning with https:// is encrypted), but I use Outlook and a special e-mail address to participate in a national security e-mail discussion group. I was alarmed to see that Outlook downloaded all these messages as cleartext. Even worse, Outlook passed my e-mail address AND PASSWORD cleartext to the mail server. Anyone who captured this would have indefinite access to my e-mail and to sensitive national security discussions. I’m a reasonably computer savvy guy, but it never occurred to me that Outlook would not be connecting securely to my email. Figuring out how to configure that is at the top of my todo list.

It gets worse. I mentioned that two of the three unsecured networks near my living room were unsecured. The third router had a different password, but that made me suspicious. If the user knew how to change his password, why was it unsecured? What was to stop a hacker from setting up an unsecured hotspot to lure in clueless surfers, then capturing their data? After tinkering around on the network for a while, I opened up my firewall and reviewed the log. Sure enough, another computer on the network was running port scans on my computer. In other words, a hacker was walking down a long hallway, trying each doorknob to see if anything was unlocked. He was looking for a way into my computer.

I’ll never use an unsecured hotspot the same way. Anyone with a home network should use WEP or WPA to secure the hotspot with the password. Of course, WEP has its own problems–using another free software tool, any marginally talented hacker can crack a WEP password in about five minutes. That will be my next challenge when I have the time: trying to break into my own network.

I’m always interested in what John Robb has to say, so when one of my commenters told me that Daniel Suarez’s book Daemon should be considered “John Robb: the Novel”, I downloaded it to my Kindle that night. Zenpundit gave these books good reviews, and Robb himself (who is friends with Suarez) often cites examples from the novel and its sequel Freedom.

Daemon is about a terminally ill computer genius named Matthew Sobol who leaves behind a devastating legacy: computer code that will activate upon his death, sow all kinds of mayhem, and ultimately lead to a war against civilization itself. It is a gripping novelization of a line that stuck with me from Robb’s book Brave New War: The Next Stage of Terrorism and the End of Globalization: the superempowerment of individuals and the lowering thresholds for war are leading us to a dangerous culminating point characterized by “the ability of one man to declare war on the world and win.”

Suarez gets an A+ for ideas. What makes Daemon so creepy is how plausible many of Sobol’s schemes are. You get the sense that this kind of thing could happen tomorrow. The book offers a tour into a bizarre but believable near future where a genius like Sobol can exploit the Internet, massive multiplayer online role playing games, augmented reality, and robotics to subvert the world order. His ambitious scheme ultimately rests on recruiting human talent. My favorite part of the book was watching the dead Sobol identify and apprentice a drifting young computer hacker, and harness his abilities to further his agenda.

Although the book’s ingenuity makes it a must-read, the execution leaves a lot to be desired. Most of the characters are dull and uninteresting, with the notable exceptions of Sobol himself and Greg, the young hacker who gets entwined with Sobol’s plans. Scenes that are supposed to be emotionally-packed fall flat. The writing style is clean, but lacks energy and vibrancy. In short, Daemon suffers from weaknesses traits that are unfortunately common among commercial fiction. Fortunately the gripping plot and the ideas overcome these weaknesses and make the book hard to put down.

Freedom picks up where Daemon leaves off. Sobol’s daemon has grown in power. The plans he laid before his death have drawn together a new kind of human community that desires to overthrow and rebuild civilization as we know it. New ideas flash across every page: augmented reality, resilient communities, next-generation weapons and gear, new forms of economic systems, the merging of real and virtual worlds. I respect Suarez’s tremendous imagination and the scope of what he is trying to create.

With that said, Freedom didn’t work for me. The ideas get too big too quickly. Plausibility, Daemon’s core strength, goes out the window. As Suarez makes Sobol’s community bigger and badder, it becomes less and less interesting. Greg, the fascinating hacker from Daemon, turns into a comic book villain whose amazing powers come at the expense of any personality or human story. A second villain is so evil that–like the one-dimensional villains in Avatar–he never becomes interesting. In Daemon, each of Sobol’s nefarious acts was unique and carefully-crafted. In Freedom, we repeatedly watch a horde of robotic motorcycles slashing crowds of enemies to pieces with swords. The novelty quickly wears off, and the extra buckets of blood and gore do little to bring these scenes to life. Although it has its moments, the plotting isn’t nearly as tight as in Daemon. I had to make myself finish the book.

Still, both books should be read together on account of their ideas. They are thought-provoking, introduce many of the technologies that will transform our society in the next ten years, and illustrate many of the ways that warfare could potentially evolve. These books are also as good of a primer on cyberwarfare as you’re likely to find. If you can get past the shallow characters and the uneven quality of the writing, Suarez has written a remarkable story and imagined a frightening but plausible future.

I promised in my last post on cybesecurity to make some suggestions on how DOD can better balance network security with practicality and openness. I have no training in Information Technology and no special knowledge of these things, so I am writing as a layman. Here are a few random ideas:

Tell us about the threats we’re up against. I have seen a lot of draconian security measures come down from high, like thumb drive bans and the total shutdown of Internet in the billeting at a CENTCOM base where I was residing. What I have never seen is any accompanying explanation. Given the amount of frustration and anger these measures cause, a word of explanation would go a long way. Everything I learned about the thumb drive ban came from Wired’s Danger Room. Apparently the ban came in response to a massive virus attack, but I didn’t hear anything about this for several weeks. Like most people, I get frustrated by the ever-more-complex password rules, but I’m a lot more sympathetic now that I’ve learned a few things about password cracking techniques. I realize DOD wishes to protect sensitive information about enemy cyberattacks, but troops would be a lot more willing to put up with security measures if we had at least a general idea of the rationale. The reality is that we face cyberattacks all the time. Let the troops in on that; give them a sense of ownership of the fight. This will also give them more trust that leadership actually might know what it’s doing.

Don’t overclassify. It’s essential that we protect sensitive networks from disruption or attack, but DOD often locks information behind secure portals for no logical reason. A good example is my attempt to get the promotion board schedule for the year. This might be because DOD is trying to make AKO and Air Force Portal one-stop shops for information, but because these sites require CAC logins, we are restricting information by default. Is there way to pull non-critical information out from behind the security fence and put it out in the open, where it belongs?

Make it easy for any servicmember to get an at-home CAC reader. From what I can tell, the Common Access Card actually makes a lot of sense from a security standpoint. It provides a standard logon for DOD websites and it can hold keys for encrypting and signing e-mails. The biggest problem is that CACs only work from CAC-enabled computers. If you’re in a remote location (like me), you can’t access most vital data and applications. The DOD does provide at-home solutions for using your CAC, but getting these solutions to work isn’t always easy. You’re on your own to order a compatible CAC reader. In the Air Force you have to download the home use software from Air Force Portal, which requires–you guessed it–CAC access.

So how about this: why doesn’t DOD just create self-contained home use kits with an approved reader and the latest software, and make them available to anyone who wants to buy them? Put them in every BX and PX. Make them available for ordering online. Let units purchase them and distribute them to selected members.

Create a single username/password login as an alternative to the CAC. I have no idea the feasibility of this, from a security and technical standpoint, but here goes: Microsoft, Google, and others have created systems where you can use the same login and password for many different web applications. Could we do the same thing in the DOD? Could we have a username/password that works not just for AKO or Air Force Portal, but for virtually any military web app? Instead of trying to remember twenty usernames and passwords, we would just have to remember one. And this could provide an alternative login system for those in locations without CAC access.

Survey the human side of our current security model. I wrote yesterday that many members of my unit had to carry cards listing all our usernames and passwords because there were so many of them and the password rules were so complex. Is it possible that our stringent technical requirements are making us less secure because of the vulnerable human element? If the security bosses in DOD aren’t looking at these sorts of habits, they should be. The habits of average users should factor into our security policies.

Make unrestricted Internet access available, off the main network. Again, no idea if this is feasible… but at every military base I have visited there are two ways to get on the Internet. First, you can log on to a US military computer, where you’ll deal with security, firewalls, and everything else. Second, you can walk across the street to the Green Bean Cafe where you can pay a couple bucks an hour to use unrestricted wireless Internet access. (The Green Bean at Manas, Kyrgyzstan was hilarious… at least half of the US Army goes to war with orcs and goblins when it isn’t fighting insurgents). Why can’t DOD provide a service that a coffee shop can? I understand we need tight security on our primary network. But why can’t local units subscribe to the local DSL or cable modem company, put a wireless router in the building, and simultaneously provide unrestricted Internet access to those who want/need it? Just an idea.

These are just a few ideas off the top of my head. If my readers have more, share them in the comments.

I went to sleep early last night, and rolled out of bed an hour and a half later to check out Air University’s educational forum in Second Life. I can’t give a full review, because I only stayed about an hour (out of a scheduled three). I was less interested in the forum’s content than in getting a feel for what a conference feels like in Second Life.

It was about what I expected. The execution was very good, but I still can’t get past the clunky interface of Second Life itself.

I was impressed with how organized the hosts were. Air University has built some pretty stunning virtual facilities across a series of islands. The auditorium was large with lots of seating and good views of the screens from almost everywhere, despite SL’s clunky camera controls. I automatically received a “welcome kit” when I logged in, which contained SL game objects (such as an event T-shirt) and documents relevant to the presentations. All the presenters had arrived early and were gathered at the front of the auditorium. They did their technology checks early and started on time. I have a poor Internet condition here, so I didn’t expect the voice chat to work well, but it was surprisingly good. The briefers were loud and clear. They had PowerPoint presentations with embedded video, which was projected on in-game screens. I believe there was a tour of various AF and NASA facilities after the lectures, but I logged out well before that and went to bed. Overall, the organizers really tried to put on an excellent event within the confines imposed by the game world.

With that said, I still find Second Life immensely frustrating. For the most part, I felt that the virtual world technology impeded the conference rather than facilitated it. A lot of other technologies are better suited for this kind of event, such as a live streaming broadcast of real human beings. The interface simply isn’t intuitive enough. There is too much of a “reality disconnect” when you’re essentially listening to a conference telephone call while watching a cartoon avatar stand behind a podium without his or her lips moving. The real focus of most lectures was the PowerPoint slides, but you lose clarity, quality, and resolution when you convert slides into a texture and wrap it onto a 3D game object. It took a lot of complex camera manipulation ( CTL and ALT and arrow keys) to line up a good view, and even then, the quality was still degraded. I find SL’s inventory system very hard to use, and while I thought the welcome kits were a good idea, it is not easy to open up and use, and not really practical for exchanging business documents; an e-mail with attached PDFs would be much easier to use.

The event wasn’t without minor technical glitches. In the minutes before the event started, the MC asked someone to tell her real-life cubicle neighbor to move his avatar because he was blocking a control panel. Once we were underway several people lost voice connections or couldn’t see the videos (including me). While the speakers were talking over voice, the text chat was full of technical Q&A.

Lastly, I come to what I wrote about yesterday… the vast emptiness of Second Life. I was impressed that around 30 people came to the event. I suspect they were mostly educators or government employees who are interested in using Second Life. What’s missing, though, are the crowds of young people they are trying to educate or entertain. The Air Force has built this entire network of enormous islands as a playground in which to train and recruit, but in all the times I’ve visited there, I’ve only seen one other person one time. This is typical, which is why a lot of other organizations that tried out Second Life have been leaving.

I still believe virtual worlds are going to transform our society to the same degree that the Internet already has, but the transformation won’t come from Second Life. Lately I’ve been thinking that we may breeze right past the stage where virtual worlds are something you look at on a tiny screen; the real revolution will come with augmented reality, when the virtual gets mixed into the real.

In closing, here are a few pictures from the event.

Introductory remarks by the MC
Here we are… the attentive audience
I think it’s time for a break
You can glimpse some of the difficulties here, such as trying to read skewed PowerPoint slides. Note the chat window where technical Q&A is occurring.

Tonight (March 18th) from 5:00-8:00 PM the Air University Innovations and Integration Division is hosting an educational forum inside Second Life. It will be the middle of the night here, but I’m going to try and make it.

I’m guessing most of you have heard of Second Life, but if you haven’t, it’s a digital universe created almost entirely by its residents. Real-life users create digital avatars to represent themselves. Second Life is mostly recreational, but it has drawn a lot of media attention in the last few years as universities, corporations, and even governments have set up shop. They recognize the utility that virtual worlds could have for education and training, conferencing, marketing, etc. To its credit, the Air Force jumped on board early and is proactively looking at ways to harness the power of virtual worlds.

I’ll be honest: I love the idea of virtual worlds, but I don’t like Second Life. I find the interface clumsy and difficult to use, but more importantly, I don’t find Second Life at all enjoyable. I’m amazed at how desolate it feels. Almost every time I’ve logged in to a new location that sounds interesting, I’m the only person there. The only places where people seem to congregate are party spots like clubs and beaches, but the idea of watching my avatar dance or lie on a beach chair doesn’t sound remotely fun. The Second Life experience is also overwhelmed by the rampant cybersex and commercialization. I sincerely want to enjoy Second Life (just as I want to enjoy Twitter) but I haven’t found a way yet.

Still, Second Life is the best product of its kind out there. Virtual worlds are still an emerging technology, and although I don’t particularly enjoy Second Life, I’m glad that Linden Lab is pioneering the field. I’m also glad that forward-thinking leaders and educators are investing in it. Although Second Life might not be the technology that changes the world, its successor might be. Organizations that want to be ahead of the game need to keep up with technologies like Second Life.

I’ve never attended a virtual conference before, so I’m eager to see what the experience is like. If you’re curious about what this “virtual world” thing is all about, you should log in and check it out. Log in nice and early so you can create a character, learn the interface, and get to the meeting (see the instructions linked above). I plan to log in about an hour early… if you want to “meet” me there, look for Fareed Courtois… the guy with the shaggy hair and goatee who most definitely does not look like he is in the Air Force. No, I’m not coming in uniform.

Everyone is talking about cybersecurity and cyberwarfare these days. Security experts like former NSA director Mike McConnell have been warning about a cyber-Pearl Harbor or September 11th for years; others say the threat is overblown and that fearmongering could destroy our civil liberties. The extremely sophisticated Chinese hack of US corporations has put the issue back in the news. The military is scrambling to put together cyberwarfare units and figure out what exactly they should be doing. Universities, think tanks, and government organizations are brainstorming how to rebuild a secure Internet from the ground up. And you and me, the user, have to deal with security restrictions that seem increasingly asinine and make our military networks almost unusable for daily work. I write repeatedly about this, but Starbuck’s recent rants here and here prove that I am outclassed.

It’s good we’re talking about cyberwarfare, but there’s a problem: although everybody knows the issue is critical, very few people really understand it. I know I don’t, and I’m a pretty computer literate guy. I was on the Internet when it was just a UNIX prompt and I’ve been programming computers and robots since I was a kid. I know scattered bits of hacking knowledge here and there, but if you put me in CYBERCOM and said, “Tell me exactly what it is we’re supposed to be doing here”, I would have no idea. I have to imagine that a lot of policymakers, especially those who didn’t grow up in a digital generation, understand even less.

That raises an interesting question: given the technical complexity of cyber issues, how can we teach the layman about them?

I decided this is something I need to know more about, so I started a crash course in the digital underworld (as if I don’t have enough going on). I started with the very basics this week. I downloaded the open-source tool VirtualBox which allows me to run a second operating system in a window inside my existing operating system (my wife uses the same program to run Windows on her MacBook). Next I downloaded and installed Ubuntu 9.10, one of the most popular distributions of the open-source operating system Linux–the preferred operating system for most hackers. After that, I installed Tor for Ubuntu, which masks my IP address (did you know that every website you visit logs your IP address, and that your IP address can be mapped to a physical location?). I already use a subscription service called Proxify, which is a kind of intermediary allowing me to access websites that are firewalled in this country, so this combination of tools lets me surf with anonymity. I also downloaded the free Linux chat client Pidgin and played around for a while on IRC, an old chat and file-sharing protocol that predates all of our modern chat tools. I used it extensively when I was a young programmer and my Internet access just provided a UNIX prompt, but it’s still a preferred hangout for serious coders and hackers.

The next topic I began to explore was encryption and digital signing. A few of my geekiest friends always signed their emails with PGP keys, but I never really understood how they worked, so I read the GNU Privacy Handbook. I then installed the free GNU Privacy Guard for Windows, and FireFPG for Firefox on both Windows and Ubuntu. Now I have the ability to digitally sign or encrypt my e-mails, or verify the identify of and decrypt documents from others using PGP (I have no idea when I would actually use this, but at least I know how). With these tools, my masked Internet connection, and an anonymous e-mail address, I could conceivably create a secure online identity that is very hard to tie to my real self.

I also began reading the non-technical primer Hacking for Dummies (yes, I know, all the real hackers are laughing at me) and the more technical security primer Hacking Exposed. I don’t have the time or inclination to learn all the tools of the trade, but these books are giving me an idea of the way hackers operate, the tactics and tools they use, and the countermeasures to defend against them.

I’m amazed at the power of the free tools that would-be hackers can use to cause mischief. You really don’t have to be an expert to launch attacks; you just have to download and employ the right tool. In fact, hacker culture uses the derogatory phrase “script kiddie” to describe juveniles who use off-the-shelf tools but have no real programming or hacking ability.

I’m also impressed at how important the human dimension is to hackers. Breaking into a secure network is hard; obtaining a password from a careless employee might be much easier. This is where I fear that the DOD might be going wrong with its strict network security. By making passwords so complex, requiring that they be changed so frequently, etc. the DOD is making it impossible for servicemembers to remember them. When I was flying C-17s I had to access a variety of DOD programs from the road. The only way I could remember all my usernames and passwords was to carry a card in my wallet with all of them written down. A lot of my friends did the same. Those programs were probably safe from brute-force attempts to crack passwords, but there is a soft underbelly. A lost wallet could give someone access to ten or fifteen DOD web applications.

A second example: every Air Force pilot maintains a list of identifying information that can be used by Search and Rescue forces. Among this information is a secret number. The rules for choosing a valid number were so complicated and changed so frequently that nobody could figure out how to pick a valid one. After I made five or six attempts, the Intel officer finally told me, “Just use XXXXXXX.” The number was easy to remember because it corresponded to something we all knew (sorry, being vague here). I’m pretty sure half my squadron ended up using the same number. That is not secure.

Finally, I’m amazed at how much information you can dig up on a person or a company if you really try. This is where the technical and human aspects of hacking meet. If you want to target a specific company, you can quickly find all sorts of human information that could help you gain access–names, phone numbers, addresses, etc. When I was in high school, I used to hang out on a message board for aspiring young writers. One girl posted a “Goodbye world” message one Friday, informing us all that she was going to kill herself on Monday. Using just her e-mail address, I was able to get a phone number of somebody who knew her. It turned out to be a hoax, but she got the surprise of her life when the police showed up at her house Sunday evening.

I’ve only scratched the tip of the iceberg, but this is fascinating stuff. I will admit that I’ve gained a greater appreciation for the challenges that DOD must manage with its network security policies. Starbuck and I both come down on the side of openness and freedom, but I recognize that this needs to be balanced with careful security measures. I don’t believe DOD has achieved this balance yet–it needs to find creative ways to open up the flow of information, while still preserving security. I will share some thoughts on how it might be able to achieve that in a future post.

In case you missed it, the DOD has finally issued a clear policy statement permitting the use of social networking sites. This standardized policy should replace the hodge-podge, contradictory policy that has guided the different services until now. That’s good news for all of us who believe in the potential benefits of Web 2.0 technology.

Machine Translation

February 10, 2010 — 2 Comments

As someone who fries brain cells everyday by studying Arabic, I’m always interested in the latest translating tools and technologies. These tools are a double-edged sword. Used properly, technology is a huge aid to a foreign language student. I use a variety of tools–such as Google Translate and Firefox plugins–to streamline my study time, quickly look up unfamiliar words or phrases, and self-edit my Arabic writing. These tools can also be dangerous. One of my DLI classmates always kept his laptop open in class; any time he wanted to speak, he would type the sentence into Google Translate and read the result. He could not speak without this crutch. Not exactly a recommended technique for learning Arabic.

Google has done a pretty remarkable job creating software that can translate written text, but the holy grail is a system that can translate speech. That’s why this article caught my attention: Google leaps language barrier with translator phone. Google has been simultaneously researching and developing two powerful technologies: its translation system and voice recognition-driven search. Google is confident that it can combine these technologies and have a translating phone on the market within the next few years. We’ll see. This is a tough problem to crack, but if anyone can do it, I think Google can.

When real-time speech translation hits the market–and I think it’s only a question of when–I’m curious what the impact will be on our world. On balance, I think such a system would be an enormous step forward. It would bring the world closer together, humanize other cultures, and create new possibilities for global cooperation. On the other hand, this technology will create an enormous barrier to actually learning foreign languages. A lot of people won’t believe foreign language learning is necessary anymore. Those do wish to learn languages will have a hard time escaping all this auto-translation and actually practicing their language. I, for one, still think learning languages is important. As I’ve written before, speaking a foreign language isn’t just about translating content from one format to another; it’s a means of building trusting relationships across cultures. I worry that could get lost.

We also have a long way to go with quality. If you want to amuse yourself, check out Translation Party. You type a phrase in English, and the website uses Google to translate it into Japanese, then translates the Japanese back into English. This repeats over and over until the two translations finally match. I typed in “Who is the leader of your village?” After 50 iterations the website gave up and warned me the phrase will probably never reach equilibrium. Its final translation? “Many other people, many of our people, the people of our village and how many other educators who and how many?” Yikes.

I’m lagging pretty far behind the news with this post because I’ve been busy with other things, but I think it’s important and still worth writing.

Internet Freedom has been all over the news in the past couple months. Google uncovered a massive Chinese hacking operation that targeted at least 34 companies. Google, already frustrated by Chinese censorship, announced that this was a bridge too far and threatened to shut down its China operation entirely. The complex interplay between the corporate world, states, and national security issues has led Google into consultations with the State Department and now the NSA.

On January 21st, probably in response to the attack, Secretary of State Hillary Clinton delivered her Remarks on Internet Freedom. She struck directly at those states that try to curtail Internet freedom, comparing these censorship operations to the Berlin Wall:

Some countries have erected electronic barriers that prevent their people from accessing portions of the world’s networks. They’ve expunged words, names, and phrases from search engine results. They have violated the privacy of citizens who engage in non-violent political speech. These actions contravene the Universal Declaration on Human Rights, which tells us that all people have the right “to seek, receive and impart information and ideas through any media and regardless of frontiers.” With the spread of these restrictive practices, a new information curtain is descending across much of the world. And beyond this partition, viral videos and blog posts are becoming the samizdat of our day.”

Here in the Arab world, people aren’t impressed by the speech; they’re frustrated by US hypocrisy. Two issues have undermined US credibility. The first is the passage of Congressional Resolution 2278, which threatens to sanction Arab television stations inciting terrorism. The second is US laws which deny the populations in sanctioned countries access to key websites.

First, the Congressional Resolution. Marc Lynch covered this in-depth on January 25th. He writes that the resolution “is a perfect example of mindless grandstanding which pleases domestic audiences while hurting American interests in the Arab world.” Nonetheless, the resolution passed by an overwhelming 395-3. I have no love for Hamas or Hizballah, but the way to defeat them isn’t with intrusive government policies that seek to control information; that kind of policy is partly responsible for the intellectual stagnation in the Middle East in the first place. The best thing we can do is open up the intellectual marketplace, let people learn and grow, and trust that good ideas will win in the long run. I quote Marc Lynch again at length:

In short, H.R. 2278 is a deeply irresponsible bill which sharply contradicts American support for media freedom and could not be implemented in the Middle East today as crafted without causing great damage. Even Arab governments who despise Hamas and Hezbollah and Qaradawi and al-Jazeera could not sign on to it. Instead, such governments proposed a pan-Arab Media Commission which would monitor and regulate political content on satellite TV — an idea which was floated in spring 2008, and mercifully failed. Fortunately, that proposal has again been shelved. The last thing the Arab world needs right now is more state power of censorship over the media — whether the Arab League over satellite TV or the Jordanian government over the internet. Hillary Clinton just laid out a vision of an America committed to internet freedom, and that should be embraced as part of a broader commitment to free and open media. Nobody should be keen on restoring the power of authoritarian governments over one of the few zones of relative freedom which have evolved over the last decade.

I’ve seen this story pop up repeatedly over the past few weeks. The Arabic BBC debated the topic on a call-in talk show. Among the questions discussed was whether or not this meant Arab countries had the right to block US programming. The whole issue severely undermines the freedom agenda Secretary Clinton is trying to promote.

The second issue is the denial of access to US websites. ArabCrunch has been pushing this issue recently. According to its website, “The mission of ArabCrunch.NET is to help accelerate entrepreneurship and technology innovation in the Arab world by delivering an online social platform that connects participants of the technology ecosystem.” The ArabCrunch Group supports an entire “Arab centric technology ecosystem.” I’m very impressed by these guys and the work they are doing; this is exactly the kind of project the Arab world needs. I’m growing more and more convinced that the development of this region won’t come from government initiatives or US foreign assistance; it will come from these motley crews of talented young Arabs who can sip some Arab coffee, push up their glasses, and write business plans or computer code. These guys are the future.

Unfortunately, they’re mad–mad because at the same time Secretary Clinton delivered her speech, US laws are blocking access to crucial websites in sanctioned countries. Among these websites are LinkedIn (the Facebook of the professional business world), SourceForge, (the largest open source hosting website in the world), and (another open source hosting website). ArabCrunch campaigning has restored partial access to some of these sites, but functionality is still curtailed. I sympathize with their frustrations; as a hobbyist programmer myself, I can’t stress enough how important the open source software community is for developers. I use code from SourceForge and Google all the time. If we want to empower these guys to build the future of the Arab world, we need to open up the Internet–as Secretary Clinton said–not play a role in censoring it.

One of the coolest trends of our time is the rise of social entrepreneurship. According to Wikipedia, “a social entrepreneur is someone who recognizes a social problem and uses entrepreneurial principles to organize, create, and manage a venture to make social change. Whereas a business entrepreneur typically measures performance in profit and return, a social entrepreneur assesses success in terms of the impact s/he has on society as well as in profit and return. While social entrepreneurs often work through nonprofits and citizen groups, many now are working in the private and governmental sectors and making important impacts on society.”

I’m especially intrigued by the social entrepreneurship happening in the private sector. Of course the main job of any business enterprise is to make money, but a lot of companies are interested in simultaneously using their unique capabilities for positive social change. Google is on the front lines of these efforts. They are always coming up with nifty projects, like a global flu tracker that estimates flu activity based on search activity, or software for online, global monitoring of changes in the earth’s forests.

Google is providing several services in response to the Haiti earthquake. First, they’ve worked with the US State Department to create a “People Finder” gadget for providing information on missing persons or searching the database. It’s simple, elegant, and pretty amazing–a few days after the earthquake, we have a new piece of software (available in English, French, and Creole–the languages spoken in Haiti) that is based on open standards and is embeddable in any website. Second, Google is providing free Google Voice calls to Haiti for the next two weeks. Third, Google is providing post-earthquake map data for Google Earth, which I’m sure will be critical for many responders. Fourth, Google has donated $1 million to organizations on the ground in Haiti.