On July 15th, a small but significant internet event occurred. On that day, years of planning culminated in the deployment of a cryptographic signature on the root DNS zone. To simplify greatly, this means that internet users will soon be able to have a much higher degree of trust in the hierarchical Domain Name System by utilizing the powers of recursion and cryptography. When a user's computer is told that the IP address for "gmail.com" is 72.14.204.19, the user can be sure that this answer is true. This is important if you are someone such as a Chinese dissident who wants to reliably and securely reach gmail.com in order to communicate with your peers. The rollout of this throughout all domains, DNS resolvers, and client applications will take a little while, but the basic infrastructure is now in place.

This mitigates a certain class of vulnerabilities that web users used to face. Although it forecloses attacks at the domain name-to-IP address stage of requesting a web page, it does not necessarily foreclose attacks at other stages. For instance, an attacker that gets between you and the server you are trying to reach can simply claim that he is the server at 72.14.204.19. Our traditional way of protecting against this style of attack has been to rely on Certificate Authorities -- trusted third-parties who certify digital key-pairs only for the true owners of a given domain name. Thus, even if an attacker tries to execute one of these "man-in-the-middle" attacks, he won't possess the secret portion of the digital key-pair that is required to prove that his communications come from the true gmail.com. Your browser checks for a certified corresponding public key in the process of setting up a secure SSL/TLS connection to https://gmail.com.

Unfortunately, there are several technical, operational, and jurisdictional shortcomings of the Certificate Authority model. As I discussed in an earlier post, many of these problems are not present in the hierarchical and delegated model of DNS. However, DNS does not inherently provide the ability to store domain name-to-key-pair information. But could it? At one of the recent DNSSEC deployment ceremonies, Vint Cerf noted:

More has happened here today than meets the eye. An infrastructure has been created for a hierarchical security system, which can be purposed and re-purposed in a number of different ways. And so I would predict that although we started out putting this system together to assure that the domain name lookups return valid internet addresses, that in the long run this hierarchical structure of trust will be applied to a number of other functions that require strong authentication. And so you will have seen a new major milestone in the internet story.

I believe that storing SSL/TLS keys in DNSSEC-secured DNS records will be the first significant "other function" that will emerge. An alternative to Certificate Authorities for domain-to-key mapping is sorely needed. There are two major practical hurdles to getting there: 1) We must define a standard for placing keys in DNS and 2) We must secure the "last mile" from the service provder's DNS resolver to the end-user's computer.

The first hurdle involves the type of standard-setting that the internet community is quite familiar with. On a technical level, it means that we need to collectively decide what these DNS records look like. The second hurdle involves building more functionality into end users' software so that it can do cryptographic validation of DNS results rather than blindly trusting its upstream DNS resolver. There may be temporary ways to do this within web browser code, but ultimately it will probably have to be built into what is called the "stub resolver" -- a local service running on your computer that usually just asks for the results from the upstream resolver.

It is important to note that none of his makes Certificate Authorities obsolete. Although the DNS-based approach replaces the most basic type of SSL certificates, the Certificate Authorities will continue to be the only entities that can offer validation of real-world identity of site owners. The DNS-based approach and basic "domain validated" Certificate Authority certificates both verify only that whoever controls the domain name is the entity that your computer is communicating with, without saying who that is. In recent years, "Extended Validation" certificates (the ones that make your browser bar glow green) have begun to be offered by all major certificate authorities. These certificates require more rigorous validation of the identity of the owner, so that for example you know that the person who controls bankofamerica.com is really Bank of America Corporation.

At this year's Black Hat and Defcon, Dan Kaminsky demonstrated some new software he is releasing that could make deploying DNSSEC more easy in general, and that could also address the two main hurdles to placing keys in DNS. He readily admits that his particular implementation is not perfect, and has encouraged critiques and changes. [Update: His slides are available here.]

Hopefully, with the input of the many smart folks in the security, internet standards, and software development communities, we will see a production-quality DNSSEC-secured solution to domain-to-key authentication in the near future.

Hi. My name is Ron Hedges. I am a Visiting Research Collaborator with the CITP for 2010-11.

Let me tell you a little about myself. I am a graduate of the University of Maryland and Georgetown University Law Center. I spent over twenty years as a United States Magistrate Judge and sat in Newark, NJ. I came to the Center through my work with the use and abuse of electronic information in civil litigation in the United States Courts. Several years ago, I wrote a decision on the subjects of “preservation” and “spoliation” electronic information. That led me to The Sedona Conference, a think-tank of academics, attorneys, and judges who focus on electronic information and other things. Today, I’m on a Sedona advisory board and work on, among other things, confidentiality, public access, and electronic information in criminal actions. For information on Sedona, go to www.thesedonaconference.org.

This year, I hope to work with the Center to update something Sedona did a few years ago on confidentiality and public access in civil litigation. Our society prizes two conflicting values: openness in our judicial system and protection for matters of personal privacy and “protected” information. Examples of the latter are trade secrets and personal medical information. How we as a society reconcile openness and protection in civil litigation was the theme of The Sedona Guidelines on Confidentiality and Public Access, published in March of 2007. This document is not focused on electronic information and offers only general guidance on access to electronic information managed by courts. I hope to use my time at CITP to conduct a symposium on confidentiality and access and to move The Sedona Guidelines forward.

Another project for 2010-11 would be to consider the automation of the review of electronic information for “relevance” and “privilege.” Relevance is a simple, but often misunderstood, concept. To be relevant, information must tend to either prove – or disprove – something. Privilege is also simple, but often misunderstood. To be privileged (in a broad sense), information must be either subject to either the “attorney client privilege” or “work product.” Privileged information need not be turned over to an adversary and, if it is turned over, there can be serious consequences. Not surprisingly, human review for privilege is estimated to account for about half of the cost of litigation.

The “holy grail” of litigation is to come up with an automated process or processes for relevance and privilege review that is reasonable. The process must also be something that can be explained to laypeople (i.e., judges and lawyers). Research is being spearheaded by NIST, and I hope to have CITP sponsor a program on automated search that would feature, among others, Jason Baron of NARA and Maura Grossman of the Wachtell firm. They have led the NARA initiative and are prominent exponents of automated review.

Finally, I hope to offer a symposium or class to introduce technology-oriented folks like you to the intricacies of the law as it deals with electronic information.

Please give me your thoughts as we move toward the Fall semester.

Court proceedings are supposed to be public. When they are public and easily accessible, citizens know the law and the courts are kept accountable. These are the principles that underpin RECAP, our project to help liberate federal court records from behind a pay-wall.

However, appropriate restrictions on public disclosure are equally critical to democracy-enhancing information management by the judiciary. Without protections on personal data, trade secrets, the addresses of cooperating witnesses, or other harmful information the courts would become a frightening place for many citizens in need of justice. Peter Winn has described this challenge in detail.

Thus, somewhat counter-intuitively, it is important to restrict some legal information in order to set the rest free. That is why our courts have a strong legacy of sealing cases when, on balance, their disclosure would do more harm to justice than good. When the risks don't require the entire case to be sealed, portions of documents can be redacted. Federal Rule of Civil Procedure 5.2 and Federal Rule of Bankruptcy Procedure 9037 define these instances.

But what happens when mistakes are made or negligence occurs? This has been a largely unexplored area to date. In a 2005 bankruptcy case in the US District of South Carolina, Green Tree Servicing included the debtors' social security numbers in a public filing. The document was made available via the courts' electronic public access system (PACER) for viewing by anyone who was willing to pay the fee. The debtors filed suit in 2008 against Green Tree for disclosing their personal information counter to the rules I mentioned above, as well as the Gramm-Leach-Bliley Act, and other provisions. This was to be an interesting case, but (unfortunately for scholars and perhaps fortunately for the parties) they settled.

However, this was not the end of Green Tree's entanglement with these provisions. In 2009 they were servicing another pair of debtors, and they likewise included their social security numbers in the filing. The debtors filed suit against Green Tree under similar reasoning. This time, the parties didn't settle. In its opinion, the US Bankruptcy Court for the Southern District of Indiana dismissed all claims that were based on a private right of action against Green Tree, but left open the possibility that a contempt of court claim could prevail:

The Debtors have pled sufficient facts to state a claim for contempt under §105 for Greentree's failure to comply with Rule 9037. The act of limiting access to [the document containing SSNs] may be a sufficient remedy under Rule 9037, and a finding of contempt would require that Greentree was aware of its violation of Rule 9037. [...] Greentree has "inadvertently" failed to redact social security numbers on proofs of claim forms in at least one other case in which the debtors alleged a claim for contempt. See, In re Petty, No. 08-34375 HCD (Bankr. N. D. Ind. September 21, 2009). Whether the failure to redact here was coincidence or something else is not for the court to decide at this juncture. Nonetheless, the Debtors have pled sufficient facts to establish their claim for contempt under §105(a) due to Greentree's failure to comply with Rule 9037 and thus, that count survives Greentree's motion to dismiss and will proceed to trial. All other counts shall be dismissed.

The outcome appears to hinge largely on the "willfulness" of Green Tree. Given the 2005 South Carolina case, it seems evident that Green Tree should have been quite aware of the federal rules of procedure regarding redaction. It will interesting to see how the case turns out.

In the context of these recent cases, the 4th Circuit issued a decision yesterday on a related matter. In Ostergren v. Cuccinelli, the court ruled that a third-party who downloaded public records ("land records") from government-provided web sites would not be liable for damages when republishing those records online -- even if that third-party knew that the records contained private information such as social security numbers.

The facts of the case are quite interesting. Betty Ostergren, a pro-privacy advocate, had for many years tried to get the State of Virginia to implement and then to improve its automatic redaction technology for these records. Virginia was making some effort to do so, but evidently the various counties were not working as fast as she would like, leaving many documents unredacted. Indeed, the original legislation setting the redaction system into motion would have required the task to have been completed by July 1, 2010, but it didn't go into effect because the General Assembly failed to appropriate the necessary funds. Ostergren decided that the only way to motivate the necessary attentiveness was to begin publishing land records with unredacted SSNs on her own web site. For maximum effect, she chose land records from known public officials.

Virginia enacted a statute designed to stop this type of behavior, and Virginia filed suit under that statute. The Electronic Privacy Information Center filed an amicus brief in support of Ostergren. The 4th Circuit delivered a double-whammy to Virginia: not only did it uphold the district court's ruling that Ostergren's site warranted First Amendment protection, it ruled that the protection should extend even further than the district court had ruled. This interpretation was made even easier for the court given the fact that she was posting the materials for the explicit purpose of drawing attention to the problem -- it was disclosure, critique, and commentary via simple transparency. As the court noted:

Under Cox Broadcasting and its progeny, the First Amendment does not allow Virginia to punish Ostergren for posting its land records online without redacting SSNs when numerous clerks are doing precisely that.¹⁹

¹⁹ For the same reason, Virginia could not punish Ostergren for publishing a SSN-containing land record that had accidentally been overlooked during its imperfect redaction process—having a one to five percent error rate—unless Virginia had first corrected that error. Even then, we leave open whether under such circumstances the Due Process Clause would not preclude Virginia from enforcing section 59.1-443.2 without first giving Ostergren adequate notice that the error had been corrected.

Thus, we have an intriguing reversal of the principle I set out above (that it is important to restrict some legal information in order to set the rest free). In this case, it was important to (hopefully temporarily) make more visible the very type of information that ultimately needed to be restricted.

We are delighted to announce the CITP visiting scholars, practitioners, and collaborators for the 2010-2011 academic year. The diverse group of leading thinkers represents CITP's highly interdisciplinary interests. We are looking forward to their work at the center, and welcome them to the family. The short list is below, but you can see more description on the announcement page.

• Ronaldo Lemos, Fundação Getulio Vargas Law School
• Fengming Liu, Microsoft
• Frank Pasquale, Seton Hall
• Wendy Seltzer, Berkman Center
• Susan Crawford, Cardozo Law School
• Alex Halderman, University of Michigan
• Joe Hall, UC Berkeley School of Information
• Ron Hedges, Former Federal Magistrate Judge
• Adrian Hong, Pegasus Project
• Rebecca MacKinnon, New America Foundation
• Philip Napoli, Fordham
• W. Russell Neuman, University of Michigan
• Steven Roosa, Reed Smith

In March, the U.S. Court of Appeals for the Eleventh Circuit, the court that sets federal law for Alabama, Florida, and Georgia, ruled in an opinion in a case called Rehberg v. Paulk that people lacked a reasonable expectation of privacy in the content of email messages stored with an email provider. This meant that the police in those three states were free to ignore the Fourth Amendment when obtaining email messages from a provider. In this case, the plaintiff alleged that the District Attorney had used a sham subpoena to trick a provider to hand over the plaintiff's email messages. The Court ruled that the DA was allowed to do this, consistent with the Constitution.

I am happy to report that today, the Court vacated the opinion and replaced it with a much more carefully reasoned, nuanced opinion.

Most importantly, the Eleventh Circuit no longer holds that "A person also loses a reasonable expectation of privacy in emails, at least after the email is sent to and received by a third party." nor that "Rehberg's voluntary delivery of emails to third parties constituted a voluntary relinquishment of the right to privacy in that information." These bad statements of law have effectively been erased from the court reporters.

This is a great victory for Internet privacy, although it could have been even better. The Court no longer strips email messages of protection, but it didn't go further and affirmatively hold that email users possess a Fourth Amendment right to privacy in email. Instead, the Court ruled that even if such a right exists, it wasn't "clearly established," at the time the District Attorney acted, which means the plaintiff can't continue to pursue this claim.

I am personally invested in this case because I authored a brief asking the Court to reverse its earlier bad ruling. I am glad the Court agreed with us and thank all of the other law professors who signed the brief: Susan Brenner, Susan Freiwald, Stephen Henderson, Jennifer Lynch, Deirdre Mulligan, Joel Reidenberg, Jason Schultz, Chris Slobogin, and Dan Solove. Thanks also to my incredibly hard-working and talented research assistants, Nicole Freiss and Devin Looijien.

Updated: The EFF (which represents the plaintiff) is much more disappointed in the amended opinion than I. They make a lot of good points, but I prefer to see the glass half-full.

The latest scare meme is "digital drugs" or "i-dosing", in which kids listen to audio tracks that supposedly induce altered mental states. Concerned adults fear that these "digital drugs" may be a gateway to harder (i.e., actual) drugs. Rumors are circulating among some kids: "I heard it was like some weird demons and stuff through an iPod". In a way, it's a perfect storm of scare memes, involving (1) "drugs", (2) the Internet, and (3) kids listening to freaky music.

When I heard about these "digital drugs", I naturally had to try them, in the interest of science.

(All joking aside, I only did this because I knew it was safe and legal. I don't like to mess with my brain. I rely on my brain to make my living. Without my brain, I'd be ... a zombie, I guess.)

I downloaded a "digital drug" track, donned good headphones, lay down on my bed, closed my eyes, blanked my mind, and pressed "play". What I heard was a kind of droning noise, accompanied by a soft background hiss. It was not unlike the sound of a turboprop airplane during post-takeoff ascent, with two droning engines and the soft hiss of a ventilation fan. This went on for about fifteen minutes, with the drone changing pitch every now and then. That was it.

Did this alter my consciousness? Not really. If anything, fifteen minutes of partial sensory deprivation (eyes closed, hearing nothing but droning and hissing) might have put me in a mild meditative state, but frankly I could have reached that state more easily without the infernal droning, just by lying still and blanking my mind.

Afterward I did some web surfing to try to figure out why people think these sounds might affect the brain. To the extent there is any science at all behind "digital drugs", it involves playing sounds of slightly different frequencies into your two ears, thereby supposedly setting up a low-frequency oscillation in the auditory centers of your brain, which will supposedly interact with your brain waves that operate at a very similar frequency. This theory could be hooey for all I know, but it sounds kind of science-ish so somebody might believe it. I can tell you for sure that it didn't work on me.

So, kids: don't do digital drugs. They're a waste of time. And if you don't turn down the volume, you might actually damage your hearing.

The Supreme Court's long-awaited decision in Bilski v. Kappos brought closure to this particular patent prosecution, but not much clarity to the questions surrounding business method patents. The Court upheld the Federal Circuit's conclusion that the claimed “procedure for instructing buyers and sellers how to protect against the risk of price fluctuations in a discrete section of the economy” was unpatentable, but threw out the “machine-or-transformation” test the lower court had used. In its place, the Court's majority gave us a set of “clues” which future applicants, Sherlock Holmes-like, must use to discern the boundaries separating patentable processes from unpatentable "abstract ideas."

The Court missed an opportunity to throw out "business method" patents, where a great many of these abstract ideas are currently claimed, and failed to address the abstraction of many software patents. Instead, Justice Kennedy's majority seemed to go out of its way to avoid deciding even the questions presented, simultaneously appealing to the new technological demands of the “Information Age”

As numerous amicus briefs argue, the machine-or-transformation test would create uncertainty as to the patentability of software, advanced diagnostic medicine techniques, and inventions based on linear programming, data compression, and the manipulation of digital signals.

and yet re-ups the uncertainty on the same page:

It is important to emphasize that the Court today is not commenting on the patentability of any particular invention, let alone holding that any of the above-mentioned technologies from the Information Age should or should not receive patent protection.

The Court's opinion dismisses the Federal Circuit's brighter line test for "machine-or-transformation" in favor of hand-waving standards: a series of “clues,” “tools” and “guideposts” toward the unpatentable "abstract ideas." While Kennedy notes that “This Age puts the possibility of innovation in the hands of more people,” his opinion leaves all of those people with new burdens of uncertainty -- whether they seek patents or reject patent's exclusivity but risk running into the patents of others. No wonder Justice Stevens, who concurs in the rejection of Bilski's application but would have thrown business method patents out with it, calls the whole thing “less than pellucid.”

The one thing the meandering makes clear is that while the Supreme Court doesn't like the Federal Circuit's test (despite the Federal Circuit's attempt to derive it from prior Supreme Court precedents), neither do the Supremes want to propose a new test of their own. The decision, like prior patent cases to reach the Supreme Court, points to larger structural problems: the lack of a diverse proving-ground for patent cases.

Since 1982, patent cases, unlike most other cases in our federal system, have all been appealed to one court, United States Court of Appeals for the Federal Circuit. Thus while copyright appeals, for example, are heard in the circuit court for the district in which they originate (one of twelve regional circuits), all patent appeals are funneled to the Federal Circuit. And while its judges may be persuaded by other circuits' opinions, one circuit is not bound to follow its fellows, and may "split" on legal questions. Consolidation in the Federal Circuit deprives the Supreme Court of such “circuit splits” in patent law. At most, it may have dissents from the Federal Circuit's panel or en banc decision. If it doesn't like the test of the Federal Circuit, the Supreme Court has no other appellate court to which to turn.

Circuit splits are good for judicial decisionmaking. They permit experimentation and dialogue around difficult points of law. (The Supreme Court hears fewer than 5% of the cases appealed to it, but is twice as likely to take cases presenting inter-circuit splits.) Like the states in the federal system, multiple circuits provide a “laboratory [to] try novel social and economic experiments.” Diverse judges examining the same law, as presented in differing circumstances, can analyze it from different angles (and differing policy perspectives). The Supreme Court considering an issue ripened by the analysis of several courts is more likely to find a test it can support, less likely to have to craft one from scratch or abjure the task. At the cost of temporary non-uniformity, we may get empirical evidence toward better interpretation.

At a time when “harmonization” is pushed as justification for treaties(and a uniform ratcheting-up of intellectual property regimes), the Bilski opinion suggests again that uniformity is overrated, especially if it's uniform murk.

I’m trying to compile a list of major technological and societal trends that influence U.S. computing research. Here’s my initial list. Please post your own suggestions!

• Ubiquitous connectivity, and thus true mobility
• Massive computational capability available to everyone, through the cloud
• Exponentially increasing data volumes – from ubiquitous sensors, from higher-volume sensors (digital imagers everywhere!), and from the creation of all information in digital form – has led to a torrent of data which must be transferred, stored, and mined: “data to knowledge to action”
• Social computing – the way people interact has been transformed; the data we have from and about people is transforming
• All transactions (from purchasing to banking to voting to health) are online, creating the need for dramatic improvements in privacy and security
• Cybercrime
• The end of single-processor performance increases, and thus the need for parallelism to increase performance in operating systems and productivity applications, not just high-end applications; also power issues
• Asymmetric threats, need for surveillance, reconnaissance
• Globalization – of innovation, of consumption, of workforce
• Pressing national and global challenges: climate change, education, energy / sustainability, health care (these replace the cold war)

What’s on your list? Please post below!

[cross-posted from CCC Blog]

Andrew wrote last week about the stock market's May 6 "flash crash", and whether it might have been caused by a denial-of-service attack. He points to a detailed analysis by nanex.com that unpacks what happened and postulates a DoS attack as a likely cause. The nanex analysis is interesting and suggestive, but I see the situation as more complicated and even more interesting.

Before diving in, two important caveats: First, I don't have access to raw data about what happened in the market that day, so I will accept the facts as posited by nanex. If nanex's description is wrong or incomplete, my analysis won't be right. Second, I am not a lawyer and am not making any claims about what is lawful or unlawful. With that out of the way ...

Here's a short version of what happened, based on the nanex data:
(1) Some market participants sent a large number of quote requests to the New York Stock Exchange (NYSE) computers.
(2) The NYSE normally puts outgoing price quotes into a queue before they are sent out. Because of the high rate of requests, this queue backed up, so that some quotes took a (relatively) long time to be sent out.
(3) A quote lists a price and a time. The NYSE determined the price at the time the quote was put into the queue, and timestamped each quote at the time it left the queue. When the queues backed up, these quotes would be "stale", in the sense that they had an old, no-longer-accurate price --- but their timestamps made them look like up-to-date quotes.
(4) These anomalous quotes confused other market participants, who falsely concluded that a stock's price on the NYSE differed from its price on other exchanges. This misinformation destabilized the market.
(5) The faster a stock's price changed, the more out-of-kilter the NYSE quotes would be. So instability bred more instability, and the market dropped precipitously.

The first thing to notice here is that (assuming nanex has the facts right) there appears to have been a bug in the NYSE's system. If a quote goes out with price P and time T, recipients will assume that the price was P at time T. But the NYSE system apparently generated the price at one time (on entry to the queue) and the timestamp at another time (on exit from the queue). This is wrong: the timestamp should have been generated at the same time as the price.

But notice that this kind of bug won't cause much trouble under normal conditions, when the queue is short so that the timestamp discrepancy is small. The problem might not have be noticed in normal operation, and might not be caught in testing, unless the testing procedure takes pains to create a long queue and to check for the consistency of timestamps with prices. This looks like the kind of bug that developers dread, where the problem only manifests under unusual conditions, when the system is under a certain kind of strain. This kind of bug is an accident waiting to happen.

To see how the accident might develop and be exploited, let's consider the behavior of three imaginary people, Alice, Bob, and Claire.

Alice knows the NYSE has this timestamping bug. She knows that if the bug triggers and the NYSE starts issuing dodgy quotes, she can make a lot of money by exploiting the fact that she is the only market participant who has an accurate view of reality. Exploiting the others' ignorance of real market conditions---and making a ton of money---is just a matter of technique.

Alice acts to exploit her knowledge, deliberately triggering the NYSE bug by flooding the NYSE with quote requests. The nanex analysis implies that this is probably what happened on May 6. Alice's behavior is ethically questionable, if not illegal. But, the nanex analysis notwithstanding, deliberate triggering of the bug is not the only possibility.

Bob also knows about the bug, but he doesn't go as far as Alice. Bob programs his systems to exploit the error condition if it happens, but he does nothing to cause the condition. He just waits. If the error condition happens naturally, he will exploit it, but he'll take care not to cause it himself. This is ethically superior to a deliberate attack (and might be more defensible legally).

(Exercise for readers: Is it ethical for Bob to deliberately refrain from reporting the bug?)

Claire doesn't know that the NYSE has a bug, but she is a very careful programmer, so she writes code that watches other systems for anomalous behavior and ignores systems that seem to be misbehaving. When the flash crash occurs, Claire's code detects the dodgy NYSE quotes and ignores them. Claire makes a lot of money, because she is one of the few market participants who are not fooled by the bad quotes. Claire is ethically blameless --- her virtuous programming was rewarded. But Claire's trading behavior might look a lot like Alice's and Bob's, so an investigator might suspect Claire of unethical or illegal behavior.

Notice that even if there are no Alices or Bobs, but only virtuous Claires, the market might still have a flash crash and people might make a lot of money from it, even in the absence of a denial-of-service attack or indeed of any unethical behavior. The flood of quote requests that trigged the queue backup might have been caused by another bug somewhere, or by an unforeseen interaction between different systems. Only careful investigation will be able to untangle the causes and figure out who is to blame.

If the nanex analysis is at all correct, it has sobering implications. Financial markets are complex, and when we inject complex, buggy software into them, problems are likely to result. The May flash crash won't be the last time a financial market gyrates due to software problems.

Sunday's New York Times has an article about cyber-bullying that's currently #1 on their "most popular" list, so this is clearly a topic that many find close and interesting.

The NYT article focuses on schools' central role in policing their students social behavior. While I'm all in favor of students being taught, particularly by older peer students, the importance of self-moderating their communications, schools face a fundamental quandary:

Nonetheless, administrators who decide they should help their cornered students often face daunting pragmatic and legal constraints.

“I have parents who thank me for getting involved,” said Mike Rafferty, the middle school principal in Old Saybrook, Conn., “and parents who say, ‘It didn’t happen on school property, stay out of my life.’ ”

...

Judges are flummoxed, too, as they wrestle with new questions about protections on student speech and school searches. Can a student be suspended for posting a video on YouTube that cruelly demeans another student? Can a principal search a cellphone, much like a locker or a backpack?

It’s unclear. These issues have begun their slow climb through state and federal courts, but so far, rulings have been contradictory, and much is still to be determined.

Here's one example that really bothers me:

A few families have successfully sued schools for failing to protect their children from bullies. But when the Beverly Vista School in Beverly Hills, Calif., disciplined Evan S. Cohen’s eighth-grade daughter for cyberbullying, he took on the school district.

After school one day in May 2008, Mr. Cohen’s daughter, known in court papers as J. C., videotaped friends at a cafe, egging them on as they laughed and made mean-spirited, sexual comments about another eighth-grade girl, C. C., calling her “ugly,” “spoiled,” a “brat” and a “slut.”

J. C. posted the video on YouTube. The next day, the school suspended her for two days.

“What incensed me,” said Mr. Cohen, a music industry lawyer in Los Angeles, “was that these people were going to suspend my daughter for something that happened outside of school.” On behalf of his daughter, he sued.

If schools don't have the authority to discipline J. C., as the court apparently ruled, and her father is more interested in defending her than disciplining her for clearly inappropriate behavior, then can we find some other solution?

Of course, there's nothing new about bullying among the early-teenage set. I will refrain from dredging such stories from my own pre-Internet pre-SMS childhood, but there's no question that these kids are at an important stage of their lives, where they're still learning important and essential concepts, like how to relate to their peers and the importance (or lack thereof) of their peers' approval, much less understanding where to draw boundaries between their public self and their private feelings. It's certainly important for us, the responsible adults of the world, to recognize that nothing we can say or do will change the fundamentally social awkwardness of this age. There will never be an ironclad solution that eliminates kids bullying, taunting, or otherwise hurting one other.

Given all that, the rise of electronic communications (whether SMS text messaging, Facebook, email, or whatever else) changes the game in one very important way. It increases the velocity of communications. Every kid now has a megaphone for reaching their peers, whether directly through a Facebook posting that can reach hundreds of friends at once or indirectly through the viral spread of embarrassing gossip from friend to friend, and that speed can cause salacious information to get around well before any traditional mechanisms (parental, school administrative, or otherwise) can clamp down and assert some measure of sanity. For possibly the ultimate example of this, see a possibly fictitious yet nonetheless illustrative girl's written hookup list posted by her brother as a form of revenge against her ratting out his hidden stash of beer. Needless to say, in one fell swoop, this girl's life got turned upside down with no obvious way to repair the social damage.

Alright, we invented this social networking mess. Can we fix it?

The only mechanism I feel is completely inappropriate is this:

But Deb Socia, the principal at Lilla G. Frederick Pilot Middle School in Dorchester, Mass., takes a no-nonsense approach. The school gives each student a laptop to work on. But the students’ expectation of privacy is greatly diminished.

“I regularly scan every computer in the building,” Ms. Socia said. “They know I’m watching. They’re using the cameras on their laptops to check their hair and I send them a message and say: ‘You look great! Now go back to work.’ It’s a powerful way to teach kids: ‘I’m paying attention, you need to do what’s right.’ ”

Not only do I object to the Big Brother aspect of this (do schools still have 1984 on their reading lists?), but turning every laptop into a surveillance device is a hugely tempting target for a variety of bad actors. Kids need and deserve some measure of privacy, at least to the extent that schools already give kids a measure of privacy against arbitrary and unjustified search and seizure.

Surveillance is widely considered to be more acceptable when it's being done by parents, who might insist they have their kids' passwords in order to monitor them. Of course, kids of this age will reasonably want or need to have privacy from their parents as well (e.g., we don't want to create conditions where victims of child abuse can be easily locked down by their family).

We could try to invent technical means to slow down the velocity of kids' communications, which could mean adding delays as a function of the fanout of a message, or even giving viewers of any given message a kill switch over it, that could reach back and nuke earlier, forwarded copies to other parties. Of course, such mechanisms could be easily abused. Furthermore, if Facebook were to voluntarily create such a mechanism, kids might well migrate to other services that lack the mechanism. If we legislate that children of a certain age must have technically-imposed communication limits across the board (e.g., limited numbers of SMS messages per day), then we could easily get into a world where a kid who hits a daily quota cannot communicate in an unexpectedly urgent situation (e.g., when stuck at an alcoholic party and needing a sober ride home).

Absent any reasonable technical solution, the proper answer is probably to restrict our kids' access to social media until we think they're mature enough to handle it, to make sure that we, the parents, educate them about the proper etiquette, and that we take responsibility for disciplining our kids when they misbehave.