The Silence of Censorship
A recent episode involving an online site, Switched.com, brought the 1964 Simon and Garfunkel song, “The Sounds of Silence” to mind. In this case, the reminder was not pleasant. It was the realities of censorship, albeit a subtle censorship. It is a censorship that seems to happen without notice in the online world.
Earlier this month, on Monday, November 2, 2009, I noted the appearance of an article by Terrence O'Brien entitled Just How Risky Are Public Wi-Fi Hotspots? It was a headline item on America Online's home page.
I read the article, and while I agreed with some points, I disagreed with others. Joining the discussion, I posted a comment (reproduced below) that expressed my agreements and disagreements with the issues raised by the article. The posting was courteous and professional. The comment also referenced my public presentations and papers relevant to the subject.
Quite correctly, Switched.com requires those submitting provide an e-mail address so that authorship can be verified. Before the submitted comment is publicly posted, the contributor must respond to a verification email from Switched.com by visiting a specific URL contained within the message. I followed the procedure and acknowledged that the posting was correct. The posting duly appeared in the “Comments” thread for this article.
I am always curious to see how a discussion evolves. A short time later, I visited the comment thread to see what following postings had been made. I was somewhat surprised to see that my comment was no longer in the list. A quick check of the web server logs showed that there were several views of the collateral material, then nothing.
I looked for the “Contact us” link on Switched.com, and discovered that the “Contact us” page was redirected back to the site's home page. As can readily be seen, there was nothing in the posting that was obscene, uncivil, or otherwise inappropriate. What the post did say was that the hazards of public Wi-Fi hot spots are at times overstated. The Switched.com comments box states:
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) [Italics mine] or email address and we will make it a live link for you. You can put up to 3 URLs in your comments.
The two links embedded in this particular comment were mainstream presentations open to the public on Wi-Fi security, one done as part of the Trenton Computer Festival (sponsored by IEEE and ACM, among others), and a seminar given under the auspices of the Westchester County Executive Andrew Spano, on compliance with Westchester County's Local Law 4-2006. This law regulates the use of Wi-Fi by businesses, both as part of internal networks and as providers of publicly available hot-spots. Also included in the posting was a reference to a paper published at LISAT 2007, a regional conference under the auspices of the Long Island section of the IEEE.
Certainly, Switched.com is free to reasonably delete blatantly offensive or off-subject postings. However, I fail to see the rationale for deleting a reasonably phrased, on-topic post without explanation or justification. I also find interesting the non-functional “Contact us” page, making it impossible to directly understand the reason(s) for this action. Queries to both the article's author and Switched.com shortly after this deletion was noted (November 2) have not elicited any response to date (November 24).
It has always been understood that inclusion in the Letters section of a publication is at the discretion of editorial staff. The production process of a hardcopy publication makes this necessary and this filtering is prominently featured in the solicitation for letters.
The comments section of a web publication has been touted as a more democratic process. However, this presumes that comments are treated uniformly. If comments that do not violate the published policies of the site are deleted without explanation, it distorts the conversation. This is particularly true when the comment does not concur with the article that is being commented upon.
One of the hallmarks of America's freedom of the press has been the underlying public accountability. The lack of any explanation, and the lack of a functioning feedback mechanism raises questions about the adequacy of online media as a successor to traditional media, particularly when topics of import are being discussed.
The article makes some good points, but I would also disagree with some of the comments made. In any event, nothing in this article is fresh news, the issues have been discussed in many very public places for years.
First, I will differ with the use of “insecure” to describe an unencrypted network. The correct usage is “unsecure”. Admittedly it is a common error, but it does make a difference.
Securing a home network is straightforward, and using the best protection supported by your hardware is a good idea. It is also straightforward to still provide hospitality to visitors of any kind without compromising your network, a concept that I have presented in the past in numerous lectures over the past several years and a paper published as part of the LISAT 2007. Most recently, I presented these concepts at the Trenton Computer Festival as Safe Computing In the Wireless Home, the slides are available at http://www.rlgsc.com/trentoncomputerfestival/2009/safe-computing.html.
The comments about using hot-spots are somewhat similarly incomplete. The recommendation that users verify HTTPS on screens before entering passwords is a good one. However, Public Wi-Fi hot spots are reasonably safe if one studiously uses properly encrypted sites or a Virtual Private Network. Similarly, setting up a Wi-FI hot spot for public use is not difficult, and will not compromise the businesses' internal network. While it is somewhat dated (WPA and WPA2 were not yet widely available), I presented the concepts in Wireless Security: What Every Business Must Know. This presentation was hosted by Westchester, New York County Executive Andrew Spano to explain compliance with Westchester County's Local Law 4-2006, that required business[sic] take reasonable steps to protect the public. The slides from this presentation are available at: http://www.rlgsc.com/westchester/2006-10/wirelesssecurity.html.
As I noted in my LISAT presentation, if one is using a public Wi-Fi as an on-ramp to the Internet, and then using a properly configured VPN, the risk is reduced even further, as all of the traffic between the computer and the corporate VPN gateway is secured.
Of course, I always recommend that people disable file sharing and other services that can be used to compromise a machine.
- Bob Gezelter