now the author of "worm" talks about the computer worm that infected more than 7 million between 2008 and 2009. mark bowden also wrote a black cocktail which was to an oscar-winning film. mr. bowden spoke for a little over an hour of the computer history museum in mountain view california. [applause] >> good evening everyone.

we are going to do this in several parts. a very brief introduction, and then mark is going to talk and a brief reading and then we are going to have a q&a. and then i think cards are going to come up and we will try to make this as inclusive as possible. for the discussion tonight, mark bowden as a journalist to of course you probably all know is the author also of black hawk down and the basis for the movie directed by ridley scott. mark was a journalist first 1979 to 2003. he was of the philadelphia inquirer and for three seasons he covered football, is the right? >> that's right. islamic he's written for the new yorker, the atlantic, sports illustrated, of rolling stone, and i have to mention that

wikipedia notes he read the electric kool-aid acid test. >> i was struck as well but not to become a jobless -- journalist. >> t. j. camapana who to my mind is as close as you can get to the digital sherlock holmes. he's also the senior manager for the investigations of microsoft and digital crime unit and he gave me a sticker. before mark talks i want to just talk a little about our subject the history of the worm probably most of new art familiar with it came from a trends fiction novel written by john in 1975 in which he deposited something called

the tapeworm, and the wonderful thing about that book, in particular with respect to conficker is that he sketched out an offer of syrian regime that controlled the society from the omnipresent network, and the rebels used a tapeworm and the only way the regime could get rid of the worm is unless they lost control so that will bring up conficker on sure. you also probably all know the first real programs were expanded with in xerox park by the researchers john shocker and neither of them are here tonight. as john here? yes, good. i was looking at your paper in preparation for this and i thought what is the difference between a worm and a virus.

we go back and forth on that because they both came from science fiction novels and so in the original paper the worm is designed as simply a computation that lives on one or more machines so we can go from there and maybe getting to the distributed computing. but also in addition to the roots of the computing being here i want to talk about the roots of the computer crime. don parker isn't here by chance is he? of course. if we want to know about the roots i'm sure it is somewhere in the 1950's or 1960's i was thinking about the roots of network crime, and to the best of my knowledge and i'm certainly willing to be contradicted or corrected, but someone who was at the stanford allowed who has a great deal of authority told me he believed

the first computer crime was a drug deal done in the late 1960's between mit students and the stanford sales students. i would love that to be true. that is as much of the layout. why don't you take over. >> thank you, john. >> thank you for coming. i am particularly delighted to be on the stage with two guys that actually know what they are talking about. i am an old newspaper reporter as john mentioned, and about a fellow named jim who was the managing editor of the philadelphia inquirer over night named me the science writer. this was a terrific thing for me because i was working in a suburban tero and then i got to come down and work in the main office, and particularly during the 1970's the inquirer was one

of the preeminent newspapers in america so overnight i was one of the preeminent science writers in america all of which is of course completely unmerited. it turned out that in looking for a new science writer for the newspaper was going through the resume of everyone on the staff and he noticed that i subscribe to the scientific americans. [laughter] [applause] and that is how i became a science writer. the truth of the matter is i was an english major in college and i had started a subscribing to the scientific american precisely because i knew nothing about science and i thought so much of the modern world depends on science and technology to make an effort to understand these things and i think of that magazine had gotten a lot better but 20, 30 years ago i couldn't read any of those articles. they always had a little italicized introduction i could

understand but as soon as the article started i was lost. so they had been building up in my closet for about three or four years and little did i know that they would launch me to the height of american journalism, but i discovered in covering science in the years i did for the enquirer that my ignorance was actually very useful because i was writing stories for non-experts, and i was ignorant enough to ask of the truly ignorant question that needed to be asked so if i was interviewing a physicist at the university of pennsylvania i would ask what is an electron exactly? and was so effective for me is it became a kind of philosophy journalism. so whether i am writing about pro football or a battle in somalia or the iran hostage crisis or in this case a piece

of middleware i began at ground zero and if you were to actually listen to some of the initial interviews i did in preparation for this book, you would laugh because i have to stop the people in talking to literally every sentence to ask what they are talking about. with questions like what is a router? what is a server. what is an isp? was completely foreign. what a great to me about the story though is that over the months that on a record in "worm" there was a fascinating intellectual struggle going on between the high level computer security experts and some extraordinarily sophisticated authors of malware. the conficker popped up in 2008 and rapidly began assembling one of the largest bonet in the world and what was especially

fascinating about this is that the ad hoc group who started working together to try to corral conficker made moves to try to sense this in a. the creators would make countermoves and this went on countermove over a period of four or five months so i'm going to read you the invitation a little passage from "worm" by exploiting that after several of these moves rodney who was a wonderfully burleigh south african emigrated to years ago and has become the head of security for news star which is a big telecommunications and internet based company in washington. as they called themselves the working group and does the

conficker bonet began to grow and people battling it realized it posed a unique threat to the internet itself, rodney went to washington to try to enlist the support of the federal government in fighting the thing and so rodney got invited to give a presentation at the department of commerce because new start manages the .us level domain said he was a contractor and he was invited him and he gave them his power point presentation which he had put together in his hotel room the night before about the conficker and this alarm in the room who much to his shop had for the most part not even heard conficker and he started getting invited over the next couple of days to get some presentation to the various other places so this passage i'm going to read you is like two or three days after

rodney has made his initial presentation at the department of commerce. the following day he was asked to brief the staff of the senate select committee on intelligence because the committee offices were off limits to those without a high security clearance the staff and arranged to meet with rodney in the visitors' center of the capitol building in the cafeteria. about a dozen staffers met him there in the middle of the afternoon. the cafeteria was quiet and empty. the corner of a portion of the room with portable dividers and sat around a table. before he got started one of the staffers, a young woman interrupted him. just so you know, she said, we probably know a whole lot more about conficker than you do. we received a classified briefing yesterday afternoon, the woman said so there is, we not much more you can tell us

about eight. that's really good news, said rod mechem his voice heavy with sarcasm. he knew without a doubt how clueless the establishment was. the woman's arrogance annoyed him. he started collecting his notes. since he had matters completely under control, he said there's no reason for me to be wasting any more of your time. as he stood there was a chorus of noes. we want to hear it said another. so rodney sat back down. he took the copies of the pulpit presentation which had been printed up on the new stationery he hinted that now part of the table the woman that addressed them flipped or copy and pronounced yep this is the same presentation we saw that the classified white house briefing yesterday. [laughter] the meeting dissolved into laughter when they realized that u.s. had simply taken rodney's briefing and presented at the white house as their own work

and classified it to boot. [laughter] brought me later confirmed it with his white house contact who attended all three of the sessions. they just gave it their own, he said. so much for the wanted cyber defense. [laughter] [applause] that's actually a terrifying note to start on if i think about it. stomach isn't it? >> there's certain ethnology's that appear in your book. early on i think it is certain point you gave the sense that the internet is wild west or some sense of that territory stretching out, and that analogy to my mind sort of brings out the possibility of the definition of the call as vigilantes' and i was wondering, one, if the vigilante term works

is it correct and by asking both of you then that all the one question is since the fed is doing well as the vigilante the last best defense in cyberspace? >> the certainly were in this case and i think actually the guys, teaching was one of them, for a little uncomfortable with the designation when someone looked up and realized the actual definition implies a kind of illicit or illegal activities of the subsequently dubbed themselves the conficker working group but it's like if you are the fat kid on the playground and people start calling you skinny there's no you are going to get rid of that city continued to be among themselves the kobach and >> do you take a notion with the issue of vigilante? >> some of the operations we've done despite the fact we've

already gone to court and have legal positions to do what we do there's a growing community of professionals around the world that were saying they could take this back and can do something here because at some level the internet operated by the good guys. so really it was more of an assertion of the right that we had around to protect our own system, so it think the vigilantes' for one of the lightning rod terms working in the legal corporate affairs at microsoft they are called vigilantes'. >> it was an ad hoc assembly for the most part of volunteers who spent a lot of time and energy trying to mount an effort to protect the internet to this threat there was no formal organization. how hard was it for you to break down the hopes when you started the book? did you get the cooperation

easily with difficulty, did it depends on -- >> everyone was terribly eager to help, they were appalled at my level of ignorance. they are extremely patient and most of the folks i work with went out of their way to help me understand to read the draft in the story as i was writing it and correct my mistakes to help me better understand the story because i think they felt it was an important story. spinnaker want to ask both of you early on for your i guess what have you been saying about the state of security affairs and cyberspace as you go on your book tour and then i want to get your gauge. what was conficker an indication of in terms of having cyberspace be secure, are we entirely out of control? where are we? >> i think that t.j. can answer better than my but my impression was, and i was surprised to

learn how vulnerable the internet itself was to threat the botnet of this size and the internet that grew out of the late 60's, early 70's utopian spirit of the freely sharing data and the time primarily by academic researchers and scientists failed to adequately consider how the openness of the internet which is such a boon to the world could also be a tremendous vulnerability and that there would be people who would take it advantage of it. i think the fact that the federal government in the conficker was clueless about what was happening and what to do about it was shocking to me. my impression is in fact president obama in 2009 when he gave his speech about cybersecurity, he specifically cited conficker as a case that demonstrated how ill-prepared the federal government was to

protect even its own network. and i think that since things have been proved that's my impression. you have seen a number of moves made by the federal government the last two or three years that have been publicized and written about so clearly the government is more aware today than they were just two or three years ago but they're remains an enormous problem because it is a global issue. there is no such thing as a global police force and there is no such thing as the international law governing something like this so it poses tremendous challenges. >> i think the openness of the internet is its greatest strength and weakness. it's tough to kind of manage the use of devotee security on the same level. subject its open makes it vulnerable to these scenarios and was invented in a different time. i think that the conficker incident was kind of an awakening and i won't speak for microsoft perspective a new way

of thinking about how can we address these issues but thinking around how is it all of these technology companies sitting in the seat of technology right now how can we not be more aware of what is going on and how can we play a bigger role as the industry to tackle some of these problems and honestly when rick called up with a couple of my colleagues on the phone and said what is microsoft doing about this we were honest we like well we have released the package for that. [laughter] so we are sitting there looking at it and having meetings with the folks that to all the packaging for our technologies and we said we can do more something. we should be able to do more something here and there was kind of an awakening for microsoft in particular and you have seen our program explode into these different ways of thinking about cybercrime and the way people are using the internet and the microsoft

technology. >> before we get too far can you give an epidemiology for people that may not know the blow by blow of conficker or just the first half you talked about it showing up i guess it was john that talked about it but just sort of describe the beast. >> the worm has popped up on the honeypot as honey net and was on his monitor and what happens is the line will pop up on the monitor and there's all these revolts one of which is a column that indicates how well recognized this by riss is to the major anti-virus industry and this one was recognized by no one. this was the first and the next thing that happened was it was replicated so rapidly that within 24 hours it was shoving

every other piece malware out of the honey pot. the only things on the screen were conficker, conficker. he said i literally had nothing else to work with at that point. but they discovered when they began to dissect it is it was a sophisticated piece that was highly and corrected. one of the things it did this check to see if the computer it was about to in fact had a ukrainian keyboard and would self-destruct if the computer did. but basically what a worm like this does is penetrate to the core of the operating system and replicate itself, send out and in fact every other computer on your network and also begin calling home to a remote controller. the remote controller the way that you would ordinarily kill it is top of its head if you could intercept that communication you can effectively kill the botnet so

the net and alveringem the generated randomly 2050 new domains every day so the master had to be behind only one of those $250 so if you want to cut this thing off he would have to shut down all 250 domains every single day forever so that is one example of the nature of the thing, and i think that he may even be here tonight. teaching mentioned a moment ago and up buying the bulk of the demands and put them on the credit card which gives you the sense of how ad hoc this was to try to stop at. >> before we go further down the path i just want to go back to a question of what kind of straits, and a question for t.j., i have a very old e-mail

address and a filter in front of it. >> what is that? >> i think most people here know. since most malware is distributed by botnet, the level of spam is from the rough correlation falafel of malware infection. so i remember about a year ago a large botnet was taken down and spam sell-off, but i have to say if i look historically at the number of spam messages it looks like it is ten to 20% worse than it was before that happened a and my good indicator of the state it is a perspectives situation, the operation you referred to is the take down so

we left at some of the reports that were coming in. one of them was the zero impact on spam and one was 5% and one was 10% and one was 30%. so we looked and what is the real number and we determined it was a prospective things we called our friends at hot meal and said it did we do anything good for you guys? we see a drop-off of like .07 per cent. i was hoping for a bigger number. >> the problem is they have a lot of the providers of systems in place that prevent sending from the not known so really the unblocking a low of the spam hitting already so we had a small impact with some other organizations particularly the private companies they saw a huge dropoff to cause the big stammers wouldn't be sending to halt mail because we would be blocking and i am sure that

yahoo! is the same so we talked to our hot meal folks and they said they largely managed the issue but the thing we saw when we were watching a were honeypot attempt to send spam it was sending it to a bunch of different domains so we definitely salles hotmail leaves but that would never make it into the in box because the children on our site, so i don't know what the number is. i know when we start to look at these things and go back to your original question, i look at how many millions of my customers are being impacted by this because if it is running on there is running something else, just based on the testing. so we look at it a little differently. spam gives us cause to sit in the courtroom and say they are harming us. i also look how many of my customers are being impacted so when we start to look at this in particular the analysis shows it would reach out to the peace of infrastructure and download the patch in specific ways we were able to fingerprint that so we knew how many in the machines we

were dealing with so one of the criteria in the conficker was a big botnet, how many of my customers are being negatively impacted by this piece of malware. it's not great but in the past couple of years we've really seen a surge in internet service providers and technology companies taking an interest knowing private companies can do more to protect folks so i think the dark days are behind us. [laughter] >> i need some type of wood. [laughter] we start to understand there are things we can do we are kind of coming out of that so at the last conference we had two weeks ago we've been doing the conferences for like ten years now on the heels of the international botnet task force

how can we be operational and how can my company health and take down their own? i would love to see it go away as a distribution but from the perspective there's a certain perspective that shows that might be the case there might not be any change where some of the infancy so we don't know. >> this book is a who done it and i just want to check in with you guys to see where we are to read at a certain point of been a couple of things that have happened and we are taking you through where the law enforcement aspect is and you feel you have conclusive sense of who the authors work or are. >> my suspicion is, and i can't say with any certainty that a fee of of 40 to know who was behind it and i suspect the difficulty of for handing them had more to do with diplomacy dealing with a foreign

government from dealing with the foreign lobby and police agency than it does with actually finding them. what we do know about the author of the worm who without having caught them yet is that they are tremendously sophisticated programmers and the reason i used the plural is it is almost certainly not one person because the worm demonstrated such a high level of proficiency and so many different areas that it's impossible to mention that one person that would have that ability and knowledge and so many different areas that have the same time, so the likely culprit is a group well funded probably funded by a and organized crime syndicate who set out to create a very large, very stable botnet that can be used as a platform for all mischief, a money-making platform. >> and if you look at the early

indications of how conficker is being leveraged, strong ties to the anti-virus and some type of affiliate program, the key word check is interesting because no one wants to be arrested by local authorities for compromising machines in their companies. we are looking towards eastern europe to find out what that looks like. but it's one of those interesting -- i agree we refer the case to the fbi yearly on. they've been working the case for some time. i know that they are working hard on it but i don't have any -- i don't have a picture of the guy. >> if you wanted to point to ukraine would more obviously than putting in the keyword. >> it's possible someone would create something like the

conficker botnet because it can be used for virtually anything. the group in europe that was arrested earlier this year used to train $72 million of american bank accounts. they do that by releasing a portion of the botnet. >> is the one time it was used or was it used several times? ..

and when the request and the kabbalah got her arms around corralling all 250 of the sea very and generated 50,000 domains every day. so it was almost late well, you know, if you're willing to spend this amount of money and time and effort to stop us, are you willing to make an exponential seats? >> and then they went to a period communication. >> that's right. the fact, the kabbalah actually managed to recruit the cooperation of every top-level country domain in the world, all 100 can have found their arms around 50,000 a day, only to have the ones introduced here to tear communication so they could need it. >> you think the authors authors were doing this on the fly that it was responding quite

>> without a doubt. they look for clues and that they were monitoring traffic on the search that maintained. they were attacking them to ask our eyes systems to check on so forth -- >> without giving away identity. >> one of the interesting things they did as the communication from the word to the botnet were initiated, which was the highest level of public encryption method in the world. right now there is actually a competition going on to develop shaw three, which when it is complete will introduce the new highest level of public encryption. qualcomm figure i had shots to peer config or be used a proposal, which came from ron

trebek and then had a minor flaw in his proposal so he would cure it and correct it and can't figure c. at the corrected proposal. so my personal theory is that my ba. [laughter] >> when they were to peer-to-peer mechanism, used the cobol or anyone else is never able to see that communication. are you able to see the traffic that went between quite >> you can still see the network. so one of the big kind of issues that we face as we don't let them make smarter criminals. so when the directions we want to make sure we observed and do what we supposed to do it but the enemy at a disadvantage. the fact that they went to the peer-to-peer mechanism didn't make it invisible. we could still kind of track to a limited degree and not be

significant portion. i worked to play as others to do that. but they were able to do is sneak a domain and a witness because we were still trying to figure out, how do we stop 50,500 domains per day? said they stuccoed domain name. the only updated a part of the mechanism. it is not as reliable as a straight command and control. it's more resilient to attack. but as he saw them kill u.s. operations 79 nv 49, there are vulnerabilities in most of the pieces out there, so we were able to oftentimes analyze the traffic flow and not to be to impact that. >> how many machines are out there in the world still? i hear 10 million. is that a big number quick

>> that was early on. the reason the q. value seen in the date with the piece of the code. what we think is the latest number from shadow services about 4.5 alien can't figure a comment be around 250,000 nodes out there. >> it hasn't done anything of note for how long quite >> a long time. >> let me go back to your question earlier. the most logical explanation as i said is a platform for criminal activity, but if it is a sophisticated income is something like a bot net of this size is also a very powerful tool and if he wanted to launch a cyberattack, and assert the capable of overwhelming the root servers of the internet itself. now say nationstates behind it he wouldn't necessarily use the weapon right away.

you would wait until you wanted to use it. suburban folks about this book and are disappointed the real world sometimes doesn't offer a germanic ending to a story. so it is true the button have not yet tried to destroy the internet with it. the idea some guy to make up on the wrong side of the bed and without telecommunications i find a little disturbing. >> is your bet that they haven't gotten the authors? >> correct. >> so there's a spectrum of possibilities. one is the most obvious is distribution or selling off lease time. there's war tool, but i discovered in your boat which i thought was fascinating is that in one of the generations of

isp's is how connected they were. the authors were thinking about the structure of the social realm and there were some guys. i'm a few ram but these guys at m.i.t. who wondered whether it wasn't some gigantic center not that someone was trying to build basically a surveillance tool rather than a death tool. to be there if you run into that possibility? seven instrumented a mac. >> there was robust discussion within the working here, but with the actual cause or use of it was. everything ranging from state-sponsored piece of now where that got us in secret lab somewhere to the prevailing theory right now being used to monetize scare ware. certainly it was just too chatty. so if you look at some of the modern threats out there right

now, they are not generating two in the 50 domains being not chatty. this is not designed to be a stealth piece of nowhere. >> how long have you been in this business? when did you start? in forensics? >> i went to florida state university and the better part of the 90s. his uncle is what used to be the coach at florida state seminoles. it was really night to see that. so ever since i was in grad school my undergrad is in criminology. i was more interested in information security, but to kind of put yourself through college he did many things. so really looking at the network of administration has how i put myself through undergrad. i began to really start looking at those things. in the early to mid 90s at academic institutions, the wild wild west was a good description of what this networks are like.

typically fragmented administration or a public university we couldn't block at the edge. i hear that is still the case. so we would see some amazing traffic patterns and it was really kind of an open on top the entire network was. so really understanding how machines for getting compromised is when it started to peak my interest. >> you have trouble keeping your spirits up? this is kind of like going to fade all uphill. >> i love it. every day. my life is like are you going to come to bed? five minutes turned into five hours. the sun is coming up. we were discussing this earlier on in the green room. i don't think i could wake up every day and do the same thing and that's what this allows us to do. >> i found that you're not just at this but all those who are involved. people ask me if they were getting paid to do this, p.j. has a job, but some of the soap

stood out of the goodness of their horror. why were they doing that? i think maybe the right answer is it's fun and fascinating. these people think there's harder than we are. i don't think so. sometimes they are and sometimes they are not. >> how many members are here? anybody else? are we a dying breed quiet so what is your take on this culture? what did you come away from reading this group of people? you know, i think you could make an argument that the contractor is tremendously interesting and sophisticated. it might not be the most dangerous worm ever. the.net may not be the largest, but for my purposes, it is a

wonderful case study and gave me an opportunity to sort of walk around in a subculture, in this case the culture of computer security geeks, uber geeks i call them and you know, i think for me that is the fun of reporting and writing is learning about aspects of the world and modern life that i otherwise would never encounter. so for me, i think this isn't a unique subculture because it is a relatively new phenomenon has grown so rapidly that you find the folks are at the start of vanguard and miss the old are very few of them. it's not like you can go to -- nowadays he probably could, but i know when self-reports went to

stanford in the 1980s -- and probably making a mold or a mold or come in maybe 1990s he had to actually shop around for a college professor who could teach them something because he had growing up thing with computer networking systems and is such a new thing that he had developed a high level of proficiency on his on and it is difficult to find someone who could tell them or teach them anything. that level of skill has continued under the different individuals for different reasons. but that is how i see them. >> it's interesting to look at that if you look at andre lacroix and some of those guys were basically self-taught. >> condrey went to community college and was running a security, i.t. security guy and discovered someone over the weekend had broken to its network and used it to stash a lot of pirated music and movies and he was able to clean it out

and secure its network and its boss said okay, end of problem. but on a current well, he went back to check the system and people are battling his doorknob all the time to do this kind of thing. the idea that someone was trying to deposit illicit material in his office park in new jersey and treats them so much that he set himself on a course where he has become one of the leading authorities in the world. >> did you spend a lot of time at the group? >> what a shadow servers? >> are rarely spent time at andre, but also richard for lugo is one of the originators of it. essentially again, the essence of a volunteer organization began monitoring botnet, defect deny whether and consider themselves killers. and they would inform networks

and they would call a network security guy and say we are calling firm virgie county to let you know that you are network has been hijacked. and they would routinely be dismissed and time people realized they were right and they were offering this information for free. the andre's philosophy is it's kind of like if you see someone's house is on fire, do you charge them to win for them that their house is on fire? so he knocks on the door and says hey come your houses on fire. so he does this out of the goodness of his heart. >> andrea nye and richard talk a lot about that model saying hey, what is the right thing to do? is strongly a glance at the d.c. was trying to do. at the end of the day we do take

downs. the goal is to reach out to the end customer and try to clean them up and let them know there's some things you need to be doing in order to be a citizen. >> a couple times he talked about the takedowns, but is your group engaged in sort of infection? do you mention things that just you've written code that goes out and takes confections off of machines? is that routinely done? >> all be clear. i'm widescale heavy ..? >> said the removal tool comes as part of the package runs a 700 million computers each month. so that is one of the tools that we use as part of the automatic a process. >> so then we also develop tools called the enhanced ms i.t. and we also have a difficult system sweeper that these two windows image that has the full signatures that. we engage with isps around the

world and all of our operations to get information from a sinkhole so they can go out and carry that message into their countries. so while that was the first time he had the remediation piece in place and it's slow going, it was rough, ugly, who didn't want the data, who wanted the data, were they able to actually use the data? we learned a lot of lessons on that intricacy or to get 90% clean. when we do to restart operation, we actually had a 50% reduction in the first 45 days or something like that. so we are getting better. is that a long-term solution? no. we need to figure out what is longer-term solution we can have more impact. but we kind of come up against we are the good guys. we can't push code to the machine at the bad guys. what other mechanisms are available. so we have robust debates. >> one of the things mark did that was so good, compelling to me is in describing your patching process when the patch

for now, you've been prepared in realizing there was an instruction manual you had given up their emulated country vulnerability. to me, how do you get around that as a structural problem you're facing? >> so the guys at microsoft secured resource center way on that heavily. so understanding if there's a vulnerability in the osi and components has been actively exploited, we weigh that. there's a lot of people dedicated to manila dedicated to manila soon as we issued a patch, a whole bunch of people say okay, what did they change. here is the dll and they changed these bits. they quickly look up a vulnerability was patched. so that is something that does go into the equation. so at the international task force meeting in virginia in 2008 when we announce the patch, i still remember the number, we

said hey guys, let's start looking at this and we had the advantage of having security researchers from 45 countries in the ground. so we actually covered up the last session and spent about an hour and a half with everybody and that folks from the msr see in the room with us give it implosive bower and exploit code me started shifting it around, but we knew it was definitely a vulnerability and we need to get the patch out there and there were people there and patching machines over the wi-fi coronation summer. we should've probably planned ahead for that. but it was one of those things you can't avoid. people that are curious will look at what are they up date? >> of the six weeks later? >> is a really short amount of time. i offends another price, so the first thing they do is take a snapshot of the os in their car. they take it to the dealership, get the update and bring it

back. so it's curiosity. these guys use the curiosity for nefarious activity. >> you pain a good picture, a compelling picture of the culture. did you look at all of the culture and spend anytime on the the other side? >> no, i did look at -- there are websites for some of these purveyors are openly celebrating success. i watched online a company party that one of these groups is having to share wrestling off cars to people and there was a rock band and everything else and this is in russia. >> it was very funny. but it shows the level of involvement in openness with which people engage in certain parts of the world. the scope of this book i deliberately chose to nanotube to struggle against can't figure

and since i didn't know. i was hopeful to be honest that they would catch these guys before it finished writing this book. if they had i would've tried to go to wherever it was there from. if it's the ukraine it would've added that peace to the story. unfortunately that didn't happen in time. >> $250,000 every now a genuine leading to successful arrest and conviction if anyone knows anything mark would definitely want to know about that, too. >> to the rewards work for you? >> we issued for rewards at this point. the first of a not so much. the second one, yes. good tips and then most recently we issued the reward for the restart case. so we can't talk too many details about that. it has referred to you vi in $250,000 -- as i took two to $50,000. they're making millions. will he stick additional two and

$50,000. >> to the favorite success? >> i don't even use the success as i have favorite things that have happened. i have learned more from failing than successes. so i think early on when they started to kind of contemplate the microsoft response strategy, looking extras be, i kind of realized that the challenges. i have budget, why can't eyeball by augusto mannesmann managers going to church $35,000 for the domains on your corporate amax. that's not going to work. just figuring out there's things we can do. obviously buying the domain is not the long-term solution but as a stopgap that would've worked. it's really one of those names that motivated anti-say worked with to say okay, we are not going to let that happen again. >> a couple more questions than

all turned to some of your questions here. could you contract reporting the throw to reporting the "black hawk down" world? >> not that different to be honest. i made a joke and it's true how i had to literally stop folks every sentence to ask what it is they were talking about and that is also true when i started working on black hawk down. soldiers spoke in a jargon refer to weapon systems. they speak their own language and i was in the beginning stopping people the time, saying i remember once you're often mistaken as an expert for this field that -- in the field you've just written about and i was talking about "black hawk down" at the army war college in carlisle and occurred on the back of the raised his hand and said acts if i thought about the army vehicle should've been part

of the force protection package in mogadishu. if anything before you're entitled to have opinion about an armored vehicle you need to know what one was. [laughter] server reporting back when i used to cover football, sportswriters would say how can you go from covering science and politics were covering transportation and sports and i tell them it's a transportable scale. the whole idea is you go into a world you don't understand. you find the people who can educate you and ask questions until you arrive at your own level of understanding and write the story. that is in a nutshell what i do and my leg doing it. >> one must question. were you deeply engaged in config or when it came on the same? and as a writer, you tell one story and there's this other story -- the great thing if it was one story and you had a cast. did you feel like conflict that because there's another big --

>> not much to be honest. i have a kind of disinclination to be writing the same story ever announces writing. i have no doubt it would attract a lot of attention. maybe you are writing one. i have no desire to compete with those folks. i would rather find a story no one else is telling. i wrote a book about the philadelphia eagles 1992 season. they said were he writing about this season? they didn't write when the super bowl. it didn't make any difference to me. it was an opportunity to read write about that wilderness people. but you made that is what the story is in the fact that there might be a spectator story that comes down the line is almost guaranteed, it doesn't really influence me. >> when you get the audience involved. it's too prior. one is a question of when is a common.

the question is what is the calm ficker environment? been asked this question. versus operating system that is a lot like a unix environment. why do you think you have such a larger problem than the macintosh world appears to aside from the fact that they had 10% or 7% market share? is there anything else that is different? >> i think we can hang that on a number of things. market share be mondays then beaten to death. o-oscar factor is not that much money in it. if you think about the problem is, it is a cybercrime problem. they don't do this for giggles like we did back in college. i can make people's computers do funny things. they are about money. so what is the biggest mexican

cat? i think the apple guys are starting to see a little more of it. i think it's going to be their turn to have their windows xp service pack two moment. but i do this right now. >> this wonderful paper years ago basically making your argument is a question of scale. then you try to estimate what the percentage of market share to have to reach at that point and i think it was like 70% mortgage. >> but it's also criminals are smart. they're lazy. but they are smart. they realize that an apple computer cost this much more than a normal pc. in a different spam trojan for windows machines. we will start to see more of that happening.

but at the end of the day a cyberpart dose. if i need a car and i mccarthys, i don't care what kind of car he drives. i need a car. i'm going to steal a car. really bringing it back tears security verifications appeared when the seven being more secure and best item of the be. i could self learning as we go, but also the other elements where the criminals go if the money is. >> just a comment to mark. some of us to a then enveloped in arpanet network since the 1980s have always been scared right config or instant is and how to attack them without killing the network. >> another question. do you think the worm creation might have been funded by a terrorist group like al qaeda? >> no. i think because we've never seen that level of sophistication

from a terrorist organization and also the way it has been used, there is nothing to stop the office of the calm ficker button from launching an attack in 2009 other then they probably don't want to take on the internet. they probably want to use the internet to make money. so too is a terrorist organization, we would know by now. >> it is a terrorist organization would be quieter. it comes back to how noisy the threat is. >> what is microsoft doing to present os improvements. [inaudible] [laughter] >> we have a number of programs. obviously the life cycle trying to get folks to code in a manner that makes it more difficult to attack. windows seven and having things like addresses space layout

randomization, didn't take that. would actually have the trust for the contingent on the individuals from across the company i work to triaged vulnerabilities and how timely patches and on a medic dates and a division of our company called them now where protection centers. at the end of the day will be a seed is a shift from attacks against windows to a shift in attacks against third party add-ins. in social engineering. at the end of the day, i think we are making huge strides on the security front as far as os vulnerabilities. now we are working hard to find out ways in which we can secure some of the application. one of the tools i regularly to plan our systems and our fusion center is the enhanced mitigation toolkit and what it allows us to do in specific applications and have

applications that on the machines. we are learning by being forced to fire. for the past 10 years we have really been under the scrutiny of the securities meeting. we stepped up to the challenge. if we install the screensaver and that's been trojan eyes, we try to psych to joe crime shows. it would bring that to bear on the problem and we try to protect their customers in a new and quite frankly unique way for all the industries. >> that was true here. >> bears lots of buffers.

>> we put a lot of our code through the stl. then there's that and really making at more difficult for the attacker to feel too hot to different parts of the os. they are sharp. will close over and come up with something else. >> it's a classic arms race. every time in history someone has come up with a way of defending his castle and the attackers find a way to bridge the defensiveness is just happening in an intellectual realm. >> question here. u.k. statistics on a number of infections. his assessment include pirated software? if not, what do you estimate them to be? >> said the infection number estimates are based on input data. we don't distinguish between pirated copy were legitimate copy. so that is a true number and it

is thought in all this space. so we took the academic argument out of it inside how many unique ip addresses to receive per day? is the hcp redress renewals, all kinds of stuff that will maybe those numbers. but if you take into effect people behind corporate mac in the hcp can we think a 20% reduction in the number. 4.5 million is the most accurate number we can come to knowing all the flaws. said that is the best number we have. to speak to one of the other sub questions that was going to be ask and i'll take the time to answer it, microsoft does this you parted versions of windows. if it's a critical patch, we issue that in order to receive bad patch. we do issued the critical nature for the os when you run a pirated version of windows and connect to windows update can you be able to install that

automatically. >> how hard would it be for a nationstate to create a persistent botnet bigger and more stable in transfixed? >> not hard at all i wouldn't think. depends on nationstate. i mean, if you are aware of a vulnerability and you can exploit it, you know, something like that can spread very, very rapidly. >> some of the new technology we are seeing now, to the ad exchange, for example, browsing espn.com and getting hit with no advertising on your windows box, those are some of the things we look at a space who do not compromise and give people -- >> the trend appears to be away from that. for a long time it was creating

botnet and now a space where you have a very carefully hope that exploit for a specific reason. >> and that is what she sees the purpose. if i want to make money quick to compromise a lot of machines knowing i have to go. so i mean what you see is a fourth type of approach. advanced knowledge clients for space in new innovative type is to get on box. you're absolutely right. the fbi does not seem like a possible number two?

there's probably -- in the modern world there so much we increasingly lean on the internet for so much thinking about going to work out of the military would incorporate cyberwarfare into the package. we saw it when russia invaded estonia. you sigh in any country to major military military or defense department is developing capabilities, not only to defend themselves amounted to attack their enemies. so have they run into or out he had a stage like a period of, or countries that were developing nuclear weapons for testing in the atmosphere or wherever you cyberequivalent stage? that certainly wasn't attached. it was enacted cyberwear. you think we seen tests -- >> you certainly see in espionage. you know, there are mounting

numbers of instances where a lot of traced back to china, whether correctly or not, you know, where you supposedly secure american networks are being scanned for data and uploaded data from nine and spyware and keystroke logging and this kind of stuff has just become fairly commonplace. >> with the ever-growing residency of mobile platforms on the internet, are there any thought as targeting mobile devices specifically? >> we see now where kind of impacting the mobile platform as our devices get smarter and always on, always connect to the internet, that's a logical place. most of what we've seen on the phone site have been asked lately from the handset hardware and software to the marketplace.

i can't speak for other companies in the valley. that might be experiencing different name, but you are going to see him the tablets that are out. people walk around with the mobile device. it is just clear the bank is focal where the the money is. >> in terms of your new mobile platforms, are the interfaces, in any way that they would be common how does that look like an attacker like windows pc? >> it doesn't look like a. it's partially based on windows mobile. it'll be a little bit different. >> has microsoft said, how similar and different in terms

of sheer reading judy closer to andrade were closer to apple. >> we see a lot of the benefits of having not in the cloud. if you think how microsoft is positioning technologies, it is the free screen vision where my experience in windows should be the same on any device that allowed them to. so the way we look at it is how do we look at that before they make it onto the device. it's a tour project with writing a sensible idea or can they have their annoyance quiet >> i like to her. i didn't read it carefully, but there is a paper that suggested a new set of vulnerability. i mean, i mean, how much can you

trust your anonymity? >> it comes back to the same question. they're inherently sellable. bb has been written in here is someone in the sermon we don't know about it. if you or have business cards are they to hook you up with the job. it's one of those things that if you poke and prod enough about, any piece of software you will find new and interesting ways. what is interesting is earlier the conversation list of vulnerabilities they look at our memory type modifications. what i'm thinking about is we're trying to figure this out, but what is my kid going to sue compromise the refrigerator and let the out. when we lived in the year of the flying cars? so if you are going to go on the

internet and use the resources and tools, you have to understand what software you are using. i think most people don't get that. i get that for my sister-in-law. if you get a compromise right now, who's fault is it? she points at me. [laughter] i have nothing to do with this transaction. but that is the impression. everyone in the room feels a certain part of that. it's our fault. so figuratively in which he could manage that as well is kind of a difficult cover sometimes heated debate in my house. >> our efforts still be made to block communications between the botnet and its creators? if so, how long will they stay in a separate? >> right now we're in year 2.5 or three. if rick is in the room, we just had the latest white hopeless come out. so we are working on it with a high-level deals to block the spirit on the countryside it's a

little more difficult. some of those folks had fallen off on it to for much longer. so i know it's a big tld's are still participating and they represent the bulk of the infection can't really be a and b. is a smaller group. so they have been amazing way up into the effort as long as they produce a list to go in in another process automated. >> in the individual nodes themselves present a signature, don't they? could you use those dashed out of the inch theocracies have taken it off of the machine that may not have any protection at all. >> said they do a great job around the world. and microsoft is developing a number of tools as half the number of virus companies to make it pretty easy to get off

of machines. if i weren't about to check their box for automatic updates they'd be clean. that's so working through some of the mechanisms they. people infected are basically people that don't have minimum protections are not running up-to-date antivirus and staff of the codes and they've been infected for the better part of three years. the vulnerability have been fashioned for better part of three years. these are folks that are just a month of not doing what they need to be doing. the >> dear one or two questions? >> were done. >> okay, great. join me in thanking the panel tonight. [applause] >> one of the trickiest things about writing this book for me was thinking of the way, particularly in international human rights contacts, raised were trying to straddle a moral

imperative and aspirational ideal and more practical and formal mandate.

>> law professor not your, lori andrews recently spoke about her book, "i know who you are and i saw what you did" and she examines the ways their personal information of social media users is collect event sold and argues that a social network constitution as needed to protect online privacy rates. remarks came during an hour and five minute panel discussion. tonight we tackle a timely and protective of individual freedoms in the ocean of social media. the founding fathers protected import rice from individual freedom, right privacy, right to a fair trial, but not online

social networks are creating entirely new set of questions and challenges. colleges and employers reject applicants because of publicly available information and photos found on social networking sites. jurors post details on the case and asked their friends to vote on whether defendant should go to jail. marketing companies are facing lawsuits for allegedly collecting information about citizens based on our travels on the web without her knowledge or consent. how are the founding fathers would've handled the scenarios glaxo would happen if social networking sites were subject to the bill of rights? we have a fantastic group that works to dub and the subject starting with a lori andrews. professor andrew stripy super science, want to knowledge at illinois institute ologies of the professor herbert discusses the social impact of emerging technologies and is also a best-selling author and her latest book is entitled "i know who you are and i saw what you did": social networks from the

data privacy. we honored she has chosen the national constitution center to launch this book to her. please join professor andrews for a hook signing after presentation. lock technology and social media and information on the blog, the not so private parties. before joining forthcoming i was editor about the law. she also has worked for such publications as the week in "washtington examiner." jennifer presson is a staff writer at "the new york times" where she covers relationship associate me with politics, government, business and your life. ms. preston took off their speech after working as the newsrooms for associate media editorkind that a reporter and editor began her career right here in philadelphia at the bulletin newspaper in philadelphia daily news. she also served as an adjunct professor at columbia university graduate school of journalism. underrating today's discussion is christopher wing cannot cofounder of technically intact

equally and media consultancy. for the ecosystem. he leads transparent cities reporting process in addition to coverage to the i.t. policy. it has appeared in the journal, metro, "philadelphia inquirer", pittsburgh post-cadet in the morning call. and now, i ask you to science or cell phones in consideration of your fellow gas, but encourage you to use them if you'd like to tweets questions, please use tom ncc privacy. and now without further ado, join me in welcoming lori andrews, kashmir hill, jennifer preston and christopher wink. [applause] >> thank you, everybody. i apologize for survey made. it took a little bit, but we are

here. a staff and put it, 225 years ago the constitution was written in philadelphia in subsequent years the foundation of our democracy and patterns and issues of privacy. 25 years later and new forms are developing the standards for that. so we have a great panel and i want to jump right into it by telling us that associate with is a constitutional issue from the ground up first. >> the founding fathers about facebook and google. the fanatic class clause in the constitution as a patent class to encourage innovation. they also were very concerned about things like abc and the fourth amendment providing the cops from going in to finding a drawer in our house. but never everything private about us as macleod. i think we have to figure out ways to protect things they care about have a right to a fair

trial and so forward in the digital world. >> so utterly talking about? gives us the names of the organizations that were talking about. so were we talking about? >> we are talking about not only face the you think about it. private data on 800 million people. over the third-largest nation the world after china and india has its own economy and has dealings with other nations. china and so forth. and yet, there is no real regulation about what is done with information on the website of facebook. these aren't really people's private information. if the government tried to get that it would take boyars that guns and yet we are freely giving them information. so we're talking about that, but also talking about companies you've never heard of.

acxiom, aggregator with information on 96% of americans. we talk about deadbeat dad, income and a bed made easy with internet service providers in california to put their hardware at the internet service provider and copy and analyze every e-mail, every web urge, everything that anybody sent every google search over the web. now they are in litigation, just a settlement, but we've got to think about the many ways in which our private information has now become public, monetized, potentially used against us. >> i want to turn to kashmir. we been talking about the nationstates. it seems like the beginning of this conversation about how we are comfortable with what the web entails is a reasonable expect patient privacy. i think there are those who suggest it's ludicrous to think that. this is not a sovereign nation here these are choices talking about kind of the feeling of

reasonable expectation of privacy. if any of us deserve to have it on the web and kind of where that comes from. >> i mean, there are many different ways in which we are on the web and i think we have different degrees of privacy depending on which area we are talking about. so it's fair to say we have a reasonable expect patient privacy and our e-mail, which is something private. but when we talk about increasingly public forums like twitter or facebook, i think that there's less of an expectation of privacy when you're broadcasting in a place that you know people can look at. so i think we really have to differentiate in terms of which were talking about. and i think because of the way the case that has changed in 50 years from being more of a

private place to be more of a public place, people are still adjusting to that in this whole idea of putting information about ourselves online and out there. a lot of people get uncomfortable when it's used against them because they are not thinking of how it really are. >> update to comment they are considered private and they should be reasonable expectation of privacy notice, but that is not what the courts are frightening. e-mail should be chewed up like a postcard as if you're writing to anyone. and if you look at court cases, for example, one woman who is really injured in the personal injury case, the judge actually use in a personal injury case, the judge actually use in a personal injury case, the judge actually use if she's got a smiling picture on facebook, and i've been asking if it was if she's got a smiling picture on facebook, not even asking if it was before the accident. and so, people might think -- might know enough not to lock onto nonblocking photos of

himself on facebook, lots of things used against you in think about appeared holding a glass of wine at a wedding or 35% of employees say they turn out job applicants because they called a glass of wine in her hand. then you have things like people who are coming in now, young poor kid who are charged with gang members because they're wearing gang colors. i look at the los angeles police department. apply thinking he's hipster parent all black, new york art opening. so i don't think we understand that seemingly innocuous device could be problematic, the woman who loses her child because she's got a picture on facebook. it is not knowingly giving up your privacy. yes, twitter, youtube, larger population, but sometimes it sneaks up on you and how this is

viewed. >> quickly want to put this in context. so often in the united states we're looking at facebook and twitter. we will see it as trivial, but jennifer, talk about why social media at why we are looking at how much social media can be seen directly at deer springs. you are involved in reporting. let's talk about why the social space and questions are a lot bigger than just what we see in the state. >> the privacy issues we are discussing tonight are very important. but what is also important as these platforms turned out to be a tremendously powerful tools in countries where there restrictions of freedom of expression, another son late and these are rights and freedoms

that many take for granted here in the united states. in egypt, many people first thought that if we kept on talking about facebook helped spark the january 25 protest and revolution. it did not begin with an event or an invitation posted on her face but page. the community where there was tremendous discussion around police brutality and abuse issues actually began in june of 2010 and that was the face that page that was started by a group of anonymous human rights act to this. one of them was why outgoing aides, who is also working as a critical marketing executive. it would have been if there is a god and who was killed by

police. police lied to his mother, first big mistake at the next thing that happened was someone in the more it took a photograph with a cell phone that this young man's battered face and they put that on youtube and facebook. in june of 2010. over the next few, hundreds of thousands of people joined at facebook page and on the face with age, and they discussed things that they could not disguise. in an internet café or really anywhere else. so i think tonight talk about the theory imports since concerns about privacy, that we also remember and think about what our founding fathers might have thought about how powerful these tools can be for promoting democracy and for promoting

freedom of expression. >> i think that's why advocate the rights to connect because what egypt do? they shutdown the internet after people who use that as a way to recognize. you might think we may not have been riskier, but senator lieberman has suggested a kill switch, various senators have suggested all have digital tags so they can hide dissenting voices. so i do think it's really important and you may be surprised to learn we are far behind other countries. estonia has the right to connect and you're guaranteed to have internet service provider nearby to get free access to it and other countries you can't be so readily bumped up the internet if you have a copyright violation and you're downloading music and so forth. estonia in the rankings of price actually rank much higher in part because that is openness of the internet there.

so it is an important democratizing tool. >> is the perfect opportunity. the social networking in a conversation or privacy and freedom of speech, nothing short of the future democracies around the world. laurie, in your book, it does to your social network constitution been a lot of questions i'd like to hear about why private companies may not dive into that, but this is a great start of the conversation. the incredible communication tools. maybe walk us through in your book way it though there's a competition comes to the highlights of what that means that we can get some other from kashmir and jennifer about what could be a part of that conversation. >> well, u.s. and important question. what we think about our constitutional rights and here we sit on the 225th anniversary of the united states constitution. other countries rights as well in many countries.

why should private companies even care about this? i think these constitutional right really are based on fundamental values that we all share. initially the founders of face up in the new generation is it going to care about it. but internet polls say that younger people care about it more than older people. 70% of young people achieves the highest privacy settings. first of all they get regular like the federal trade commission because the u.s. constitution has influenced private laws. we privacy laws for privacy. we are proficient by the quality of the constitution have been enacted a civil rights laws. so it influences private laws. in addition, there may be a market for privacy.

.. and folks involved there it seems like a step forward. talk a little bit about reaction >> i think that speaks to one of the problems of this point is

that a lot of judges who are interpreting the laws around the technology don't often completely understand the technology. many courts have found there are extensions are around your e-mail can only get that for a word it is like a complicated technological issue many would say it's private correspondence and in terms of trying to apply -- go on. sorry. >> to play the constitutional rights to the social networks, constitutional rights are supposed to protect our rights against the government and some of the things you said just businesses shouldn't be able to look at a person when they are making hiring decisions i find that very problematic. increasingly now on the social

network we kind of mix our lines altogether see you have the personal and professional mixed up on your facebook account, and business customers will be looking at those places and so i think businesses want to think about how they are represented by their employees because the businesses are not allowed to look at those accounts but the customers are and then can judge those businesses based on how their employees appear. i feel like you are suggesting violating the rights of the statistics there. >> i would say that one of the issues first on the protection, when the courts have considered cases where the data aggregate's put cookies on your computer and consumers have gone to court and said this violates the federal

wire tap act, i need to be protected the courts actually favor business too much and they said as long as one party gets comes and it's okay to reduce its website is dictionary.com says it's okay for marketing companies to gather and monetize my information i think that one party consent is crazy and should be asking me. so i would change that. i think we really are just well protected as you think and with respect to e-mail, okay, girls with eating disorders sued blue cross blue shield to get their compensation under the psychological benefits. a blue cross blue shield said i want every e-mail come everything she's posted on social network pages to prove that it's a social disorder that's got her having bulimia or whatever. so the judge gave that up. in a divorce case you can have the entire hard drive of the

spouse so all this stuff is coming in and to businesses, i'm more comfortable with an approach like we see in europe where germany is debating about whether employees can use the social network information. we have finland where you can to google and employees before hiring them. i love social networks. i don't want to see people branding themselves where it's the rich families to hire children. and now they've got someone starting when the kid is too because that's when you get a facebook pager parents start putting things on to make sure you are only saying the smartest clever things, i want it open but i want it protected. >> why would you want it open? i am the mother of two teenagers. trust me, i don't want their information open, and facebook does now offer -- they have

learned because there was a huge backlash from users, and they have made privacy settings more transparent and as a reporter that looks at facebook pages i will tell you there are a lot more people that have their fees the page's pride that i've noticed, so the tools are there for people to control and manage their information and what we need here is a public education campaign for parents, for educators, for people about how to use these tools responsibly. >> we are still adopting at the society and we are still learning what it means to be exposed the way that we are because the way that we attract our lives and share information online and i do agree that part

of the problem here is getting everyone educated. >> about an employer should get it so should the to the private side right now in maryland and massachusetts employers are saying listen, if you want a job you have to tell us your password so we can go in that private side. some of the bottom line is there are laws governing employment in the united states there are certain things an employer can ask and certain things an employer cannot ask. an employee cannot ask your marital status so an employer cannot use that information against you in hiring decisions. >> how do you prove it. >> do we need additional laws? i don't know. there are walls on the books right now. one story i did last summer which was opened my eyes to a lot of what information

employers can gather on people there is a startup company called the social and intelligence and they are running their business like the way a credit reporting agency runs their business. so with the do is provide employers with like a social media credit report on the potential employees and they do however for to employers they will gather every single thing that you have ever said in a chat room, posted on flicker, put on the instead gramm photos sharing sites. but they are not -- they are very careful about this report what information they provide to employers. they only provide information that is allowed under the law to be considered in hiring

decisions. >> so if you go in and putting your name you will see your telephone number and then make an estimate how good your credit is. if people pay a little more a month, they can get things you posted on the social networks and elsewhere and they make no pretense of following the credit reporting law. you've got everything wrong about me and you can think about it if they say her credit is bad and good and i might get a loan, the in fact would ban on their ads that say researchers, don't you want to see what is on all of the dating and other sites they say they go on to this side of who to hire and credit cards

to offer people, and when an individual says this violates the credit reporting act because usually if you make the credit assessment about someone you have to tell them you were doing it and have the right start applying them. we have great laws that take medical privacy but if it's in the hands of doctors and hospitals so there's a website patients like me and a lot of people posted and selling depressed, and suicidal, i have alzheimer's, and the share information to people secreted distance or could learn stuff. nielsen, the data edgar tater had them collected three birdies information and all of a sudden they started pulling on their sites. when i say i think we should be open, i think we should be allowed to be open about our

ideas in a private setting and shouldn't be have to restrict ourselves because of the fear of what is done with that information. >> i think i heard you kind of tell that and something folks are thinking. there's a balance whether we are in the period of flux like to sit and 20 years from now we will giggle that we are having this conversation. >> or cry. >> maybe talk about that. some figured out because we're in the period of the institutions and individuals are figuring out what is appropriate and kids will figure out what's natural or is there a real fear, talk about that. >> it's interesting. i don't know how kids who are in the internet now and things their posting a thinking that the fact that will still be there in 20 years and could end up playing into the future

hiring or future political plans because its new. but in 40 years we will have somebody nominate to the supreme court who will have been on facebook for most of their life, and there will be a ton of information there. i think we are already starting to see it with some of the under political candidates like crystal running for congress in virginia and there were some of those -- photos that popped up from a party after college where she was there with her then husband dressed as santa, and her husband was dressed as rudolph the red nosed reindeer but he had something that wasn't a red nose on his face, so it was kind of embarrassing for her and her reaction, this sort of went fire wire will and i often

she would win the race that she was running as a democrat in the conservative district and she didn't win, but her reaction to it was to say this is how we are now. we are going to have more background material, and some of it will be very personal and that is the future for her generation, my generation in the coming generations. and the challenge that she posed for society is whether we can adapt to that and start looking at people as the full version of them whether our expectations of people will change so that we don't expect people to live these puritanical lives that people have -- are human,

exactly. and i hope that is the direction that we are going to move. given how much of our lives are captured on-line that is inevitable. islamic if there was a button you could press when you were 21 or 25 and just erase every photograph or in some inappropriate, but there isn't, and so i think what that means for all of us, whether we are journalists, parents, educators, it's a huge responsibility. a huge responsibility with our kids to raise their awareness because there's a simple fact every single thing you post could be made public if you have very tight privacy come if a

friend this share is something you share on your network, it's been public, and so i do think that right now when we are in this period as described there's just a huge responsibility for all of us to use these tools carefully one has been designed to make sure your digital photographs the lead after two years so the pictures of you with your ex-girlfriend and so forth, and i do think you're right we are in a period of flux, but i heard that before. we are all in this together so we will all have these photos etc, but we have had people who are applying to supreme court and smoke pot like devotee of that generation they didn't get that job, and i heard that with the next once it became publicly

was told as everybody has 8,212th genetics. we will be in this together. we won't discriminate, but certain people feel their feelings are worse than yours so there's still discrimination and what happened is we are in a period of flux but with every technology that i followed whether it's genetics testing or forensics technology, initially a lot of stuff was used and then privacy was protected and expanded so i don't think we are going to give up privacy, the courts are just going to come around to it like they did in cases the supreme court handle where they could go along the street and point the heat detection device and see if there were more lights on than usual to determine whether you were potentially growing marijuana, and even though they didn't enter your house and they were coming at it from the street so initially court said that's okay there is no fourth amendment violation and eventually the supreme court said no, no, that's part of your

expectation of privacy so we will eventually get their but a lot of damage might be done >> i want to ask one more question to the panel and myself but then i want you to think of ideas and we will have questions i'm not very good at panama and in. the panel to bring this back to the concept we are here with what the founding fathers have thought about facebook with the discussion we had at your own take on it so the founding fathers were a wide-ranging group of personalities give or take so give us this sense with the founding of this as a group of loved the freedom of speech opportunities tenafly. give us a walk through there. >> love the freedom of speech.

be concerned when the chief of marketing of facebook and former ceo said we have to do away with anonymity because that was certainly part of the founding principle. also how it is playing out in the right to the fair trial where people are googling facts of the case and put another page and asking their friends to vote up or down even though you are only supposed to consider what's going on inside the courtroom. so those would be the source botts for the founders. >> i think twitter and facebook would have been beneficial during the american revolution. these are great tools for organizing. ben franklin used to keep a daily journal where he tracked his virtues to figure out if he

was being a better person and i think we live now where we like the idea of archiving and tracking ourselves. i know you were talking about the tool for deleting data and having expired but i don't know anyone would want their photo album to just disappear in two years. that this kind of usually our worst nightmare when your house burns down and we lose precious photographs. but i think there are so many benefits to this -- to these new technologies and this idea of tracking and gathering data and being able to look at it over a long period of time and i think that's something that ben franklin for one would have loved to a certain extent. >> i think certainly the founding fathers would have found a tremendous utility in the schools, except if george washington is talking to delaware and one of these guys says on facebook it's pretty

cold this christmas as they head for trenton and alerting those other guys that could have been a problem. so, you know, as laurie has been saying and i think what we are all saying is that a balance -- there needs to be in balance and people need to recognize these are companies with terms of service. read the terms of service for one of the social networks that you use come and their businesses, so awareness, education is vital while the courts and various state legislatures are wrestling with these important issues identified. spikelets go to the ultimate device for the audience question. walk over to the microphone over

here. >> as the audience makes their way to the microphone, there's a bunch of questions here on the twitters we just want to ask fast while the audience makes the way. first is the practical question can employers access a facebook account of their status is private, hoping you can explain how that works and second, the question is we are a representative democracy but it's based on the purchase of pachauri democracy seems the founding fathers would be skeptical of the social media, no? >> de want me to take the first practical questioned? >> they may get it from the data irrigators that have scraped your account and they may get it from the sort of companies that traffic before you took down and made private your account. there is a long time my space didn't have the privacy settings and so the need to get people based on that.

but generally, courts, police can get your private side that employers can't if you have current pervvijze settings although some as i mentioned will ask for your password to get to the privacy site. >> i wanted you to just give a quick walk through because that may answer some other questions what is the nefarious side and what does that mean? >> facebook is basically a data em record gaidar it makes $1.68 billion by serving as an intermediary between advertisers and private information. so if i post i'm thinking of going on a chart to florida it can pop up about airlines and so forth, but some data aggregate terse u.s the web begins to

collect all aspects of the web and so forth and they haven't said that the problems of there is a lot of information that follows all over the web and can manly be used for marketing but now can be used for other purposes. it's been a gift to recount his private it's hard for an employer to look at it, something some employers have done is sometimes you can to access their information if they've made it available to their networks as something of a lot of employers used to do is if they had an interim, that in turn could access certain information for other people so you want to look at your privacy settings and no, make sure you know what audience you're exposing to and if you are only exposing it to your friends then for the most part only they will be able to see what's there.

estimate they wouldn't have access to that id file understanding. >> how would the police and the courts get access to door data without a subpoena or court order? >> go to the social networks themselves and the foundation has a project they are looking at which exactly what government agencies are looking at the information about you and the emmanuels to see how much they give without a subpoena. so it's really very interesting because there are these guidelines like the immigration service to go on and to be able to find out about other people want.

>> did you catch that, let me repeat the second question, do you still have that? >> the nation is based on the representative democracy so the question of the social media having been built as a participatory direct democracy the founders would be skeptical, something like that. >> especially of the women jumped into the conversation. >> it's probably true, skepticism for sure. >> what's just to kind of direct questions. this point you talked about what should be and what shouldn't be private but a concern i have is if things are to private and we have too much anonymity is easy for me to masquerade as somebody else because i can pretend i am you. how we address that? >> california has the impersonation law and it's in part because it pretended to be

someone else but in the cyber harassment cases where the parent of the mother of a rival would pretend to be a 15-year-old boy, friend, bader's rival and pretend to be interested and then push that% words suicide. so i think that we are again balancing between freedom of expression, the importance of anonymity and political spectrum and then the whole harassment issue. >> i will tell you on her the identity is not required and in the political space, and i've covered politics for a long time and i've covered dirty tricks and i used to cover future new jersey so i would get the calls from the new jersey state troopers hey did you hear about so and so and this candidate and

that candidate. but now what i'm seeing about twitter is it is a new form of dirty tricks and it's all done behind these anonymous accounts, so it does create some very big -- >> charnel problems, too. they had a lot of misinformation that actually was not part of the case and so they tried to get in order not allowing the jurors access to trigger or the ability to tweet. martha stewart immediately created a web site, expensive website about her daily doings to influence people's opinion in the case. as to make it does tend to come out and that this kind of the beauty and the difficulty of the

web, but it does apply and when people break the law and, oftentimes they discover they are not as anonymous as they thought they were given our activities are lead and we leave the ip address behind it's like leaving a fingerprint and so when people do defame another person or break into servers, often times they do get tracked down based on the fingerprints they left behind. islamic let's jump to the next -- she had her hand up down further here. >> when i'm going to ask ties starkly in to that. where i work recall that the notion of security if someone is looking to find you they generally can through technical kernan six and that sort of thing but my question is to go on the distinction between what an employer might be looking for on the job that you are

representing your employer or organization of around-the-clock 24/7 to provide would like to hear your thoughts on what has just broken as a news story with u.s. army troops and the issue of the firewall video and whether you see the distinction between this being armed forces and with the greedy and is going by people from the armed forces to people involved in the private industry in this sort of where that line moves so the whole question of whether or not 24/7 is a representation of their organizational affiliation >> do you want to jump in? anybody? >> i was in his later security conference and was basically

offline. islamic there was a video of that. >> that shouldn't prevent court-martials and so forth. what about -- here is one of the issues that comes up. here's the video that was posted on the ex-husband that the court did not admit someone shooting ronald mcdonald in the face. if i worked for a company may be some of the people, customers wouldn't let that i still would allow it to be kept private. i would say you should have privacy settings because clients didn't like women lawyers. we've gotten over letting the

customers run what competent people in their jobs can do and so i am completely comfortable having those off one at who might make bad decisions and we are seeing some movement in that area. for a simple, employees can't discriminate against you based on your genetic makeup, but the eoc said they can't go on your facebook page and see if you like the book cancer association were say i've got a doctor's appointment for my covington's disease and so for. you can argue that companies might be benefited by having that and then can choose not to hire or promote employees who might cost them money on their insurance but social networks are off limits to employers in that setting. we have rules that the eeoc and

national labor relations board said it's okay to say critical things about your boss on your facebook page or company if it's part of a lobbying effort to change conditions. so we have the backbone for protecting it. i don't think it is that big of a reach to see keep it off limits. >> i think the reality of the new world as we try to live on our smart phones and we'll always checking our e-mail, we are always kind of connected to work and on the web when we are moving around we tend to move around with our employer attached to us and it's not true for everybody but where we work on facebook link in on twitter whether you see it as a good thing or a bad thing, we have come to represent and the attached to our employers all

the time and so i think this is a part of the education is you have to think about that. there will be repercussions for what you put out there, and he might be fired some people need to be cognizant of that in their decision making and what they do online. >> at the new york times when i was the social media editor there was a big question is should we allow journalists to go out there and post on or should we impose all sorts of restrictions in the rules? what we realizes we have lots of rules of the new york times. we have an ethics and guideline book like this. our journalists know in your yard so you shouldn't say, you

know, i love sarah palin when you are a journalist at "the new york times" so i think there are many guidelines and rules that exist out there and we need to not necessarily make up new ones, with the most important thing people need to remember when they use these tools is what your mother told you, good judgment show good judgment i did what about school boards across the country in of the guidelines for teachers on facebook, because for many teachers the decision to friend a student or not is a decision are making all by themselves and if he's been getting teachers in

trouble it might sound fascinating some teachers unions fought back against these guidelines. they saw them as being too restrictive of freedom of expression and there was a dispute over the proposed law in missouri however some unions salles this guide lines as kashmir said in this period of flux as the guidelines that really protected educators and helped them understand what was appropriate and what was not appropriate to say and do on the social network. >> you mentioned about 70% have all of their privacy protected. to me that makes sense because the are the ones taking photos, getting drunk, putting it on

facebook. so as those people start their own start-ups and become the business force in america where do you see the law coming from and the change to start from and because they are studying their own jobs and we have a different opinion of things, don't you see that our lives are trend's parent instead of being judged the system as a person. >> i think some businesses on like "the new york times" white seen some of the younger lawyers having their web sites which legal character in a tv show they want to be, but new issues are coming up and when you were

talking about but wider audience you have where employers are then saying we own your audience. you can't take them with you and so i think you'll have to face the intellectual property issues this generation has in terms of if you build up a huge following and change companies who owns that. if you have cbs thought,, you end up in may tiff with a television network as to whether you can take your followers with you. >> i just wanted to say that i recently left facebook because every day i'm reading about some case where it's being used against people in the court, they incriminate themselves and they can't plead that fifth. i thought it was a key to the

community and then my aunt got on their, my daughters, classmates parents, my mother-in-law. islamic you don't have to be their friend. [laughter] >> you don't want to see my house at thanksgiving. but he said it would be nice if there was a big reset button you could push. yeah, that would be nice. but facebook -- they don't want to make that button and i can't pressure them to. the only thing i can do is quit or i can have three friends and maximize my privacy settings and scrub three years worth of data so i see nothing wrong with a law telling us facebook come you have to give people more

control. >> this seems to be the heart of the question is the market dictate what privacy should be in the future or should there be more legislation jurisprudence. do you have thoughts addressing that? we all need that. estimates often the response of that is if you don't like it, if you feel like the privacy is being violated than just quit to read in one way that's a valid and another room. this difficult because we have built networks and it's a way people communicate so if you are not there you can't communicate. but i do think that this is evolving and if we find that there are more down sides to being on facebook than there are upsides then people will leave and i think that will happen. there are some people that decide to quit facebook and a lot of them come back.

it's hard to live without facebook fighting gib there is a reset button that you deleted your account and when you come back you can start fresh and rebuild. some get used to be that facebook kept your information where now the center makes them if you quit, the lead within 30 days so that's an important aspect. i think we might see some alternatives to facebook coming up to go back to that original idea. but i do like the saturday night live skit my mom is on facebook, where there's a computer program you could use of if you have a beer in your hand it turns into like a diet coke and if you are naked it turns into a t-shirt that says i love my mom. [laughter] so we do need the know my mom is on facebook. i have a son of 23, my son is on

facebook. notte river has their own youtube channel. >> for parents if your kid is on because there's a lot more content that can be created there on some of the other networks. >> there's been friendster. my feeling is facebook is more entrenched. it does seem to appeal to some of different generations that is dependent on your generation also being drawn to facebook but there are so many different social networks there are other places you can dakota -- can go to have a private space. there are more social networks so people can start doing different things in different places, and that way they can

sort of keep their identity somewhat separate. spec i've been alerted there are five minutes left. you get social capital to estimate a similar situation. if we go back far enough, health care and your private information about your health was not necessarily restricted by law, yet hippa cannot in all of that information is prevented by law to be released. why couldn't a similar situation be developed here ought what is different you are providing the information per say on facebook where the health information is when you go to a hospital or doctor's office yet that is pretty tightly controlled and i think really effective. couldn't something like that be implemented in the situations? >> it could be and especially now we are seeing an overlap where people post information.

the type of information people post are the type of information about coming you know, relationships, sexual become sexual preference, political and trust and so forth that in the past we have most stringently protected under privacy laws and so there is an argument that you have an expectation of privacy in facebook because you have different people. it's not like reading about this on a bathroom wall. you get the impression that you are talking to smaller groups and so i do see the privacy evolving to cover social networks. >> i think it's very ironic that once the data aggregate the large commercial dalia and lots of companies making money with those but nothing is done for people that are concerned with

or where there originate. i remember of the department of sales certainly soared on what kind of cars people alone. this was before facebook, etc., and i thought it was an outrage at that time. so the point is how about the commercial aspect of the ownership of the data. don't they belong to me instead of the company that sells it really? shouldn't they ask or pay me for that? what the value doesn't actually have at my level? >> there is a company in great britain that allows you to process from dave aronberg leaders and if it is like part of a fence you get each -- >> if i say in order for me to

sell certain data about myself you have to pay me a thousand dollars a year or what ever is then maybe to slow that process down. >> one reaction to that is there or a lot of things you get for your data. you get free media content, you get to use google to provide you think we are giving up a lot data for these online services that are free but they are not free. the data is what you are paying for those services. >> i think if you are aware of it might see ulterior facebook. do you need a company that makes 2 billion a year on the display or could some other group of twentysomething create something where they make little less and you have little more privacy protection and get the benefit of a -- >> next question.

>> i think the vocabulary likeable law isn't really suited to this problem and the question as protection against the use of information. i will give you an example. a lot of the conversation has been well, you can protect yourself. you actually can't protect yourself because anybody can put that information that we would normally consider private and we don't want to suppress that with freedom of speech. by way of example one of my classmates from way before any of this has scant letters and photographs and so forth from high school and put it on the web. [inaudible] >> i'm sure you're always professional. >> and the photographs that go

up maybe put up by one of their friends, not by them. >> i do think facebook and these other services have made changes in the last year, important changes in the right direction and one of them includes tagging where people cannot just tagged you without your permission to revise the mick on the other hand they developed facial recognition so automatic tagging so facebook said is in this great and to give an example now a bride doesn't have to tag everybody in the wedding if she had to taguba ready, you know, maybe they wouldn't attend the picture of you having the saki balm or kissing someone else's wife, it's automatic. you can untie yourself. the technology i've been reading with the technology is going and

for the technology where the idea is ayes or picture with my smart phone and it tells me every dating site you are on on tumbler and what you listen to -- >> we can't control what people say about us. what's different now is the can see it in a place they can have a huge audience and that's really the difference. >> and the people that were telling it to don't know other things about you that you are really irresponsible person and so forth and so the world audiences something different. islamic i've been trying to hide the fact i have a ball cut for years but i can't now. >> i was going to say and rural america one of my friends to you really smart story and i wonder if there is a place we could put a link after this so that you might be able to see some of the

pieces and articles and issues and things. in a small towns across america there is a social network that not many people know about here in philadelphia or new york or boston where it's nasty and many of these small towns because they don't have real identity and people are saying all sorts of -- >> and if you are married and want to have an affair one of my friends went to a remote area of michigan after his father died and he went on this web site for that area and found all these people that he ran into in the post office and so forth advertising to have affairs so more may be happening with social networks. >> final question over here. >> i would really love to end on a positive note. i resonate a lot with what

kashmir has to say, and positive benefits of social media are tremendous pull we're talking about as negative behavior that has a lot of psychological ramifications. but yet what about the positive be fair? i'm a social media administrator and fraud investigator, so i can see both sides of it. the connections i've made to build my professional life in addition to my personal life are just enormous and i would love to have a conversation about the positive benefits. >> and the degree we two endowment node is extol, you have 15 seconds. extol the virtue of the social web inlet fervor format you choose. >> look at what happened in the last year in 2011. it started in tunisia. we saw what happened in egypt.

it's not just social networks protesters in the box and, the head of the ticket photograph of what was happening to them and their ability to transmit that around the world helped save them at some difficult and dark moments and then what we saw with occupy wall street where the horse has left the barn. people are documented their experiences, and the social media is here to say and learning how to use it responsibly and in a smart way it's everyone's responsibility. >> i'm amazed that the way we can connect now. when i was doing my christmas shopping i was walking in d.c. and spot a bunch of women's studs build on the sidewalk and assumed maybe she had a fight with her boyfriend with a spot

of a prescription, and i'm naturally curious. i flipped it over and her name was there to read her to her account cannot and said six hours earlier that her car had been broken into so i said hey i think i just found your stuff and she said where is it and i told her where it was and her friend went and collected and i was just -- my mind was blown by that. i did that all in about three minutes. you know, before twitter, before facebook that couldn't have happened. it's a small story, but i think that there are many benefits. >> i think also the difference is made with music if you are a ban you can get a falling and so forth. the pascrell sourcing going on and crowd sourcing science where they found that individuals are better at figuring out and you

can get a ton of people working on a particular project and we will end with the note since you brought up egypt that shortly after the revolution a little baby girl was born in egypt and her dad named her facebook. [laughter] >> think you everyone for coming out. for more from the author you can visit her web site at loriandrews.com.

next, professor and author siva vaidhyanathan examines the growth of the online search engine google and the impact its reliance is having on internet users. his book, googlization and why we should worry was published last year. hosted by the harvard book store

in cambridge massachusetts, this is just over an hour. >> it's a pleasure and honor for being here and think you for braving the rain and joining me today. so, google is 12-years-old. its voice hasn't even changed yet. it's barely an adolescent, and yet it's been an important part of so many daily activities for so many of us. the reason -- one of the major reasons i wrote this book is it struck me as we neared, historical the weird, technically, so she illogically that one company would served through the lines that we serve the world in so many ways so many times a day. i'm not sure what at least i wasn't sure in the beginning that we should complain about the situation. we've invited and celebrate and relish it and we do it.

we google all the time. so i tried to enter this project with that sense of weirdness. i wanted to constantly remind myself and my readers this wasn't a natural state of things. things could have gone differently. go back to when google was a newborn. you probably haven't heard of it in its first year, 1998, when it first rolled out for public use it was actually hosted by the stanford university servers and we found it at google dhaka stamford about e.u.. the first notices i was able to find in the popular press referred to it at that url and even her leonidas clear that google was going to be the darling of people who were excited about technology, technologically sophisticated. it accomplished a couple of things that had then diluting

other companies that have been trying to organize the web and help navigate the web. first and foremost it had a blank page. it was just a box which he would enter text and generate a fairly clean selection of links and they would be in order and the order seemed to make sense to us. it struck us as intuitively right, intuitively relevant. the leap google meter early on is to use the blank page and at the time to remember the web in the late 90's and some of you might come it was crazy. it was full of all kinds of flashing things and crazy things and every page looked like walking down times square in the middle of the night it was a lot of attention grabbing devices on too many web pages. the major search engines services of the day coming dhaka to which is still with us, and actually not going anywhere for

a while, those services tended to crowd their pages with content. some of the content they would actually paid to create. others they would pay to harvest from other places. there was no sense that these other portals to the web understood the web of the way that an google did. the interest of first of all you and i are perfectly willing to create content google can harvest and link to and share with us and they don't have to pay us. the of insight about the blank page is it was trustworthy. the blank page said i'm not trying to sell you anything more take you where you don't want to go, and at a time it was clear many search engines were auctioning off the positions of the search results do goal made it clear and thus through the press ultimately that it's search engine results were

generated by their daughter them securely for that immediate interest and the company had no interest if you can imagine until about 2003 the company wasn't even selling. it was just running on the venture capital and a haven't figured out a model for selling advertising well until about 2003. so for the first four or five years that google was in existence, it was there to be great, and worked. so in 1998 it debuted. by the time it was one-year-old it's just starting to walk. it's already organizing the web for us. it's already making it clear to the millions of web users. if they didn't have to be the place that one could use it to dhaka a usable map for information to get from one place to another. ..

had to figure out what puts one link above another. why should one page be a more important than another? the term google uses for the criteria upon which it would rank these lines is relevance. which page is more relevant to the searched on another page? there's a lot of different ways

to do this. in the early days of web search command number of times a search term showed up on a page, or a lot. if there were a page about the boston red sox, it might say red sox a lot on that page and that's a pretty good guess you would think for the importance of that page that search. the problem if it didn't take long before people figured that out in it make a page about something completely different and loaded up with invisible tax for common search terms. terms that people were using all the time anyway and that would trick people into going into the sun related pages. you could imagine pornographers are masters at this very earlier. the pact that pornographers were generally so much smarter than anybody doing anything else on the web, lurch because it is the only kind of business make money in the web at the time, the big trick for group of us who became the custodian of the web was to figure out how to make the web less offensive, less threatening, more usable.

and if they can do that, we figure eventually, using google as if it was a person or animal, which my federal daughter says sometimes when she talks about my book she imagines i met this person and group will go to california to meet this person named google and apparently google and raimi to a party one time. but imagine this. you've got the web, which in the late 90s and early part of the odds was a scary place and many reasonable people were not sure how much interaction we wanted to have. these are days it is hard to convince doing something like thinking was a good idea on the web and that is probably the end of the list. shopping was risky, research was risky. putting your kids in front of 80 computer without someone over is or her shoulder was risky. i want to want to make money on the web to make the web illustrating place.

we shouldn't even notice this is going on. so google installs more criteria. instead of moving this number of times search terms appear that page, google decided thursday that of affirmation out there called the hyperlink. if there are people creating webpages around the world and they happened to be interested in the boston red sox and a stark and web links to what they consider an authoritative page about information concerning the boston red sox come in maybe some fan page for a person is tremendous in sight or espn's page, but they will start creating links they knew what i know what's going on with the red sox, these are the pages to look for it. do not spell out the words, they by creating hyperlinks in the scapegoat of affirmation. so the great insight of google's engineers and google sounders rid of paper and graduate school that basically made it so that he page is relevance be scored by the number of votes from the internet and then they waited

that because they knew espn starts pointing to somebodies home a page about the red box. that's a powerful vote of affirmation. or if in some area, "the wall street journal" webpage links to somebodies financial advice blog comment they weren't actually blocked at the time come of it that counts for a lot. it's a major sense of affirmation within that field paired so those are weighted more than if i put up a link to somebodies page of my blog. so that was major insight number one. nature insight number two as you can start scoring the results based on the quality of the page. this happens a little bit later in google's history in the last couple of years. google starts saying there certain design elements of the page that were better for us than we think were better for users and readers and those are often expressed graphic way and not textually.

it's not hard to imagine that page is trying to you into falling into the world are going to be full of lots of extra video, links that go into strange places, lots of extraneous code, what they call mall where the little programs that embed themselves in your browser and operating system and potentially corrupt your computer. the bad people in the world below to pages with lots of nasty stuff and google has an interest in making the web usable, trustworthy and pleasant. google downs are in stores and an upgrade upgrading the score designed cleanly that have keywords in them that relate honestly to the subject of the page. and of course had these information. so within a very short period of time, the web becomes a trustworthy place and lo and behold this in combination with the widespread use of encryption for instance, you get people shopping and actually banking on the bed.

the more time people spend on the web, the ultimately it is for google because it's a starting point. instead of following links, go back to the central place and it gives you a menu of places to dive into. so you are no longer actually using it in a web way. your plumbing for death when he do a subject search on google. so that's a nice story. the group was 12 years old. its voice is just tremendous change. by 2004 when google is nearly six, he started remarkably expanding its areas of interest. about that time i started really taking up because i use google for 99, the time i first heard from very tech savvy friends that this is a search engine to trust. around 2004, google started launching a number of other projects and there are familiar with what those projects can, gmail in the google books project to which it gained in

millions of books from dozens of libraries around the world ultimately started with five come including this university and then moved on to many others. ms project kind of blew my mind. in 2004 i start reading about this project and i start seeing this amazing hyperbole coming from people who are working for universities and university libraries to people are big fans of google and from people who just want knowledge to spread and they start saying, what an amazing thing is that this big powerful companies going to spread knowledge to every corner of the world, pretty much for free and i start losing things and authors of corners basically saying this will unleash information in a remarkable way, create alexandria that anyone can go in to and i said that they're saying, you know google is six years old, right? from google at that point was around for the last time and brad pitt and jennifer aniston have been married and look how well that turned out.

so i said why is the university for the asking a six-year-old company to be the custodian of this immense amount of wealth of knowledge? this cannot end well. it might start beautifully, but it can't end well. this is obviously a controversial project when it came to copyright. publishers and authors whose work was being scanned and without permission raised all sorts of issues and eventually lost it then lawsuits are settled in a way to make it very clear several years down the line that google never intended to make a library. it intended to make a bookstore. i love bookstores. bookstores are great. nothing wrong with a bookstore, but i'm not too pleased at the bookstore that tries to pretend it's a library peered from about 2004 i started seeing that google's real corporate mission statement, which is believe it or not to organize the world's information and make it universally accessible is actually kind of scary.

i was born the 20th century, live for about 40% of the 20th century and i know enough about the 20th century to know when someone makes a bakery and stimulate that khomeini to step back and beware because 20 century about bickering seems that didn't turn out so well either. not that anything close to chaos and nastiness and horrible tragedy came from and even google is doing, but nonetheless i thought, what cannot hang. what a strange way to run a company, to say that the goal of the company is to organize the world's information and make it universally acceptable. i knew enough about the web to know that they are organizing the web. they are not organized in the world's information in the web is not world. it wasn't then and is it now. what is valuable or important or relevant on the web is a refraction of what is real of the world. you can do this by doing a basic

google search for a subject you know a lot about. you'll see pages you may not think of as the most authoritative, but they are the most relevant according to the standards google brings to the table, the best designed pages of the most links to them. at the web is an abstraction of the sort of thought many people on this earth actually engage in every day. think of the number of people who don't engage with the web yet. think of the ways we engage with each other and information that doesn't accurately reflect upon. it's really important to remember google itself has value judgments and biases built into its algorithms that do still results in a particular way and there's nothing wrong with that. it's actually so much better than the absence of that is so much better than what anyone else has thought of, but it's not the world and it's not the world's information. i am enough of a private tuesday, no one institution, no one company should actually have

that job of organizing the world's information and making it universally accessible. the mission statement of harvard university isn't that audacious, right? if you can imagine harvard not been audacious. i'm sure the mission reads something like to educate the young men of clergy because that's what was originally meant to do. but really, that is a stunning mission statement. we are probably all with this informal motto, which is don't be evil. conservative thinking every time google does something that causes friction in the world, it sends its cars to the streets of europe taking pictures of people without permission and your people are sensitive about anyone taking a picture and putting it in a searchable database. they've had bad experience with databases. they had bad experiences. people keeping too much information about people and centralize bases in using it to

pull people out of neighborhoods and houses and sending them off on trains. there's more sensitivity about privacy and personal information that we don't necessarily have that kind of level of concern in this country and a lot more trust is not denounce the major corporations. there's been a lot of conflict in europe, tension and stress and friction over the sorts of things. in the united states of course we have a lot of friction and controversy about youtube and things to show up on youtube and friction controversy and understanding that every time google is confronted with a situation in which somebody is upset and somebody calls for some sort of intervention or regulation, google's basic defense's trust us. we treat you well. we've always treated you well. we have this internal at the comment this internal motto is don't be evil. they actually don't say those words out loud, but the ceo of

google, eric schmidt is about to step down, to my knowledge has never suffered when an audience and said we believe -- we believe the motto don't be evil. i've never heard them say that, but it's embedded in many things he does say and other major officials that google say things that sound like a declaration of corporate social responsibility. i start asking that question. why do we fall for that every time? secondly, why do they think they can't do need that had -- that is basically tawdry sort is going to be anything like it currently is in the next 20 years? why would we think that future performance is in any way predict that by past performance? conditions change, companies change, politics change. and we do know that in the world of new media or the world of digital communication or the markets today with the internet, but nobody has came for very long because when google

started, everyone was concerned that microsoft would be calling all the shots in her information about that. i thought that was true. and shifted over time. now google is when we were a bow. now we worry about facebook. google is worried about facebook for various reasons. competition, advertising dollars and our attention. so if they started stringing together concerns, i thought it's really important to come up with a way to sort of do still what google means to us and what we mean to google. other really great writers had gotten inside of google, traveled on the plane with the big guys did not google, i told the story the company, written a biography and other people had written lots of books about how we cannot learn from google or other companies, and make a lot of money. i could write books like that and other good writers saturday do not. my contribution, i hope to say started this book, was to delve into our relationship. what does google need to us and

what do we need to google? what is the nature of the transaction? why did they spend so many billions of dollars on services that help me make my life better and don't ask for any money from a? what is going on there? i mean, we should be a little suspicious. so what's the nature of the transaction? the obvious answer was to think for five minutes is i'm not actually google's customer and neither are you. i am comcast customer because i get mad at them all the time because it does not work for the bill is too high. i you know i am comcast customer. i am google's product. i am what google sells to advertisers. that is nothing new. i am and product every sunday when i watch the nfl. entire companies.

but we forget because that the death of interaction and admiration in google. we consider google to be a part of our lives, embedded in our lives. google keeps very good track of our intentions and our desires and fetishes and midsession. and the focus is the results of our searches to reflect what we have already told google we really, really like thinking about. that is some interesting implications. and google is changing. so i described earlier the ways that google mastered the web, figured out a great, efficient and effective way to help us navigate a web. some brilliant ideas about counting these links, waiting these links properly. so in recent years, google is adding yet another layer of standards or criteria. and what they really focus on

now is what they call the user experience. they want her experience with google to be really deeply satisfying and more time that has been a four in a way, in an intellectually and more satisfying in a commercial way. so they are taking the record of our expressions and desires that we enter in the little box. if the confessional. what we really want, what we really did we shouldn't have done that we probably shouldn't a good outcome but then in the google box and get results. google makes a no. it doesn't necessarily associate the text you put in the box with you as a person. it doesn't care dutcher name, social security number, the cares about worries that when you're doing that so it knows generally where you are and can associate your set of inquiries with other season in the same general area. tonight also over time if you happen to have an account with google, like a gmail account,

build up a pretty rich set of indicators, sorts of cars, source of shoes you like messieurs of the line, kind of like a facebook does it, all this stuff. hey facebook, i like this music. and of course facebook's job is to take the data and associated in the kong to try and sell us stuff. well, google is trying to do the same sort of thing with the record of intentions that we give google. and it's not anything easily exploitable as far as we know it. it's not easily detachable to name and social security number and address as far as we know. it does know a location in many cases, especially if you have a google phone an android phone of google knows where you are almost out of time for apple knows where you are if you have an iphone. so with all of this data, google is increasingly focusing the results on you, customizing and localizing results. so you are not likely to come up

with a result that is distant from the upper sorted out of area or at his plays are added to field through which usually explorer. that has been pretty amazing applications. first of all, that's really great. at the time they save as. i think a lot about a particular sports team or particular kind of car. they do have a car that breaks down a lot and i do a lot of searches for parts and repairs. google will help me save time so i'm not clicking too much. they would keep giving me results that reflect the sorts of areas because google eventually will understand i do a lot of searches for that brand of car. that is really great for shopping or buying, not so great for learning. if we want in information ecosystem that actually serves us well as various people, citizens, people who navigate the world, people who are trying

to figure out what the symptoms mean, people are trying figure out what's going on with climate change, people transfigure was going on with health care reform, we might actually better off not having focused information. we might be better off coming across a set of results that surprise us for challenge as, a set of results that don't reinforce where we already were and where we already are. we might be better off coming up with a set of results that are particularly geared towards consumption that we're better off coming up with a set of results that aren't a mixture of ways to help us consume and waste a hopeless fun. for a dozen years we've gotten very lucky. google has served both of these interests remarkably well. and while the times google is held to answer really important question and of course if you are in any way doubtful or critical of google, you probably went to a second source. you might've called the

librarian. you might call someone has written a book on the subject, called the doctor instead of going with india through google. you might have clicked on the second page of results be commended in the same search in another search engine. all of these are very healthy techniques. another reason i wrote the book as i want people to learn how to use google in a better way. i use google every day, dozens of times a day. i use google to find a way to the store. i am not in anyway going to advocate that we not use google, but i'm going to advocate the use google and a wiser way, not just a smarter way, a wise way. i want us to understand that google has biases and limitations in its algorithms and google is a company, a publicly traded company that best satisfy the desires of shareholders to enhance values and that's it job and it's been so good at that, so wealthy that it can afford to be good and so it has for the most part and even when it's bad that thinks

it's been good which is part of the problem. but with all that, we could be better. the real problem is we are so addicted to the speed and convenience of that lovely set of results that come from a set of 10, and value attached to each and we trust it. we trusted so much that almost nobody clicks past result number three in the first page of results, let alone the second page. that's absurd. in fact, next time you do a google search, click on the second page. you never know, right? hussein said after study show that people do not even question the judgment that google makes. people do not question the judgment to the point of clicking on results four, five or six. this one, two or three. if people click on to it soon becomes number one. so with all that, it is

incumbent upon us to mix it up a little and bring a little bit of diversity and tour information ecosystem and make sure what we want google to keep getting better in-service so well, in a way that all we really care that is this list of our desires. and that is not that bad of a place considering the value in spite of our lives. but let's do it in a more intelligent and wiser way and understand what the real risk and costs are and that we actually have the power to manipulate with google learns about us and how it follows says. he takes about seven clicks. most people don't want to make the seven clicks. we don't want to do it on facebook when it's clear we should be. on google you can customize the information you give google to a large degree. that's another important thing we need to learn about google. if you customize the way google tracks you can limit the amount of information and kinds they follow about you, you degrade the service google gives you an

estimate of obvious trade-off once you click on those things. you start seeing google no longer helps you shop is so but it might help you learn a little batter is as google becomes better for shopping numbers for learning, databases are really important question for us as citizens. i happen to think there's more to life and shopping. but not today, please shot. shop shy here and a lot. after you get out of get out of. i'm off to shop so much. when you think about the extent to which we depend on this medium of the world wide web to learn about the world, maybe we need to imagine differences. maybe we need to invest more in systems like public libraries and university libraries and their outrageous to other communities. maybe we have to imagine we could build a system that i take the ears to build a system that can equalize the maldistribution of information across the world to the point where and i don't think this is impossible, that a

child growing up in south africa has no disadvantage compared to a child in sweden when it comes to access to information. we have the tools to make it happen right now. we might have the political will to make it happen right now. we haven't even tested it. the reason is that google has been too good to us. we have been doing on believing the cotton candy is real food. google keeps feeding us great services that simulate this equality of information, democratization of information and google of course is sincere that he would like the number of web users to increase exponentially and i would love as much as i would love for every 12 wrote growing up in south africa to have access to amazing information and is pouring money into such projects and that's beautiful, but we should not rely on this tokyo company to guide that effort because over time there will be her choice is to make in terms of policy, hard choices in terms of technology, hard choices to make in terms of this.

so i think that if it to start asking questions about whether we want google to handle all of our shopping and all for learning needs. and if we don't and if we recognize google in 20 years is almost certain to be very different company, maybe even known at that time that somebody completely different like the reincarnated head of rupert murdoch. who knows what will happen down the line. but at that point, google won't be the google recruiter please. the mature google of different pressures. who will note the world wide web is in 20 years. we didn't know 20 years ago. and as we move more of our information seeking habits and shopping seeking habits to lock down close devices that aren't really on the web, but connected to digital networks on the lattice. the less money google will make in the long term unless he can

keep expanding market. this is an interesting battle going on that we should pay attention to. google wants people to be comfortable with the web is a certain beginning and is doing everything it can to keep the unit open and free because that is good for google, not just because it is just happens to be good for us, but over time not everything good for google will be good for us don't have to be prepared for that diverges. at those moments we have alas, i did ames really want to preserve and extend and build that google should not do for us or could not do for us. under those conditions, we might want to decide to take some of the root. crazy as it may seem, the route we might want to take is the old-fashioned public library. we might want to invest more in its presence and power and expansion because that reasonable good old-fashioned republican with a smaller institution and is there to help us as citizens and information seekers as learners and students and teachers.

we take it for granted because it worked so well that we make this sort of false conclusion that google sends information to us so efficiently that we need the public library that is, in fact americans these days is the public library with another. americans these days are visiting libraries in record numbers. the americans who have a new visiting library with record numbers don't subscribe to broadband access at home. in fact, they can't actually write a check from comcast broadband and that's what we have to remember because our goal as citizens should be for maximum empowerment of all citizens. our goal is consumer should be to get the best prices. again, that is such a different way of being in the world i think it's time we take both will seriously instead of just one. tonight very much and i thought to answer questions.

[applause] >> i'm blown away off my feet what a pro-google presentation assays. and the only way we should worry that google isn't doing his could not. i'm concerned about the search traces that google collects about individuals. what if i want to learn about something batter in afraid to or about the threat i read about or if that person or gambling and google and surely know about the incident a few years ago where a well published supposedly anonymous and some woman from connecticut was kitten right down their social security number and the wikileaks in the politics of the middle east as far as in tunisia. ..