For my Privacy, Security and Cryptography class, we studied a set of 13 principles for secure systems:

1. Security is Economics
2. Least Privilege
3. Use Fail-Safe Defaults
4. Separation of Responsibility
5. Defense in Depth
6. Psychological Acceptability
7. Usability
8. Ensure Complete Mediation
9. Least Common Mechanism
10. Detect if You Cannot Prevent
11. Orthogonal Security
12. Don’t Rely on Security Through Obscurity
13. Design Security in, From the Start

For our midterm, we were asked to analyze how Facebook exemplifies or does not follow these principles. It was an interesting assignment, which finally forced me to think more thoroughly about Facebook's security policies, and I'm happy to attach my findings here.

For some people these may be rather run of the mill notes. For others, you may be surprised at poor security of the world's biggest photo and social networking site.

Enjoy.

Today I finally finished an article I have been writing for Wikipedia, as part of my IP Law class. The professor for this class is the same as the one that taught the Cyberlaw class I took in the Spring, and once again, he has asked us to work on Wikipedia as part of our classwork.

We were able to choose an article on Wikipedia that was related to the class, and I chose to work on the article on Jacobsen v. Katzer, which is a very important case as it relates to open source licensing, patent law, copyright, DMCA, and just about every other possible IP law issue.

Ultimately, it was a very complicated case because Katzer has attempted to throw the book at Jacobsen (and vice versa). The court has not yet resolved all the issues, but from reading through about half of the court documents that Jacobsen has posted, it appears that Katzer has:

• Patented technology that was not his to patent
• Attempted to get licensing fees from Jacobsen for those patents
• Stolen the intellectual property of an open source project, stripped it of its license and then incorporated it into his own commercial project
• Attempted to sue Jacobsen for copyright violation for something - I'm not even sure what
• And more - see the article for details

In short, it's a nasty, nasty case, but ultimately it should work out for Jacobsen, and he should come out the better (or at least none the worse). At a minimum, he has to prove that the patents are invalid, Katzer stole his IP, and that he didn't steal Katzer's IP - a walk in the park.

Clearly, that's easier said than done, but he's fighting what appears to be the good fight, and it looks like if he keeps at it, he will win in the end.

Well, one more paper down, one more to go! Today I completed the final paper for my class on information law and policy, which was one of my best classes this semester. It was a pretty tough one that required a lot of reading and a lot of extra work for the assignments, but I found it quite rewarding in the end.

The attached assignment is in a similar vein to the one I posted on Tuesday, but approaches the topic from a slightly different angle. The assignment in this case was to present an analysis of some of the policy problems that are raised by a project of our choice. Since I had already done a lot of thinking about the policy implications of how we handle online assets after a death, I decided to analyze some of the problems that are raised, and to postulate some solutions of my own.

Programming Projects

• Juriscraper – An API to scrape American court websites for metadata, 12 February 2012, Python.
• lxml-powered XPath tester, 20 May 2012, Python, Django.
• Swimlane Diagram Generator, 06 September 2010, XSLT, JavaScript, Raphael.
• Mercurial Hook to Automatically Copyright Pushed Files, 24 January 2010, Python.
• F-spot Photo Management Database Cleaner, 14 October 2009, bash, SQL.
• Yelp Scraper, 21 December 2008, Python.
• Twitter Credentials Verification Script, 03 April 2009, Python.
• Pacific Crest Trail Temperature Analysis Visualization, 12 December 2007, Java.

Websites

• CourtListener.com
• MichaelJayLissner.com
• iSchoolPapers.com (now defunct)
• Thanatosensitive.com (now defunct)
• CharityHikers.org (now defunct)

Presentations

• Wrangling Court Data on a National Level, Law via the Internet Conference, 08 October 2012. [pdf]
• Browsers, 30 July 2010.
• Search, 28 July 2010.
• HTML Basics, 09 July 2010.
• Interface Design Final Project, 07 May 2009. [ppt]
• Mechanize, Beautiful Soup and Regular Expressions, 11 April 2009. [pdf]

Papers and Essays

• CourtListener.com: A platform for researching and staying abreast of the latest in the law, Michael Lissner, 07 May 2010. [pdf]
• Exploratory Analysis of Service Recipients of the Community Services Bureau, Michael Lissner, 27 February 2010.
• Breaking ReCAPTCHA, Michael Lissner, 9 December 2009. [pdf]
• Proactive Methods for Secure Design, Michael Lissner, 9 December 2009. [pdf]
• Facebook's Battle Sign, Michael Lissner, 16 November 2009. [pdf]
• Wikipedia Article on Jacobsen v. Katzer, Michael Lissner, et al, 03 October 2009.
• The Difficulties of Managing Online Estates, Michael Lissner, 15 May 2009. [pdf]
• Online Grieving by Default, Michael Lissner, 12 May 2009. [pdf]
• The Layered FTC Approach to Online Behavioral Advertising, Michael Lissner, 02 April 2009. [pdf]
• Technology Revolution and the Fourth Amendment, Michael Lissner, 22 May 2009. [pdf]
• Wikipedia Article on Zeran v. AOL, Michael Lissner, et al, 18 March 2009.
• Sustainability Metrics for the Energy Sector, Michael Lissner, Hazel Onsrud, Sharmila Ravula, 10 December 2008. [pdf]
• TuneRepublic Democratic Jukebox, Ryan Greenberg, Michael Lissner, Zain Syed, 07 January 2009. [pdf]

Yesterday I had an epic writing session, and finished my final paper for my class on the social and organizational issues of information.

The topic of my paper was a bit on the morbid side, but somehow that's what I'm doing a lot of work on this semester. The concept for the paper is that as more and more people create and have online profiles on social networking sites, a system is created where more and more people have an online memorial when they die, whether they intend to or not.

This topic became interesting to me about a year ago when my friend Blake Bigler died of a sudden heart attack (at the age of 25). Immediately afterwards, his Facebook page became a memorial to him where friends posted messages, pictures and the like. To this day, friends still wish him a happy birthday, and post notes on his page.

I thought that this was a dramatic change to the way that deaths occur and are memorialized, and that it needed to be analyzed more carefully, and so my paper was born. If you're interested, please feel free to read the attached.

It's coming down to the end of the semester, and after I finished the attached paper on FTC laws as the apply to online advertising, I did some calculations to figure out what I have to do still.

Turns out I have 68-95 pages to write (give or take), and two projects to complete between today and early May. Things are going to get interesting.

The lay of the land looks like this:

• Two law/policy papers - total of 35-50 pages
• One sociology paper - 25-35 pages
• A final project combining some aesthetics work I have been doing
• Two technology strategy assessments - total of eight pages
• And an online project - watch for this soon

For now, I'll reserve my thoughts on the attached analysis, but I tried to analyze the ways that the FTC regulates online advertising...within an eight page limit.

I normally would post my work here for posterity when I finished it, but my latest assignment was actually due online as a Wikipedia article.

I chose to flesh out the Zeran v. AOL article, and man was it a lot of work. You take for granted the amount of labor that goes into a Wikipedia article until you write one yourself.

The case itself is pretty interesting, if I do say so myself. It's one of the main cases that granted immunity to websites from the postings of third parties. What happened was that somebody posted some inflammatory T-shirts on an AOL bulletin board in 1995, and put down Kenneth Zeran's name and phone number. He got hundreds of phone calls threatening and berating him, and decided to sue AOL as a result for distributing defamatory materials.

Unfortunately for Zeran though, between the time that the materials were posted, and the time that he sued, Congress passed the Communications Decency Act, which pretty much covers AOL's back (and google's, and yahoo's, and youtube's, and pretty much everybody else's).

Sucks to be Zeran, but in the words of one article on the subject, "It...illustrates a hard fact of life: Sometimes there is no legal remedy for those who suffer wrongs."

Interestingly, after all this, Zeran's phone number is still on whitepages.com. I wonder if he knows...

Last semester I took a class at the UC Berkeley School of Business (Haas) entitled Metrics of Sustainability. It was an interesting class all in all, though frustrating at times because of the emphasis on making sustainability something that businesses will want to do. Our professor was a jocular fellow, though his history at large companies became evident in his notes on our final paper.

The paper itself is designed to set up metrics for analyzing the social, financial, and environmental sustainability of a company in the energy sector. The project was at once overly simple and overly complicated. On the one hand, it was really quite tempting to just write metrics like, "Did you damage the environment during the last year?" "Did you lose money?" On the other hand, writing complicated, and specific metrics was really the name of the game, and the hard part was finding the balance between the two. I was quite happy with the balance that we found, but our feedback was that our metrics were too complicated, and that there were too many of them. So it goes I suppose.

In any case, for those interested, I have attached our metrics for the energy sector to this post.

This semester for my Computer-Mediated Communication class I had the opportunity to work with a couple of guys on a project aimed at solving a problem that we have in our society. While perhaps not the greatest problem, the one we identified was how to choose music in a public location that maximally pleases the maximum number of people, and further, how to encourage real-world interaction among and between those people. In other words, how to choose good music, and how to get people to talk to each other rather than bury their nose in their computer.

To long-term readers of this blog, this may sound familiar, as I proposed the idea of a democratic music jukebox a while ago.

All in all, the project went quite well. It was a great team, and we were able to write several papers explaining how such a system would work, and what kinds of problems it would solve. We weren't able to really make the system, however we were able to create a wireframe mockup which should give you some idea of what we had in mind.

For those interested in the idea, I've attached our final paper and poster presentation to this blog entry. The poster itself is a bit cut up so it could be pasted together on poster board. Apologies for that.