Computerworld has a nice interview with Jonathan Zittrain, a StopBadware co-director and professor at Oxford and Harvard. Zittrain has just published a new book, The Future of the Internet and How to Stop It, looking at the consequences decreasing openness can have for the capacity for innovation, which he calls “generativity.”

Zittrain explains how badware and other online ills can threaten the future of innovation online:

[T]he qualities that make generative systems good make them susceptible to abuse when they become successful. Then, the natural reaction of many people is to retreat. So there is a migration to “locked down” information appliances, like the iPod, that are not programmable by third parties. And you are increasingly seeing the PC itself locked down in places like offices and schools.

If you’re in the Boston or New York City areas, consider joining us to celebrate the release of Professor Zittrain’s new book. For information, see the Berkman Center’s events page.

StopBadware.org’s parent organization, the Berkman Center for Internet & Society at Harvard Law School, is turning 10 years old this year and is celebrating by giving away $50,000 at its fund raising gala following the Future of the Internet conference:

The Berkman Center for Internet & Society at Harvard Law School is accepting nominations for the first Berkman Awards. The awards will be presented to people or institutions that have made a significant contribution to the Internet and its impact on society over the past decade.

The primary awardee will receive $50,000, and five smaller awards will be given in specific categories such as: human rights/global advocacy; academic and intellectual leadership; pro bono work; infrastructure/communications tools; arts/culture/media; and news/information/journalism.

There are no conditions placed on how the award money must be spent. Nominations for the award will be accepted from the public until April 11, 2008.

April 11 is this Friday, so if you have an idea for a person or organization to nominate, you’d better do so now.

The Anti-Spyware Coalition, of which StopBadware is a member, will hold its next public workshop on January 31 in Washington, DC. The theme for the day will be “Spyware: What’s Worked, What’s Left, and What’s Coming.”

The ASC’s last conference was held here at Harvard, and proved to be an excellent opportunity for a meeting of minds in the anti-spyware space. You can read StopBadware staffers’ notes from that event here.

For more info about the January event, including planned panels and registration, head to the ASC website at antispywarecoalition.org.

Recordings of sessions at the Anti-Spyware Coalition conference, which took place this past Wednesday at Harvard Law School, are now available:

Part 1
Part 2
Part 3

You will need Real 10 Player to play the recordings (free download available here).

We have one more panel’s worth of notes from our blogging of yesterday’s Anti-Spyware Coalition conference. Here, StopBadware researcher Oliver Day shares his notes on the Trends panel, which closed out the day at the conference:

Google:

• The interstitial page. Creates a way to warn users of the search engine when a website is possibly infected.
• The Ghost in the Browser paper by Niels Provos et al. Technical paper on the methodologies used by Google to determine “badness”
• Safe browsing API overview. Opening up more information to the end users
• Online security blog. Tech oriented blog that is a day to day journal of the group.

Truste:

• Program whitelists
• Affiliate networks offloading responsibility

StopBadware:

• Educating consumers
• Guideline creation and security tips for site owners
• Community building via discussion groups, etc.

Site Advisor:

• Built for consumers by MIT engineers
• Bots testing for annoying behaviors

Questions:

How do all these pieces fit together in the security ecosystem? Orgs like Truste try to fill in particular niches like deep product reviews. Google is trying to make searching safer. Stopbadware is in a unique position as a non-profit to act as a watch dog against corporations (see AOL report).

Are we acting as arbiters of the Internet? What happens when we get something wrong? Versions change often (think updates) so how valid are product certifications?

Google claims near zero False Positives based on vetting through partners. No one should surf securely feeling that they are protected from all things. How does one “look both ways” when you are browsing web pages?

False positives can be dealt with on a programmatic level. Creating decays on bans, white lists, etc.

Will/do consumers want their computers to be like appliances?

Porn is a vehicle for a badware codec.

How do we compensate for human stupidity?

How do we evade the bad guys when they know where we are (IP address)?

Community helps develop reputation systems.

What is the opinion of these groups for certifications by other groups? Things marked bad by different orgs are likely to be bad. Things marked good should still be viewed with skepticism.