Three stories this week that I think together highlight both the good and bad sides of having the Internet around and the challenge it poses.

The good, user vigilance division: I saw a posting a few days ago on a community board I frequent that eBay was in the middle of being hacked. This eBay forum thread discusses the hack, though I don’t know how long the link will be valid. The story also got Slashdotted and YouTubed (someone made a video of the hack in progress, which involved posting user IDs along with contact and cc information, though eBay said the latter was not associated with the IDs). Someone else logged a list of posted IDs. It’s worth pointing out that this community effort warned people before eBay made an official response - by all accounts it took eBay an hour to an hour and a half to realise what was going on and shut down the Trust and Safety forum, where the information was being posted. How long would it take a government department on a weekend? eBay is, of course, a very big target; large government projects will be even bigger ones.

The good, keeping companies honest division: the comments, here on this week’s Excel bug were, I thought, rather interesting. The MS guy was trying to reassure them by saying that the underlying calculations are correct even though Excel is displaying the wrong values in the spreadsheet. But as the comments point out, this isn’t much comfort. People copy and paste values, and they read aloud and copy from printouts of spreadsheets - an error like this can find its way into all sorts of places. The machines are fine as long as they only talk to each other - it’s crossing the machine/human barrier that’s dangerous. Through the lens of the nanotech conference one might ask whether at some point the machines might decide we’re too risky to talk to. Interesting to speculate what the surfaces of computer programs would look like without the need for human display. (eg, Internet addresses would all be numbers, and there would be no domain name system).

The bad, enabling anonymous distribution of performance-enhancing drugs. This week saw a huge DEA action in the US that took out more than 50 labs churning out steroid pills from powders sourced from China and more than 120 arrests. The pills, which the DEA says were made up in bathtubs and sinks in unsanitary conditions (as much like scare tactics as that sounds - it’s probably true, but it’s not clear how big a risk it is compared to ingesting the steroids themselves), were largely sold over the Internet through Web sites and chat boards to folks like amateur bodybuilders and high school kids, if I’m reading this right. Illegal drug smuggling is of course nothing new, but as much as we make fun of the oft-invoked Four Horsement of the Infocalypse (organised crime, drug dealers, terrorists, and pedophiles) a DEA report from 2003 talks about the setup they’ve since spent two years investigating, and one of the points they make is the difficulty posed to them by services like Hushmail. It dismays me quite a lot that the general answer to this problem overall (and I think if kids are taking steroids to make the football team it *is* a problem) is rampant drug testing with all the privacy invasiveness and presumption of guilt that involves. Going after the distribution network seems to me a better idea, though I doubt long-term it will make much odds. Since WADA’s testing regime began drug use has done little but escalate among athletes at all levels, AFAICT. The Net didn’t make this happen, and correct enforcement is not to shut down privacy-enhancing services or Web forums but to investigate in the physical world. I don’t think, though, that morality plays like last week’s sententious posturing over Floyd Landis’s suspension from cycling, help at all. If anything, they serve to highlight the notion that winners take drugs…

wg