Category: Links

Categories
Links Writing

Poison Texts Targeting Mobile Phones

While smartphones get in the news for security reasons related to mobile malware, it’s important that we not forget about the other means of attacking mobile phones. USA Today has a piece which notes that,

One type of poison text message involves tricking people into signing up for worthless services for which they get billed $9.99 a month. Another type lures them into doing a survey to win a free iPhone or gift card. Instead, the attacker gets them to divulge payment card or other info useful for identity-theft scams. “Malicious attacks have exploded well beyond e-mail, and we are very aware of their move to mobile,” says Jacinta Tobin, a board member of the Messaging Anti-Abuse Working Group, an industry group combating the problem.

This approach is really just phishing using text messages. It’s significant, but not necessarily something that we should get particularly jumpy about. The same article recognizes that “hackers are repurposing skills honed in the PC world to attacks on specific mobile devices. Particularly, handsets using Google’s Android operating system are frequently the target of hackers.” What is missing in the article is a recognition that text-based phishing can be made considerably more effective if an individual’s smartphone has already leaked considerable amounts of personal data to the attacker via a third-party application. This is the scenario we should be leery of.

Specifically: we can easily imagine a situation where a hostile application that has been installed on a smartphone acquires enough personal information that an attacker can engage in targeted spear phishing. By getting name, address, names of friends and family, places of employment, recent photos that are geotagged, and so forth, it is possible to trick individuals by text messages to ‘give up’ information. Moreover, by first compromising devices attackers can better target specific individuals based on how the phishermen have profiled device owners: they can be choosy and target those who would either be most vulnerable or best resourced. It’s the integration of two known modes of attack – phishing and compromising smart devices – that will be particularly devastating far in excess of either attack vector on its own.

Categories
Links Writing

American ISPs To Become Real Copyright Cops?

We live in a dangerous time when ISPs – largely to head off potential federal regulations – establish private arrangements with copyright holders to disrupt Internet subscribers from accessing certain content. Sandoval notes that,

Last July, Comcast, Cablevision, Verizon, and Time Warner Cable and other bandwidth providers announced that they had agreed to adopt policies designed to discourage customers from pirating music, movies and software over the Web. Since then, the ISPs have been very quiet about their antipiracy measures.

But during a panel discussion here at a gathering of U.S. publishers, Cary Sherman, CEO of the Recording Industry Association of America, said most of the participating ISPs are on track to begin implementing the program by July 12.

[Subscribers] will also be informed of the risks they incur if they don’t stop pirating material. The ISP then can ratchet up the pressure. The ISPs can choose from a list of penalties or what the RIAA calls “mitigation measures” that include throttling down the customer’s connection speed to suspending Web access until the subscriber agrees to stop pirating. The ISPs can waive the mitigation measure if they choose.

This isn’t a small matter: rights holders regularly make errors when they assert that a person is engaging in infringing behaviour. Rights holders assume that taking ISP subscribers hostage – by throttling or otherwise impacting their online behaviours – will (a) cause subscribers to cease potentially infringing behaviour; (b) lead subscribers to acquire content in non-infringing ways. I suspect that, instead, we’ll witness a ratcheting up of anonymization and encryption schemas to limit file sharing surveillance practices.

Many will say that ISP collaboration is just the next stage of an ongoing cat-and-mouse game but, in so saying this, may fail so see the larger implications of this game. In the UK, worries that the content industry might get powerful new legal capabilities via the Digital Economy Act led the security and intelligence services to protest a copyright-related bill. It wasn’t that the services were supportive of infringement but instead that, by encouraging regular citizens to evade and hide their online actions online for consumer gain, the services’ capabilities to monitor for threats to national security would be degraded.

That’s not a small matter. You may be pleased – or not – that the security and intelligence services’ operations might be hindered. Regardless, your stance doesn’t mitigate the fact that copyright legislation threatens to have far reaching impacts. Using ISPs as traffic cops that establish antagonistic relationships with their subscribers is poor business for the ISPs and potentially makes national security issues more challenging to combat. We need to have a far more holistic accounting of what new copyright capacities and actions mean for society generally and, in the process, get away from narrowed discussions that obfuscate or externalize the full potentialities that accompany the (prospective) criminalization broad swathes of the population.

Categories
Links Writing

How Canada’s Copyright Legislation Will Be Used

In a well-timed piece that aligns with Canada’s new copyright legislation, Techdirt describes how content owners will likely use new digital locks provisions:

The real reason why they want anti-circumvention even when there’s no copyright infringement is because it gives them a veto on any new technology. All they have to do is put in some sort of weak digital lock and suddenly the company has to “negotiate” a deal or they can be sued out of existence.

It isn’t a hypothetical ‘could content owners sue innovators into the ground’ but an action that has, and does, occur in the US. Kaleidescape, a DVD jukebox company, has been served an injunction in the US even though they enable higher degree of anti-infringement encryption than already exists on DVDs.

This is just wrong: innovative services that add value to existing products should be permitted to thrive, not be forced to beg permission to exist. The network neutrality movement is all about enabling innovators to innovate, citizens to speak, and services to interact without having to beg permission of network owners. The copyright cartels are busy crafting – and getting passed – laws that undermine the next-generation capabilities of our communications systems to protect historical revenue streams.

There comes a time that next-generation systems need to be adopted, that revenue canabalization has to occur, and new processes tested and brought to market. Our ‘new’ copyright laws are a direct threat to such innovation and risk leaving North America in a cultural ghetto at the bequest of large, democratically unrepresentative, rights holders.

Categories
Links Writing

Research In Motion to Further Improve Antennas

From The Telecom Blog we learn that RIM has acquired Paratek Microwave Inc. Paratek is:

a company whose adaptive radio-frequency technology improves mobile-handset call quality and battery life. It’s believed that RIM may leverage this acquisition to improve the overall performance of its next generation BlackBerry smartphones.

General Partner of Polaris Venture Partners Alan Spoon believes RIM would benefit immensely by integrating Paratek’s game changer technology into mobile phones. He says the technology allows mobile devices to upload and download large amounts of data faster, making for longer battery life, which coupled with Paratek’s innovative design, leads to a small form factor. More importantly, the Tunable RF reduces dropped calls and allowing reliable data flow across multiple frequency bands, thereby providing an overall enhanced mobile user experience.

One of the reasons that I left behind my Window Phone 7 was its incredibly poor reception. It’s the only smartphone that I’ve owned that regularly dropped calls and made hearing calls a challenge. The iPhone that I used previously was acceptable, but not great: when I had to make, or receive, an important call I found a landline.

I don’t have to find landlines with my 9900. The call quality is terrific. While call quality isn’t something I really would have cared about a few year back – I rarely called people or received calls, and when I did they were usually personal in nature – I do care today because of the various professional calls I make on a daily basis. While the Blackberry isn’t as fun to play on it’s a far more reliable professional tool.

Not having to hunt down a landline saves me a ton of time, and I’m incredibly pleased to see that RIM cares enough about further improving call and signal quality that they are snapping up companies who can bring advantages to their smartphone environment.

Categories
Links Writing

US Internet Imperialism Strikes (Again!)

Wired has run a decent piece surrounding unilateral American seizures of domain names by acting on critical infrastructure governed by US law. A key bit from the article to get you interested:

Bodog.com was registered with a Canadian registrar, a VeriSign subcontractor, but the United States shuttered the site without any intervention from Canadian authorities or companies.

Instead, the feds went straight to VeriSign. It’s a powerful company deeply enmeshed in the backbone operations of the internet, including managing the .com infrastructure and operating root name servers. VeriSign has a cozy relationship with the federal government, and has long had a contract from the U.S. government to help manage the internet’s “root file” that is key to having a unified internet name system.

These domain seizures are a big deal. Despite what some have written, even a .ca address (such as the address country code top level domain linked to this website) could be subjected to a take down that leverages the root file. In effect, US copyright law combined with American control of critical Internet infrastructure is being used to radically extend America’s capability to mediate the speech rights of foreign citizens.

The capacity for the US to unilaterally impact the constitution of the Web is not a small matter: such actions threaten the sovereign right to establish policy and law that governs the lives of citizens living in countries like Canada, Russia, Australia, and Europe generally. Something must be done, and soon, before the Web – and the Internet with it – truly begins to fracture.

Categories
Links Writing

Data Protection Officers Needed in the EU

Peter Fleischer, Google Global Privacy Counsel, notes that most companies with over 250 employees will likely need a Data Protection Officer as a result of updates to European law . He rightly notes that such updates should increase basic data protection awareness in companies, though I have concerns about the effectiveness of securing privacy through data protection.

To be sure, breaches will hopefully be assuaged (though almost certainly not stopped) but data will be protected to the letter of the law as opposed to being secured to the level of citizens’ normative expectations of privacy. As a result, the legalization of data protection and privacy will continue to let companies engage in practices that citizens find upsetting without those practices actually being outlawed or banned.

Categories
Aside Links

Cogeco’s Meters are Still Broken

From DSLReports we find that:

The leap year appears to be the latest thing to confuse Cogeco’s metering software, with users reporting that a bug resulted in them being informed they’d already used their monthly allotment before March even really got started. Notes one of several users:

“I got my 100% warning on March 1st. I use my router as well to watch my usage. My router for Feb shows 170GB, Cogecos 254. I am going to get hit with a $75 charge and I am pissed. Measurement Canada needs to get involved here, this is getting absurd.”

Measurement Canada seems absolutely unwilling to get involved in issues related to mobile or landline data speeds and volume accuracy. We really need to get at least an OfCom level of involvement: the punting between Industry Canada, Measurement Canada, and the CRTC continues to have very real implications for citizens and consumers, and these problems have to be addressed.

 

Categories
Links Writing

How Notice-and-Takedown Hurts Real People

Under DMCA rules a copyright holder can request that content hosts, such as Flickr, take down content that is believed to infringe on the holders’ copyright. Hosts will typically take down content and subsequently notify whomever posted it. The poster can then respond (after the content is already down) to argue that they were within their rights to post the content either because (a) it was the poster’s own content; (b) it was posted under fair use provisions.

Some copyright holders assert that notice-and-takedown is an acceptable approach (others insist that even this is too onerous, and that the hosts themselves should be responsible for policing their users) on the basis that if there is an error then a poster can try and remedy the take down order. Unfortunately, this assumes that whatever is taken down can be, or is, replaced in full after the order is issued. As a recent Techdirt article reveals, this isn’t always the case:

As the system “works” today, it’s open to misuse. And despite claims from proponents of the DMCA process, there’s more at stake than simply the single item in question. With one false DMCA notice, the entire history of a popular photo was erased, taking with it the story of how this “alphabet” came to be. The “notice-and-takedown” process is very obviously broken, resulting in the sort of situation Gorman has described.

When you consider the amount of damage that a single mistaken DMCA notice can do, it’s amazing that this process is still considered to be “fair” by its users. This is yet another strong argument for a notice-and-notice process in which companies and individuals would have a chance to file a counterclaim before the content is deleted, rather than having to assert their claim post-takedown and be left to clean up the resulting mess.

As someone who writes professionally I am genuinely sympathetic to copyright holders: I get that there are prospective revenue losses from infringement and acknowledge that digital copying imposes challenges for historical business models and processes. This said, if a copyright holder demonstrably fails in its due diligence when issuing a notice-and-takedown then it should be held liable, just as it is attempting to hold liable a potentially infringing user. There must be some kind of equity in the notice-and-takedown system or, better, a move to a notice-and-notice system (such as in Canada) to limit the harms that arise from poorly targeted take down efforts.

Categories
Links

Reasons To Not Use A Proxy Server

Some of the reasons to be concerned about using unknown third-parties’ proxy services.

Categories
Links

Police Look Up Woman’s License 425 Times

We should never forget that a large number of data/privacy breeches start from within a bureaucracy/organization. When an audit was performed on the drivers license database in Minnesota, auditors found that a staggering number of officers had ‘checked up’ on a woman’s profile. From the article on this:

The numbers were astounding: One hundred and four officers in 18 different agencies from around the state had accessed her driver’s license record 425 times in what could be one of the largest private data breaches by law enforcement in history.

The Department of Public Safety sent letters to all 18 agencies demanding an Internal Affairs investigation of the 104 officers. If the cops are found to be in violation of federal privacy law, they could be fired.

It isn’t enough to assume that the police are all knights in shining armour, incapable of doing wrong. No: they’re people, with all the expected foibles and failings. Give them information and powers and they will abuse them. The only questions are when and with what consequence.