Category: Writing

Categories
Links Writing

Poison Texts Targeting Mobile Phones

While smartphones get in the news for security reasons related to mobile malware, it’s important that we not forget about the other means of attacking mobile phones. USA Today has a piece which notes that,

One type of poison text message involves tricking people into signing up for worthless services for which they get billed $9.99 a month. Another type lures them into doing a survey to win a free iPhone or gift card. Instead, the attacker gets them to divulge payment card or other info useful for identity-theft scams. “Malicious attacks have exploded well beyond e-mail, and we are very aware of their move to mobile,” says Jacinta Tobin, a board member of the Messaging Anti-Abuse Working Group, an industry group combating the problem.

This approach is really just phishing using text messages. It’s significant, but not necessarily something that we should get particularly jumpy about. The same article recognizes that “hackers are repurposing skills honed in the PC world to attacks on specific mobile devices. Particularly, handsets using Google’s Android operating system are frequently the target of hackers.” What is missing in the article is a recognition that text-based phishing can be made considerably more effective if an individual’s smartphone has already leaked considerable amounts of personal data to the attacker via a third-party application. This is the scenario we should be leery of.

Specifically: we can easily imagine a situation where a hostile application that has been installed on a smartphone acquires enough personal information that an attacker can engage in targeted spear phishing. By getting name, address, names of friends and family, places of employment, recent photos that are geotagged, and so forth, it is possible to trick individuals by text messages to ‘give up’ information. Moreover, by first compromising devices attackers can better target specific individuals based on how the phishermen have profiled device owners: they can be choosy and target those who would either be most vulnerable or best resourced. It’s the integration of two known modes of attack – phishing and compromising smart devices – that will be particularly devastating far in excess of either attack vector on its own.

Categories
Links Writing

American ISPs To Become Real Copyright Cops?

We live in a dangerous time when ISPs – largely to head off potential federal regulations – establish private arrangements with copyright holders to disrupt Internet subscribers from accessing certain content. Sandoval notes that,

Last July, Comcast, Cablevision, Verizon, and Time Warner Cable and other bandwidth providers announced that they had agreed to adopt policies designed to discourage customers from pirating music, movies and software over the Web. Since then, the ISPs have been very quiet about their antipiracy measures.

But during a panel discussion here at a gathering of U.S. publishers, Cary Sherman, CEO of the Recording Industry Association of America, said most of the participating ISPs are on track to begin implementing the program by July 12.

[Subscribers] will also be informed of the risks they incur if they don’t stop pirating material. The ISP then can ratchet up the pressure. The ISPs can choose from a list of penalties or what the RIAA calls “mitigation measures” that include throttling down the customer’s connection speed to suspending Web access until the subscriber agrees to stop pirating. The ISPs can waive the mitigation measure if they choose.

This isn’t a small matter: rights holders regularly make errors when they assert that a person is engaging in infringing behaviour. Rights holders assume that taking ISP subscribers hostage – by throttling or otherwise impacting their online behaviours – will (a) cause subscribers to cease potentially infringing behaviour; (b) lead subscribers to acquire content in non-infringing ways. I suspect that, instead, we’ll witness a ratcheting up of anonymization and encryption schemas to limit file sharing surveillance practices.

Many will say that ISP collaboration is just the next stage of an ongoing cat-and-mouse game but, in so saying this, may fail so see the larger implications of this game. In the UK, worries that the content industry might get powerful new legal capabilities via the Digital Economy Act led the security and intelligence services to protest a copyright-related bill. It wasn’t that the services were supportive of infringement but instead that, by encouraging regular citizens to evade and hide their online actions online for consumer gain, the services’ capabilities to monitor for threats to national security would be degraded.

That’s not a small matter. You may be pleased – or not – that the security and intelligence services’ operations might be hindered. Regardless, your stance doesn’t mitigate the fact that copyright legislation threatens to have far reaching impacts. Using ISPs as traffic cops that establish antagonistic relationships with their subscribers is poor business for the ISPs and potentially makes national security issues more challenging to combat. We need to have a far more holistic accounting of what new copyright capacities and actions mean for society generally and, in the process, get away from narrowed discussions that obfuscate or externalize the full potentialities that accompany the (prospective) criminalization broad swathes of the population.

Categories
Links Writing

How Canada’s Copyright Legislation Will Be Used

In a well-timed piece that aligns with Canada’s new copyright legislation, Techdirt describes how content owners will likely use new digital locks provisions:

The real reason why they want anti-circumvention even when there’s no copyright infringement is because it gives them a veto on any new technology. All they have to do is put in some sort of weak digital lock and suddenly the company has to “negotiate” a deal or they can be sued out of existence.

It isn’t a hypothetical ‘could content owners sue innovators into the ground’ but an action that has, and does, occur in the US. Kaleidescape, a DVD jukebox company, has been served an injunction in the US even though they enable higher degree of anti-infringement encryption than already exists on DVDs.

This is just wrong: innovative services that add value to existing products should be permitted to thrive, not be forced to beg permission to exist. The network neutrality movement is all about enabling innovators to innovate, citizens to speak, and services to interact without having to beg permission of network owners. The copyright cartels are busy crafting – and getting passed – laws that undermine the next-generation capabilities of our communications systems to protect historical revenue streams.

There comes a time that next-generation systems need to be adopted, that revenue canabalization has to occur, and new processes tested and brought to market. Our ‘new’ copyright laws are a direct threat to such innovation and risk leaving North America in a cultural ghetto at the bequest of large, democratically unrepresentative, rights holders.

Categories
Links Writing

Research In Motion to Further Improve Antennas

From The Telecom Blog we learn that RIM has acquired Paratek Microwave Inc. Paratek is:

a company whose adaptive radio-frequency technology improves mobile-handset call quality and battery life. It’s believed that RIM may leverage this acquisition to improve the overall performance of its next generation BlackBerry smartphones.

General Partner of Polaris Venture Partners Alan Spoon believes RIM would benefit immensely by integrating Paratek’s game changer technology into mobile phones. He says the technology allows mobile devices to upload and download large amounts of data faster, making for longer battery life, which coupled with Paratek’s innovative design, leads to a small form factor. More importantly, the Tunable RF reduces dropped calls and allowing reliable data flow across multiple frequency bands, thereby providing an overall enhanced mobile user experience.

One of the reasons that I left behind my Window Phone 7 was its incredibly poor reception. It’s the only smartphone that I’ve owned that regularly dropped calls and made hearing calls a challenge. The iPhone that I used previously was acceptable, but not great: when I had to make, or receive, an important call I found a landline.

I don’t have to find landlines with my 9900. The call quality is terrific. While call quality isn’t something I really would have cared about a few year back – I rarely called people or received calls, and when I did they were usually personal in nature – I do care today because of the various professional calls I make on a daily basis. While the Blackberry isn’t as fun to play on it’s a far more reliable professional tool.

Not having to hunt down a landline saves me a ton of time, and I’m incredibly pleased to see that RIM cares enough about further improving call and signal quality that they are snapping up companies who can bring advantages to their smartphone environment.

Categories
Links Writing

US Internet Imperialism Strikes (Again!)

Wired has run a decent piece surrounding unilateral American seizures of domain names by acting on critical infrastructure governed by US law. A key bit from the article to get you interested:

Bodog.com was registered with a Canadian registrar, a VeriSign subcontractor, but the United States shuttered the site without any intervention from Canadian authorities or companies.

Instead, the feds went straight to VeriSign. It’s a powerful company deeply enmeshed in the backbone operations of the internet, including managing the .com infrastructure and operating root name servers. VeriSign has a cozy relationship with the federal government, and has long had a contract from the U.S. government to help manage the internet’s “root file” that is key to having a unified internet name system.

These domain seizures are a big deal. Despite what some have written, even a .ca address (such as the address country code top level domain linked to this website) could be subjected to a take down that leverages the root file. In effect, US copyright law combined with American control of critical Internet infrastructure is being used to radically extend America’s capability to mediate the speech rights of foreign citizens.

The capacity for the US to unilaterally impact the constitution of the Web is not a small matter: such actions threaten the sovereign right to establish policy and law that governs the lives of citizens living in countries like Canada, Russia, Australia, and Europe generally. Something must be done, and soon, before the Web – and the Internet with it – truly begins to fracture.

Categories
Links Writing

Data Protection Officers Needed in the EU

Peter Fleischer, Google Global Privacy Counsel, notes that most companies with over 250 employees will likely need a Data Protection Officer as a result of updates to European law . He rightly notes that such updates should increase basic data protection awareness in companies, though I have concerns about the effectiveness of securing privacy through data protection.

To be sure, breaches will hopefully be assuaged (though almost certainly not stopped) but data will be protected to the letter of the law as opposed to being secured to the level of citizens’ normative expectations of privacy. As a result, the legalization of data protection and privacy will continue to let companies engage in practices that citizens find upsetting without those practices actually being outlawed or banned.

Categories
Links Writing

How Notice-and-Takedown Hurts Real People

Under DMCA rules a copyright holder can request that content hosts, such as Flickr, take down content that is believed to infringe on the holders’ copyright. Hosts will typically take down content and subsequently notify whomever posted it. The poster can then respond (after the content is already down) to argue that they were within their rights to post the content either because (a) it was the poster’s own content; (b) it was posted under fair use provisions.

Some copyright holders assert that notice-and-takedown is an acceptable approach (others insist that even this is too onerous, and that the hosts themselves should be responsible for policing their users) on the basis that if there is an error then a poster can try and remedy the take down order. Unfortunately, this assumes that whatever is taken down can be, or is, replaced in full after the order is issued. As a recent Techdirt article reveals, this isn’t always the case:

As the system “works” today, it’s open to misuse. And despite claims from proponents of the DMCA process, there’s more at stake than simply the single item in question. With one false DMCA notice, the entire history of a popular photo was erased, taking with it the story of how this “alphabet” came to be. The “notice-and-takedown” process is very obviously broken, resulting in the sort of situation Gorman has described.

When you consider the amount of damage that a single mistaken DMCA notice can do, it’s amazing that this process is still considered to be “fair” by its users. This is yet another strong argument for a notice-and-notice process in which companies and individuals would have a chance to file a counterclaim before the content is deleted, rather than having to assert their claim post-takedown and be left to clean up the resulting mess.

As someone who writes professionally I am genuinely sympathetic to copyright holders: I get that there are prospective revenue losses from infringement and acknowledge that digital copying imposes challenges for historical business models and processes. This said, if a copyright holder demonstrably fails in its due diligence when issuing a notice-and-takedown then it should be held liable, just as it is attempting to hold liable a potentially infringing user. There must be some kind of equity in the notice-and-takedown system or, better, a move to a notice-and-notice system (such as in Canada) to limit the harms that arise from poorly targeted take down efforts.

Categories
Writing

Facebook Censorship

I’ve tried to think of something comprehensive to say about the Facebook censorship rules for a few days now. I still don’t have something that really captures how absurd and offensive many of the items listed are. So, rather than give a holistic analysis of the document, here are a few thoughts:

Sex and Nudity

  • Point (1) indicates that permitting foreplay images between members of the same gender is somehow exception, given the statement “Foreplay allowed (Kissing, groping, etc.) even for same sex (man-man/woman-woman.” That this needs to be clearly stated is suggestive of a basic level of discomfort with same sex relationships.
  • Point (12) seems intensely hard to police, with enforcement being contingent on an employee’s own awareness of sexual fetishes. Moreover, given that the definition of a fetish is often derived from the use of inanimate objects as a stimulus to achieve sexual enjoyment/arousal, a high level of subjectivity will almost necessarily come into monitoring for the depiction of sexual fetishes “in any form.”

Hate Content

  • The note that “Humor overrules hate speech UNLESS slur words are present or the humor is not evident” is concerning because, in some circumstances, Facebook recognizes hate speech as somehow appropriate. I would suggest that the capacity for one person to detect humour is a particularly poor (and, arguably, inappropriate) evaluation metric.

Graphic Content

  • Point (1) seems immediately hard to govern, especially given that many Facebook members will support state-sanction violence towards targeted individuals. Example: would graphic comments supporting American efforts to torture Osama bin Laden be inappropriate? Is it OK to call for violence towards ‘bad’ people and not towards ‘good’ ones?
  • Point (6) prohibits the exhibition of what might be termed ‘grisly’ images that clearly show the penetration of skin. Blood or other aspects of a violent act are permitted, but the barrier of the skin is seen as special. This is suggestive of the ‘kinds’ of violence that Facebook recognizes as more or less appropriate for public viewing while imposing a particular cultural norm on a global network.
  • There is “No exception for news or awareness related content.” Thus, any news that is shared by Facebook members must conform to a specific norm of ‘appropriateness’ and failure to conform results in the removal of the content. Such an attitude speaks poorly of the company’s willingness to act as a site for individuals to communicate fully and openly: Facebook is declaring that their monetization depends, in part, on everyone being happy (or at least not shocked) and thus prohibits certain modes of expression.

Credible Threats

  • Point (3), that any threat to a head of state should be escalated, regardless of credibility, is problematic for three reasons. First: it will capture a vast number of users in a dragnet and it is unclear just little would place a user within this net (e.g. would “I fucking hate X and wish we’d just kill X” qualify?) Second: it stinks of an effort to pass responsibility to another party, so that if a particular message is ever linked to an attack then Facebook would be minimally responsible. Third: the number of potential threats can outpace professional security audit staff’s capability to ascertain real/false threats. Dragnet surveillance for this kind of behaviour is a poor means of identifying actual threats.

Those are some of my thoughts about this particular document. There are others that are still crystallizing and once/if I develop a full thought about the document I’ll be sure to post it.

Categories
Links Writing

FYI: Governments Spy On Citizens. A Lot.

You often hear that if you’ve nothing to hide then government surveillance isn’t really something you should fear. It’s only the bad people that are targeted! Well….sorta. It is the case that (sometimes) ‘bad people’ are targeted. It’s also (often) the case that the definition of ‘bad people’ extends to ‘individuals exercising basic rights and freedoms.’ This is the lesson that a woman in the US learned: the FBI had secretly generated a 436 page report about her on the grounds that she and friends were organizing a local protest.

What’s more significant is the rampant inaccuracies in the report. The woman herself notes that,

I am repeatedly identified as a member of a different, more mainstream liberal activist group which I was not only not a part of, but actually fought with on countless occasions. To somehow not know that I detested this group of people was a colossal failure of intelligence-gathering. Hopefully the FBI has not gotten any better at figuring out who is a part of what, and that this has worked to the detriment of their surveillance of other activists. I am also repeatedly identified as being a part of campaigns that I was never involved with, or didn’t even know about, including protests in other cities. Maybe the FBI assumes every protester-type attends all other activist meetings and protests, like we’re just one big faceless monolith. “Oh, hey, you’re into this topic? Well, then, you’re probably into this topic, right? You’re all pinkos to us.”

In taking a general survey of all area activists, the files keep trying to draw non-existant connections between the most mainstream groups/people and the most radical, as though one was a front for the other. There are a few flyers from local events that have nothing to do with our campaign, including one posted to advertise a lefty discussion group at the university library. The FBI mentions that activists may be planning “direct action” at their meetings, which the document’s author clarifies means “illegal acts.” “Direct action” was then, and I’d say now, a term used to talk about civil disobedience and intentional arrests. While such things are illegal actions, the tone and context in these FBI files makes it sound like protesters got together and planned how to fly airplanes into buildings or something.

You see, it isn’t just the government surveillance that is itself pernicious. It’s the inaccuracies, mistaken profilings, and generalized suspicion cast upon citizens that can cause significant harms. It is the potential for these profiles to be developed and then sit indefinitely in government databases, just waiting to be used against law abiding ‘good’ citizens, that should give all citizens pause before they grant authorities more expansive surveillance powers.

Categories
Links Writing

I Like The Apps, But Not The Design

A new version of the iPad is coming. The latest ‘craze’ around this version is whether or not it will come with a home button. To date, there’s been one particularly strong ‘In Defence of the Home Button’ post by Dave Caolo, which is effectively a listing of all the functions that Apple has tied to the singular button at the bottom of each iDevice.

This button isn’t going anywhere. And that’s really unfortunate, because better – or at least equivalent – options are out there.

The PlayBook is seriously lacking on apps. SERIOUSLY LACKING. But the hardware design of the device is stunning. I don’t need to pay attention to what is up, down, left, or right because of how RIM has integrated the bezel functionality. For a quick overview of the bezel options, check out the video below:

This isn’t to say that the Playbook is a winner hands down. Apple’s home button is linked to variety of accessibility options which are lacking on the Playbook. Also, Apple has a series of gestures that enable similar features as the Playbook, though I’m far less impressed at how they’re integrated. Because of how awkward these gestures tend to be, I tend to just use the home button, which can be incredibly inconvenient depending on the iPad’s orientation at the time.

My dream would be Apple getting creative and bringing the hardware design leadership of the Playbook to the app-rich iDevice environment. I’m not holding my breath through.