Categories
Aside Links

American Internet Imperialism

Think about this for a second: you are a good, law abiding citizen, and thus break no local laws. Your state has no reason to bring criminal charges against you. Your actions, however, are provisionally criminal in another jurisdiction. As a result, despite your actions being perfectly legal in your home nation you are threatened with extradition. This is not a theoretical concern:

TVShack was a site that collected links to TV shows. Certainly, many of those shows were likely to be infringing – but TVShack did not host the content at all, it merely linked to it. Richard O’Dwyer, the guy who ran the site, was a student building an interesting project over in the UK. However, the US Department of Justice decided that he was not only a hardened criminal, but one who needed to be tried on US soil. Thus, it began extradition procedures. Even worse, nearly identical sites in the UK had already been found legal multiple times – with the court noting that having links to some infringing content was certainly not criminal copyright infringement. That makes things even more ridiculous, because extradition is only supposed to be allowed for activities that are criminal in both the US and the UK. [Emphasis added]

The implications for extradition would be significant: UK citizens could be extradited to certain countries for actions that are legal within their own nations, on the basis that they violate the laws of other countries. It is precisely this kind of process that can stifle innovation, speech, and association online. It narrows the range of speech actions whilst demanding that – prior to speaking or acting or creating – individuals consult with counsel as the first part of any serious online behaviour.

Such an approach – lawyers, then speech – is directly contradictory with basic rights that form the bedrock of our Western democracies.

Categories
Links

EMI Sues Irish Government

Admittedly this is a few weeks old at this point, but it’s absurd that EMI is trying to sue the Irish government for access to a bill prior to its being introduced.

EMI is effectively confessing here that it’s upset that the government isn’t sharing the bill ahead of time with EMI or others in the industry. Again, the massive sense of entitlement of these guys is such that they expect that they get to write the laws, and when they’re left out of the process, they get to sue over it. And yet, on every one of these laws, the people actually impacted by them – the public – get no real say or can’t see them. Remember ACTA? The public was left totally in the dark, while RIAA/MPAA officials and others had pretty detailed access and the ability to help craft the bills. And yet, when EMI doesn’t get to see a draft of a bill, and it makes them think that it won’t go the way they want, they sue? Damn.

If EMI (and other bodies) get access to these documents then all parties should have access to them, on grounds that the public interest groups should be on equal footing in trying to influence how this legislation is shaped prior to it’s introduction. Perhaps better would be that no one sees the legislation and that experts are ‘simply’ called in to give commentary on the legislation.

Categories
Links Quotations

How to hack a smartphone via radio

Network World:

Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the world’s foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month.

“You tune to the right frequency,” says Kocher, who described the hacking procedure as involving use of a radio device much like a common AM radio that will be set up within about 10 feet from the smartphone. The radio-based device will pick up electromagnetic waves occurring when the crypto libraries inside the smartphone are used, and computations can reveal the private key. “We’re stealing the key as it’s being used,” he says, adding, “It’s independent of key length.”

Kocher says the goal of the hacking demo, which Cryptography Research will demonstrate throughout the RSA Conference at its booth, is not to disparage any particular smartphone manufacturer but to point out that the way crypto is used on devices can be improved.

“This is a problem that can be fixed,” he says, noting Cryptography Research is working with at least one of the major smartphone makers, which he declined to name, on the issues around these types of radio-based attacks.

This is a high level of awesome. I wonder who the major smartphone maker is; Microsoft? Apple?

Categories
Links

Should Microsoft Mandate a Windows Phone Hardware Mute Switch?

testingdavid:

 The audio controls stick to the lock-screen when the phone is locked, in the same screen location but always present to allow even quicker control and obviate the need to tap the volume rocker in order to play, pause or skip on the lock-screen. Interestingly, the “vibrate” or “ring + vibrate” button, which I call the mute switch, does not remain on the lock-screen, and requires that the user press the volume rocker to display it when the phone is locked. This means that to mute a Windows Phone, the user must take the phone out of their pocket, tap the power button, tap the volume rocker, and finally tap the mute switch. With the current iPhone design, the user need only reach into their pocket and flip the hardware switch to prevent all unexpected noises.

The answer to David’s question is clear and unequivocal: YES! While having an excess of rarely needed/used hardware buttons and toggles can diminish the quality of a device, a deficiency of such buttons/toggles can do the same thing. It sounds small, but the ability to rapidly and easily mute a device is a key professional feature of a device.

Categories
Aside

Wasteful

 

 

The stages of absolutely wasteful packaging.

Categories
Humour Links

The 8 Stages of an All-Nighter

An awesome strip on how far too many essays are produced in University. Very truthful. Very painful.

Categories
Links

Videoconferencing Systems Laden With Security Holes?

From a piece in The New York Times, we learn that

Rapid7 discovered that hundreds of thousands of businesses were investing in top-quality videoconferencing units, but were setting them up on the cheap. At last count, companies spent an estimated $693 million on group videoconferencing from July to September of last year, according to Wainhouse Research.

The most popular units, sold by Polycom and Cisco, can cost as much as $25,000 and feature encryption, high-definition video capture, and audio that can pick up the sound of a door opening 300 feet away. But administrators are setting them up outside the firewall and are configuring them with a false sense of security that hackers can use against them.

Whether real hackers are exploiting this vulnerability is unknown; no company has announced that it has been hacked. (Nor would one, and most would never know in any case.) But with videoconference systems so ubiquitous, they make for an easy target.

Two months ago, Mr. Moore wrote a computer program that scanned the Internet for videoconference systems that were outside the firewall and configured to automatically answer calls. In less than two hours, he had scanned 3 percent of the Internet.

In that sliver, he discovered 5,000 wide-open conference rooms at law firms, pharmaceutical companies, oil refineries, universities and medical centers. He stumbled into a lawyer-inmate meeting room at a prison, an operating room at a university medical center, and a venture capital pitch meeting where a company’s financials were being projected on a screen. Among the vendors that popped up in Mr. Moore’s scan were Polycom, Cisco, LifeSize, Sony and others. Of those, Polycom — which leads the videoconferencing market in units sold — was the only manufacturer that ships its equipment — from its low-end ViewStation models to its high-end HDX products — with the auto-answer feature enabled by default.

It sounds like there’s a whole lot of networking/IT admins who either should be fired (for doing a piss poor job of establishing network security) or resourced (if the reasons for the piss poor job is the result of understaffing and lack of proper training). Likely both are required.

Categories
Quotations

“Generally, things are not looking great with Google. I think that people have given Google a lot and with that they’ve trusted [Google] will do the right thing, that they will focus on the user and that their won’t be any surprises,” Marlinspike told IT Pro. “That’s turning out to not be true. They’re not really holding up their end of the bargain there.

“Now they’re saying you have until this time to change your mind, but it’s not about just opting in to providing data, it’s opting in in terms of connecting your life to a network that is controlled by Google.

“It’s difficult to now transition out of that. They were able to build that network through that trust and I feel like it’s not exactly fair for them to change the rules.”

~Moxie Marlinspike, January 26, 2012

Categories
Links

How to Interpret the 5th Amendment?

Declan McCullagh has an article on an important case in the US, where a federal judge has demanded a defendant decrypt a PGP-encrypted drive for the authorities. Case law in the area of decryption is unsettled, as McCullagh notes:

The question of whether a criminal defendant can be legally compelled to cough up his encryption passphrase remains an unsettled one, with law review articles for at least the last 15 years arguing the merits of either approach. (A U.S. Justice Department attorney wrote an article in 1996, for instance, titled “Compelled Production of Plaintext and Keys.”)

Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

On the other hand are civil libertarians citing other Supreme Court cases that conclude Americans can’t be forced to give “compelled testimonial communications” and extending the legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that that such protection extends to the contents of a defendant’s minds, the argument goes, so why shouldn’t a passphrase be shielded as well?

Eventually the case law around encryption has to be addressed by SCOTUS. There are too many differing positions at the moment; clarity is needed both for users of encryption in the US, and for counsel seeking to prosecute and defence clients.

Categories
Writing

parislemon: This Is Why We Can’t Have Nice Things

I agree with parislemon’s general take on the targeting of Apple and labour: Apple isn’t alone, and we can’t ignore the role of local government in (not) regulating the state of affairs at Foxconn (or other large manufacturing) plants. This said, language like the following in unacceptable and intentionally uncritical:

 While this report brings such an issue to the forefront, similar pieces and stories surface quite frequently, actually. Guess what changes? Nothing. It’s shitty to say, but it’s the truth. And we all know it.

The fact of the matter is that we live in a world that demands amazing technology delivered to us at low costs and at great speed. That world leads to Foxconn.

We say we care about the means by which the results are reached when we read stories such as this one. But then we forget. Or we chose not to remember. We buy things and we’re happy that they’re affordable. And then we buy more things. And more. With huge smiles on our faces. Without a care in the world.

In the above quotation, Siegler obfuscates the real role that our governments could have in shaping the supply chain. Imagine: if there were a requirement  that certain imported products (e.g. electronics) had to be certified to meet standardized ethical and human rights requirements. Would that increase the price of goods/prevent some from coming to market, initially? Certainly. As a result Chinese (and other foreign national) companies would dramatically increase labor standards because it would no longer be a competitive advantage to have such incredibly low standards. Prices would stabilize and we could buy iPhones, Blackberry devices, and the rest without sleepless nights.

What must happen, however, is that the West must see beyond itself. Citizens must recognize that they can shape the world, and refuse to just give up on the basis that change would threaten the existing, ethically bankrupt, neo-liberal economic practices that surround our lives. If the EU and North America refused to import ethically suspect electronics and gave significant preferential advantage to companies that were ethical in the production and disposal of goods, then significant change could occur.

It is our choice to adopt, or refuse, to enforce basic human rights in the economic supply chain. Technology – it’s production, usage, and disposal – is rife with ethical quandaries. We have to serious address them if we are to remedy intolerable behaviours the companies like Foxconn perpetuate.