Friday, April 23, 2004

NYT: Pentagon Ban on Pictures of Dead Troops Is Broken
EUpolitix has a succinct report on MEPs taking on the Commission and the US over the deal on the transfer of airline passenger data.

Thursday, April 22, 2004

Brad Templeton, chairman of the EFF, amongst other things, has produced a thoughtful analysis of the 'GMail Saga'.
The Bush administration is apparently proposing to give ally countries another 2 years to devop biometric passports. Secretary of State Colin Powell says

"Rushing a solution to meet the current deadline virtually guarantees that we will have systems that are not operable... Such a result may undercut international acceptance of this new technology as well as compound rather than ease our overall challenge."

The European Commission have issued a Communication on the Management of
Copyright and Related Rights
. In it they eulogise digital rights management (DRM) as the solution to all ills of the copyright variety, most specifically this time royalty collection agencies problems. What is it about biometric national ID cards, DRM, RFIDs, electronic voting machines, computers, technology in general that make them superficially attractive solutions to everything? The right technology appropriately deployed can be a terrific boon but why can't people understand that it is not usually a particularly good idea to start with a [technological] 'solution' and then go looking for a problem, just so you can use the 'solution'?
A Barcelona night club is allegedly implanting RFID chips in VIP customers so they don't need to worry about carrying a wallet about. No comment.

Tuesday, April 20, 2004

Despite the pending lawsuit against ClearPlay and others by the Directors Guild of America and the movie studios, it appears as though Walmart is going to be selling DVD players with ClearPlay filters built in. I wonder what the demand will be like and how that will affect the dynamics of the court case?
The United States Institute of Peace, which I admit I'd never prviously heard of, have issued a paper saying terrorists use the Internet too but for more routine activities than the hyped-up cyberterrorism feedstuff of the mainstream media. Terrorist organisations are said to have three major audiences:
Current and potential supporters
International public opinion
Enemy publics (i.e. citizens of states they are fighting)
and use the Net in 8 different (sometimes overlapping) ways:
Psychological warfare
Publicity and propaganda
Data mining
Recruitment and mobilisation
Sharing information
Planning and coordination

The report does imply that steganography is in widespread use by terrorist organisations but there is no direct evidence offered to that effect. The mainstream media has periodically salivated at the notion of religeous fundamentalist terrorists hiding messages in online porn but no evidence to that effect has been forthcoming. Being only 12 pages long the paper is just an overview I assume but it might be interesting to hear more details of the study.
Wonderful Ed Helms skit at Comedy Central about e-voting. Not to be missed. This kind of comedy does more to communicate the problems with electronic voting than all the ranting that I do on the subject.
Jay Rosen has a thoughtful analysis of the recent furore over inappropriate comments by a Democrat-supporting blogger. Another example of the scandalmongering of mainstream politics and media out-manoeuvering the democratising potential of the net.
The Berkman Center at Harvard have done an interesting study on Apple's iTunes service focussing on

Interaction between Copyright and Contract Law
Digital Rights Management
Digital First Sale Doctrine
Fair Use Doctrine

Worth a look.

Monday, April 19, 2004

There are two lovely essays in Bruce Schneier's latest Crypto-Gram, one on national identity cards and the second on the economic incentives to rig electronic voting machines. On national ID cards:

"But my primary objection isn't the totalitarian potential of national
IDs, nor the likelihood that they'll create a whole immense new class
of social and economic dislocations. Nor is it the opportunities they
will create for colossal boondoggles by government contractors. My
objection to the national ID card, at least for the purposes of this
essay, is much simpler.

It won't work. It won't make us more secure.

In fact, everything I've learned about security over the last 20 years
tells me that once it is put in place, a national ID card program will
actually make us less secure.

My argument may not be obvious, but it's not hard to follow,
either. It centers around the notion that security must be evaluated
not based on how it works, but on how it fails.

It doesn't really matter how well an ID card works when used by the
hundreds of millions of honest people that would carry it. What
matters is how the system might fail when used by someone intent on
subverting that system: how it fails naturally, how it can be made to
fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we
make it, it will be forged. And even worse, people will get legitimate
cards in fraudulent names...

... the main problem with any ID system is that it requires the
existence of a database. In this case it would have to be an immense
database of private and sensitive information on every American -- one
widely and instantaneously accessible from airline check-in stations,
police cars, schools, and so on.

The security risks are enormous. Such a database would be a kludge of
existing databases; databases that are incompatible, full of erroneous
data, and unreliable. As computer scientists, we do not know how to
keep a database of this magnitude secure, whether from outside hackers
or the thousands of insiders authorized to access it.

And when the inevitable worms, viruses, or random failures happen and
the database goes down, what then? Is America supposed to shut down
until it's restored?

Proponents of national ID cards want us to assume all these problems,
and the tens of billions of dollars such a system would cost -- for
what? For the promise of being able to identify someone?"

Tim O'Reilly doesn't understand all the fuss about Google's Gmail and privacy.