Pages
▼
Friday, August 05, 2005
Copy protected Sony CDs don't work with iPods
Furdlog has picked up a story saying Sony's copy protected CDs don't work with iPods.
Skip the border guard
Skip the border guard, fast-track the IT - security, UK style John Lettice in full flow
"So shall we just sum that up? A terror suspect appears to have fled the country by the simple expedient of walking past an empty desk, and the Government's reaction is not to put somebody at the desk, or to find out why, during one of the biggest manhunts London has ever seen, it was empty in the first place. No, the Government's reaction is to explain its abject failure to play with the toys it's got by calling for bigger, more expensive toys sooner."
It's a wide ranging article, well worth reading in full.
"So shall we just sum that up? A terror suspect appears to have fled the country by the simple expedient of walking past an empty desk, and the Government's reaction is not to put somebody at the desk, or to find out why, during one of the biggest manhunts London has ever seen, it was empty in the first place. No, the Government's reaction is to explain its abject failure to play with the toys it's got by calling for bigger, more expensive toys sooner."
It's a wide ranging article, well worth reading in full.
New EU IP crime directive proposed
The EU have proposed a new directive on criminal measures aimed at ensuring the enforcement of intellectual property rights. A html version is also available. Pamela Jones at Groklaw is concerned that it is the kind of legal framework that companies like SCO would have a field day with. Looks to me at first glance like an adjunct to the IPR enforcement directive passed in the Spring of 2004.
Schneier on Ciscogate
Bruce Schneier turns his usual sensible take on all things to do with security to the Cisco v Lynn dispute.
"I've written about full disclosure, and how disclosing security vulnerabilities is our best mechanism for improving security -- especially in a free-market system. (That essay is also worth reading for a general discussion of the security trade-offs.) I've also written about how security companies treat vulnerabilities as public-relations problems first and technical problems second. This week at BlackHat, security researcher Michael Lynn and Cisco demonstrated both points...
The security implications of this are enormous. If companies have the power to censor information about their products they don't like, then we as consumers have less information with which to make intelligent buying decisions. If companies have the power to squelch vulnerability information about their products, then there's no incentive for them to improve security...
Full disclosure is good for society. But because it helps the bad guys as well as the good guys (see my essay on secrecy and security for more discussion of the balance), many of us have championed "responsible disclosure" guidelines that give vendors a head start in fixing vulnerabilities before they're announced."
"I've written about full disclosure, and how disclosing security vulnerabilities is our best mechanism for improving security -- especially in a free-market system. (That essay is also worth reading for a general discussion of the security trade-offs.) I've also written about how security companies treat vulnerabilities as public-relations problems first and technical problems second. This week at BlackHat, security researcher Michael Lynn and Cisco demonstrated both points...
The security implications of this are enormous. If companies have the power to censor information about their products they don't like, then we as consumers have less information with which to make intelligent buying decisions. If companies have the power to squelch vulnerability information about their products, then there's no incentive for them to improve security...
Full disclosure is good for society. But because it helps the bad guys as well as the good guys (see my essay on secrecy and security for more discussion of the balance), many of us have championed "responsible disclosure" guidelines that give vendors a head start in fixing vulnerabilities before they're announced."
Ciscogate
Jennifer Granick has the inside story on Cisco suing security researcher Mike Lynn over his talk explaining a Cisco security vunerability at the Black Hat conference recently. She represented Lynn in the legal negotiations which were eventually settled out of court.
Thursday, August 04, 2005
Shocking Orwell
Victor Keegan in the Guardian thinks George Orwell would be shocked at present day support for surveillance technologies.
UK minister apologises for overselling ID cards
The UK government are trying new kinder, gentler tactics to persuade people about the need for ID cards now that public support for the idea is dropping off. Home Office minister Tony McNulty who is in charge of the scheme has admitted that the government got a bit carried away in implying that the ID cards might
"be a panacea for identity fraud, benefit fraud, terrorism, and entitlement and access to public services...
Perhaps we ran away with it in our enthusiasm. I apologise for our overselling the case for ID cards ..."
That's a bit of a turn up for the books but the cynic in me sees it as little more than more politicking, since they are going ahead with the scheme anyway and they're still going on the attack against the LSE and other critics. The Guardian article seems to be suggesting that the sudden realisation of the existence of a procedural blockage could be behind the softer approach. Apparently the House of Lords will be able to stop the cards being made compulsory because the government intended to slip this through in secondary legislation. But if the Lords say no to this there will be nothing the government can do about it.
This is a classic example of where arcane but supremely important constitutional procedures, of almost no interest to all but the dedicated few, have a real, direct, practical effect on the lives of every citizen. If that's what it takes to kill the ID card proposals currently on the table then more power to those Lords' elbows.
"be a panacea for identity fraud, benefit fraud, terrorism, and entitlement and access to public services...
Perhaps we ran away with it in our enthusiasm. I apologise for our overselling the case for ID cards ..."
That's a bit of a turn up for the books but the cynic in me sees it as little more than more politicking, since they are going ahead with the scheme anyway and they're still going on the attack against the LSE and other critics. The Guardian article seems to be suggesting that the sudden realisation of the existence of a procedural blockage could be behind the softer approach. Apparently the House of Lords will be able to stop the cards being made compulsory because the government intended to slip this through in secondary legislation. But if the Lords say no to this there will be nothing the government can do about it.
This is a classic example of where arcane but supremely important constitutional procedures, of almost no interest to all but the dedicated few, have a real, direct, practical effect on the lives of every citizen. If that's what it takes to kill the ID card proposals currently on the table then more power to those Lords' elbows.
Canadian ISP blocks 766 sites
In it's efforts to block access to a union website, Canadian ISP, Telnus also inadvertently blocked out another 766 websites, according to the OpenNet Initiative run jointly by the Citizen Lab at the Munk Centre for International Studies, University of Toronto, the Berkman Center for Internet & Society at Harvard, and the Advanced Network Research Group at Cambridge University.
Blocked sites included those of an engineering company, a breast cancer charity and a recycling company. Because they chose to filter on the basis of the IP address, it resulted in this extensive "collatoral filtering".
Crude filtering can and does result in unnecessary censorship. In one case the ONI discovered that South Korean ISPs attempting to block access to 31 North Korean sites, also blocked 3167 sites hosted on the same servers as the sites targeted. This blog is regularly blocked, as crude filters assume that the treble x in the title means that it must be some sort of porn site. I've been at conference centres where I can't access my own blog in order to check something out because of this and even when I am successful at getting a block lifted, the next automatic trawl puts my b2fxxx ramblings right back on that black list again.
Blocked sites included those of an engineering company, a breast cancer charity and a recycling company. Because they chose to filter on the basis of the IP address, it resulted in this extensive "collatoral filtering".
Crude filtering can and does result in unnecessary censorship. In one case the ONI discovered that South Korean ISPs attempting to block access to 31 North Korean sites, also blocked 3167 sites hosted on the same servers as the sites targeted. This blog is regularly blocked, as crude filters assume that the treble x in the title means that it must be some sort of porn site. I've been at conference centres where I can't access my own blog in order to check something out because of this and even when I am successful at getting a block lifted, the next automatic trawl puts my b2fxxx ramblings right back on that black list again.
Euro infringing my patent
The European Central Bank have been sued for patent infringement. The patent in question concerns the anti-counterfeiting measures used in Euro bank notes.
"Document Security Systems Inc. said in a lawsuit filed Monday in Luxembourg that all 30 billion euro bank notes in circulation infringe on a patent it acquired this year that was issued by the European Patent Office in 1999. It is seeking unspecified royalties from the European Central Bank in Frankfurt, Germany."
"Document Security Systems Inc. said in a lawsuit filed Monday in Luxembourg that all 30 billion euro bank notes in circulation infringe on a patent it acquired this year that was issued by the European Patent Office in 1999. It is seeking unspecified royalties from the European Central Bank in Frankfurt, Germany."
Tuesday, August 02, 2005
Mowry v Viacom
William Patry recommends a copyright decision issued by judge Andrew Peck last week, Mowry v Viacom. Mowry complained that the Jim Carey film, "The Truman Show", infringed the copyright in his unpublished script. If you're into legalese it's certainly a clear, thoughful, thorough and sensible ruling. Given the amount of copyright litigation (including volumes of threatening cesae and desist letters) that goes on these days, what's interesting is the judge's clear exposition of the burden of proof on the plaintiff, which is higher than critics of copyright laws might have been led to expect.
For example, in respect of proving the alledged infringer's access to the infringed work, in the US "Access means that an alledged infringer had a 'reasonable possibility' - not simply a 'bear possibility' - of hearing [or seeing] the prior work; access cannot be based on mere 'speculation or conjecture.'" He goes on to explain what this means in real terms in relation to the relevant precedents.
There's even a bit of humour, in relation to the expert witness evidence Mowry used to demonstrate the similarity of the scripts:
"Mowry points to no case in which an expert using cladistic or phylogenetic tree analysis has been used to show striking similarity (or even substantial similarity) between literary works, and the Court's research has found no such cases. While it is true that there must be a first time for an expert methodology to be accepted by the courts, this is not the case."
No, I don't know what "cladistic or phylogenetic tree analysis" is either but full marks to Mowry for trying and to the judge for a clear, sensible decision. Sometimes the little guy loses for the right reasons.
For example, in respect of proving the alledged infringer's access to the infringed work, in the US "Access means that an alledged infringer had a 'reasonable possibility' - not simply a 'bear possibility' - of hearing [or seeing] the prior work; access cannot be based on mere 'speculation or conjecture.'" He goes on to explain what this means in real terms in relation to the relevant precedents.
There's even a bit of humour, in relation to the expert witness evidence Mowry used to demonstrate the similarity of the scripts:
"Mowry points to no case in which an expert using cladistic or phylogenetic tree analysis has been used to show striking similarity (or even substantial similarity) between literary works, and the Court's research has found no such cases. While it is true that there must be a first time for an expert methodology to be accepted by the courts, this is not the case."
No, I don't know what "cladistic or phylogenetic tree analysis" is either but full marks to Mowry for trying and to the judge for a clear, sensible decision. Sometimes the little guy loses for the right reasons.
BPI take 5 to court
The British Phonographic Industry are taking five people to court for P2P music swapping. They've already settled out of court with about 60 people according to this Guardian report but failed to reach a settlement with the folk they are suing. One woman has claimed she doesn't have the means to pay the £4000 the BPI are asking. In a familiar story, the teenage daughter was alledgedly involved in the copyright infringement and her mother has no computer skills and doesn't use the machine at all but "just pays the bills."
JISC £15 million for IT and open content
The Joint Information Systems Committee, JISC, have been given an "extra £15m to invest in IT initiatives to support learning, teaching and research." (on top of £25 million they got earlier in the year).
According to the announcement,
The funds, totalling £40m, will be used for a range of activities and represents a significant investment to support and enhance further the UK’s digital infrastructure, access to online content and the development of digital repositories...
The funding, which covers the years 2006 – 2008, will be invested in the following areas of activity:
continued development of the JANET network, including the incorporation of the UKLight testbed network, which links communities of researchers around the world, to JANET;
further digitisation of major scholarly collections;
enhancement to a range of e-learning programmes, including e-assessment, e-portfolios and e-learning tools;
development of the e-infrastructure, including the development of collaborative environments, such as virtual research environments;
development of a shared infrastructure to support the growing use of institutional repositories."
According to the announcement,
The funds, totalling £40m, will be used for a range of activities and represents a significant investment to support and enhance further the UK’s digital infrastructure, access to online content and the development of digital repositories...
The funding, which covers the years 2006 – 2008, will be invested in the following areas of activity:
continued development of the JANET network, including the incorporation of the UKLight testbed network, which links communities of researchers around the world, to JANET;
further digitisation of major scholarly collections;
enhancement to a range of e-learning programmes, including e-assessment, e-portfolios and e-learning tools;
development of the e-infrastructure, including the development of collaborative environments, such as virtual research environments;
development of a shared infrastructure to support the growing use of institutional repositories."
Monday, August 01, 2005
WiFi freeloading now crime in the UK
EdFelton draws my attention to a BBC story
"A British man has been fined and given a suspended prison sentence for connecting to a stranger’s WiFi access point without permission, according to a BBC story. There is no indication that he did anything improper while connected; all he did was to park his car in front of a stranger’s house and connect his laptop to the stranger’s open WiFi network. He was convicted of “dishonestly obtaining an electronic communications service”...
Another part of the BBC article is even scarier:
“There have been incidences where paedophiles deliberately leave their wireless networks open so that, if caught, they can say that is wasn’t them that used the network for illegal purposes,” said NetSurity’s Mr Cracknell.
Such a defence would hold little water as the person installing the network, be they a home user or a business, has ultimate responsibility for any criminal activity that takes place on that network, whether it be launching a hack attack or downloading illegal pornography."
I doubt this is true. If it is, everybody who runs a WiFi network is at risk of a long jail sentence. "
"A British man has been fined and given a suspended prison sentence for connecting to a stranger’s WiFi access point without permission, according to a BBC story. There is no indication that he did anything improper while connected; all he did was to park his car in front of a stranger’s house and connect his laptop to the stranger’s open WiFi network. He was convicted of “dishonestly obtaining an electronic communications service”...
Another part of the BBC article is even scarier:
“There have been incidences where paedophiles deliberately leave their wireless networks open so that, if caught, they can say that is wasn’t them that used the network for illegal purposes,” said NetSurity’s Mr Cracknell.
Such a defence would hold little water as the person installing the network, be they a home user or a business, has ultimate responsibility for any criminal activity that takes place on that network, whether it be launching a hack attack or downloading illegal pornography."
I doubt this is true. If it is, everybody who runs a WiFi network is at risk of a long jail sentence. "
Rule by fools
Bryan Caplan, Associate Professor of Economics at George Mason University, reckons Rule By Fools Is the Rule,
"democratic rule by fools is perfectly normal. Or to be more accurate, in a democracy our rulers are older versions of the popular kids from high school. The only difference is that politicians are champions in the Olympics of popularity contests. They are painfully weak on substance, but have an amazing ability to make people like them. And if they have to choose between being right and being popular, they don't think twice. They're Olympians; their overriding priority is winning...
We're ruled by fools election after election because the majority habitually prefers affable fools to disagreeable pedants."
Wonderful!
"democratic rule by fools is perfectly normal. Or to be more accurate, in a democracy our rulers are older versions of the popular kids from high school. The only difference is that politicians are champions in the Olympics of popularity contests. They are painfully weak on substance, but have an amazing ability to make people like them. And if they have to choose between being right and being popular, they don't think twice. They're Olympians; their overriding priority is winning...
We're ruled by fools election after election because the majority habitually prefers affable fools to disagreeable pedants."
Wonderful!
Cory to drop Apple?
Cory Doctorow has been using Apple computers simce 1979. If they build drm into their new architecture, though, he's going to look for another vendor.
"I've been an Apple user since 1979. I've owned dozens -- probably more than a hundred -- Macintoshes. When I worked in the private sector, I used to write purchase orders for about a quarter-million dollars' worth of Apple hardware every year. I've stuck with the machines over the years because the fit-and-finish of the OS and the generally kick-ass hardware made them the best choice for me. I've converted innumerable people to the Mac (most recently I got my grandmother's octogenarian boyfriend to pick up a Mac Mini, which he loves). Hell, I even bought half a dozen Newtons over the years...
The Trusted Computing people say that they intend on Trusted Computing being used to stop the unauthorized distribution of music, but none of them has ever refuted the Darknet paper, where several of Trusted Computing's inventors explain that Trusted Computing isn't fit to this purpose.
The point of Trusted Computing is to make it hard -- impossible, if you believe the snake-oil salesmen from the Trusted Computing world -- to open a document in a player other than the one that wrote it in the first place, unless the application vendor authorizes it. It's like a blender that will only chop the food that Cuisinart says you're allowed to chop. It's like a car that will only take the brand of gas that Ford will let you fill it with. It's like a web-site that you can only load in the browser that the author intended it to be seen in...
So that means that if Apple carries on down this path, I'm going to exercise my market power and switch away, and, for the first time since 1979, I won't use an Apple product as my main computer. I may even have my tattoo removed.
My data is my life, and I won't keep it in a strongbox that someone else has the keys for."
"I've been an Apple user since 1979. I've owned dozens -- probably more than a hundred -- Macintoshes. When I worked in the private sector, I used to write purchase orders for about a quarter-million dollars' worth of Apple hardware every year. I've stuck with the machines over the years because the fit-and-finish of the OS and the generally kick-ass hardware made them the best choice for me. I've converted innumerable people to the Mac (most recently I got my grandmother's octogenarian boyfriend to pick up a Mac Mini, which he loves). Hell, I even bought half a dozen Newtons over the years...
The Trusted Computing people say that they intend on Trusted Computing being used to stop the unauthorized distribution of music, but none of them has ever refuted the Darknet paper, where several of Trusted Computing's inventors explain that Trusted Computing isn't fit to this purpose.
The point of Trusted Computing is to make it hard -- impossible, if you believe the snake-oil salesmen from the Trusted Computing world -- to open a document in a player other than the one that wrote it in the first place, unless the application vendor authorizes it. It's like a blender that will only chop the food that Cuisinart says you're allowed to chop. It's like a car that will only take the brand of gas that Ford will let you fill it with. It's like a web-site that you can only load in the browser that the author intended it to be seen in...
So that means that if Apple carries on down this path, I'm going to exercise my market power and switch away, and, for the first time since 1979, I won't use an Apple product as my main computer. I may even have my tattoo removed.
My data is my life, and I won't keep it in a strongbox that someone else has the keys for."
Missing digital music
The Wall Street Journal has a nice article today about why so many old music albums are not available in digital form.
"while most pop new releases are a click away, some artists' "back catalogs" are frustrating patchworks, with albums unavailable because of rights issues, because clearing those rights isn't a priority for a record label, or maybe just because they're way down on an awfully long list. Think of them as the digital-music revolution's missing in action."
Part of the problem is that when the music was produced there was no digital rights smallprint in the contracts. There are also publishing rights issues and the music labels own policies on releasing back catalogue material (it's low priority).
Yet when this is all sorted out, these WSJ journalists seem to think that the labels back catalogue is "found money", just as CDs were in their early days, as people bought CD versions of their favorite albums.
"while most pop new releases are a click away, some artists' "back catalogs" are frustrating patchworks, with albums unavailable because of rights issues, because clearing those rights isn't a priority for a record label, or maybe just because they're way down on an awfully long list. Think of them as the digital-music revolution's missing in action."
Part of the problem is that when the music was produced there was no digital rights smallprint in the contracts. There are also publishing rights issues and the music labels own policies on releasing back catalogue material (it's low priority).
Yet when this is all sorted out, these WSJ journalists seem to think that the labels back catalogue is "found money", just as CDs were in their early days, as people bought CD versions of their favorite albums.
Disney fingerprints
Ed Felten alerts me to the fact that Disney World are fingerprinting customers, almost certainly to effect price discrimination.
" Disney sells multi-day tickets at a discount. They don’t want people to buy (say) a ten-day ticket, use it for two days, and then resell the ticket to somebody else. Disney makes about $200 more by selling five separate two-day tickets than by selling a single ten-day ticket. To stop this, they fingerprint the users of such tickets and verify that the fingerprint associated with a ticket doesn’t change from day to day."
" Disney sells multi-day tickets at a discount. They don’t want people to buy (say) a ten-day ticket, use it for two days, and then resell the ticket to somebody else. Disney makes about $200 more by selling five separate two-day tickets than by selling a single ten-day ticket. To stop this, they fingerprint the users of such tickets and verify that the fingerprint associated with a ticket doesn’t change from day to day."
WIPO development meeting fails
The third WIPO Development Agenda meeting has ended without agreement. There are concerns noted here by the EFF that the US and Japan have undermined a useful process by insisting that the work of the committee tasked with "providing the WIPO General Assembly with specific recommendations for reform" should be transferred to another "moribund advisory committee called the Permanent Committee for Cooperation Related to Intellectual Property (PCIPD)."
Government v LSE continues
The UK government have released an 11 page response to the LSE's critical report on their ID card scheme. It says the LSE report
uses inaccurate assumptions producing inflated cost estimates
and that the LSE's proposed alternative scheme is
insecure
puts personal information at risk
is not costed
is likely to be expensive
would not gain public trust
facilitates identity theft and fraud
has a high risk of failure
is based on insufficient stakeholder consultation
and misrepresents the government's prosed scheme
No pulling of punches there then. They've decided the best form of defence is attack.
Professor Ian Angell of the LSE says:
"We are encouraged that the government has responded to the LSE report. This is an important step forward in nurturing a meaningful debate.
We have not been given an opportunity to scrutinise the government's document. We will comment substantively when we have had time to digest the points made.
We are concerned, however, that the Home Office document contains material errors and appears to contain false assumptions about the alternative blueprint proposed. We will clarify and correct these aspects in our response."
Expect this one to run and run.
uses inaccurate assumptions producing inflated cost estimates
and that the LSE's proposed alternative scheme is
insecure
puts personal information at risk
is not costed
is likely to be expensive
would not gain public trust
facilitates identity theft and fraud
has a high risk of failure
is based on insufficient stakeholder consultation
and misrepresents the government's prosed scheme
No pulling of punches there then. They've decided the best form of defence is attack.
Professor Ian Angell of the LSE says:
"We are encouraged that the government has responded to the LSE report. This is an important step forward in nurturing a meaningful debate.
We have not been given an opportunity to scrutinise the government's document. We will comment substantively when we have had time to digest the points made.
We are concerned, however, that the Home Office document contains material errors and appears to contain false assumptions about the alternative blueprint proposed. We will clarify and correct these aspects in our response."
Expect this one to run and run.