 |
Friday, September 6, 2002 |
|
George Smith from Vmyths (Truth About Computer Security Hysteria) on security vendors FUD: "No one wants to write a story about the fellow who e-mailed me recently to say: "I can get people to spill their drinks by telling them that... we have lost no data to viruses since 1991 ... The money we save on non-working, never-up-to-date copies of [software] goes to a couple of reasonable mail scanners, a firewall which we keep in good order, and a couple of people who know what the hell they're doing." [Securityfocus thrugh The Security Blog]
Smart, funny, irreverent and true. [Security Weblog]
13:52
#
G!
| |
|
Dahlia Lithwick at Slate reviews some of the US legal changes since
September 11 last year, and the effect on civil liberties. This gives a
more grounded counterpoint to the recent reports by EPIC and RSF , that focus on the potential
rather than actual effects. Via How Appealing .
This is hardly surprising. Every president goes a little bonkers in
wartime, and it's the job of Congress and the courts to rein him in. But
Congress has already failed dismally. Pushing... [bplog]
13:51
#
G!
| |
|
Drive-by Spamming - " WarSpammers " It had to happen. "Warspammers' are taking advantage of unprotected wireless LANs to send out millions of junk emails The proliferation of insecure corporate wireless networks is fuelling the growth of drive-by spammin... [Security News Portal]
I don't think there is a buiseness case for spamming via WLAN. WiLDing (Wardriving/Airboxing/etc.) is fun but it is also hassle. You have to keep your batteries powerd, a car is an uncomfortable place to work, find parkingspace, etc.
Why do that if you just can find an open relay on the Internet and use it from your nice comfortabele office?
Internet access via WiLDing might be appropriate as a first hop where highly anonymous Internet access is needed, but thats not necessary for the average spammer.
13:42
#
G!
| |
I came up to San Francisco last night to be here for today's oral argument in Pavlovich case before the CA Supreme Court. At issue is whether "a defendant in Texas who posted DVD de-encryption software on an Internet web site [is] subject to suit in California based on allegations he knew or should have known that his conduct could harm industries with a strong presence in California." The industries in this case are those who make motion pictures, computers and consumer electronics, all represented by the DVDCCA (the real party in interest here). In the decision below, the California Court of Appeal held that jurisdiction in California is triggered if there are allegations of wrongdoing (here, the posting of the DeCSS code), and the defendant knew or should have known the act would injure "industries in California." The full text of the opinion under review is here on the EFF site. Many are concerned that the lower court's decision goes too far (e.g., consider this observation made as part of the jurisdictional analysis: "Instant access provided by the Internet is the functional equivalent of personal presence of the person posting the material on the Web at the place from which the posted material is accessed and appropriated. It is as if the poster is instantaneously present in different places at the same time, and simultaneously delivering his material at those different places. In a sense, therefore, the reach of the Internet is also the reach of the extension of the poster's presence"), and perhaps establishes California as the de facto jurisdiction -- at the plaintiff's option -- whenever he, she or it is involved in an industry "commonly known" to have a presence in the state.
I don't represent any of the parties in these proceedings, but am writing a long-ish article on Internet jurisdiction issues for a legal publication. (I'm also contributing some Pavlovich-oriented analysis to LLRX for its 9/15 edition). The publisher and I thought it would enhance the piece to include some discussion of how the argument went. So there I was in Tiburon this morning, up at dawn, headed into the City just to watch an argument. This turned out to be a liberating experience. Generally, when I am up at 5:00 a.m. for an argument, it's because I'm the one about to try to ably answer the court's inquiries. As I brushed my teeth I could well appreciate the last-minute mental gymnastics of the lawyers in the case (Allonn Levy, for Pavlovich; Gregory Coleman for DVDCCA), as they answered the hard questions for the umpteenth time in their heads. This is the California Supreme Court, baby. These jurists Have Also Been There and Are Still There.
Lately I've learned that when it is my turn on the hot seat, the kind of yoga I've practiced for several years has transformed the oral argument experience. The heart-hammering sensation in the chest does not happen. The hands don't jitter my notes (yes, notes; there is but one David Boies). The voice doesn't crack. Soft in the back of my head, my favorite instructor reminds me to take "long, slow, deep belly breaths." As fun as appellate arguments are to do (and they are enormous fun), it was a refreshing change of pace to know all that was required of me this morning was a profound appreciation of the tendrils of fog snaking the Golden Gate Bridge, the San Francisco skyline against a cobalt sky, Mozart's Horn Concerto #1, and The Circus that awaited at court.
[Come back tomorrow for an account of The Circus; I'm Done with a capital D for the day.] [Bag and Baggage]
13:32
#
G!
| |
In a closely watched Internet regulation case, the California Supreme Court seemed skeptical Thursday of arguments that an Indiana college student was immune from California law for posting computer code that unscrambles DVD encryption. At least three justices appeared to warm to arguments that Matthew Pavlovich knew code on his Web site divulged trade secrets and violated copyrights in California. [Law.com]
10:51
#
G!
| |
|
The recording industry and the nation's largest telephone company are crossing legal swords in what could be a test case of how far big record labels can go to track down computer users who swap music online. The industry is seeking to force Verizon Communications Corp., which also provides customers with high-speed Internet access, to turn over the name of one of its users who the record labels claim has made copyrighted music available for download by others. The Recording Industry of America also demanded that Verizon block access to the user's music files. [ ... ] Verizon and a coalition of Internet advocacy groups argue that if the recording industry prevails, the constitutional right to privacy of millions of Internet users would be compromised. ""RIAA" proposes a dazzlingly broad subpoena power that would allow any person, without filing a complaint, to invoke the coercive power of a federal court to force disclosure of the identity of any user of the Internet, based on a mere assertion . . . that the user is engaged in infringing activity," Verizon's legal filing said. Verizon does not defend piracy of copyrighted works, but Sarah Deutsch, Verizon's associate general counsel, said the record industry is seeking a legally "creative" way to require the Internet provider to violate its customer's privacy. She added that because the music files reside on the user's computer, not on Verizon's network, the only way to block access to them would be to terminate the user's Internet account. [ ... ] Deutsch said the industry's motives in the case are particularly suspect because Verizon offered a simple alternative: The RIAA could sue the user, naming him or her as an unknown party, and then subpoena Verizon for the user's name. Under that scenario, Deutsch said, Verizon would comply because there would be a valid legal action pending. But the labels "would like to be able to serve millions of these types of subpoenas and collect subscriber names, and then pick out the most favorable for a lawsuit against the user community," Deutsch said. In briefs filed last night, the RIAA said that until Verizon's refusal to honor the subpoena, many Internet service providers had given it the identities of individuals accused of copyright violations. [Privacy Digest]
10:46
#
G!
| |
|
Individual privacy is being eroded in Britain to a far greater extent than in other developed countries, according to an international study of state surveillance in the year since September 11. Many states have rushed through restrictive anti-terrorism and security laws in response to last year's terrorist attacks, but the Blair Government is singled out for an anti-privacy "pathology" that the report claims is leading to mass surveillance of the population. In the 400-page report, to be published tomorrow, Privacy International, a London-based campaign group, and the US Electronic Privacy Information Center, give warning of a significant loss of personal freedom. The Privacy and Human Rights survey notes that in many of the 53 countries studied, communications surveillance has grown, intrusive "personal profiling" of individuals has increased, and data protection laws have been watered down. "In the rush to strengthen national security and to reduce the risk of future terrorist acts, governments around the world turned to legal authority and new technology to extend control over individuals," the report states. "Many of these proposals have had far-reaching consequences for the protection of privacy." The report highlights the British Government's use of the terrorist threat to introduce new requirements for personal communications data to be stored and to launch a new debate about a national identity card. David Blunkett, the Home Secretary, also sought in June to extend the Regulation of Investigatory Powers Act to allow private e-mail and telephone records to be shared among more than 1,000 government agencies. After facing strong protests, Mr Blunkett withdrew the proposal a few weeks later and announced that he had "blundered". [Privacy Digest]
10:22
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|
