Monday, January 20, 2003

Lessig's argument was good and imaginative, but not a winner. You can't blame Larry Lessig for the outcome. http://www.abanet.org/journal/ereport/j17eldred.html 11:32:55 PM    comment []

What the law once considered to be fool-proof doesn't fit that standard anymore. What is scientific at one time is deemed nonsense at another time. We should all be modest about what constitutes the truth. http://www.law.com/jsp/article.jsp?id=1042568655359 11:28:01 PM    comment []

Thanks to Marylaine Block: http://www.churchstatelaw.com/ "View Supreme Court cases and commentaries, state statutes, and important historical documents and speeches relevant to religious freedom in the United States." 11:21:14 PM    comment []

How do you know when "They" know too much? What is "too much"? When will the time come that the risk of terrorism is sufficiently passed that information collection can be ended? Will that time ever come? Are the incidents on 9/11 sufficient to generate so much change in how much "They" should know about us? How can all this ever be turned off? Is wrongful use of the information the harm? Or is the mere collection enough? Is wrongful use inevitable? http://www.aclu.org/Privacy/Privacy.cfm?ID=11573&c=39. 11:18:20 PM    comment []

Nobody in authority thinks computer pranks and amusements are anything but a crime. People take the on-line world seriously these days. Thanks to SAGE News Summary Volume 2, Number 1 SysAdmin News from Around the World January 15, 2003 Gina Barton writes in the Milwaukee Journal Sentinel about 26-year- old "Dr. Chaos", ninth grade dropout who installed "Snoop" on mail servers to read others' e-mail and redirected his company's customers to porno web sites. His mischief escalated as he recruited a dozen "young men and boys" to carry out his plans. Joseph Konopka said he encouraged these acts "to take personal entertainment out of observing the consequences of property damage. I took personal satisfaction in causing this property damage because of a sense of intellectual superiority which I felt." He later jumped bail and committed other crimes. http://www.jsonline.com/news/metro/dec02/104890.asp 11:02:23 PM    comment []

Protecting trade secrets in this kind of information sharing environment is likely to become critical. This is a classic dilemma, where the whole is better off by the individual contributions, but it's very hard to show that any individual is better off for having shared information in the face of substantial risk. Thanks to SANS NewsBites January 15, 2003 --12 January 2003 Researchers Show Info Sharing Reduces Cyberattack Risk Two computer security researchers at Harvard University have developed a model that they claim demonstrates that companies that share information about security breaches and cyber attacks may be less likely to be the victims of such attacks. http://www.eweek.com/article2/0,3959,825430,00.asp [Editor's Note (Murray): I, for one, remain to be convinced. (Paller) The authors contend that users will be protected because attackers won't want their attack methods shared. This is a second order effect and is not needed to prove the value of sharing actual attack information. The Incidents.Org project run during 2000 and 2001 proved that, during major attacks, hundreds of organizations' technical people willingly shared data about how the attacks were affecting their systems and what their attempts to block those attacks accomplished. In return, they were assured that the cumulative report published by Incidents.Org, on what was happening and what remedial steps were effective, reflected the best available information. That enabled the contributors to act quickly to improve protection for their systems. SANS made the information available to all who wanted it, so the people sharing data knew they were helping the whole community. Similar results have been shown by CERT/CC. The process works as long as technical people have complete trust that (1) the person to whom they are giving the data will guard the contributor's name and organization from any possible disclosure and (2) the people receiving the data have the technical skills to analyze it and integrate it in time to help protect the contributor and other organizations.] 10:55:56 PM    comment []

The question of avoiding liability in a litigious society brings this issue into focus. Should there be standards that act as safe harbors to shield companies from liability? Or does that deter innovation and improvements to such a great extent that, as a whole, we are better off without those standards, allowing each economic player to face the risk that the steps that player takes are insufficient to prevent liability from some harmed person? How do we allocate risk? How do we provide peace of mind to actors? How do we compensate those who are injured? These standard tort questions so far seem to be coming out in favor of liability for actors. The answer is, "buy insurance." Thanks to SANS NewsBites January 15, 2003 --8 & 9 January 2003 NIAC Cyber Security Recommendations The National Infrastructure Advisory Council has finalized its recommendations for the National Strategy to Secure Cyberspace. The Council recommends that the government encourage marketplace development and use of standards, but refrain from imposing standards. The Council also recommends that the government use its influence in terms of purchasing power to encourage interoperability between the standards. http://www.gcn.com/vol1_no1/daily-updates/20797-1.html http://www.fcw.com/fcw/articles/2003/0106/web-niac-01-09-03.asp 10:51:37 PM    comment []

It only makes sense that Kazaa should face trial in the US after the Australian court decided Dow Jones had to go to Australia to fight a libel action. In fact, there's more contact with Kazaa in CA than there is contact with Dow Jones in Australia. Now the questsion will become whether this kind of reciprocity will work in India or China or Singapore ot Zimbabwe. There's a lot of risk left around these jurisdiction cases. Thanks to SANS NewsBites January 15, 2003 --10, 13 & 14 January 2003 Lawsuit Against Kazaa May Proceed A federal judge in Los Angeles has ruled that a lawsuit against Australia-based Sharman Networks, the parent company of Kazaa peer-to-peer file sharing service, may proceed in U.S. court because more than 143 million people have downloaded and used Kazaa software. Sharman argued it couldn't be tried in the U.S. because it is based in Australia and incorporated in Vanuatu. Sharman plans to fight the ruling. http://news.com.com/2100-1023-980274.html?tag=fd_top http://www.washingtonpost.com/wp-dyn/articles/A49320-2003Jan13.html http://www.zdnet.com.au/newstech/ebusiness/story/0,2000024981,20271194,00.htm http://www.theage.com.au/articles/2003/01/14/1041990270975.html 10:45:41 PM    comment []

Thanks to SANS NewsBites January 15, 2003 --December 2002 NSA Reports Benchmarks Eradicate 91% Of Tested Vulnerabilities The most recent US Department of Defense Information Assurance Newsletter reports that tests run by the National Security Agency measured the impact of applying security configuration benchmarks, specifically the Center for Internet Security/NSA/GSA/NIST Windows 2000 Consensus Security Baseline Settings. Applying the baseline settings eliminated more than 95% of high priority vulnerabilities (as determined by a popular commercial scanner) and 91% of all vulnerabilities. Download the complete IA Newsletter at http://iac.dtic.mil/iatac/news_events/pdf/Vol5_No3.pdf The NSA data is presented and analyzed beginning on page 10. The baseline settings, referenced in the article, are available for download from www.cisecurity.org along with a free tool that tests your system for compliance. 10:40:35 PM    comment []

There's a major competition going on between contending forces that might be characterized as pro-disruptive technology vs. anti-disruptive technology or as pro-change vs. anti-change. The government is involved in both change and oposition to change. Laws seem to create parameters for change. Whether those parameters enhance the forces of change or enhance opposition to disruptive technologies is a matter of concern. Thanks to Dave Farber: ISP'S Paying for music P2P networks http://www.news24.com/News24/Technology/0,6119,2-13_1309247,00.html VOICE OVER IP IN PANAMA http://www.lightreading.com/document.asp?doc_id=24726&site=lightreading Date: Wed, 15 Jan 2003 18:48:21 -0800 Subject: DMCA v garage door openers From: Fred von Lohmann EFF To: Declan McCullagh [Feel free to post to Politech] In the latest bit of DMCA lunacy, copyright guru David Nimmer turned me onto a case that his firm is defending, where a garage door opener company (The Chamberlain Group) has leveled a DMCA claim (among other claims) against the maker of universal garage door remotes (Skylink). Yet another case where the anti-circumvention provisions of the DMCA are being used to impede legitimate competition, similar to the Lexmark case. Not, I think, what Congress had in mind when enacting the DMCA. The Complaint: http://www.eff.org/IP/DMCA/20030113_chamberlain_v_skylink_complaint.pdf The Amended Complaint: http://www.eff.org/IP/DMCA/ 20030114_chamerberlain_v_skylink_amd_complaint.pdf The Summary Judgment Motion: http://www.eff.org/IP/DMCA/20030113_chamerlain_v_skylink_motion.pdf Attorneys for Sklylink are (both at the Orange County offices of Irell & Manella, a large law firm): "Nobles, Kimberley" "Greene, Andra" Fred -- Fred von Lohmann Senior Intellectual Property Attorney Electronic Frontier Foundation fred@eff.org +1 (415) 436-9333 x123 10:36:49 PM    comment []

© Copyright 2003 Noel D. Humphreys.