Quotulatiousness

February 16, 2012

Are you for Orwellian surveillance by government thugs or are you with the child pornographers?

Filed under: Cancon, Government, Liberty, Technology — Tags: , , , , , , , — Nicholas @ 10:23

Margaret Wente in the Globe & Mail:

Where do you stand on the new online surveillance bill? Are you with the government? Or are you with the child pornographers? According to Public Safety Minister Vic Toews, you have to choose.

In case you fail to get the point, the new legislation is being subtly marketed as the Protecting Children From Internet Predators Act. Of course, maybe you don’t really care about protecting children from Internet predators. Maybe you don’t care that without this law, filthy perverts will continue to roam free. Really, it’s your choice.

I am scarcely the first person to point out that Stephen Harper’s government likes to demonize its opponents, or that it has a nasty authoritarian streak. But in this case, the dissent is unusually widespread. Those with doubts about the bill include opposition politicians, civil libertarians, privacy commissioners and Internet experts — plus more than a few small-c conservatives who wonder why our government insists on whipping up unnecessary moral panic when it doesn’t have to.

[. . .]

So why do I stand with the child pornographers here? Because I’m not convinced the police need new powers to root out online child molesters. Judging by the recent highly publicized busts of child-porn rings, their existing powers seem to be working fine. Nor am I convinced that the police will never abuse their power. History shows they usually do. That’s why they need civilian oversight. That’s not liberal, in my view. That’s prudent.

February 14, 2012

“The Harper crime policy is less than the sum of its parts”

Filed under: Cancon, Law, Liberty — Tags: , , , , , , — Nicholas @ 10:39

It’s odd to find myself on the same side of a debate as Roy McMurtry, but he and his co-authors Edward Greenspan and Anthony Doob are much more right than the government in this:

The Harper crime policy is less than the sum of its parts because it does not add up to a crime policy that addresses, or even acknowledges, these basic facts. It squanders resources that could be used to reduce crime. Making it more difficult for people to get out from under the shadow of their much earlier offences (through a pardon or “record suspension”) makes it harder for millions of Canadians with criminal records to reintegrate into society. Adding mandatory minimum penalties will do nothing to deter offenders, who, the data demonstrate, do not expect to get caught.

But the Harper crime policy is more than the sum of its parts because it tells us that the government is committed to ignoring evidence about crime, and does not care about whether our criminal-justice system is just and humane.

The student who grows six marijuana plants in her rented apartment to share with friends will soon face a mandatory minimum sentence of nine months in prison. Meanwhile, assaults have no mandatory minimum sentences. The law says that trial judges are required to impose sentences proportional to their seriousness and the offender’s responsibility for the offence. Is someone who grows six marijuana plants much more dangerous than someone who grows five (for which there is no minimum sentence)? Or who commits an assault? The Harper Tories seemingly think so.

Update: Of course, Stephen Harper rhetorically cast the libertarians out of the Conservative party years ago. The current attempts to provide the police with powers even they have said they don’t need merely provide extra proof. Chris Selley summarizes a National Post editorial on the subject:

The National Post‘s editorialists do not understand how a government that considers the long-gun registry (and, we’d add, the mandatory long-form census) an unconscionable invasion of Canadians’ privacy and a waste of their money can possibly get behind legislation that would “give the government unprecedented access to Canadians’ online activities, by allowing police to collect the personal information of Internet users … without having to go through the cumbersome process of obtaining a warrant beforehand.” We share this frustration. But Public Safety Minister Vic Toews made it quite clear what he thinks of such complaints yesterday, when he said Canadians “can either stand with us or with the child pornographers.” In other words: “Attention, libertarian wing of the Conservative Party of Canada. We think you are immoral, and no longer desire your votes.”

January 31, 2012

Gary Johnson calls for the immediate repeal of the Patriot Act

Filed under: Government, Law, Liberty, USA — Tags: , , , , , , — Nicholas @ 00:09

Posted at the Gary Johnson campaign website:

Speaking Sunday night to a national ACLU conference, former New Mexico Governor Gary Johnson called for repealing the Patriot Act in its entirety. The two-term governor and presidential candidate’s remarks were delivered in Orlando, FL, at the ACLU’s annual National Staff Conference.

Johnson said, “Ten years ago, we learned that the fastest way to pass a bad law is to call it the ‘Patriot Act’ and force Congress to vote on it in the immediate wake of a horrible attack on the United States. The irony is that there is really very little about the Patriot Act that is patriotic. Instead, it has turned out to be yet another tool the government is using to erode privacy, individual freedom and the Constitution itself.

“Benjamin Franklin had it right. ‘Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety’.

“Absolutely, protecting the American people from those who would do us harm is the federal government’s most basic duty. Everyone gets that. But when harm is done, as on 9-11, it is the nature of government to ask for more power and more authority in order to protect us. That’s how we get laws like the Patriot Act.

January 25, 2012

A unanimous Supreme Court decision against GPS tracking that still leaves wiggle room for the police

Filed under: Law, Liberty, Technology — Tags: , , , , , — Nicholas @ 11:08

Jacob Sullum on the very narrow grounds used by the majority to decide US v. Jones:

“If you win this case,” Supreme Court Justice Stephen Breyer told Deputy Solicitor General Michael Dreeben during oral argument in U.S. v. Jones last fall, “there is nothing to prevent the police or the government from monitoring 24 hours a day the public movement of every citizen of the United States.” That prospect, Breyer said, “sounds like 1984.”

Fortunately, the government did not win the case. But the Court’s unanimous decision, announced on Monday, may not delay Breyer’s 1984 scenario for long. Unless the Court moves more boldly to restrain government use of new surveillance technologies, the Framers’ notion of a private sphere protected from “unreasonable searches and seizures” will become increasingly quaint.

[. . .]

The majority therefore concluded that it was unnecessary to resolve the question of whether Jones had a “reasonable expectation of privacy” regarding his travels on public roads. By contrast, the four other justices, in an opinion by Samuel Alito, said he did, given that investigators tracked all his movements for a month — a kind of surveillance that can reveal a great deal of information about sensitive subjects such as medical appointments, psychiatric treatment, and political, religious, or sexual activities.

While Scalia’s approach draws a clear line that cops may not cross without a warrant, it does not address surveillance technologies that involve no physical intrusion, such as camera networks, satellites, drone aircraft, and GPS features in cars and smart phones. If police had tracked Jones by activating an anti-theft beacon or following his cell phone signal, they could have obtained the same evidence without touching his property.

January 19, 2012

We need “lawful access”, even if we can’t come up with any convincing evidence

Filed under: Cancon, Law, Liberty, Technology — Tags: , , , — Nicholas @ 12:43

Jesse Brown rounds up the arguments in favour of giving Canadian police the “lawful access” they’ve been clamouring for:

For the past 12 years, Canada’s cops have been pushing for new laws that would allow them to skip the pesky formality of having to get a warrant before spying on us on the Internet. [. . .]

Critics of Lawful Access, such as our federal Privacy Commissioner and every provincial Privacy Commissioner, argue that police have yet to provide sufficient evidence that court oversight has actually slowed them down or stopped them from fighting crime. And now, Canadian police themselves are saying the same thing.

The online rights group OpenMedia.ca has obtained and released a message it says was recently sent by the Canadian Association of Chiefs of Police (CACP) to law enforcement colleagues urgently requesting that they provide “actual examples” of cases where the need to get warrants before accessing private information from Internet Service Providers ‘hindered an investigation or threatened public safety.’ The message goes on to admit that though a similar request had been made two years ago, it failed to produce “a sufficient quantity of good examples.”

In other words, even the Chiefs of Police don’t know why they want this new intrusive power.

January 12, 2012

When is an “insult” a criminal offence?

Filed under: Britain, Law, Liberty — Tags: , , , , — Nicholas @ 10:18

The answer, in the UK anyway, may well be “any time the insultee cares to call in the police“:

If you are reading this, chances are, you are a moron. There, have I insulted you? I’m asking because I have no idea if what I just stated has insulted you. Only YOU can be the judge of what you find insulting, yet plans are afoot for it to be a criminal offence to “insult” someone. So if you feel insulted, there is nothing to stop you ringing 999 and having the evil perpetrator banged up, DNA’ed and given a criminal record, although they will have had absolutely no idea that their actions or words have insulted you. If we criminalise “insults”, we shut up everyone and everything. For ever. Do you want to live in a society where you dare not speak in case the State decides your words may cause offence to people you will never meet? Now’s your chance to speak against it, USE IT, whilst you still can.

Now, I choose to be anonymous on my many public outings because, well, my face is my business. Unless I am actually committing a crime, it is not the business of the State to know what I look like anymore than it is the business of the State to randomly sweep bus stop queues for fingerprints. One of the reasons I wear a mask is because of the habit of the state to record the faces of those “who might” cause trouble, “for future reference”. The Met employ teams of photographers to take photos of any members of public who may be dissenting, sticks them on a database and cross references them. No thanks. My face belongs to me, it is my property, I will cover it when and if I choose. Naturally, this proposal is stop women wearing Burqas because some sensitive souls “may be offended” (see above), but as always, I say it is not the role of the State to dictate how I may dress.

December 1, 2011

iPhone may not be quite as badly exposed by rootkit as Android devices

Filed under: Law, Liberty, Technology — Tags: , , , — Nicholas @ 09:05

Get your tinfoil hats out, boys, your smartphone may be logging your every move:

Blogger and iPhone hacker Chpwn believes that the controversial Carrier IQ software isn’t confined to Android devices.

In this blog post, he says a look at the /usr/bin folder reveals Carrier IQ’s agent software, identified as IQAgent in iOS 3, and either awd_ice2 or awd_ice3 on iOS 4 or iOS 5 devices.

At this point, Chpwn believes the daemon does not have access to the UI layer, which means it may not be able to capture the kind of data exposed in Android devices.

While Chpwn states that he is not certain the software is launched except when the phone is in diagnostic mode, the discovery is certain to add further momentum to the fury mounting at Carrier IQ’s surreptitious installation on consumer devices.

Update: Lifehacker offers the instructions on turning off the Carrier IQ component on your iPhone:

Hacker Chpwn discovered Carrier IQ after this week’s uproar, and while we still aren’t positive what it can track and send, he’s fairly certain it doesn’t include a keylogger like the Android version. So far it can log your phone number, your carrier, your active phone calls, and your location, though it’s unclear as to what it’s actually sending back to Apple. Luckily, there’s an easy way to turn it off. Just head to Settings > General > About > Diagnostics and Usage, and tap “Don’t Send”. That’s it! We’ve also updated our original post on Carrier IQ to include this new information.

Update, the second: Daniel Bader posts that two of the major Canadian mobile operators stated that Carrier IQ is not on the devices they sell:

Rogers has done an investigation and has confirmed that Carrier IQ is not present on any of its devices. On Twitter they stated that “Hi all. I’m happy to confirm that we have investigated and Carrier IQ is NOT on any of our devices”. TELUS also confirmed that they have not installed Carrier IQ on any of their devices. We are waiting to hear back from Bell.

November 16, 2011

Stop the attempt to nationalize the internet (for the US government)

Filed under: Government, Liberty, Technology, USA — Tags: , , , , , , — Nicholas @ 12:17

If you don’t already associate SOPA with evil, Michael Geist explains why you should:

The U.S. Congress is currently embroiled in a heated debated over the Stop Online Piracy Act (SOPA), proposed legislation that supporters argue is needed combat online infringement, but critics fear would create the “great firewall of the United States.” SOPA’s potential impact on the Internet and development of online services is enormous as it cuts across the lifeblood of the Internet and e-commerce in the effort to target websites that are characterized as being “dedicated to the theft of U.S. property.” This represents a new standard that many experts believe could capture hundreds of legitimate websites and services.

For those caught by the definition, the law envisions requiring Internet providers to block access to the sites, search engines to remove links from search results, payment intermediaries such as credit card companies and Paypal to cut off financial support, and Internet advertising companies to cease placing advertisements. While these measures have unsurprisingly raised concern among Internet companies and civil society groups (letters of concern from Internet companies, members of the US Congress, international civil liberties groups, and law professors), [. . .] the jurisdictional implications demand far more attention. The U.S. approach is breathtakingly broad, effectively treating millions of websites and IP addresses as “domestic” for U.S. law purposes.

The long-arm of U.S. law manifests itself in at least five ways in the proposed legislation.

November 7, 2011

Charles Stross on “evil social networks”

Filed under: Law, Liberty, Media, Technology — Tags: , , , — Nicholas @ 09:29

You could say that Charles Stross isn’t a fan of social networks in general, and Klout in particular:

“If you’re not paying for the product, you are the product.”

In the past I’ve fulminated about various social networking systems. The basic gist is this: the utility of a social network to any given user is proportional to the number of users it has. So all social networks are designed to tweak that part of the primate brain that gets a dopamine reward from social activity — we are, after all, social animals. But providing a service to millions of customers is expensive, and your typical internet user is a cheapskate who has become accustomed to free services. So most social networks don’t charge their users; they are funded indirectly, which means they’ve got to sell something, and what they’ve got to sell is data about your internet usage habits, which is of interest to advertisers.

So the ideal social network (from an investor’s point of view) is one that presents itself as being free-to-use, is highly addictive, uses you as bait to trap your friends, tracks you everywhere you go on the internet, sells your personal information to the highest bidder, and is impossible to opt out of. Sounds like a cross between your friendly neighbourhood heroin pusher, Amway, and a really creepy stalker, doesn’t it?

So what is it about Klout that sets it apart from the other social networks?

Klout operates under American privacy law, or rather, the lack of it. If you created a Klout account in the past, you were unable to delete it short of sending legal letters (until November 1st, when they kindly added an “opt out” mechanism). More to the point, Klout analyse your social graph and create accounts for all your contacts without asking them for prior consent. It also appears to use an unwitting user’s Twitter or FB credentials to post updates on their Klout scores, prompting the curious-but-ignorant to click on a link to Klout, whereupon they will be offered a chance to log in with their Facebook or Twitter credentials. So it spreads like herpes and it’s just as hard to get rid of. Is that all?

[. . .]

Anyway: if you sign up for Klout you are coming down with the internet equivalent of herpes. Worse, you risk infecting all your friends. Klout’s business model is flat-out illegal in the UK (and, I believe, throughout the EU) and if you have an account with them I would strongly advise you to delete it and opt out; if you’re in the UK you could do worse than send them a cease-and-desist plus a request to delete all your data, then follow up a month later with a Freedom of Information Act request.

September 10, 2011

How much damage to personal liberty will the new US/Canadian security deal inflict?

Filed under: Cancon, Economics, Liberty, USA — Tags: , , , — Nicholas @ 11:35

An article in the Globe and Mail discusses — in very general terms — the new security deal negotiated between the US and Canadian governments:

U.S. and Canadian negotiators have successfully concluded talks on a new deal to integrate continental security and erase obstacles to cross-border trade.

Negotiators have reached agreement on almost all of the three dozen separate initiatives in the Beyond the Border action plan, said sources who cannot be named because they are not authorized to speak publicly on the matter. The few remaining items mostly involve questions of wording and should be settled in time for an announcement in late September.

[. . .]

Opponents have raised alarms that an agreement would cost Canadians both sovereignty and personal privacy. But failure to implement the agreements could further impair the world’s most extensive trading relationship, and put manufacturing jobs across the country at risk.

Details of the agreement are closely held. But goals outlined earlier include specific proposals to co-ordinate and align such things as biometrics on passports, watch lists, inspection of containers at overseas ports and other security measures.

[. . .]

Canadians who believe that the United States has sold its liberty because of fears for its security, or who resist any further economic integration with the troubled economic giant, are likely to oppose the Beyond the Border proposals.

I don’t oppose trade with the US — far from it — but I do feel very strongly that the US has reduced the liberties of its citizens in pursuit of security (check the topic SecurityTheatre for lots of examples). I don’t want to see that trend exported to Canada in exchange for better economic access to their markets.

August 18, 2011

Omnibus bills: Canada’s equivalent to “riders” on US legislation

Filed under: Cancon, Law, Liberty, Technology — Tags: , , , — Nicholas @ 12:09

An omnibus bill is a collection of several individual bills that may or may not have been able to pass muster individually. It’s (from the government’s point of view) a great way to get a lot of legislative changes through parliament in relatively short order, but it encourages legislators to include their pet projects and special causes because of the decreased opportunity for opposition. The Conservative government’s proposed omnibus crime bill is a good example of this, as it is likely to incorporate warrantless data searches for police:

When Canada’s Conservatives took the most votes in the May 2011 federal election, Prime Minister Stephen Harper said that an “omnibus” security/crime bill would be introduced within 100 days. The bill would wrap up a whole host of ideas that were previously introduced as separate bills — and make individual ideas much more difficult to debate. A key part of the omnibus bill will apparently be “lawful access” rules giving police greater access to ISP and geolocation data — often without a warrant — and privacy advocates and liberals are up in arms.

Writing yesterday in The Globe & Mail, columnist Lawrence Martin said that the bill “will compel Internet service providers to disclose customer information to authorities without a court order. In other words — blunter words — law enforcement agencies will have a freer hand in spying on the private lives of Canadians.”

He quotes former Conservative public safety minister Stockwell Day, now retired, as swearing off warrantless access. “We are not in any way, shape or form wanting extra powers for police to pursue [information online] without warrants,” Day said—but there’s a new Conservative sheriff in town, and he wants his “lawful access.”

How bad were the last set of “lawful access” proposals? This bad:

Even the government’s own Privacy Commissioner is upset about the lawful access idea. On March 9, Privacy Commissioner Jennifer Stoddart sent a letter to Public Safety Canada in which she and other provincial privacy officials said the bill would “give authorities access to a wide scope of personal information without a warrant; for example, unlisted numbers, e-mail account data and IP addresses. The Government itself took the view that this information was sensitive enough to make trafficking in such ‘identity information’ a Criminal Code offence. Many Canadians consider this information sensitive and worthy of protection, which does not fit with the proposed self-authorized access model.”

“In our view, law enforcement and security agency access to information linking subscribers to devices and devices to subscribers should generally be subject to prior judicial scrutiny accompanied by the appropriate checks and balances.”

H/T to Brian Switzer for the link.

How unique (and therefore how easy to track) is your web browser?

Filed under: Liberty, Technology — Tags: , , — Nicholas @ 09:23

The good folks at the Electronic Frontier Foundation (EFF) have a new tool you can use to find out how easy it would be for third parties to track your browser usage, based on how it differs from others:

As you can see from my test (on a brand new machine), I have a unique browser configuration among the 1.7 million tested so far. My browser would be easy to track.

August 16, 2011

Charles Stross on the future of network security

Filed under: Science, Technology — Tags: , , , — Nicholas @ 12:40

Charles isn’t a professional in network security, but he has a good track record of exploring the consequences of new technology in his science fiction works. He was invited to give the keynote address at the 2011 USENIX conference.

Unlike you, I am not a security professional. However, we probably share a common human trait, namely that none of us enjoy looking like a fool in front of a large audience. I therefore chose the title of my talk to minimize the risk of ridicule: if we should meet up in 2061, much less in the 26th century, you’re welcome to rib me about this talk. Because I’ll be happy to still be alive to rib.

So what follows should be seen as a farrago of speculation by a guy who earns his living telling entertaining lies for money.

The question I’m going to spin entertaining lies around is this: what is network security going to be about once we get past the current sigmoid curve of accelerating progress and into a steady state, when Moore’s first law is long since burned out, and networked computing appliances have been around for as long as steam engines?

I’d like to start by making a few basic assumptions about the future, some implicit and some explicit: if only to narrow the field.

August 1, 2011

A quick plug for a useful EFF plug-in for Firefox

Filed under: Liberty, Technology — Tags: , , , , — Nicholas @ 10:25

I’ve mentioned this before, but I was just reminded about it as I started using the new laptop with its new install of Firefox:

This Firefox extension was inspired by the launch of Google’s encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted. At the same time, we were also able to encrypt most or all of the browser’s communications with some other sites:

  • Google Search
  • Wikipedia
  • Twitter and Identi.ca
  • Facebook
  • EFF and Tor
  • Ixquick, DuckDuckGo, Scroogle and other small search engines and lots more!

Firefox users can install HTTPS Everywhere by following this link.

As always, even if you’re at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can’t prevent this because sites incorporate insecure third-party content).

July 12, 2011

Another end-run around privacy expectations

Filed under: Law, Liberty, Technology, USA — Tags: , , — Nicholas @ 13:44

Julian Sanchez thinks the government has stopped caring whether you are innocent or guilty online:

Thanks to an unwise Supreme Court decision dating from the 70s, information about your private activites loses its Fourth Amendment protection when its held by a “third party” corporation, like a phone company or Internet provider. As many legal scholars have noted, however, this allows constitutional privacy safeguards to be circumvented via a clever two-step process. Step one: The government forces private businesses (ideally the kind a citizen in the modern world can’t easily avoid dealing with) to collect and store certain kinds of information about everyone — anyone might turn out to be a criminal, after all. No Fourth Amendment issue there, because it’s not the government gathering it! Step two: The government gets a subpoena or court order to obtain that information, quite possibly without your knowledge. No Fourth Amendment problem here either, according to the Supreme Court, because now they’re just getting a corporation’s business records, not your private records. It makes no difference that they’re only keeping those records because the government said they had to.

Current law already allows law enforcement to require retention of data about specific suspects — including e-mails and other information as well as IP addresses — to ensure that evidence isn’t erased while they build up enough evidence for a court order. But why spearfish when you can lower a dragnet? Blanket data requirements ensure easy access to a year-and-a-half snapshot of the online activities of millions of Americans — every one a potential criminal.

« Newer PostsOlder Posts »

Powered by WordPress