Quotulatiousness

January 19, 2012

We need “lawful access”, even if we can’t come up with any convincing evidence

Filed under: Cancon, Law, Liberty, Technology — Tags: , , , — Nicholas @ 12:43

Jesse Brown rounds up the arguments in favour of giving Canadian police the “lawful access” they’ve been clamouring for:

For the past 12 years, Canada’s cops have been pushing for new laws that would allow them to skip the pesky formality of having to get a warrant before spying on us on the Internet. [. . .]

Critics of Lawful Access, such as our federal Privacy Commissioner and every provincial Privacy Commissioner, argue that police have yet to provide sufficient evidence that court oversight has actually slowed them down or stopped them from fighting crime. And now, Canadian police themselves are saying the same thing.

The online rights group OpenMedia.ca has obtained and released a message it says was recently sent by the Canadian Association of Chiefs of Police (CACP) to law enforcement colleagues urgently requesting that they provide “actual examples” of cases where the need to get warrants before accessing private information from Internet Service Providers ‘hindered an investigation or threatened public safety.’ The message goes on to admit that though a similar request had been made two years ago, it failed to produce “a sufficient quantity of good examples.”

In other words, even the Chiefs of Police don’t know why they want this new intrusive power.

January 12, 2012

When is an “insult” a criminal offence?

Filed under: Britain, Law, Liberty — Tags: , , , , — Nicholas @ 10:18

The answer, in the UK anyway, may well be “any time the insultee cares to call in the police“:

If you are reading this, chances are, you are a moron. There, have I insulted you? I’m asking because I have no idea if what I just stated has insulted you. Only YOU can be the judge of what you find insulting, yet plans are afoot for it to be a criminal offence to “insult” someone. So if you feel insulted, there is nothing to stop you ringing 999 and having the evil perpetrator banged up, DNA’ed and given a criminal record, although they will have had absolutely no idea that their actions or words have insulted you. If we criminalise “insults”, we shut up everyone and everything. For ever. Do you want to live in a society where you dare not speak in case the State decides your words may cause offence to people you will never meet? Now’s your chance to speak against it, USE IT, whilst you still can.

Now, I choose to be anonymous on my many public outings because, well, my face is my business. Unless I am actually committing a crime, it is not the business of the State to know what I look like anymore than it is the business of the State to randomly sweep bus stop queues for fingerprints. One of the reasons I wear a mask is because of the habit of the state to record the faces of those “who might” cause trouble, “for future reference”. The Met employ teams of photographers to take photos of any members of public who may be dissenting, sticks them on a database and cross references them. No thanks. My face belongs to me, it is my property, I will cover it when and if I choose. Naturally, this proposal is stop women wearing Burqas because some sensitive souls “may be offended” (see above), but as always, I say it is not the role of the State to dictate how I may dress.

December 1, 2011

iPhone may not be quite as badly exposed by rootkit as Android devices

Filed under: Law, Liberty, Technology — Tags: , , , — Nicholas @ 09:05

Get your tinfoil hats out, boys, your smartphone may be logging your every move:

Blogger and iPhone hacker Chpwn believes that the controversial Carrier IQ software isn’t confined to Android devices.

In this blog post, he says a look at the /usr/bin folder reveals Carrier IQ’s agent software, identified as IQAgent in iOS 3, and either awd_ice2 or awd_ice3 on iOS 4 or iOS 5 devices.

At this point, Chpwn believes the daemon does not have access to the UI layer, which means it may not be able to capture the kind of data exposed in Android devices.

While Chpwn states that he is not certain the software is launched except when the phone is in diagnostic mode, the discovery is certain to add further momentum to the fury mounting at Carrier IQ’s surreptitious installation on consumer devices.

Update: Lifehacker offers the instructions on turning off the Carrier IQ component on your iPhone:

Hacker Chpwn discovered Carrier IQ after this week’s uproar, and while we still aren’t positive what it can track and send, he’s fairly certain it doesn’t include a keylogger like the Android version. So far it can log your phone number, your carrier, your active phone calls, and your location, though it’s unclear as to what it’s actually sending back to Apple. Luckily, there’s an easy way to turn it off. Just head to Settings > General > About > Diagnostics and Usage, and tap “Don’t Send”. That’s it! We’ve also updated our original post on Carrier IQ to include this new information.

Update, the second: Daniel Bader posts that two of the major Canadian mobile operators stated that Carrier IQ is not on the devices they sell:

Rogers has done an investigation and has confirmed that Carrier IQ is not present on any of its devices. On Twitter they stated that “Hi all. I’m happy to confirm that we have investigated and Carrier IQ is NOT on any of our devices”. TELUS also confirmed that they have not installed Carrier IQ on any of their devices. We are waiting to hear back from Bell.

November 16, 2011

Stop the attempt to nationalize the internet (for the US government)

Filed under: Government, Liberty, Technology, USA — Tags: , , , , , , — Nicholas @ 12:17

If you don’t already associate SOPA with evil, Michael Geist explains why you should:

The U.S. Congress is currently embroiled in a heated debated over the Stop Online Piracy Act (SOPA), proposed legislation that supporters argue is needed combat online infringement, but critics fear would create the “great firewall of the United States.” SOPA’s potential impact on the Internet and development of online services is enormous as it cuts across the lifeblood of the Internet and e-commerce in the effort to target websites that are characterized as being “dedicated to the theft of U.S. property.” This represents a new standard that many experts believe could capture hundreds of legitimate websites and services.

For those caught by the definition, the law envisions requiring Internet providers to block access to the sites, search engines to remove links from search results, payment intermediaries such as credit card companies and Paypal to cut off financial support, and Internet advertising companies to cease placing advertisements. While these measures have unsurprisingly raised concern among Internet companies and civil society groups (letters of concern from Internet companies, members of the US Congress, international civil liberties groups, and law professors), [. . .] the jurisdictional implications demand far more attention. The U.S. approach is breathtakingly broad, effectively treating millions of websites and IP addresses as “domestic” for U.S. law purposes.

The long-arm of U.S. law manifests itself in at least five ways in the proposed legislation.

November 7, 2011

Charles Stross on “evil social networks”

Filed under: Law, Liberty, Media, Technology — Tags: , , , — Nicholas @ 09:29

You could say that Charles Stross isn’t a fan of social networks in general, and Klout in particular:

“If you’re not paying for the product, you are the product.”

In the past I’ve fulminated about various social networking systems. The basic gist is this: the utility of a social network to any given user is proportional to the number of users it has. So all social networks are designed to tweak that part of the primate brain that gets a dopamine reward from social activity — we are, after all, social animals. But providing a service to millions of customers is expensive, and your typical internet user is a cheapskate who has become accustomed to free services. So most social networks don’t charge their users; they are funded indirectly, which means they’ve got to sell something, and what they’ve got to sell is data about your internet usage habits, which is of interest to advertisers.

So the ideal social network (from an investor’s point of view) is one that presents itself as being free-to-use, is highly addictive, uses you as bait to trap your friends, tracks you everywhere you go on the internet, sells your personal information to the highest bidder, and is impossible to opt out of. Sounds like a cross between your friendly neighbourhood heroin pusher, Amway, and a really creepy stalker, doesn’t it?

So what is it about Klout that sets it apart from the other social networks?

Klout operates under American privacy law, or rather, the lack of it. If you created a Klout account in the past, you were unable to delete it short of sending legal letters (until November 1st, when they kindly added an “opt out” mechanism). More to the point, Klout analyse your social graph and create accounts for all your contacts without asking them for prior consent. It also appears to use an unwitting user’s Twitter or FB credentials to post updates on their Klout scores, prompting the curious-but-ignorant to click on a link to Klout, whereupon they will be offered a chance to log in with their Facebook or Twitter credentials. So it spreads like herpes and it’s just as hard to get rid of. Is that all?

[. . .]

Anyway: if you sign up for Klout you are coming down with the internet equivalent of herpes. Worse, you risk infecting all your friends. Klout’s business model is flat-out illegal in the UK (and, I believe, throughout the EU) and if you have an account with them I would strongly advise you to delete it and opt out; if you’re in the UK you could do worse than send them a cease-and-desist plus a request to delete all your data, then follow up a month later with a Freedom of Information Act request.

September 10, 2011

How much damage to personal liberty will the new US/Canadian security deal inflict?

Filed under: Cancon, Economics, Liberty, USA — Tags: , , , — Nicholas @ 11:35

An article in the Globe and Mail discusses — in very general terms — the new security deal negotiated between the US and Canadian governments:

U.S. and Canadian negotiators have successfully concluded talks on a new deal to integrate continental security and erase obstacles to cross-border trade.

Negotiators have reached agreement on almost all of the three dozen separate initiatives in the Beyond the Border action plan, said sources who cannot be named because they are not authorized to speak publicly on the matter. The few remaining items mostly involve questions of wording and should be settled in time for an announcement in late September.

[. . .]

Opponents have raised alarms that an agreement would cost Canadians both sovereignty and personal privacy. But failure to implement the agreements could further impair the world’s most extensive trading relationship, and put manufacturing jobs across the country at risk.

Details of the agreement are closely held. But goals outlined earlier include specific proposals to co-ordinate and align such things as biometrics on passports, watch lists, inspection of containers at overseas ports and other security measures.

[. . .]

Canadians who believe that the United States has sold its liberty because of fears for its security, or who resist any further economic integration with the troubled economic giant, are likely to oppose the Beyond the Border proposals.

I don’t oppose trade with the US — far from it — but I do feel very strongly that the US has reduced the liberties of its citizens in pursuit of security (check the topic SecurityTheatre for lots of examples). I don’t want to see that trend exported to Canada in exchange for better economic access to their markets.

August 18, 2011

Omnibus bills: Canada’s equivalent to “riders” on US legislation

Filed under: Cancon, Law, Liberty, Technology — Tags: , , , — Nicholas @ 12:09

An omnibus bill is a collection of several individual bills that may or may not have been able to pass muster individually. It’s (from the government’s point of view) a great way to get a lot of legislative changes through parliament in relatively short order, but it encourages legislators to include their pet projects and special causes because of the decreased opportunity for opposition. The Conservative government’s proposed omnibus crime bill is a good example of this, as it is likely to incorporate warrantless data searches for police:

When Canada’s Conservatives took the most votes in the May 2011 federal election, Prime Minister Stephen Harper said that an “omnibus” security/crime bill would be introduced within 100 days. The bill would wrap up a whole host of ideas that were previously introduced as separate bills — and make individual ideas much more difficult to debate. A key part of the omnibus bill will apparently be “lawful access” rules giving police greater access to ISP and geolocation data — often without a warrant — and privacy advocates and liberals are up in arms.

Writing yesterday in The Globe & Mail, columnist Lawrence Martin said that the bill “will compel Internet service providers to disclose customer information to authorities without a court order. In other words — blunter words — law enforcement agencies will have a freer hand in spying on the private lives of Canadians.”

He quotes former Conservative public safety minister Stockwell Day, now retired, as swearing off warrantless access. “We are not in any way, shape or form wanting extra powers for police to pursue [information online] without warrants,” Day said—but there’s a new Conservative sheriff in town, and he wants his “lawful access.”

How bad were the last set of “lawful access” proposals? This bad:

Even the government’s own Privacy Commissioner is upset about the lawful access idea. On March 9, Privacy Commissioner Jennifer Stoddart sent a letter to Public Safety Canada in which she and other provincial privacy officials said the bill would “give authorities access to a wide scope of personal information without a warrant; for example, unlisted numbers, e-mail account data and IP addresses. The Government itself took the view that this information was sensitive enough to make trafficking in such ‘identity information’ a Criminal Code offence. Many Canadians consider this information sensitive and worthy of protection, which does not fit with the proposed self-authorized access model.”

“In our view, law enforcement and security agency access to information linking subscribers to devices and devices to subscribers should generally be subject to prior judicial scrutiny accompanied by the appropriate checks and balances.”

H/T to Brian Switzer for the link.

How unique (and therefore how easy to track) is your web browser?

Filed under: Liberty, Technology — Tags: , , — Nicholas @ 09:23

The good folks at the Electronic Frontier Foundation (EFF) have a new tool you can use to find out how easy it would be for third parties to track your browser usage, based on how it differs from others:

As you can see from my test (on a brand new machine), I have a unique browser configuration among the 1.7 million tested so far. My browser would be easy to track.

August 16, 2011

Charles Stross on the future of network security

Filed under: Science, Technology — Tags: , , , — Nicholas @ 12:40

Charles isn’t a professional in network security, but he has a good track record of exploring the consequences of new technology in his science fiction works. He was invited to give the keynote address at the 2011 USENIX conference.

Unlike you, I am not a security professional. However, we probably share a common human trait, namely that none of us enjoy looking like a fool in front of a large audience. I therefore chose the title of my talk to minimize the risk of ridicule: if we should meet up in 2061, much less in the 26th century, you’re welcome to rib me about this talk. Because I’ll be happy to still be alive to rib.

So what follows should be seen as a farrago of speculation by a guy who earns his living telling entertaining lies for money.

The question I’m going to spin entertaining lies around is this: what is network security going to be about once we get past the current sigmoid curve of accelerating progress and into a steady state, when Moore’s first law is long since burned out, and networked computing appliances have been around for as long as steam engines?

I’d like to start by making a few basic assumptions about the future, some implicit and some explicit: if only to narrow the field.

August 1, 2011

A quick plug for a useful EFF plug-in for Firefox

Filed under: Liberty, Technology — Tags: , , , , — Nicholas @ 10:25

I’ve mentioned this before, but I was just reminded about it as I started using the new laptop with its new install of Firefox:

This Firefox extension was inspired by the launch of Google’s encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted. At the same time, we were also able to encrypt most or all of the browser’s communications with some other sites:

  • Google Search
  • Wikipedia
  • Twitter and Identi.ca
  • Facebook
  • EFF and Tor
  • Ixquick, DuckDuckGo, Scroogle and other small search engines and lots more!

Firefox users can install HTTPS Everywhere by following this link.

As always, even if you’re at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can’t prevent this because sites incorporate insecure third-party content).

July 12, 2011

Another end-run around privacy expectations

Filed under: Law, Liberty, Technology, USA — Tags: , , — Nicholas @ 13:44

Julian Sanchez thinks the government has stopped caring whether you are innocent or guilty online:

Thanks to an unwise Supreme Court decision dating from the 70s, information about your private activites loses its Fourth Amendment protection when its held by a “third party” corporation, like a phone company or Internet provider. As many legal scholars have noted, however, this allows constitutional privacy safeguards to be circumvented via a clever two-step process. Step one: The government forces private businesses (ideally the kind a citizen in the modern world can’t easily avoid dealing with) to collect and store certain kinds of information about everyone — anyone might turn out to be a criminal, after all. No Fourth Amendment issue there, because it’s not the government gathering it! Step two: The government gets a subpoena or court order to obtain that information, quite possibly without your knowledge. No Fourth Amendment problem here either, according to the Supreme Court, because now they’re just getting a corporation’s business records, not your private records. It makes no difference that they’re only keeping those records because the government said they had to.

Current law already allows law enforcement to require retention of data about specific suspects — including e-mails and other information as well as IP addresses — to ensure that evidence isn’t erased while they build up enough evidence for a court order. But why spearfish when you can lower a dragnet? Blanket data requirements ensure easy access to a year-and-a-half snapshot of the online activities of millions of Americans — every one a potential criminal.

July 11, 2011

Can the government force you to provide your password?

Filed under: Government, Law, Liberty, Technology, USA — Tags: , , , , — Nicholas @ 09:37

Declan McCullagh discusses a potentially precedent-setting case in Colorado that may determine whether the 5th amendment applies to your personal passwords:

The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption passphrase.

The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.

Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution’s Fifth Amendment, which broadly protects Americans’ right to remain silent.

I’d hope that the protections against self-incrimination would apply in this case, but government power has been expended so far in the last ten years that it would not surprise me if the courts gut this right in their deference to the executive (just like every other time, it seems).

The highly localized outrage in the News of the World affair

Filed under: Britain, Media — Tags: , , — Nicholas @ 09:09

Frank Furedi points out the amazingly restricted view of the media:

The furore that surrounds the demise of the News of the World has little to do with the specific morally corrupt practices at that tabloid. Rather, as with other highly stylised outbursts of outrage in recent years — from ‘cash for questions’ to the MPs’ expenses scandal to bankers’ bonuses — this is a media-constructed and media-led furore. The main reason the sordid phone-hacking affair has become the mother of all scandals is because the media assume that anything which affects them is far more important than the troubles facing normal human beings.

It’s understandable: media folks frequently point out that politicians and celebrities move in “bubbles” which rarely bring them into contact with ordinary people — yet only occasionally seem to be aware that the media lives in its own set of bubbles.

Outrage-mongering, which is essentially an accomplishment of the media, is parasitical on today’s depoliticised and disorganised public life. In the absence of true political conviction, of any meaningful political alternative, strongly held views have been replaced by expressions of frustration and outrage. In such circumstances, the cultural elite can substitute its own agenda for that of the public, and in effect an outraged media reality becomes the reality.

Over the past week, many have claimed that the News of the World’s phone-hacking practices have offended the British public. Time and again, journalists claim to have detected a powerful public revulsion against the machinations of News International. Even a sensible columnist like Matthew d’Ancona argues that ‘David Cameron and Rupert Murdoch are swept up in a public fit of morality’. In truth, this ‘public fit of morality’ is actually confined to a relatively narrow stratum of British society. People in the pub or on the streets are not having animated debates about the News of the World’s heinous behaviour. Rather it is the Twitterati and those most directly influenced by the cultural elite and its lifestyle and identity who are emotionally drawn to the anti-Murdoch crusade.

July 8, 2011

A contrarian view on the News of the World closure

Filed under: Britain, Liberty, Media — Tags: , , , — Nicholas @ 09:28

Well, somebody had to point out the cloud to this lovely silver lining that everyone else is enjoying:

Around the world, miles of column inches and hours of television and radio debate have been devoted to the closure of the News of the World. And yet the gravity of what occurred yesterday, the unprecedented, head-turningly historic nature of it, has not been grasped anywhere. A newspaper of some 168 years’ standing, a public institution patronised by millions of people, has been wiped from history — not as a result of some jackbooted military intrusion or intolerant executive decree or coup d’état, but under pressure from so-called liberal campaigners who ultimately felt disgust for the newspaper’s ‘culture’. History should record yesterday as a dark day for press freedom.

In a civilised society we tend to associate the loss of a newspaper, the pressured shutting down of a media outlet, with some major corrosion of public or democratic values. We look upon the extinction of a paper for non-commercial reasons, whatever the paper’s reputation or sins, as a sad thing, normally the consequence of a tyrannical force stamping its boot and its authority over the upstarts of the media. Yet yesterday’s loss of a newspaper has given rise, at best, to speculative analysis of what is going on inside News International, or at worst to expressions of schadenfreude and glee that the four million dimwits who liked reading phone-hacked stories about Wayne Rooney on a Sunday morning will no longer be at liberty to do so. Many of those politically sensitive commentators who shake their heads in solemn fury upon hearing that a newspaper in a place like Belarus has closed down have barely been able to contain their excitement about the self-immolation of a tabloid here at home.

Many people, including us at spiked, had reservations about the News of the World’s mode of behaviour, especially following this week’s revelations of deplorable phone-hacking activity involving murdered teenager Milly Dowler and the families of dead British soldiers. The paper undoubtedly infuriated many people, too. Yet this was a longstanding public institution. Just because a newspaper is the private property of an individual — even if that individual is Rupert Murdoch — does not detract from the fact that it is also a public institution, with an historic reputation and an ongoing political and social engagement with a regular, in this case numerically formidable readership. That such a public institution can be dispensed with so swiftly, that a huge swathe of the British people can overnight be deprived of an institution they had a close relationship with, ought to be causing way more discomfort and concern than it is. How would we feel if other public institutions — the BBC, perhaps, or parliament — were likewise to disappear?

July 6, 2011

“Scouring your own Facebook profile for information your friends shared with you is in violation of Facebook’s terms of service”

Filed under: Media, Technology — Tags: , , , , — Nicholas @ 14:55

Facebook really, really doesn’t want you leaving for Google+ — in fact, they don’t even want you looking too closely at your friends’ personal data:

With the introduction of Google+ last week, the search/ad giant is finally in direct competition with Facebook. Or it will be, once Google gets over the opening week willies and reopens the service to allow the teeming hordes inside.

The biggest barrier to Google+’s success? All the time and effort we’ve already put into building our Facebook posses. Personally I am too old and cranky to start over from scratch. I just want to be able to click a button and automatically add everyone from Facebook to Google+.

That is, of course, exactly what Facebook does not want you to do, as an open source developer named Mohamed Mansour just discovered.

[. . .]

As Mansour noted (on his Google+ page, naturally):

     “This is what happens when your extension becomes famous :sigh: Facebook just removed the emails from their mobile site. They implemented a throttling mechanism that if you visit your ~5 friends in a short period of time, it will remove the email field.

     “No worries, a new version is on the making … I am bloody annoyed now, because this proves Facebook owns every users data on Facebook. You don’t own anything! If I were you, I would riot this to the media outlets again.”

It turns out that scouring your own Facebook profile for information your friends shared with you is in violation of Facebook’s terms of service. Nice, eh?

« Newer PostsOlder Posts »

Powered by WordPress