Science Addiction

A dormant blog by Devanshu Mehta

Month: August, 2006

Classic Security Book Now Free

Ross Anderson’s classic security book “Security Engineering”:http://www.cl.cam.ac.uk/~rja14/book.html is now available for free on his web site. This is a fantastic and fundamental resource for anyone interested in security. Good to see the publisher agree to this- with the new school year starting, it is great timing as well.

A Debate with the MPAA

The “#2 thesis on of my 95″:http://www.scienceaddiction.com/2006/07/23/95-theses-of-geek-activism/ was that Violating a license agreement is not theft.

I got a lot of feedback about that one- many people made the point that it could be theft if it involved either loss of property or loss of potential income.

I grant both of those points- and I am not even close to being a lawyer- but my point still holds: Violating a license agreement could also be theft, but in my opinion, is not theft on its own.

The “BBC has a video debate”:http://news.bbc.co.uk/2/hi/programmes/click_online/5263208.stm between the MPAA President Dan Glickman and the EFF co-founder John Barlow on the subject, and while much of it treads familiar ground for those who follow this issue, it is especially interesting because the two opposing viewpoints have been presented together.

To get a better idea about “John Perry Barlow”:http://en.wikipedia.org/wiki/John_Perry_Barlow here are a few bits about him:
* Founded the “EFF”:http://www.eff.org in 1990.
* Was a lyricist for the “Grateful Dead”:http://en.wikipedia.org/wiki/Grateful_Dead
* His article on “The Economy of Ideas”:http://www.wired.com/wired/archive/2.03/economy.ideas.html where he says

Intellectual property law cannot be patched, retrofitted, or expanded to contain digitized expression any more than real estate law might be revised to cover the allocation of broadcasting spectrum (which, in fact, rather resembles what is being attempted here). We will need to develop an entirely new set of methods as befits this entirely new set of circumstances.

* His “Declaration of the Independence of Cyberspace”:http://homes.eff.org/~barlow/Declaration-Final.html where he writes:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

* And “more recently, more pointed”:http://www.eff.org/deeplinks/archives/004886.php remarks from him.

Terror Without the Terrorism

Bruce Schneier has “a fantastic article at Wired.com”:http://www.wired.com/news/columns/0,71642-0.html?tw=wn_columns_securitymatters_1 on the aftermath of the supposed London terror plots. The terror plots were not near fruition, they were apprehended by solid law enforcement tactics, the science of the plots has been debunked and yet, our air-lives have been disrupted, our “leaders” are posturing and shrill rhetoric fills the vacuum.

Before you call me names, hear me out. The threat is real. However, the roller-coaster perceived threat-level and fear mongering is generating as much terror as terrorism itself.

From Schneier:

Regardless of the threat, from the would-be bombers’ perspective, the explosives and planes were merely tactics. Their goal was to cause terror, and in that they’ve succeeded.

Imagine for a moment what would have happened if they had blown up 10 planes. There would be canceled flights, chaos at airports, bans on carry-on luggage, world leaders talking tough new security measures, political posturing and all sorts of false alarms as jittery people panicked. To a lesser degree, that’s basically what’s happening right now.

Down to 8 Planets: Pluto Gets an Umbrella

The solar system has lost a planet today, as the International Astronomical Union decided to demote “pluto to Dwarf planet”:http://www.cnn.com/2006/TECH/space/08/24/pluto.ap/index.html?section=cnn_topstories status. So now “My Very Educated Mother Just Showed Us Nine” just doesn’t make any sense.

Although astronomers applauded after the vote, Jocelyn Bell Burnell — a specialist in neutron stars from Northern Ireland who oversaw the proceedings — urged those who might be “quite disappointed” to look on the bright side.

“It could be argued that we are creating an umbrella called ‘planet’ under which the dwarf planets exist,” she said, drawing laughter by waving a stuffed Pluto of Walt Disney fame beneath a real umbrella.

Well, at least they have a sense of humor about it.

MSN AdCenter Finally Allows Firefox Users In

Back in May, I published “an article here that highlighted how MSN AdCenter kept non-IE users out”:http://www.scienceaddiction.com/2006/05/12/how-internet-explorer-stifles-microsoft/ of their service. As a Mac user, it is a mild irritation whenever a major online player keeps non-IE customers out, but this one took the cake. Their customer service rep asked me to buy Windows. Think about that for a second- a major corporation asking a potential advertiser to drastically change their computer usage behavior for the privilege of advertising with them. I’m sorry, but Yahoo and Google will gladly take my business.

In any case, earlier this month- about 3 months after the service launched- “Firefox support has been introduced”:http://blogs.msdn.com/adcenter/archive/2006/08/04/688828.aspx in MSN AdCenter. They listened. I doubt building a standards compliant web site actually took 3 months, but I am glad that it happened. Also glad to see it works in Safari on my Mac.

Worst Privacy Debacles of All Time

“Wired”:http://www.wired.com/news/politics/privacy/0,71622-0.html has put up a list of the worst privacy debacles in the United States of all time. Of course, since this article was prompted by the “AOL debacle”:http://www.scienceaddiction.com/2006/08/18/take-action-aol-privacy-and-the-database-of-intentions/ that incident in particular has not made the list. I wonder if it would have made the list, and if so, at what position. I would rank it pretty high on importance on principle but low on potential damage to individuals.

This list is pretty good, and the #1 position is my favorite:

*1. The creation of the Social Security Number:*
Although security blogger Adam Shostack is known for his expertise on information-age data leaks, he considers the creation of the Social Security Number in 1936 to be the “largest privacy disaster in the history of the U.S.” Referencing controversy over the card’s creation at the time, he said, “Ironically, privacy advocates warned that the number would become a de facto national ID, and their concerns were belittled, then proven right, setting a pattern that still goes on today.”

The AOL Breach Aftermath

The repercussions of the “severe breach of trust by AOL”:http://www.scienceaddiction.com/2006/08/18/take-action-aol-privacy-and-the-database-of-intentions/ a few weeks ago, when they released the search records of more than 650,000 users, are beginning to be felt by those responsible.

“AP is reporting”:http://news.yahoo.com/s/ap/20060821/ap_on_hi_te/aol_search_privacy that three employees connected with the release of the records are no longer working for the company. The individual researcher and his/her supervisor have been fired and the chief technology officer Maureen Govern has either been fired or has resigned.

Holding individuals responsible is a good starting point, but is far from enough. This move only sends a signal to other employees within the company, but there is still no clear message for other companies with similar lax data retention and release policies. AOL must suffer heavy financial consequences so that every company that is entrusted with customer information considers it in their best interest to take that trust seriously. As things stand right now, there is only a vague threat of losing customers but unfortunately this is neither tangible nor obvious.

Take Action: AOL, Privacy and the Database of Intentions

AOL's Data Leak: Were You Exposed?

“AOL has put our privacy at risk by publicly disclosing the recent search history”:http://www.washingtonpost.com/wp-dyn/content/article/2006/08/16/AR2006081601751.html of 650,000 users. This wrong in so many different ways- and yes, your search queries say a lot about you, including your identity. The “New York Times discovered just who AOL Searcher #4417749″:http://www.nytimes.com/2006/08/09/technology/09aol.html?ex=1312776000&en=f6f61949c6da4d38&ei=5090&partner=rssuserland&emc=rss was just using their search strings. Read the rest of this entry »

NSA Eavesdropping Ruled Unconstitutional (updated)

This is fantastic news- a federal judge ruled today that the “NSA eavesdropping program is unconstitutional”:http://www.cnn.com/2006/POLITICS/08/17/domesticspying.lawsuit.ap/index.html in the case that the ACLU brought against it. The government contended that it was within the President’s authority, and the details were state secrets but the judge did not buy it. The ACLU argument was that the President had already admitted the program and the publicly available information was sufficient for the judge to rule on.

The judge ordered an immediate halt to the program.

*UPDATE*:
* A “pdf of the judge’s ruling”:http://i.a.cnn.net/cnn/2006/images/08/17/nsa.lawsuit.pdf
* A quote from the judge:

Judge Taylor states that “[t]here are no hereditary Kings in America and no powers not created by the Constitution,” so all the president’s “inherent powers” must derive from the Constitution.

*UPDATE #2*
* Attorney General Gonzales “says he will appeal”:http://www.cnn.com/2006/POLITICS/08/17/domesticspying.lawsuit/index.html to a higher court. “Contribute to the ACLU”:http://action.aclu.org/site/PageServer?pagename=FJ_donationhome to keep up the good fight.

Follow

Get every new post delivered to your Inbox.