Permalink
Feb 05, 2001

New E-Mail Vulnerability - Trust Your Neighbor?
Misc.
2/5/2001; 11:12:34 AM

From Slashdot:

''According to this article in The New York Times (free registration required), a trick enables someone to essentially bug an e-mail message so that the spy would be privy to any comments that a recipient might add as the message is forwarded to others or sent back and forth. The vulnerability could facilitate the harvesting of e-mail addresses. Widely used e-mail programs that are vulnerable to the exploit (because they enable JavaScript) include Microsoft Outlook, Outlook Express and Netscape 6.'' A snippet from the article: "The potential for such e-mail spying was first discovered by Carl Voth, an engineer in British Columbia. 'What bothers me is that in this case, my vulnerability is a function of what you do,' Mr. Voth said. 'I can be careful, I can take every precaution, I can turn off JavaScript, and it doesn't matter. If my neighbor isn't diligent and I send him an e-mail, I'm still vulnerable.'" ''The Privacy Foundation, an educational and research organization based in Denver, plans to publicize and demonstrate the technique today.''

This is one of the most subtle security flaws a system can have, and one of the most difficult to fix. This is why extending browsers should be done carefully and not willy-nilly... add the wrong plug-in, break security for one person, and security is ruined for everybody.  If your banker ends up leaking the password to the bank systems to the wrong person because of a vulnerability like this, your bank account might be drained.


Permalink
Feb 03, 2001

Kafkaesque? Big Brother? Finding the Right Metaphor
Privacy from Companies
2/3/2001; 2:36:37 PM

'The battle of the metaphors is much more than a literary parlor game, said Solove in his article, "Privacy and Power: Computer Databases and Metaphors for Information Privacy." The way a problem is framed determines its solution, he suggested. And if lawmakers are to come up with adequate responses to the lack of privacy online, they need to fully understand the nature of the beast. In short, if they read books, they should read more Kafka and less Orwell.'

Excellent article! I've ranted about metaphors before and I will again, so I found a kindred spirit in this article.

I would like to comment on that paragraph, though. The choice of metaphor does not determine the nature of the solution. The choice of metaphor determines the understanding of the problem, which in turn determines the solution. With the wrong metaphor, one does not merely get a bad solution, one gets a whole wrong system, complete with wrong debates about which wrong solutions to put in place to solve the wrong problem.

The article does make a good case for Kafkaesque metaphors, but I still stand by my assertion that inconvenient as it may be, there are no appropriate metaphors for the Internet issues. They are too multi-faceted to be wrapped into a metaphor, even as approximations.


Permalink
Feb 01, 2001

DVD Case Follow-Up
DVD & DeCSS
2/1/2001; 11:45:38 AM

From Slashdot:

''The ACLU made a court brief today concerning the DVD CCA case. The release can be found here.'' There were actually a number of amicus briefs filed at the same time for this case, and now I think most of them are online. Journalists and publishers, law professors, law professors II, the Association for Computing Machinery, programmers and academics, library and public interest, Arnold Reinhold. These are all in support of the EFF's appeal in the case, of course. The briefs make good reading because they attempt to convey, in a very direct and concise manner, the arguments of these various groups against the DMCA.


Permalink
Jan 31, 2001

Code + Law: An Interview with Lawrence Lessig
Misc.1/31/2001; 11:21:07 AM One of many interesting statements:'There are two stages in Internet history so far, which are important to distinguish. The first stage climaxes around 1997, when the Supreme Court decided Reno v. ACLU (the case striking down the Communications Decency Act). This case represents a time when the world looked at the Internet and said, "This is an amazing new technology that we've got to be extremely respectful of." The overriding tone of the opinion is, "Congress, you must go extremely slow when you regulate in this area to make sure that you don't muck up this extraordinarily important First Amendment free-speech context, which is the Internet."... 'But now, in the second stage of Internet evolution, when it comes to copyright issues, that attitude has disappeared. So with the emergence of P2P architectures (which are being used to exchange music in ways that upset the music industry), rather than the court responding in the way that it did in Reno v. ACLU, the courts are in a knee-jerk way acting to shut down this emerging technology on the view that unless you stop it, it will be the end of copyright... 'So much of the legal battle that's going is just to get the court to be as deferential and patient with this emerging architecture as it was in the context of pornography. If you had to choose between protecting children and protecting Hollywood, you would think you would make an exception (to the law) to protect children. But, perversely, our legal system has said children are going to be left to the winds of the Internet and parents have to take care of that themselves, but we're going to march in and back up the power of Hollywood with the courts as quickly as we can to make sure that copyright interests aren't invaded.'


Permalink
Jan 30, 2001

Senator introduces strong e-privacy bill
Privacy from Companies
1/30/2001; 4:39:34 PM 'Senator John Edwards re-introduced a bill on Monday that would require Web sites to get permission from visitors before tracking their movements online.

'The North Carolina Democrat's bill stakes out an aggressive position in the debate over Internet privacy, requiring Web sites to reveal their use of technology that commonly runs in the background without the knowledge of the visitor.'

At least somebody is representing this position. It'll be compromised out of existance, but the final result will hopefully be better then it would have been.


<- Future Posts Past Posts ->

 

Site Links

 

RSS
All Posts

 

Blogroll