Oct 09, 2000

Privacy Digest:
10/9/2000; 3:07:12 PM

Privacy Digest has a good link to an article in Security Focus about an international treaty on cybercrime, including highlights from the author of the article.

This is important stuff. It's basically inevitable that we will see international treaties drawing lines; this one is terrifying and I hope it goes down in flames. The article points out that some aspects would violate the US Constitution.

'Following months of criticism from industry, security and privacy experts, the Council of Europe released a new draft of its international treaty on Cybercrime last week. Unfortunately, they don't appear to have been listening to anyone.

'The new draft fills in a few gaps on issues such as wiretapping and jurisdiction, but most of the controversial provisions on issues such as security tools and access to encrypted data are unchanged, or are even worse than before.'

Oct 09, 2000

Warner attempts to out-hack DVD hackers
DVD & DeCSS10/9/2000; 3:00:24 PM

'Time Warner's home video division has changed DVD's region coding scheme to make it even harder to play movies sold in one territory in another.... 'According to a leaked internal Warner Home Video document posted on Web site DVD Debate, the company began shipping discs with an "enhanced" region code at the start of this month. '"This program is a response to the unauthorised practice of altering DVD video hardware players so that they bypass the region code requirements for DVD," the document states. "This is happening on a more frequent basis in many territories, and retailers are openly marketing these non-complying players with names such as 'region-free' and 'multi-zone'."'

Prediction: This will break some perfectly compliant DVD players and end up having to be recalled because of that. This kind of thing rarely works once you have a large installed base.

Oct 09, 2000

Net privacy laws will have to wait
Privacy from Companies
10/9/2000; 2:50:51 PM

'After handing the high-tech industry important legislative victories on trade with China and visas for foreign workers, the U.S. Congress is set to adjourn this week without settling the debate over one critical issue: how to protect consumer privacy online.'

I have mixed feelings on this; while I would have liked to have seen privacy protection addressed in Congress, I'm not convinced they have enough understanding to make good law right now.

(Not that I'm particularly convinced that more time will help, mind you. But I doubt it can hurt as more and more Americans begin to realize what privacy invasion really means on the Internet.)

Oct 09, 2000

Web-based email services offer employees little privacy
Privacy from Companies
10/9/2000; 2:48:16 PM 'Everyone knows the boss can read all of the email you send and receive through your corporate account.

'Unfortunately, security experts say many employees would be surprised to know that Web-based email services also offer little privacy. Messages sent via a Yahoo or Hotmail account, or through instant messaging products, such as ICQ or America Online's Instant Messenger (AIM), are just as accessible to nosy employers.'

This article goes on to talk about network sniffers, which can track and record all network traffic, and keyboard sniffers, which record keypresses on a keyboard.

As is often the case, this C|Net article missed a critical distinction. Network sniffers can only make sense out of unencrypted network traffic. If you use Yahoo! mail and use their secure service, the network sniffer will only pick up garbage, and your boss can't read the connection. This is because network sniffers work on the connection, not on the computers on either end.

Keyboard trackers are much more powerful. It does not matter how you encrypt your connection if your computer is running a keyboard sniffer, and keyboard sniffers actually pick up everything you do.

Both are quite invasive, but the keyboard sniffer is significantly more difficult to avoid if you're trying to use a personal e-mail account.

Oct 09, 2000

Publius: Speech without Accountability
Free Speech
10/9/2000; 2:35:18 PM

'Consider Publius, a censor-resistant Web publishing system described in mid-August at a computer security conference in Denver. Engineers at the conference greeted the invention warmly, presenting to its creators--Marc E. Waldman, a Ph.D. student at New York University, and Aviel D. Rubin and Lorrie F. Cranor of AT&T Labs-Research--the award for best paper. Publius is indeed an impressive technical achievement: a tiny little program that, once widely installed, allows almost any computer user to publish a document on the Web in such a way that for all practical purposes it cannot be altered or removed without the author’s consent, even by an incensed government. In fact, authors can post files to Publius that even they themselves cannot delete. Yet it is quite simple for any Web surfer anywhere to view files published this way....

'Ironically, Publius may be ineffective in the very places where censorship is most oppressive. Bennett Haselton of the Censorware Project points out that “it only protects against censorship on the publishing end. In a country like China, where the main problem is censorship on the receiving end (all inbound traffic is filtered through the ÔGreat Firewall of China’), it is trivial for the censors to detect when someone is accessing a Publius document.” So Publius seems to work only for those who are already guaranteed a right to speak anonymously and read what they like. To them, it extends the ability, if not the right, to disregard what the politicians, judges and constitution writers have decided is out of bounds.'

Ironically, I just made that last point two days ago in my essay independantly.  Now I'll have to attribute it

<- Future Posts Past Posts ->


Site Links


All Posts