Category Archives: Privacy

Pirate Party Legitimized by Winning EU Parliament Seat

Support for Prohibition began to diminish as enforcement became increasingly expensive and it was becoming apparent that the ban was doing little to curb crime and drunkenness. There’s lots of academic and commercial effort put into stopping software and other intellectual property piracy, especially for videos. A form of risk management, I suppose, but one that ignores the much bigger risk to traditional intellectual property of causing political blowback such as what just happened in Sweden:
“Together, we have today changed the landscape of European politics. No matter how this night ends, we have changed it,” Falkvinge said. “This feels wonderful. The citizens have understood it’s time to make a difference. The older politicians have taken apart young peoples’ lifestyle, bit by bit. We do not accept that the authorities’ mass-surveillance,” he added.
Funny thing about what happens when the majority of the population participates in an illegal activity: eventually it’s not illegal anymore.
At least partially, The Pirate Party puts its increased popularity down to harsh copyright laws and the recent conviction of the people behind The Pirate Bay. After the Pirate Bay verdict, Pirate Party membership more than tripled and they now have over 48,000 registered members, more than the total number of votes they received in 2006.

With their presence in Brussels, the Pirate Party hopes to reduce the abuses of power and copyright at the hands of the entertainment industries, and make those activities illegal instead. On the other hand they hope to legalize file-sharing for personal use.

Many of those abuses of power probably already are illegal; the appropriate laws just aren’t being enforced. We saw this during alcohol prohibition in the U.S., and we see it now with marijuana prohibition in the U.S. The first prohibition ended, the second probably will, and meanwhile, online “piracy” is on its way to being redefined.


Class Action Coming for Identity Theft?

zerodaythreat.jpg It wouldn’t be a moment too soon:
I painfully predicted a few years back that phishing and related identity theft would result in class action suits. I lost my bet as it didn’t happen fast enough, but a significant step has been taken (reported by Lynn) with the publication of a book that apparently blames the banks and the software manufacturers for identity theft.

Signs of Liability: ‘Zero Day Threat’ blames IT and Security industry, Ian Grigg, Financial Cryptography, April 14, 2008

The book review iang quotes gets it about online crime not being amateur anymore: it’s organized. And it gets it about perhaps a more important point: Continue reading

Privacy in Germany: Courts Support It

papier.jpg Interesting that Germany has more respect for privacy than the U.S. does:
Government surveillance of personal computers would violate the individual right to privacy, Germany’s highest court found Wednesday, in a ruling that German investigators say will restrict their ability to pursue terrorists.

The Karlsruhe-based Federal Constitutional Court said in a precedent-setting decision that data stored or exchanged on a personal computer is effectively covered under principles of the constitution that enshrine the right to personal privacy.

“Collecting such data directly encroaches on a citizen’s rights, given that fear of being observed … can prevent unselfconscious personal communication,” presiding judge Hans-Juergen Papier said in his ruling.

Court Shoots Down Computer Surveillance, By MELISSA EDDY, Associated Press Writer, 27 Feb 2008

Although apparently Germany also has lazy cops who think spying on individuals is their birthright, just like in the U.S. Not regular police, mind you, but
…secret services’ ability to use virus-like software to monitor suspected terrorists’ online activity.
The court rightly said suspicion is not enough:
“Given the gravity of the intrusion, the secret infiltration of an IT system in such a way that use of the system and its data can be searched can only be constitutionally allowed if clear evidence of a concrete threat to a prominent object of legal protection exists,” Papier said.
And a judge has to approve it.

Now that’s risk management.


Liberty vs. Control (Not Privacy vs. Security)

secretsandlies.jpg Bruce Schneier hits the nail on the head:
If privacy and security really were a zero-sum game, we would have seen mass im migration into the former East Germany and modern-day China. While it’s true th at police states like those have less street crime, no one argues that their ci tizens are fundamentally more secure.

We’ve been told we have to trade off security and privacy so often — in debate s on security versus privacy, writing contests, polls, reasoned essays and poli tical rhetoric — that most of us don’t even question the fundamental dichotomy .

But it’s a false one.

Security and privacy are not opposite ends of a seesaw; you don’t have to accep t less of one to get more of the other. Think of a door lock, a burglar alarm a nd a tall fence.

What Our Top Spy Doesn’t Get: Security and Privacy Aren’t Opposites, Bruce Schneier, Wired, 01.24.08 | 12:00 PM

There’s more, all well worth reading.

Here’s the gist:

The debate isn’t security versus privacy. It’s liberty versus control.

You can see it in comments by government officials: “Privacy no longer can mean anonymity,” says Donald Kerr, principal deputy director of national intelligen ce. “Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.” Did you catch that? You’re expected to give up control of your privacy to others, who — presumabl y — get to decide how much of it you deserve. That’s what loss of liberty look s like.

Haven’t we lost enough already?


Google to be Dragooned Into U.S. Wiretapping?

68EEC-dragoon.gif I’d wondered when the feds would think of this:

"Google has records that could help in a cyber-investigation, he said," Wright adds. "Giorgio warned me, ‘We have a saying in this business: `Privacy and security are a zero-sum game.’"

A New Internet Wiretapping Plan? Steve Bellovin, SMBlog, 15 January 2008

Their saying is wrong, as Bellovin points out:

The risks are quite similar to those posed by CALEA: this is an intentional vulnerability which can be exploited by the wrong people. (That’s what happeed to the Greek cellphone network.)

But some people believe the saying anyway, and will act on it, unless they are stopped.


Phishing Verified

jeremy_clarkson.jpg Or is it really phishing when the victim first broadcasts his bank account details?
BTop Gear presenter Jeremy Clarkson has admitted he was wrong to brand the scandal of lost CDs containing the personal data of millions of Britons a “storm in a teacup” after falling victim to an internet scam.

The outspoken star printed his bank details in a newspaper to try and make the point that his money would be safe and that the spectre of identity theft was a sham.

He also gave instructions on how to find his address on the electoral roll and details about the car he drives.

However, in a rare moment of humility Clarkson has now revealed the stunt backfired and his details were used to set up a £500 direct debit payable from his account to the British Diabetic Association.

The charity is one of many organisations that do not need a signature to set up a direct debit.

Clarkson stung by fraud stunt, Guardian Unlimited, Monday January 7 2008

He admits he was wrong, but nonetheless tries to pin the blame partly on a privacy law:
“The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again,” he said. “I was wrong and I have been punished for my mistake.”
At least he doesn’t call for revoking that Act; he does call for going after the perpetrators.


PS: Seen on BoingBoing.

Traffic Control Viewed as ISP Risk

pirates.jpg Certain ISPs plan to spend a lot of money throttling, stifling, policing copyrights, campaigning and lobbying to control content of information flow through their networks. They might want to look at what’s happening in China:
Beijing has recently added a new weapon to its arsenal of surveillance technologies, a system it believes to be a modern marvel: the Golden Shield. It took eight years and $700 million to build, and its mission is to “purify” the Internet — an apparently urgent task. “Whether we can cope with the Internet is a matter that affects the development of socialist culture, the security of information, and the stability of the state,” President Hu Jintao said in January.

The Golden Shield — the latest addition to what is widely referred to as the Great Firewall of China — was supposed to monitor, filter, and block sensitive online content. But only a year after completion, it already looks doomed to fail. True, surveillance remains widespread, and outspoken dissidents are punished harshly. But my experience as a correspondent in China for seven years suggests that the country’s stranglehold on the communications of its citizens is slipping: Bloggers and other Web sources are rapidly supplanting Communist-controlled news outlets. Cyberprotests have managed to bring about an important constitutional change. And ordinary Chinese citizens can circumvent the Great Firewall and evade other forms of police observation with surprising ease. If they know how.

The Great Firewall: China’s Misguided — and Futile — Attempt to Control What Happens Online, By Oliver August, WIRED MAGAZINE: ISSUE 15.11, 10.23.07 | 12:00 AM

And if they don’t know how, that article provides tips. Continue reading

Sony Rootkitting: How It Happened

sonyrootkit.gif Here’s a paper about Sony and the Rootkit:

While Sony BMG’s customers first became aware of the dangers posed by the rootkit through media reports following Russinovich’s October 31 announcement, the company was on notice that its product contained a rootkit, at the very least, four weeks earlier.12 Finnish anti-virus software developer F-Secure contacted Sony BMG on October 4, 2005, alerting it to the presence of the rootkit.13 Of course, First4Internet, as the developer that chose to incorporate the rootkit into its design, necessarily knew of its presence from the outset.


Yet Sony apparently thought that they could still sneak a rootkit onto CDs its customers paid for. The customers knew better, because Amazon reviews told them, and sales CDs plumetted as soon as rootkit-infested versions were issued.

This maybe illustrates three points:

Continue reading