(Source)

In this post I’m going to briefly note just how bad an idea it is, for citizens, that ISPs and content providers are working together to resolve ‘copyright infringement’ without having a substantial degree of government involvement.

Rules of the game

Perhaps you’re familiar with baseball (or California penal rules). In either case, you’ll have heard of the ‘three strikes and you’re out’ rule. In baseball, this would mean that a batter returns to the dugout, and another person attempts to swat a ball and race towards first base. In the penal system, it indicates that you’ve committed enough criminal offenses that you’re going to have the book thrown at you . . . the next person behind you in court can then try to argue why they’re innocent, and go free (first base?).

Viva la France!

France has recently set in place a three-strikes rule - if you are caught infringing on copyright three times, then you will have your Internet access terminated for a year. The question that arises is this: what happens if someone uses your computer without permission? How can you appeal any incorrect or unjust decision? What does this have the effect of doing to a member of a rural community, where the ‘net has become a core way of communicating with the world at large and their government representatives? What role do citizens play in how a core system of communications, that they have come to rely on, is being affected by corporate interests?

Hello world!

With governments around the world demanding that copyright groups and ISPs find a workable solution to infringement that doesn’t tie up court systems, the three-strikes model is gaining ground. This is significant, as it would shift the role of ISPs from passively watching content as it streams across and out of their network, to a more active analysis of what individuals are doing on their networks. This shift in activity corresponds with the increasingly common deployment of Deep Packet Inspection technologies throughout ISP networks, technologies that shift through each piece of data that a person transmits to, and receives from, the ‘net. With these technologies, along with digital ‘fingerprints’ to look for, ISPs will be able to either prevent their users from infringing on most copyright (should the system be designed with a user-designated ‘censoring’ mode), as well as more effectively identify when they might be in the midst of, or preparing to, infringe.

Goodbye World

What happens when a six-year old child is ‘caught’ downloading something to the family computer a few times? Should the parents lose all access to the ‘net for a year, or should they return to disciplining the child? What happens when someone files a copyright infringement notice, but it turns out that a person’s computer had been taken over by spyware? What systems are in place to address these issues?

An ISP isn’t the police, nor is it a part of the judiciary. Given this, why shouldn’t the courts be the solution to copyright infringement? The response is often that it would clog up the courts, but this presumes that the laws that are being applied to individuals, but were prepared to account for businesses infringing, are the ‘right’ kinds of laws for individual citizens. Should a person really be charged the same amount for showing their friends a copy of a hallowed Simpsons clip as a corporation that is using it for corporate promotion? There seems to be an analytic difference between these two groups, and this is a difference that needs more attention before these kinds of ‘three-strike’ rules are set into place.

Technorati Tags: copyright, DPI, IFPI, Internet, Infringement, Surveillance

(Source)

A few years ago Computer World ran a particularly good piece on Radio-frequency identification )RFID entitled ‘Opinion: RFID security worries need a reality check‘. I’d highly recommend taking a look at it, for a pair of reasons:

1. It identifies that hackers will only look at RFID tags once the data they transmit is easy to send along electronic mediums, with the data being transmitted itself valuable (i.e. not simply the location of valuable goods, but the information must be a valuable good in itself);
2. It blindingly misses the point that RFID opens a new avenue of attack that could seriously contribute to an e-warfare application.

RFI-What?
You might have heard about RFID in the news over the past few years. In case you need a quick primer/update, here’s the basics on RFID:

• It’s not new - RFID has been in use since WWII to organize valuable assets and more effectively track them;
• RFID can either actively broadcast information, or have the chip activated when placed within ‘hot’ zones - an RFID device does not necessarily always broadcast information;
• There are different ISO standards for various RFID types - some support encryption, some do not, some support active transmission of data (i.e. they are always broadcasting information), and some do not (these are termed passive RFID devices);
• RFID Tag are often confused with Contactless SmartCars (CSCs) on the basis that they mutually use radio transceivers to broadcast information. Different ISO standards are used for these two types of devices, with CSCs having been developed with encryption and privacy issues in mind;
• On the topic of read ranges - RFID tags can be read up to 10 meters or so away, whereas CSCs are usually read from a maximum of about 5cm away from a reader;
• RFID Tags are to be placed in many of the Enhanced Drivers Licenses (EDLs) in Canada, whereas CSCs are being insert into the e-passports that are being deployed in Britain and the US.

RFID - It’s worth some e-money now
In the article by Computer World, it was noted that:

Information criminals steal information that’s readily convertible to cash, not meaningless EPC RFID inventory data. The people who design EPC standards know far more about the risk to supply chains than cloistered academics engineering these meaningless proof-of-concept exploits.

The EPC initiative is backed by companies that suffer billions of dollars in global supply chain losses every year. They have performed a rigorous risk analysis and concluded that the effect of a supply chain exploit targeting EPC chips is relatively low. They also have determined that the probability of seeing a wave of hacks on EPC chips is similarly low. (Source)

What does this say? It says that billions were already being lost to supply chain losses - this isn’t necessarily the case when it comes to shunting people across borders, save through some reasonably abstract understandings of what it means to lose money as people cross the border (this would be where efficiently metrics as they relate to human actions would come in). It also says that from a supply chain analysis, it’s unlikely that there would be any kind of attack/hack on EPC chips.

Supply chain analyses are (presumably) different from border crossing analyses - the former relates to product as they move around the world, where there are known losses, whereas the former relates to the movement of citizens between different legal jurisdictions. Unless we’re talking about independent organizations being able to track the number of people that disappear as they hit various borders as they are ‘redistributed’ to Gitmo or similar detention areas, I fail to see how ‘known losses’ fit with a situation where citizens are crossing a border.

Moreover, whereas a supply chain is only likely to hold value to rival retailers (knowing how Wal-Mart moves all of its supplies internationally might provide a competitive advantage), knowing how and where citizens are traveling, as well as gaining access to a wide population’s biometric information, is of value to most bureaucratic bodies in public and private settings (imagine travel insurance companies learning just how much you travel!). The opportunities to be gained from this kind of information are high, which translates into the possibility of monetizing RFID hacks. When you’re dealing with sensitive information that can be communicated along the ‘net, with that information being valuable in and of itself, then it’s likely that those ‘cloistered academic’ engineering exploits will quickly become meaningful.

To encrypt, or not encrypt - that is the question
When it comes to your driver’s license, health card, or any other piece of government- issued ID you can visually confirm that the information displayed on the ID-piece is accurate. Given that the cards have the information placed on them after it is harvested from the appropriate databases, it is easy to determine whether or not the printed information is accurate or not and, correspondingly, whether the databases that were drawn on hold accurate personal information. When if comes to RFID Tags, however, you can never be entirely certain what is being broadcast, unless you have a way of reading the information. This would mean that, to ensure that accuracy of broadcast information, that you would need to be able to read it. This suggests one of two things:

1. Information from RFID Tags is broadcast ‘in the clear’, that is, the information broadcast is not encrypted, enabling citizens to determine if the broadcast information is accurate;
2. Information is encrypted, but there are many public readers where you can confirm the accuracy of the information being broadcast.

There are obvious problems with the first choice - it would mean that very personal/private information was being broadcast to the wider world. There are clear security problems with this possibility. The second choice - encrypted but lots of public access points - is good, but only if the access points are relatively ‘hardened’, if they are easy to find and access, and if the RFID Tags are set to a passive, rather than active, broadcast.

The problem with most encryption schemes, as they’re proposed at the moment, is that citizens would be unable to access the information that was being broadcast. This is intended to assuage citizens that their personal information is secure, but fails to provide them with the ability to confirm the accuracy of their personal information that is either being transmitted using RFID on CSCs or called up in databases associated with RFID Tags. For a democracy to thrive a government must be transparent, and citizens need to be able to perceive themselves as the legislators and subjects of any law. How can one legislate a law, when the consequences of that law are subsequently hidden? When it comes to identity programs, citizens must be able to understand precisely what they are giving up to authorities when challenged for ID.

Catch-22 and beyond
The current EDL proposals in Canada call for unencrypted transmissions of identifier numbers that than ‘hook’ into a government database. Unlike the government of Canada, most RFID venders recommend that data that is transmitted be encrypted. Unfortunately, the choice between encryption or not leads to a catch-22 situation; they either lack transparency, or they risk putting citizens’ biometric information in the public eye. This isn’t to say that there aren’t technical solutions to this issue - solutions can be implemented - but pursuing a technical solution fails to recognize that we, as citizens, really need to determine whether or not RFID-enabled identity cards are really needed!

In Canada, EDLs are being created in order to satisfy the American securitization of their borders. Putting aside whether or not that securitization is real security, or merely security theater, we as Canadians need to ask whether or not we want to open ourselves to a heightened risk of biometric theft (an upgrade of mere ‘identity’ theft), or simply pony-up for passports. Canadian passports are valid pieces of international ID, and can be used to cross the Canada-US border (as well as the other borders of the world). Instead of investing in EDLs and the massive infrastructure that will accompany them, why not simply divert that money to subsidize the cost of passports?

Technorati Tags: Canada, CSC, EDL, IT, RFID, Security

(Source)

Yahoo! has recently released a new product called Fire Eagle. Fire Eagle is an application that developers can integrate into their software suites, enabling users to identify and broadcast their geospatial location to others on the application’s network. There are many very positive features of Fire Eagle (at least relative to other applications of this nature):

* It’s opt-in
* It allows for granular, application level, sharing of information
* It keeps limited historical data - it “keeps only the most recent piece of location information it has received for each of the major levels it understands: Exact Location, Neighborhood, City, State, Country etc. If a new piece of “Exact Location” information comes in, then we throw away the old one.” (Source)
* Yahoo!’s developers anonymize user data, and assert that they will exclusively use it for system statistics as it pertains to updates and improving service (no notes on how data is anonymized, however)
* The privacy statement makes note that users need to read the privacy agreements of the applications that utilize/integrate Fire Eagle
* Yahoo! notes that their partners must consent to terms and services, and a code of conduct, and Yahoo! provides a space for users to complain if they think that a Yahoo! partner is violating their agreements with Yahoo!.

But, but, what about those third parties!?!
A BBC article that talks about this new service (Privacy worry over location data) really identifies the core privacy concern that most advocates seem to have with this service:

The problem for privacy watchers is that privacy policies across the web are all very different and using a service through a third party could raise some real issues.

This is a very, very real concern, but one that I think is misidentified by the popular media. While it’s true that people (such as myself) are concerned about the actual legibility of privacy policies (most are in complicated legalese, and as such effectively meaningless - someone can’t reasonably be expected to consent to a contract that they have no way of understanding), another (perhaps more significant issue) is that when most contracts state that they won’t share information with ‘third parties’ they really don’t clearly identify what a third party is.

Let me unpack that last bit, just a little. Let’s say that you enter into a contract/agree to an EULA with Company Alpha (Company A). Unbeknownst to you, Company A is a subsidiary of Company Big (Company B for short), who is a subsidiary of Core Company (Company C, for short). When you enter into an agreement with Company A, your information can often be passed around the rest of the corporate family without violating the contract that you consented to. Of course, the average consumer has no clue who is a member of a ‘corporate family’, and is still vulnerable to the commonplace divergent understandings of corporate privacy policies in the various subsidiary corporations. Most people are also unaware that this means that their granular data, which is on its own not terrible useful or informative about themselves as users, is drawn together to compose substantial data doubles, and that these doubles are (a) valuable; (b) used to discriminate against consumers without their being aware of the discrimination taking place.

Alleviating third-party worries
I hesitate to say that I necessarily LIKE this way of doing things, just because I’m hesitant about how facebook actually operates. That said, Facebook is releasing a new service (Facebook Connect) where the privacy settings that you establish in the Facebook environment will carry along with you to the other websites that you access. Of course, this means that Facebook will be gathering information on where you go, what you do, and so on. It also means that to enjoy a unified privacy policy that you’ll need to be a member of Facebook - you’ll need to be willing to give a corporation access to your personal data to enjoy something that you really should be able to expect a government to set up for you.

Nevertheless, Facebook’s Connect Platform may offer a way for Facebook users to enjoy a common attitude towards privacy. This is one of the solutions that Lessig notes in Code 2.0, but I remain concerned about the solution for the reasons that I addressed in my MA thesis. Namely:

1. Without federal/state/provincial regulations, violations of a corporate policy lack a clear punitive strategy. Without a monetized penalty, corporations may be less willing to entirely abide by the codes of conduct.
2. It makes it challenging to enjoy a granular privacy policy - I may not want to let Nike know much about me, whereas I’m comfortable telling the local government a great deal.
3. What happens if a particular group chooses not to ‘buy-in’ to the Facebook program for their own, valid, reasonings? Are citizens to become citizen-consumers, where to enjoy their constitutional rights they are limited to the corporate brands that they see as ‘healthy’ to them?
4. Why *shouldn’t* government be the body responsible for setting these kinds of rules and regulations, and developing the IT frameworks to allow all citizens to have consistent privacy frameworks across their browsing experience. I’m not suggesting that citizens would subsequently be required to use the government systems, or that there aren’t inherent challenges with any large body establishing a common privacy level that travels with me across the ‘net, but I’m far more comfortable with a democratically legitimated body doing this than a for-profit corporations who just wants to harvest my personal information.

Ultimately, however, I want to quickly return to Yahoo!’s own stance toward privacy and Fire Eagle. Yahoo! is being reasonably up-front, honest, and genuine with the consumer - they’re doing their job in providing the information that consumers really need to be aware of, in language that is easily accessible. Whether or not people read the privacy policy, the policy isn’t one that is so filled with legalese that it’s non-sensical to the average person. This, in and of itself, is a massive change in how the industry constructs their privacy notices, and is something that reflects well on their division of Yahoo! services.

Technorati Tags: Fire Eagle, Geolocation, Lessig, privacy, Surveillance, Yahoo!

(Source)

Don Reisinger’s posting on Pro-privacy initiatives are getting out of hand is a good read, even if I don’t think that he ‘gets’ the reason why privacy advocates are (should be?) concerned about Google Streetview. If you’ve been under a rock, Google is in the process of sending out cars (like the one at the top of this post) to photograph neighborhoods and cities. The aim? To let people actually see where they are going - get directions, and you can see the streets and the buildings that you’ll be passing by. It also lets you evaluate how ’safe’ a neighborhood is (ignoring the social biases that will be involved in any such estimation) and has been talked about as a privacy violation because some people have been caught on camera doing things that they didn’t want to be caught doing.

Don: Privacy Wimps Stand Up, Sit Down, and Shut Up
Don’s general position is this: American law doesn’t protect your privacy in such a way that no one can get one or take a photo of your property. What’s more, even if you were doing something that you didn’t want to be seen in you home, and if that action was captured by a Google car, don’t worry - no one really cares about you. In the new digital era, privacy by obscurity relies on poor search, poor image recognition, and even less interest in what you’re doing. Effectively, Streetview will be used to watching streets, and little else.

Fair Enough
Don’s got a really, really good point, and his article is good because it identifies many of the contemporary concerns (i.e. that you and your home are being photographed) and points out that those concerns are (really) fairly trivial. I say this as someone who has issues with a lot of Google’s services *grin*.
What Don doesn’t get - and to be fair the issue I want to focus on hasn’t really gotten to courts in the US as far as I can tell - is that this is another artifact that is now online. Do I care if my home is captured by Streetview? No, not really, unless that image is correlated with my postal code, my address, where I work, my phone number, my criminal record, etc. In essence, my real concern about Streetview is that is provides another data source for mash-ups, or services that compile data profiles from a large number of sources. What’s more, as search improves we move towards a point where these artifacts are more easily collected, giving a very detailed accounting of who I am, what I do, and where I do it. As someone who does value my privacy, that’s unnerving, especially when there is not real way for me to identify what information of mine exists online without some intense personal investigative efforts.

Mash-ups - Badness?
Mash-ups aren’t necessarily bad - I need to state that right away - but neither are they necessarily good. In the past, people enjoyed security and privacy by obscurity; there were so many data sources and it was so costly to collect full profiles on people that it wasn’t done very often. Nowadays, however, it is much cheaper, and much easier, to aggregate people’s information. Once aggregated, that information can be used in an almost infinite number of ways - ways that the individual who generated that information/has that data tied to doesn’t necessarily consent to. Consent, as always, is meant as an ‘opt-in’ consent, rather than an opt-out form of consent.
This collection and reorganization of data into a new, useful, format is what is commonly referred to when people talk about mash-ups.
Consent is Dumb Though!
Yeah yeah, we hear this all the time. Opt-in consent is onerous, whereas opt-out is sufficient. I think that this is absolutely correct - read it again, I agreed with that past sentence - for Silicon valley companies who are creating products to solve problems that don’t really exist (had you going for a second, eh?). Let me put it another way: what ‘problem’ do many of the social networking technologies and Web 2.0 technologies solve? Were these genuinely problems, or were problems found after the technology was deployed?

If the technology/mashup is a clearly useful or desirable product then companies shouldn’t worry about opt-in requirements. Only when there is a strong possibility that the technology isn’t actually useful to the consumer/the consumer isn’t made fully aware of the benefits of the technology will opt-in be disdained.

Back to Streetview
Does Google’s Streetview meet the various privacy rights in the sundry jurisdictions that it’s deployed in? That’s a good question, and one that civil rights advocates with lawyers should (and are) look into. That said, any time where Streetview, or any other ‘primary’ data source is found to be acceptable to national privacy laws, the subsequent mash-ups need to be examined and evaluated.

Something that I do read every now and again in the education blogs that I read is that teaching students about the value of mash-ups is important, and I agree. That said, included in that education should be a critical evaluation of the benefits and harms that might follow from mash-ups. Any such evaluation would be greatly helped were federal and state/provincial government to start to proactively think about the issues posed by mash-ups and begin to develop regulations intended to minimize their possible privacy harms, while enhancing their positive benefits.

Technorati Tags: Google, privacy, mash-ups

(Source)

This is just a really quick thought that I wanted to toss out.

I perceive a problem associated with the digitization of public records: such digitization allows business interests to gather aggregate data on large collections of people while retaining identifiable characteristics. This allows for a phenomenal sorting potential. At the same time, we might ask, “is there anything we can, or really want to, do about this?”

Paradigm Shift
I hear this a lot - ‘Chris, you have to understand that things are different now. The paradigm is shifting towards transparency, and there’s nothing wrong with that, and you’re being a pain in the ass suggesting that there is anything wrong with transparency. Do you have something to hide, or something like that?’ This particular line bothers the hell out of me, because I shouldn’t have to expose myself without giving my consent, especially when I previously enjoyed a greater degree of privacy as a consequence of obscurity and/or the costs involved with copying, sorting, and analyzing analogue records. I fail to see why I have to give up past nascent rights and expectations just because we can mine data more effectively (hell, that would have been a meaningless statement around the time that I was born…). Efficiency is not the same as superior, better, or (necessarily) wanted.

Solution One: Creative Commons
I (generally) don’t mind people reading about what I’ve written, or about various facets of my life. Were I in court for some reason, a part of the justice system really does entail other people being able to read court records so that they can identify with the law as it was dispensed by and for the people (this is one of the areas where Hegel certainly puts an explanation of the legal system far more eloquently than Kant ever did, though both argue this point along dramatically different avenues). Perhaps some version of the Creative Commons could be developed so that designated uses can automatically search public databases, whereas other uses (such as corporate interests in some cases) would be restricted in the information they could collect per day/have access to in aggregate. Using a spider-like text file, and legislating that business is required to abide by these files, might be one way of dealing with this.

Solution Two: Limited Access Points
This won’t win me friends with advocates of ‘openness’, so get ready. Hell, I don’t know that *I* like this idea, and think that it sacrifices a bit much on the alter of the past. Be that as it may …

What if, to access public databases, you had to have an IP that located you within a particular geographic range? Say you had to be within 50 km of the hosting location/location you presume it should be hosted at to get full access (i.e. if you are accessing information that the Ontario government holds onto, you need to be within 50 km of the parliament, even though the databases might actually be housed in Yellowknife). Perhaps, instead of this location based access, documents should have to be manually saved somehow, with the method used for displaying and saving documents intentionally randomized to prevent mass-saving and aggregation. In essence, why not implement some kind of technology that either correlates geographic location with the ease or difficulty of accessing documents, or implementing quasi-DRM solutions (that felt dirty to suggest…) to limit the easy aggregation of public records.

Thoughts?

Technorati Tags: creative commons, DRM, privacy

(Source)

If you’re Canadian, and haven’t exiled yourself from society for the past several weeks, then you’ve heard about the Federal Conservative Party’s ‘dreaded’ Bill C-61″An Act to amend the Copyright Act”. While a lot of people have been talking somewhat broadly about the issues of digital locks, and posing their own examples about how Canadians will be criminalized when they use media in sensible ways, I wanted to talk about how Mac Preview threatens to criminalize a lot of Mac users.

Mac Preview
I’ll start with a quick quotation of how Apple describes Preview:

If you’ve got PDFs to read, or images to view, Preview makes it easy. This built-in PDF file viewer allows you to view, work with, and print PDF files; view and edit images (including JPEG, TIFF, GIF, PICT, and other image file formats). (Source)

Preview is an awesome integrated part of OS X, and it makes my daily life a lot nicer - no longer is Adobe something that I have to put up with on a regular basis! Another great feature of preview is the ability to print .PDF files that you already have opened. This might seem stupid to bring up, but it turns out that this feature is pretty important in the present computing environment that I find myself in.

Why Print a .PDF … to a .PDF?
There are great reasons to print .PDF, and they range from a personal fear or hatred of the Earth’s pollen-bearing agents (such as trees), to wanting a physical copy of a document to make notes on, and even using the print function to create another .PDF of the .PDF you have opened. You might be wondering if you just read that you might be interested in printing a .PDF file to a .PDF file - you did just read that, and I really do mean it.

There are some .PDF files that are laced with Digital Rights Management (DRM) technology. This technology prevents you from manipulating the content in any fashion that isn’t pre-approved by the content’s creator. Inserting DRM on a file is oftentimes done to avoid legal issues, but more often than not it is set into a file so that users can only use content is a particular way, as identified by the content creator. While it might make sense to stop someone from making changes to a contract that has gone through a lengthy process with a lawyer, it makes less sense in other cases, such as publicly available documents and (in the more widely known case), purchased music files.

Let’s take Anagran’s white paper “Eliminating Network Congestion Anywhere with Fast Flow Technology from Anagran” as an example - this file (which you can only download after providing Anagran with a load of personal information) is coded so that you can’t make modifications to the file. This might not sound so bad (who really reads white papers, you might say), but if you want to keep notes in a digital format, and attached to Anagran’s .PDF, then by default Preview won’t let you save the document with your changes. The DRM in this .PDF actively prevents the user from saving the .PDF if any modifications or additions have been made to the file. This is a problem if you don’t want to quickly develop a growing pile of printed white papers, where they were printed for the sole purpose of making notes to the document. You’ll note that there isn’t a technology that prevents me from writing on the paper - DRM is special in that it actually takes away your right to use something, when in the thing’s previous technological format nothing prevented you from freely manipulating the content in a wide variety of ways.

Evading .PDF DRM in Preview
Say that you had downloaded Anagran’s aforementioned whitepaper, had made notes throughout the document, and only then discovered that the .PDF didn’t allow you to save the document if any modifications were made to it. You could just give up an print the document off….or you could do something particularly simple and effective that would evade and ultimately break the digital lock on the document.

After making the notes to the .PDF, you could do the following:

1. Click in Preview
2. Click on the PDF button in the print menu, as shown below
3. From the drop down menu, click Save as PDF and save the file to the location desire

Congratulations! If you just followed the steps above, you have just bypassed/broke a digital lock. If you performed this operation after C-61 were made into law, you would have broken the law by writing on a .PDF and saving it.

A Sensible Copyright Bill?
It’s not unreasonable for me to want to make comments on a document for personal use - I do it all the time, when I mark up a newspaper, write in the margins of a book, or scribble directions on the back of a napkin. These mediums’ digital counterparts, however, might make it impossible to make those changes depending on whether or not the content creators use DRM to lock down their communication mediums. Does a bill that would make using digital media as we do analogue media illegal sound like a sensible copyright reform bill to you? I certainly don’t think so, and I hope that you don’t either. Contact your MP and demand that they take up the task of remedying the clear deficiencies in Bill C-61 as it has been presented in parliament.

Technorati Tags: Apple, copyright, DRM

(Source)

A little while ago I was talking about network neutrality and Deep Packet Inspection (DPI) technologies with a person interested in the issue (shocking, I know), and one of the comments that I made went something like this: given the inability of DPI technologies to effectively crack encrypted payloads, it’s only a matter of time until websites start to move towards secure transactions - in other words, it’s only a matter of time until accessing websites will involve sending encrypted data between client computers and servers.

The Pirate Bay and Beyond
Recently, Sweden passed a bill that allows for the wiretapping of electronic communications without a court order. This caused the Pirates Bay, a well-known BitTorrent index site, to announce that it was adding SSL encryption to their website as well as VPN solutions for native Swedes who wanted to avoid the possibility of having their network traffic surveyed. Recently, isohunt.com has done the same, and other major torrent sites are expected to follow the lead. The groups who are running these websites are technically savvy, allowing them to implement encrypted access rapidly and with little technical difficulty, but as more and more sites move to SSL there will be an increasing demand amongst tech-savvy users that their favorite sites similarly protect them from various corporate and government oversight methods.

The Open Web: Closing for Repair
John Gilmore’s famous line, “The Internet interprets censorship as damage and routes around it” seems to be a little less true now than it was when he proclaimed it. Rather than ‘routing around’ damage brought on by censorship/surveillance that is enabled by DPI technologies, packets charge right through the offending hardware having hardened their skins to avoid the penetrating gaze of their surveyors. The open web of the past, where most application traffic was available for inspection, where you could identify it at a glance, is gradually being abandoned and replaced with a web of fear, where individuals slowly move towards securing even their routine content.

I take Gilmore’s quote as an optimistic expression of what would happen on the open web - when a particular brand/node of the ‘net was found to be censoring groups, that particular node is cut out of available routing addresses and packets carry along the network with few concerns. As we pass from the open web to the web of fear, entering a electronic environment where and increasing number of the primary routing hosts are inspecting traffic and preventing/hindering packets from traversing the globe, an cautionary mindset that accords with the ’security state’ sets in; while the security state sees citizens abandon/lose core rights and freedoms in the name of national and personal security without significant concerns, that same culture of security may allow for the easy adoption of encrypted data traffic on the basis of it maximally securing personal (though potentially not state) security. It will be interested to see how these two modes of approaching security develop and play out against one another.

Technorati Tags: DPI, Open web, Web of Fear, Surveillance

(Source)

Lawrence Lessig is the founder of the Creative Commons, which effectively allows for a more nuanced (and reasonable) approach to copyright - it establishes particularized rights for different audiences to use your work in different ways. The aim is to allow people to license work so that citizens can use facets of their culture to create new parts of their culture - as an example they can modify images and songs to produce something new, without their modification being labeled a copyright infringement. You’ll note that this blog is under a CC license.

Music, Mashup, and Meaning
There have been a number of particularly stunning documentaries in the past few years that attempt to grapple with the notion of copyright. Of the ones that I’ve seen, Good Copy, Bad Copy(and it’s a free download!) is likely about the best - it examines the role of mashup in music and the role of copyright as it applies to film. Mashups tend to involve taking multiple tracks of music and overlaying them in new and interesting ways - this also tends to act as a method of ‘culture jamming’, insofar as messages are playfully appropriated and modulated in ways that diverge from the cultural direction of the original works of music. As an example, you might hear a song about war with deep and potent lyrics laid atop an electronic dance beat, transforming both of the works in important and substantial ways.

No Copying For You!
Awesome - let’s fire up our Macs (or, I guess, Windows boxes if you need to *grin*) and play with the new music that is hitting the shelves. For the encore, let’s find a way of paying for the piles of legal fees we’re going to end up paying while defending the mashups on the basis of fair use. Sound like fun?

Unless you think going to court against major music IP holders (which I think would entail you being a lawyer being paid for being at the proceeding), the possibility of being sued into the ground is enough to have you keep tracks that you create off the ‘net. Of course, this means that the ability to shape culture through music remains fixed amongst a relatively few powerful groups, or constrained to people who are entirely original, insofar as all elements of their songs are innovative compositions that can’t be traced as being like any other piece of music that is held under copyright. That seems to cut down on a lot of the potential creativity that is brimming throughout society…

Creative Commons
Just so we’re clear, copyright isn’t really written to address me or (presumably) you - we’re small time, even if we happen to infringe on copyright. Ignoring the fact that copyright has become bloated like few other ‘rights’, copyright law as it is designed is meant to prevent corporations from infringing - it was never really aimed at you or I. Traditionally I could create a mashup of something and, because it was pretty well impossible to find or identify me in an analogue world, I could get away with it. In a digital space, where almost everything on the public Internet is trawled by spiders 24/7, it’s remarkably easy to discover whether or not I’ve uploaded a mashup - all it requires is a particularly sophisticated programmer and a corporate desire to catch anyone who might be responsible for infringing on copyright, no matter how dangerous that is for the development of culture.

Autobots! Transform, and Roll Out!
I love music - I listen to it probably in the vicinity of 12-14 hours a day (i.e. whenever I’m near a computer system/my iPod is charged). I love new and innovative music. These twin loves means that I particularly like innovative mashups (I also like mashed potatoes too, but I’m not sure that there is any real connection) and one of the most innovative DJs out there at the moment recently released what should be amongst the albums of the year. Go and download 2.0 by audiobytes for autobots - it’s innovative, clever, and demonstrates the value of mashups. This isn’t a crude album, one that simply copies from what is and reproduces it with minor alterations - it’s a clearly original work that builds on other, well known (and less known) works to create a unique performative work.

This is how Dashiell Driscoll (the artist in question) describes his first work, Prime Cuts:

The ‘Prime Cuts’ album was made entirely by me, Dashiell Driscoll, using GarageBand on a 12 inch powerbook over the last few years. I have no real musical training, but you should be able to figure that out by now if you’ve listened to any of the songs. This project is more of an extended mix tape/tribute album than anything else. I would put together a comprehensive list of artists and songs used, but I don’t want to make it that easy for the lawyers. (Source; emphasis mine)

What he’s done is give away something - there is no fee - and it has the potential to contribute to culture. Nevertheless, this contribution really can’t happen legally - clearing the copyright for all the songs sampled would take ages, as would paying for the rights to sample from them. Instead, Driscoll has produced a work of love, a work that is without a doubt massively different from what any of the songs sampled gave audiences. He has produced a new work of art.

When Lessig talks about how a kid with a notebook, some time, and a love of creating can produce genuine works of art so long as they can appropriate works in the public culture, it’s music like Discoll’s that he’s talking about. Copyright, as it stands now in the music industry, at least, is (or has, depending on your take) turning into a particularly brutish cartel, one that actively prevents these kinds of works. Don’t let them keep up this kind of nasty, negative, and culturally dangerous practice - contact your MPP/MP/Senator/Congressmen and let them know that you want them to take a strong stand to support the Creative Commons.

Technorati Tags: audiobytes for autobots, copyright, creative commons, music, Lessig

(Source)

I’ve begun shifting away from using my file server to store media/files to a drive enclosure holding 1TB of storage - I’ve moved over about 600GB of data, which will probably increase to at least 850-900GB by the time that I leave for Victoria. Then it’ll be time to get more file storage space, I guess *grin*. The shift to a drive enclosure has been brought on by the fact that I need to move my stuff halfway across the country, and don’t want to be bringing any more computers that we need to.

The Problem
In the process of trying to redirect my home theatre PC to the new networked drives in my drive enclosure, I ran into a problem: there is no way to delete all of the file location information in Windows Vista Home Premium’s Media Center (WVHPMC; isn’t that an ugly acronym!). This meant that, when I pointed the Media Center to the new location of all of my files, I was left with duplicate entries of my files, only half of which actually led anywhere (once the server was turned off).

The Solution
There are two main steps that are involved in resetting the library data for WVHPMC. First, we need to temporarily stop a Windows service, and second we need to actually delete the library files.
Disabling the Service

1. Open the Start menu and type ’services.msc’
2. Accept the UAC warning
3. Find the service called Windows Media Player Network Sharing Service, right-click on it, and select Stop from the drop-down menu
4. Close the Services window.

Deleting the Library Files

1. Open the Start menu and select Control Panel
2. Click Folder Options and then the View tab
3. Click Show hidden files and folders
4. Unclick Hide protected operating system files
5. Click OK
6. Navigate to C:\Documents and Settings\**username**\Local Settings\Microsoft\Media Player and delete all of the files in the directory. DO NOT DELETE THE FOLDERS IN THIS DIRECTORY - ONLY THE FILES THAT ARE LOOSELY CONTAINED IN THE FOLDER

Congratulations - you can now reindex your media library by pointing WVHPMC to the appropriate directory/network share that you’re now storing your media on.

Technorati Tags: Media Center, Troubleshooting, Vista

(Source)

I get strange looks from some of my friends and colleagues sometimes. On the one hand, I strongly advance the idea that people’s privacy should be protected, by default, and at the same time I blog, use social networking sites (though somewhat uncomfortably), own a cell phone, use credit cards, etc. This week I’ve ’stepped things up’ by syndicating my del.icio.us bookmarks with my blog - you’ll now be treated (or spammed, I guess, depending on how you see things) with the articles that I’ve tagged in the past 24 hours that I think are interesting.

SPAM Ahoy!
I’ll start by stating this: I don’t think that the links you’ll be seeing are Spam. I think that I’m tagging good, solid, helpful links for people that might be interested in surveillance, privacy, and (typically) how either of those topics intersects with technology in some fashion. You’ll note that, for the next little while at least, you’ll see links to articles on Deep Packet Inspection (DPI) and behavioral advertising. I expect some WiMAX stuff as well. There are a couple reasons why I’m syndicating this kind of content:

1. I think that it’s important, and posting links here increase the chances of people reading about these topics. More attention needs to be given to them.
2. I don’t get a chance to blog as often as I’d like, but I’m always finding stuff that other people might find interesting. While my short descriptors of links lacks the comprehensiveness of a blog post, it’s enough that might get people interested in these topics to articles they will find useful.
3. It will potentially increase my own page rank in Google’s analytics, increasing the chance that people can find this webspace by searching for privacy- and surveillance-related issues. (This is a fairly selfish reason, I admit, but since it’s my space, and attached to my name, selfish seems OK here *grin*)

Stop It, Stop It!
If all of the del.icio.us links are REALLY annoying you, let me know. Alternately, if there are particular links that you find interesting/want to know more about, let me know - there is a decent chance that I will have something more to say on the topic of any of the links beyond the 250 character limit that del.icio.us holds me to, and I may have links around that I haven’t tagged yet.

So…We Finally Learn Who Christopher Parsons Is
You might be thinking to yourself, “this seems particularly transparent for Chris. Given his focus on privacy, and that he at least claims to like personal privacy, what the hell is he doing releasing some information on his own click-stream?” This is a good question, but I’m not actually releasing the majority of what I’m searching - things that I don’t think are appropriate for the theme of this blog, or that is personal enough in nature that I don’t feel comfortable discussing it (here) won’t be added to the blog. Thus, I’m distinguishing between what I want you to see, and what I want to keep between myself, behavioral advertising groups, and my search engines.

This concludes today’s explanation of the click stream. Back to Google!

Technorati Tags: bookmarks, del.icio.us, social networking