The danger of forwarding

/ Security

Kevin Drum has posted an email exchange between convicted lobbyist Jack Abramoff and Karl Rove’s assistant, Susan Ralston, part of a larger set released in a bipartisan report by The House Government Reform Committee. Apparently Abramoff sent an email asking for favors to Ralston’s personal(?) pager, and that email was forwarded to the Deputy Assistant to the President and then on to a White House aide. That aide in turn warned a colleague of Abramoff’s that “it is better not to put this stuff in writing in their email system because it might actually limit what they can do to help us, especially since there could be lawsuits, etc.” Abramoff’s response to his colleague’s warning: “Dammit. It was sent to Susan on her mc pager and was not supposed to go into the WH system.”

Political scandal aside, this teaches a fundamental security issue with email. I have no idea whether Ralston’s pager was set to automatically forward email while she was on vacation or (more likely) that she forwarded it on to the Deputy Assistant herself as a way to keep him in the loop. Regardless, it’s clear that Abramoff recognized that having such emails in the official White House system would be a liability, but he had no control over whether its recipients (either Ralston or possibly her automatic forwarder) would be as prudent.

People who want to speak “off the record” usually think about whether a communication channel is likely to be archived, is subject to subpoena, is secure and so forth. But as it becomes easier to transfer between channels that becomes harder to predict. You might not expect me to archive my voicemail, but if I automatically forward my messages to my email as audio attachments then it probably will be. Similarly, you might expect email sent within a company to stay protected inside the firewall, but if just one recipient forwards his email to his GMail account then that security is blown wide open. The folks involved in the Abramoff scandal deserve to be outed, but the next person to be tripped up by this kind of error might not be so deserving.

The danger of forwarding Read More »

Blogging in Motion

/ Wearable Computing

The overall winner of this weekend’s Open Hack Day at Yahoo! was Blogging in Motion, which mounts a camera and pedometer in a handbag and then uses the Flickr API (and I presume a cellphone) to automatically blog one picture every minute. Sounds like a purse version of Steve Mann’s Wearable Wireless Webcam, and more recently Microsoft Research Cambridge’s SenseCam system, all hacked together in just one 24-hour marathon.

Link courtesy of Aileen, who also points out that one of the team members, Diana Eng, was also one of the contestants on last season’s Project Runway.

Blogging in Motion Read More »

New York Times holding out for a “simple” civil war?

/ Media

In an interview with NPR’s On The Media, New York Times Deputy Foreign Editor Ethan Bronner had this to say about what it would take for the Times to decide that Iraq has finally turned into a civil war (question is 3:10 into the interview):

I don’t think I could answer that you know, sort of, we need to see X, Y and Z. I think that broadly speaking if it seemed that the sides of conflict in Iraq had separated themselves into full-blown millitias / armies and war was the full-time occupation in Iraq, that would be a civil war and I imagine that’s when we would start calling it that.

At a certain point it will, if in fact it grows to the point where the sides have divided into clearly defined groups fighting one another, I mean the government for example is a mix of Sunni, Shia and Kurd. Is it a player in this “civil war” that other people see? It’s not clear to me.

I wonder how the Times reconciles this whole Blue vs. Grey definition of civil war with the fact that wars are increasingly being fought by networks of loosely-affiliated like-minded allies rather than clearly defined armies. If they can accept that the US is at war with a “transnational movement of extremist organizations, networks, and individuals” (to quote a recent Defense Department publication) why insist on clearly-defined armies in the case of a civil war? If anything, civil wars have historically been messier and more complicated than other wars, not simpler.

If the Times is waiting for the situation in Iraq to congeal into a simple pie chart before they decide it’s in a state of civil war, I expect they’ll be waiting quite a while.

New York Times holding out for a “simple” civil war? Read More »

Listing the guilty

/ Big Brother

Here is the list of 65 US Senators that voted to grant the president the right to lock non-citiziens up indefinitely without the right to trial or to challenge the legality of their detention, that declared if they ever are given a trial then hearsay and evidence obtained through coercion may be used against them, and that gave amnesty to those who authorized or committed illegal torture and abuse.

I find it horrific that so many of those we’ve elected to protect our fragile democracy are so quick to grant powers that belong only to kings, dictators and despots.

Listing the guilty Read More »

Not in my backyard

/ Big Brother

prop83map.gif

The front page of yesterday’s SJ Merc includes a great graphic showing how almost all of San Jose would be off limits to all registered sex offenders if California’s Proposition 83 is enacted by voters this November. The proposition would make it illegal for a registered sex offender to live within 2000 feet of a park or school (regardless of whether his or her crime involved children) and to wear a GPS ankle bracelet for life.

From my brief read of the law defining sexual registration (IANAL!) it looks like convicted criminals are forced to register if they’re found guilty of rape or by order of the court for any other crime if the court finds that “the person committed the offense as a result of sexual compulsion or for purposes of sexual gratification.” That’s not a sympathetic bunch of people, and though I’m disturbed by the idea of treating people as guilty of FutureCrime (punish people for what they might do in the future) I can understand the motivation. But as the Merc story points out banishing registered sex offenders from most parts of the city will just lead to more sex offenders becoming homeless, cut off from the support groups and social network that helps keep them from committing crimes again.

Not in my backyard Read More »

BlackNet and fungible bits

/ Media Technology

From a NYT article on the efforts of credit card companies to cut out child-pornography sites from their networks:

Among purveyors of child pornography, Mr. Christenson said, there is a “growing trend toward steering visitors of these sites to various alternative payment methods.”

Mr. Christie said one of those methods involved granting access to Web sites in return for explicit photographs of children. “That phenomenon is something that we are very concerned about,” Mr. Christie said.

Tim May’s original BlackNet concept warned that modern crypto can make illegal trafficking in pure information nearly impossible to trace. The main obstacle to making BlackNet-like networks a reality at a consumer level has been handling payment: anonymous e-cash systems never really got traction, and non-anonynmous financial services leave a trail right to a criminal’s door.

What remains is a system of barter, or “CryptoCredits” as the BlackNet post describes them. Back when it was written digital information wasn’t all that fungible: there were a limited number of things that one could exchange in pure-digital form, and the BlackNet post mostly described a market for high-stakes digital goods like trade secrets and business intelligence. But bits have become much more fungible in the past thirteen years, and nowadays an illegal info-trader can find pure-digital goods at all levels of illegality. He might trade kiddie porn for digital movies, blackmail info for stolen credit card numbers, control over zombied PCs for World of Warcraft gold, or passwords to porn sites for validated spam addresses. He might even contract for specific services, ranging from mundane transcription of documents to decoding of CAPTCHAs to obtaining the phone records of an HP board member.

BlackNet and fungible bits Read More »

CNet review of Levi’s RedWire DLX Jeans

/ Wearable Computing

levis-red-wire.jpg

C|Net Asia has a review of Levi’s RedWire DLX Jeans, which include a watch pocket for your iPod Nano and a mini joystick on the outside for controlling it. Looks like Levi’s also groks that the iPod is as much a fashion accessory as it is an MP3 player, and matches accordingly:

The material is rather like a pair of Levi’s 523s. Tough and with a yielding woven pattern. In affirmation of the MP3 player it carries, the DLX’s detailing are colored a classic iPod white; from rivets to the button-fly and right down to the use of white embroidered threads.

(Thanks to Aileen for the link!)

CNet review of Levi’s RedWire DLX Jeans Read More »

Diebold’s AccuVote-TS Voting Machine

/ Security

A few days ago Ed Felton announced he and his students had released a detailed security analysis of the Diebold AccuVote-TS voting machine. The executive summary and/or demonstration video is well worth a look, and the full research paper is a must-read for anyone interested in computer security.

By later that day, the president of Diebold Election Systems had issued a rebuttal. I’m a security dabbler, not an expert, but to my semi-trained eye the rebuttal looks like a bunch of smoke. I’m looking forward to hearing the Princeton authors’ response [Update 9/22: posted here], but while I’m waiting for that here’s my own take on it:

Diebold’s AccuVote-TS Voting Machine Read More »

Breaking iTunes Music Store DRM

/ Intellectual Property

A couple weeks ago QTFairUse was ported to iTunes 6. Yes, it was just in time for Apple to release iTunes 7, but it looks like it’s also working at least for on music purchased with iTunes 7 as well.

Unfortunately, it’s Windows only (and still a little unstable I gather), but hopefully this means JHymn will soon be updated to work on the latest iTunes. Then maybe I’ll actually start purchasing from the iTunes Music Store again…

Breaking iTunes Music Store DRM Read More »