Talk: Matt Blaze on “Signaling Vulnerabilities in Law-Enforcement Wiretap Systems”

/ Security

For folks local to the Bay Area, Prof. Matt Blaze is speaking next week at Stanford on vulnerabilities in the systems currently being used by law enforcement for wiretapping. The talk is at 4:15PM next Wednesday, 3/8/06 at Stanford University’s HP Auditorium, Gates Computer Science Building B01.

Signaling Vulnerabilities in Law-Enforcement Wiretap Systems
Matt Blaze, University of Pennsylvania

Telephone wiretap and dialed number recording systems are used by law enforcement and national security agencies to collect investigative intelligence and legal evidence. This talk will show how many of these systems are vulnerable to simple, unilateral countermeasures that allow wiretap targets to prevent their call audio from being recorded and/or cause false or inaccurate dialed digits and call activity to be logged. The countermeasures exploit the unprotected in-band signals passed between the telephone network and the collection system and are effective against many of the wiretapping technologies currently used by US law enforcement, including at least some “CALEA” systems. Possible remedies and workarounds will be proposed, and the broader implications of the security properties of these systems will be discussed.

A recent paper, as well as audio examples of several wiretapping countermeasures, can be found at http://www.crypto.com/papers/wiretapping/.

This is joint work with Micah Sherr, Eric Cronin, and Sandy Clark.

(Thanks to Mort for the link!)

Talk: Matt Blaze on “Signaling Vulnerabilities in Law-Enforcement Wiretap Systems” Read More »

We have to protect our content…

/ Intellectual Property

DocBug exclusive: Anheuser-Busch, the owner of the popular American beer brands Budweiser and Bud Light, is suing the Disney-owned ABC television network for copyright violation after ABC’s broadcast of ads for the two beers during this year’s Superbowl. In a statement, Anheuser-Busch lawyers said the fact that the disputed segments were ads for their own products did not excuse ABC’s behavior, nor did fact that Anheuser-Busch had paid $26 million to have them aired. “We have to protect our content,” explained one executive.

ABC executives said they could not comment on ongoing litigation, but that they were considering filing a similar suit against themselves for the broadcasts of ads for Desperate Housewives and Lost during the game.

(Thanks to Wendy Seltzer for something resembling the link.)

We have to protect our content… Read More »

Wearables in 2005

/ Wearable Computing

An article I wrote for the Wearable Computing column of IEEE Pervasive Computing magazine just came out, and highlights some of the projects at last year’s ISWC conference. Here’s the intro:

Wearables in 2005
Bradley Rhodes and Kenji Mase

In July 1996, one year before the first International Symposium on Wearable Computers, DARPA sponsored a workshop entitled “Wearables in 2005” (www.darpa.mil/MTO/Displays/Wear2005). Attendees predicted how wearable computers might be used in 2005 and identified key technology gaps that needed to be filled to make their vision a reality. In October 2005, the 9th Annual International Symposium on Wearable Computing was held in Osaka, Japan, the first to be held in Asia. Participants presented a wide range of research from both industry and academia, spanning 13 countries and weaving together such diverse fields as interface design, hardware and systems, gesture and pattern recognition, textiles, augmented reality, and clothing design.1 Many of the themes would have sounded familiar in 1996, with continuing improvements in ergonomics and power management as well as gesture recognition and augmented reality.

As you would hope, the field has also developed in new directions in the past decade, with a much greater emphasis on large-scale recording and annotation of everyday activities, on the science and engineering of clothing design, and on performing thorough quantitative evaluations of potential input devices. We have also seen a large increase in the use of accelerometers, smart phones, and RFID readers as researchers leverage continuing drops in cost and size in the consumer electronics world.

As the largest primary conference for wearables researchers, ISWC provides a good snapshot of the state of the field. So, with the benefit of hindsight, here are some highlights of how wearables research actually looked in 2005.

The IEEE copy is here, and I’ve also got an HTML copy on my publications page.

Wearables in 2005 Read More »

Keeping the djinni out of the bottle

/ Media Technology

In many ways I see the problems with Google’s centralization as just another facet of a tension that has existed since the Internet started: the tension between the decentralized “every end-user is his own service provider” model and the centralized fiefdom model where you sign up for one of a handful of service providers. I think it was the coming of the Web in the early ’90s that finally tipped the scale in favor of the decentralized model, and as a result we saw an explosion of URLs and email addresses that weren’t only from AOL, CompuServe or Prodigy. This, I think, was all for the better. But now the proliferation of GMail addresses and Google Base scare me precisely because they smack a little too much of the fiefdom model we so wisely avoided 15 years ago.

Keeping the djinni out of the bottle Read More »

Google Desktop widens the privacy hole

/ Big Brother

EFF is sounding a warning about Google Desktop’s latest Search Remote Computers function. The function itself sounds nice: one search command to search all your documents and viewed webpages regardless of what computer they’re on. Trouble is, Google does it by uploading all those sensitive documents to their own servers in case your laptop or other computers are off-line.

I think Google has a pretty good moral compasses, but (as I mentioned when GMail came out) there are fundamental risks with this sort of centralized system regardless of the trustworthiness of the company running them. As EFF’s alert points out, many legal protections enjoyed by information stored on your own home computer are lost when stored with an online service provider:

The privacy problem arises because the Electronic Communication Privacy Act of 1986, or ECPA, gives only limited privacy protection to emails and other files that are stored with online service providers—much less privacy than the legal protections for the same information when it’s on your computer at home. And even that lower level of legal protection could disappear if Google uses your data for marketing purposes. Google says it is not yet scanning the files it copies from your hard drive in order to serve targeted advertising, but it hasn’t ruled out the possibility, and Google’s current privacy policy appears to allow it.

I can imagine other legal and practical questions as well. For example, if Google Desktop wound up uploading a researcher’s company-confidential tech reports, would that count as “disclosure” and thus prevent him from filing for a patent on his work? And if a laptop running the software is opened in a foreign airport (e.g. China), can the local Google office be subjected to subpoena under that country’s own laws?

Google Desktop widens the privacy hole Read More »

Iconoclasts in glass houses

/ Culture

The statements from the Vatican I linked to last post include a comment from Cardinal Achille Silvestrini that’s worth highlighting:

The cardinal said secular societies should not assume a right to offend religious sentiments. He noted that many countries consider it illegal to offend their national flag and asked, “Shouldn’t we consider religious symbols on an equal level with the symbols of secular institutions?”

This is a good point; it is far to easy to defend the right to satire or denigrate the other people’s images while holding that our own images and ideals should be off-limits. However, I take away a different lesson than he intended, namely that we all must be wary of the power our own symbols have over us.

If I may stereotype the argument as religion vs. secular culture, both sides of have blind spots when it comes to our symbols. We secularists are so invested in the myth that we are rational beings that we are blind to the very real power our icons and our media have over us, and that blindness makes us vulnerable. The result is Madison Avenue, Hollywood and politicians who can play us like a musical instrument. Religion, on the other hand, is so aware of the power of icons that they have become hostage to the defense of their own. The result is hair-trigger sensitivity, where a simple cartoon or perceived slight in the wording on a greeting card can spark boycotts and even violence.

Iconoclasts in glass houses Read More »