cypherpunks-legacy
Threads by month
- ----- 2025 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
05 Jul '18
Does anyone know of any research being done on the use of low-cost
single board mini computers to run the likes of online circumvention
tools like VPN, Tor, Gibberbot etc
Whilst these boards have been around for sometime, since the
introduction of Rasberry Pi, interest has grown and now there are many
boards are being created like:
ARM Mini PCs
http://www.reghardware.com/2012/05/10/product_round_up_arm_mini_computers_t…
_best_and_the_rest/
http://liliputing.com/2012/06/74-mk802-android-4-0-mini-pc-first-impression…
video.html
Android OS and other Linux OS appears to run easily on these boards and
allows for use of software from the likes of:
https://guardianproject.info/apps/ and http://www.whispersys.com/ (sadly
now defunct)
Some of these boards are also so cheap as to be disposable single use,
or at least simple reuse after OS/Data erase.
I am looking at how easy it would be to develop and use a Linux OS that
only runs from the board's ram (LiveCD/USB/SDcard), such as TAILs
<http://tails.boum.org>
Frank
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"
You will need the user name and password you receive from the list moderator
in monthly reminders. You may ask for a reminder here:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
Format Note: If you cannot easily read the text below, or you prefer to
receive Secrecy News in another format, please reply to this email to let
us know.
SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2012, Issue No. 89
September 6, 2012
Secrecy News Blog: http://www.fas.org/blog/secrecy/
** GREATER AUTONOMY FOR UNMANNED MILITARY SYSTEMS URGED
** NEW ARMY DOCTRINAL PUBLICATIONS ON INTELLIGENCE, SPECIAL OPS
** TRANS-PACIFIC PARTNERSHIP NEGOTIATIONS, AND MORE FROM CRS
GREATER AUTONOMY FOR UNMANNED MILITARY SYSTEMS URGED
The Department of Defense should focus on increasing the autonomy of
drones and other unmanned military systems, a new report from the Defense
Science Board said.
DoD should "more aggressively use autonomy in military missions," the
Board report said, because currently "autonomy technology is being
underutilized." See "The Role of Autonomy in DoD Systems," Defense Science
Board, dated July 2012 and released last week.
http://www.fas.org/irp/agency/dod/dsb/autonomy.pdf
"Autonomy" in this context does not mean "computers making independent
decisions and taking uncontrolled action." The Board is not calling for
the immediate development of Skynet at this time. Rather, autonomy refers
to the automation of a particular function within programmed limits. "It
should be made clear that all autonomous systems are supervised by human
operators at some level," the report stressed.
Increased autonomy for unmanned military systems "can enable humans to
delegate those tasks that are more effectively done by computer... thus
freeing humans to focus on more complex decision making."
"However, the true value of these systems is not to provide a direct human
replacement, but rather to extend and complement human capability by
providing potentially unlimited persistent capabilities, reducing human
exposure to life threatening tasks, and with proper design, reducing the
high cognitive load currently placed on operators/supervisors."
But all of that is easier said than done.
"Current designs of autonomous systems, and current design methods for
increasing autonomy, can create brittle platforms" that are subject to
irreversible error. There are also "new failure paths associated with more
autonomous platforms, which has been seen in friendly fire fatalities....
This brittleness, which is resident in many current designs, has severely
retarded the potential benefits that could be obtained by using advances in
autonomy."
The Defense Science Board report discusses the institutional challenges
confronting a move toward increasing autonomy, including the obstacles
posed by proprietary software. It offers an extended discussion of
conflict scenarios in which the enemy employs its own autonomous systems
against U.S. forces. The authors describe China's "alarming" investment in
unmanned systems, and encourage particular attention to the relatively
neglected topic of the vulnerability of unmanned systems.
The report includes some intriguing citations, such as a volume on
"Governing Lethal Behavior in Autonomous Robots," and presents numerous
incidental observations of interest. For example:
"Big data has evolved as a major problem at the National Geospatial
Intelligence Agency (NGA). Over 25 million minutes of full motion video
are stored at NGA."
But new sensors will produce "exponentially more data" than full motion
video, and will overwhelm current analytical capabilities.
"Today nineteen analysts are required per UAV orbit [i.e. per 24 hour
operational cycle]. With the advent of Gorgon Stare, ARGUS, and other
Broad Area Sensors, up to 2,000 analysts will be required per orbit."
The government "can't hire enough analysts or buy enough equipment to
close these gaps."
NEW ARMY DOCTRINAL PUBLICATIONS ON INTELLIGENCE, SPECIAL OPS
The U.S. Army has recently begun publishing two new series of Army
Doctrine Publications (ADP) and Army Doctrine Reference Publications
(ADRP).
http://www.fas.org/irp/doddir/army/index.html#adp
These publications generally offer a digest of existing doctrine in
introductory form for broad consumption, with limited modifications and a
few updates. Last week, the Army issued new unclassified publications on
intelligence and special operations, among other topics.
TRANS-PACIFIC PARTNERSHIP NEGOTIATIONS, AND MORE FROM CRS
New and updated reports from the Congressional Research Service that
Congress has chosen not to make available to the public include the
following.
The Trans-Pacific Partnership Negotiations and Issues for Congress,
September 5, 2012:
http://www.fas.org/sgp/crs/row/R42694.pdf
Weather-Related Power Outages and Electric System Resiliency, August 28,
2012:
http://www.fas.org/sgp/crs/misc/R42696.pdf
SBA Veterans Assistance Programs: An Analysis of Contemporary Issues,
September 4, 2012:
http://www.fas.org/sgp/crs/misc/R42695.pdf
Worker Adjustment and Retraining Notification (WARN) Act, September 4,
2012:
http://www.fas.org/sgp/crs/misc/R42693.pdf
Immigration Detainers: Legal Issues, August 31, 2012:
http://www.fas.org/sgp/crs/homesec/R42690.pdf
Tajikistan: Recent Developments and U.S. Interests, updated August 31,
2012:
http://www.fas.org/sgp/crs/row/98-594.pdf
Defense: FY2013 Authorization and Appropriations, updated September 5,
2012:
http://www.fas.org/sgp/crs/natsec/R42607.pdf
_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.
The Secrecy News Blog is at:
http://www.fas.org/blog/secrecy/
To SUBSCRIBE to Secrecy News, go to:
http://www.fas.org/sgp/news/secrecy/subscribe.html
To UNSUBSCRIBE, go to
http://www.fas.org/sgp/news/secrecy/unsubscribe.html
OR email your request to saftergood(a)fas.org
Secrecy News is archived at:
http://www.fas.org/sgp/news/secrecy/index.html
Support the FAS Project on Government Secrecy with a donation:
http://www.fas.org/member/donate_today.html
_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web: www.fas.org/sgp/index.html
email: saftergood(a)fas.org
voice: (202) 454-4691
twitter: @saftergood
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
http://www.theatlantic.com/magazine/archive/2008/11/the-things-he-carried/3…
If I were a terrorist, and Ibm not, but if I were a terroristba
frosty, tough-like-Chuck-Norris terrorist, say a C-title jihadist with
Hezbollah or, more likely, a donkey-work operative with the Judean
Peoplebs FrontbI would not do what I did in the bathroom of the
MinneapolisbSt. Paul International Airport, which was to place myself
in front of a sink in open view of the male American flying public and
ostentatiously rip up a sheaf of counterfeit boarding passes that had
been created for me by a frenetic and acerbic security expert named
Bruce SchneiB-er. He had made these boarding passes in his
sophisticated underground forgery works, which consists of a Sony Vaio
laptop and an HP LaserJet printer, in order to prove that the
Transportation Security Administration, which is meant to protect
American aviation from al-Qaeda, represents an egregious waste of tax
dollars, dollars that could otherwise be used to catch terrorists
before they arrive at the MinneapolisbSt. Paul International Airport,
by which time it is, generally speaking, too late.
I could have ripped up these counterfeit boarding passes in the
privacy of a toilet stall, but I chose not to, partly because this was
the renowned Senator Larry Craig Memorial Wide-Stance Bathroom, and
since the commencement of the Global War on Terror this particular
bathroom has been patrolled by security officials trying to protect it
from gay sex, and partly because I wanted to see whether my fellow
passengers would report me to the TSA for acting suspiciously in a
public bathroom. No one did, thus thwarting, yet again, my plans to
get arrested, or at least be the recipient of a thorough sweating by
the FBI, for dubious behavior in a large American airport. Suspicious
that the measures put in place after the attacks of September 11 to
prevent further such attacks are almost entirely for showbsecurity
theater is the term of artbI have for some time now been testing, in
modest ways, their effectiveness. Because the TSAbs security regimen
seems to be mainly thing-basedbmost of its 44,500 airport officers are
assigned to truffle through carry-on bags for things like guns, bombs,
three-ounce tubes of anthrax, Crest toothpaste, nail clippers,
Snapple, and so onbI focused my efforts on bringing bad things through
security in many different airports, primarily my home airport,
Washingtonbs Reagan National, the one situated approximately 17 feet
from the Pentagon, but also in Los Angeles, New York, Miami, Chicago,
and at the Wilkes-Barre/Scranton International Airport (which is where
I came closest to arousing at least a modest level of suspicion,
receiving a symbolic pat-downball frisks that avoid the sensitive
regions are by definition symbolicband one question about the presence
of a Leatherman Multi-Tool in my pocket; said Leatherman was
confiscated and is now, I hope, living with the loving family of a TSA
employee). And because I have a fair amount of experience reporting on
terrorists, and because terrorist groups produce large quantities of
branded knickknacks, Ibve amassed an inspiring collection of al-Qaeda
T-shirts, Islamic Jihad flags, Hezbollah videotapes, and inflatable
Yasir Arafat dolls (really). All these things Ibve carried with me
through airports across the country. Ibve also carried, at various
times: pocketknives, matches from hotels in Beirut and Peshawar, dust
masks, lengths of rope, cigarette lighters, nail clippers, eight-ounce
tubes of toothpaste (in my front pocket), bottles of Fiji Water (which
is foreign), and, of course, box cutters. I was selected for secondary
screening four timesbout of dozens of passages through security
checkpointsbduring this extended experiment. At one screening, I was
relieved of a pair of nail clippers; during another, a can of shaving
cream.
During one secondary inspection, at ObHare International Airport in
Chicago, I was wearing under my shirt a spectacular, only-in-America
device called a b Beerbelly,b a neoprene sling that holds a
polyurethane bladder and drinking tube. The Beerbelly, designed
originally to sneak alcoholbup to 80 ouncesbinto football games, can
quite obviously be used to sneak up to 80 ounces of liquid through
airport security. (The company that manufactures the Beerbelly also
makes something called a b Winerack,b a bra that holds up to 25 ounces
of booze and is recommended, according to the companybs Web site, for
PTA meetings.) My Beerbelly, which fit comfortably over my beer belly,
contained two cansb worth of Bud Light at the time of the inspection.
It went undetected. The eight-ounce bottle of water in my carry-on
bag, however, was seized by the federal government.
On another occasion, at LaGuardia, in New York, the
transportation-security officer in charge of my secondary screening
emptied my carry-on bag of nearly everything it contained, including a
yellow, three-foot-by-four-foot Hezbollah flag, purchased at a
Hezbollah gift shop in south Lebanon. The flag features, as its
charming main image, an upraised fist clutching an AK-47 automatic
rifle. Atop the rifle is a line of Arabic writing that reads Then
surely the party of God are they who will be triumphant. The officer
took the flag and spread it out on the inspection table. She finished
her inspection, gave me back my flag, and told me I could go. I said,
b Thatbs a Hezbollah flag.b She said, b Uh-huh.b Not b Uh-huh, Ibve been
trained to recognize the symbols of anti-American terror groups, but
after careful inspection of your physical person, your behavior, and
your last name, Ibve come to the conclusion that you are not a Bekaa
Valleybtrained threat to the United States commercial aviation
system,b but b Uh-huh, Ibm going on break, why are you talking to me?b
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Myers reported (I think) that his twisted Chord network passes a unit test
where you start with two separate Chord networks and introduce one node from
the first net to one node from the other, and then the two nets merge.
Meanwhile, I've finished implementing a version of ent (based on Kademlia)
which keeps only one node per k-bucket, and fixed several bugs, but there
remains some bug that I haven't investigated (I'm out of time) which causes it
to fail the basic "contruct a network, publish a block, fetch the block" unit
test. (Please, someone fix it, as I'm probably busy this week.)
I just wanted to comment that there is no way known (to me at least) for
Kademlia to pass the unit test that Myers is using on his Chord net -- merging
two separate nets into one. Kademlia can't do that AFAIK. (This is one way
of observing the "Kademlia doesn't self-heal" problem.)
I also wanted to mention that Chord can sometimes fail, too, if the nets
happen to line up so that the resulting merged Chord net is "loopy". The
Liben-Nowell paper [1] explains how to fix that.
--Z
[1] http://citeseer.nj.nec.com/553810.html
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
mnet-devel mailing list
mnet-devel(a)lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel
----- End forwarded message -----
[demime 0.97c removed an attachment of type application/pgp-signature]
1
0
> Subject: Re: [s-t] privacy and caution digest #2
> From: "Bryan O'Sullivan" <bos(a)serpentine.com>
> Date: Mon, 27 Oct 2003 22:49:19 -0800
>
> On Mon, 2003-10-27 at 14:49, Nick B wrote:
>
> > Nobody, but nobody, builds _anything_ electronic from the ground up.
> > Not me, not you, not Apple, not Microsoft, not Sony, not Intel, not
> > the NSA. [Apple,] Sony, Intel and the NSA get closer by fabbing their
> > own silicon.
>
> No Such Agency doesn't fab much of anything; they can't afford to. They
> and their ilk are far more interested in things like FPGAs and adapting
> numerical algorithms to COTS SIMD hardware, such as graphics processors
> (a la http://www.gpgpu.org/)
My apologies; I don't have much information on the budget, interests,
capabilities, facilities, or operations of the NSA.
> > Who knows
> > what sort of spyware those tools are adding?
>
> Don't be silly. The amount of computation you need to do to get a
> circuit of any useful complexity to do something predictable is
> enormous. You can't stuff a thousand CPUs and 200 engineers into an
> Applied Materials mask etch machine, so that they can rig a WiFi card
> and antenna onto your PS2's vector chip without Sony finding out. Even
> if you could, how would they talk to the evil animalcules inside the
> Novellus metal deposition machine in the facility next door, so the
> right traces get metallised?
I guess I didn't make myself clear. I wasn't hypothesizing an attack
against a fab. I was saying that
deeply paranoid "don't trust anyone" types
could well hypothesize such attacks. They don't have to be
semi-automated Thompson-style attacks (and I didn't have those in
mind). Put yourself in a "don't trust anyone" frame of mind, and
imagine that some part of the toolchain at (say) Intel includes
spyware which allows it to be controlled by (say) NSA. Using this
spyware, NSA can watch a part of a CPU going through design-and-test
cycles, pick a part of the design to subvert, and carefully craft a
replacement for that part of the design. Making the replacement part
do something useful for the NSA is left as an exercise for those who
enjoy this type of thing.
My point was that anyone who has a tendency to believe in this sort of
nonsense should, for consistency, be shunning mainstream hardware
altogether. Even if they trust Intel, ho ho ho.
> Never even mind that automatically figuring out what a bunch of geometry
> in a set of masks represents is vastly harder than reverse compilation
> for software.
Yes. I wasn't intending to suggest an attack based solely on masks.
The hypothesized attackers, having subverted the toolchain, have full
access at all levels of the hardware design (including design
documents, sources in various description languages, etc).
> > It is actually quite hard. And if anybody
> > ever does implement it really well, they can win, in principle even
> > against projects like Plan 9
>
> No they can't. Identifying something as "a compiler" and instrumenting
> the right code is impossible for automated systems.
I agree (almost), but a Thompson attack doesn't have to do that.
Compilers read source code by calling read() and write object code by
calling write(). These are, IMO, the right places to attack. A
program which open()s a descriptor on a file called \(*\).c and
read()s some source code from it, and open()s another descriptor on a
file called \1.o and write()s some object code to it, is probably a
compiler.
Any Thompson attack is directed against a particular platform (e.g.
OS + compiler + hardware) *or set of platforms*. That was the point I
was trying to make. Plan 9 could have been vulnerable to an attack
created after the start of the project, targetting both gcc and (say)
2c.
I agree that [barring global conspiracies of the sort outlined above]
someone designing a new system from scratch tomorrow, *using only
tools and equipment available today*, and making the avoidance of
Thompson-style attacks a priority, could come away clean.
Off-hand, I guess that I would do it by avoiding having a modern
bootstrap in the first place. I'd write my main compiler in some much
smaller simpler language, and keep it that way.
For myself, I still don't believe in Thompson attacks, or global
conspiracies subverting fab toolchains. Global conspiracies seem to
use much less subtle approaches (insert here stuff about chads,
airliners, and Wars on Abstract Nouns).
I'm so unparanoid that I'm running GNU Emacs 21.3, built from suspect
sources. Heck, I'm so unparanoid that I don't even believe that
Diebold is part of a global conspiracy. Hanlon's razor, and all that.
Nick B
----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 0.97c removed an attachment of type application/pgp-signature]
1
0
I'm currently seeding a rather large experimental Tor/TorK LiveCD (675 MB!).
http://torrents.thepiratebay.org/3651803/Tor_LiveCD_-_testing_only.3651803.…
The CD is based on Knoppix and was created using the procedure documented at:
http://tork.sourceforge.net/wiki/index.php/LiveCD
The only part of the procedure not fully implemented is 'Removing unnecessary
packages'. I drew up a shortlist on the wiki page this morning, so if anyone
can think of other worthy removals, please add them there.
I understand that without a full diff from knoppix sources the LiveCD is
mystery meat and not particularly GPL compliant to boot. I think this is
something to address in the medium term, when/if it ever begins to take shape
as a serious proposition. I believe the Knoppix sources are available at:
http://debian-knoppix.alioth.debian.org/.
I have about 40KB/s TX bandwidth on my home connection, so if you manage a
full download please continue to seed.
Elements of the CD that need some attention:
* Firefox - firefox sessions load from tork with pretty much everything
disabled. The next version will have Mike Perry's torbutton - which looks
like the most sensible way of doing things. I also haven't attempted to strip
any plugins yet.
* Firewall - just a basic firewall is used. No attempt is made to block
outgoing dns requests. Instead these are tracked and reported in a very
rudimentary, not-exactly-foolproof way by tork. I guess this comes down to
whether an anonymous cd should permit non-anonymous browsing.
* Policy on software included. What applications should the CD include? Should
the user want/be able to print? Should there be more than one type of CD
offered, full featured vs just browsing?
* Are there security features that the wiki page doesn't even mention or
address?
Anyway, be gentle! I'll probably try to create a new and improved version of
the CD every few weeks for the next while.
--
KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK - A Tor Controller For KDE - http://tork.sf.net
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Am 10.05.2012 18:40, schrieb Lee Alley:
>> Your model is being tested in Somalia. ;-)
> </lurkmode>
> Also depends on which bit of Somalia you mean ;-)
> http://www.economist.com/blogs/baobab/2011/06/aid-and-somaliland
>
> +1 for this discussion! Fascinating and informative! Thanks :-)
I do share the general scepticism against government regulators. It makes a difference if you argue markets are contestable by virtue
(which is true to a certain degree) to prevent regulation or enact policies so that markets ought to become contestable.
In the 1990ths cyberlibertarianism was widespread, as we had to struggle
with the old state telecom monopolies, analog governments and crypto
export regulations or even the remains of central planning. After 911 the
state security paradigm set the agenda where civil society took the
pro-freedom narrative. In the past five years old postponed debates
reemerged that found new commercial allies (blocking, child porn,
filtering, trade funnel). The surveillance and privacy debate of the
1980ths onwards was mostly focussed on state interest in our individual
data, today companies harvest data (made available to the state). In the
Arab spring the targets are geriatric regimes and a rebellious youth.
The main question for me is how to get "good governance" in a field
characterized by Schumpeterian competition.
http://en.wikipedia.org/wiki/Creative_destruction
How to make governance side with the challengers, not the old bulls. For
instance 10 years ago Google was still weak in lobbying. How do we avoid
that regulators shoot in the cradle of emerging technology firms, add risks
and strangulate emerging models? The toolset of open market policies
(pro-competition, pro-openstandards, pro unlicensed spectrum, pro-open
internet..) has insufficient support in multistakeholder fora. Patent
regimes slow down the transition because challengers do not have large
portfolios.
I originate from a city that was mostly dependend on the typewriter
industry. All the companies a domestic legislator would have consulted
back then about the future of word processing are now gone. When
governments do not know what the dominant players of tomorrow would be it
still makes sense to be first. Being first implies that you naturally
would regulate against the current dominant business players to path the
way for the challengers.
Best,
Andri
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
=======================================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 10.12, 20 June 2012
=======================================================================
Contents
=======================================================================
1. The rise of the European upload filter
2. Austria: Data retention petition ignored by the Parliament
3. Google Transparency report: increasing trend of government censorship
4. German news article removed from search results after DMCA complaint
5. Article 29 WPbs opinion on the cookie exemptions
6. UK websites might have to identify b trollsb
7. Spanish Supreme Court says Google is not breaching copyright
8. Googlebs Street View privacy breach again in the public eye
9. Prague ICANN meeting to discuss Whois data
10. Culture: Global changes in production and consumption
11. ENDitorial: Data retention - faint heart never won fair lady
12. Recommended Reading
13. Agenda
14. About
=======================================================================
1. The rise of the European upload filter
=======================================================================
In 2011, the European Union decided against the introduction of
mandatory filtering in Europe, because a democratic analysis of the
evidence showed that this was not necessary. In 2012, the European Union
is working on a variety of projects to introduce b voluntaryb
upload
filters and, because they would be introduced on a so-called b voluntaryb
basis, there will be no democratic analysis.
There are at least three different initiatives currently underway with
this target. Firstly, Commissioner Kroes' b CEO Coalitionb
. As previously
mentioned in the EDRi-gram, this initiative involves the Commission
inviting big business to propose measures that will make the Internet a
b safer place for childrenb
. The fact that Facebook is in charge of
privacy settings and Microsoft is in charge of b notice and takedownb
appears to raise no concerns about the process being instrumentalised
for business purposes.
Microsoft's history in b notice and takedownb
is hardly exemplary. Recent
cases showing that Microsoft, using Google's global application of US
copyright law, has repeatedly demanded that Google removes links from
its search results b links which remain available on Microsoft's own
search engine. Microsoft, on the other hand, has also developed a
product called b photoDNA,b
used by Facebook UK as an upload filter to
prevent known child abuse material being added to their site. What
happens when somebody tries to do this? Nobody knows. What happens if a
criminal tries to upload innocent parts of images as a way of filtering
his/her own collection of illegal images to identify images unknown to
the police? We don't know. How big is the risk that this could lead to
incentives to creating new illegal images and new abuse? We don't know.
In the same vein, the b Safer Internet Programme 2012b
announced that one
of its strategies was to b develop a pilot test for trusted hash code /
fingerprint series for preventing re-uploading of identified child
sexual abuse materialb
. Remarkably, the Commission's proposal includes
an explicit reference to PhotoDNA, Microsoft's product. The plan is also
to extend beyond photographic material and cover videos.
Finally, the European Parliament is currently working on a
non-legislative resolution on b the protection of minors in the digital
world,b
with Silvia Costa (S&D, Italy) as MEP in charge. Neither her
draft report nor any of the amendments make a reference to filtering of
any kind. However, the text, largely (as it seems reasonable to assume)
donated by the child protection industry, is replete with references to
b preventingb
various online activities, without any discussions in the
Parliament about filtering uploads to the Internet. The draft report
also masterfully confuses illegal content with unspecified b unsuitableb
content arguing that b measures to prevent illegal online content lead to
differing approaches to the prevention of unsuitable conduct".
But one can't really oppose the use of such a far-reaching strategy for
child protection. If it protects children, why ask questions about
whether there will be unforeseen or even counter-productive
consequences? Why ask questions about whether this is the most effective
use of resources? Why ask for democratic oversight or evidence of
usefulness? And, of course, nobody would be so cynical as to re-use the
technology for any other purpose, would they?
Well, apart from terrorism, of course. The EU-funded b Clean ITb
(not to
be confused with the Iranian b clean Internetb
) project is proposing the
creation of a database of content b consideredb
illegal. b Why not try and
create a database where internet companies can check it to see if it's
known illegal materialb
asks the project manager? And if it protects
society, why ask questions about whether there will be unforeseen or
even counter-productive consequences? And all of the questions that are
not asked about upload filters for child abuse material are not asked
again in relation to terrorism.
Well, apart from copyright, of course. The European Commission's report
from 2010 on the application of the IPR Enforcement Directive argues
that, b given intermediaries' favourable position to contribute to the
prevention and termination of online infringements, the Commission could
explore how to involve them more closely.b
Safer Internet Programme
http://ec.europa.eu/information_society/activities/sip/docs/call_2012/work_…
IPR Enforcement Directive
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:…
Draft European Parliament report on protection of minors (2.04.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&languag…
Clean IT project considers terrorist content database (6.06.2012)
http://www.itnews.com.au/News/303729,clean-it-project-considers-terrorist-c…
Busted: Microsoft Harbors BitTorrent Pirates (27.05.2012)
http://torrentfreak.com/busted-microsoft-harbors-bittorrent-pirates-120527/
Facebook & PhotoDNA (19.05.2011)
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/05/19/faceb…
(Contribution by Joe McNamee - EDRi)
=======================================================================
2. Austria: Data retention petition ignored by the Parliament
=======================================================================
The Austrian Working Group on Data Retention counters the lack of
responsiveness to citizens' political participation with even more
participation.
Albeit gaining support of over 100 000 citizens, the Austrian citizens'
petition against data retention has been deferred to the Parliament
Justice Committee by the Petition Committee. The Austrian working group
on data retention (AKVorrat.at) has decided to change pace in the
campaign and asks its supporters to contact the representatives in the
justice committee, to ensure that their concerns are taken seriously.
In October 2011, the Austrian working group on data retention
(AKVorrat.at) started a petition, called citizens' initiative, asking
the Austrian government to oppose the EU data retention directive and to
evaluate all laws created with the aim to fight terrorism. In December,
the initiative was passed to the Parliament with more than 4400
supporters. Since mid-December the initiative could be signed online and
reached a total of 106 067 supporters until 30 May 2012.
The Petition Committee of the Austrian Parliament dealt with the issue
twice: in March and on 30 May 2012. Both times their schedule allowed
only less than 5 minutes to deal with the initiative and its consequences.
In March 2012, the Committee decided to ask three ministries (Justice,
Interior and Infrastructure) as well as the Chancellor's office for
statements. All ministries' statements clearly missed the point by
stating that Austria had to implement data retention because of the Data
Retention Directive of the European Parliament and of the Council. These
statements are quite surprising as one of the key demands of the
initiative is that the Austrian government should act within the
European Union to abolish the Data Retention Directive. The other main
demand - the evaluation of laws designed to fight terrorism - was
completely ignored.
In the second meeting, there was no reaction to the statements and the
initiative was passed on to the Justice Committee.
AKVorrat.at reacted quickly: "After being astonished initially by the
brief treatment in the petition committee a new campaign was kicked off.
Since the citizens' initiative can no longer be signed the new campaign
asks all the supporters to contact the representatives in the justice
committee to ensure proper treatment of the demands supported by more
than 100,000 citizens. To date it is unclear how and when the initiative
will be discussed in the committee. Nevertheless, the activists of
AKVorrat.at are determined to maintain data retention as one of the hot
topics in Austrian politics."
Austrian Parliament - Citizens' initiative - Stop Data retention (only
in German)
http://www.parlament.gv.at/PAKT/VHG/XXIV/BI/BI_00037/index.shtml
AK Vorrat Austria campaign against data retention (only in German)
https://zeichnemit.at
(Contribution by AK Vorrat - Austria)
=======================================================================
3. Google Transparency report: increasing trend of government censorship
=======================================================================
According to Googlebs latest bi-annual transparency report covering the
July-December 2011 period, the number of governmental requests for
usersb private data and content taking down has continued to grow.
The report shows the situation for each country separately and refers to
the requests received from judiciary and executive power authorities,
the request for content removal related to copyright infringements being
dealt with separately.
Thus, the total number of requests has reached 11 936 in the second half
of 2011 as compared with 9 600 in the same period in 2010 and 8 959 in
the second half of 2009.
The Spanish Data Protection Agency, for instance, has made 14 requests
for content removal, most of them related to results leading to blogs or
websites that referred to political or public people. The agency has
also requested the elimination of three blogs hosted by Blogger and 3
video clips from YouTube. Google has however refused to comply with
the requests which had no court support, considering them as
governmental censorship.
In Poland the Agency for Development of Businesses had demanded the
search engine to delete a search result that was not favourable to the
Agency and 8 other links that were pointing to this result.
In France, the state demanded the deletion of 61 content pieces by 31
requests, most of them for defamatory content or pornography on YouTube.
Googlebs report is giving the number of requests the company complied
with or rejected making a distinction between the judicial requests and
the administrative ones. b There are several reasons why we do not comply
with certain requests. Some of them may be specific enough so that we
may know what the government wants us to suppressb
.
Google policy analyst Dorothy Chou has stated for Forbes that Google
requires certain criteria for the requests. These must be submitted in a
written form, have to come from an appropriate agency, must cite a
criminal case and have to be narrow enough regarding the number of users
that they affect and the time frame of data that is requested. b
We want
to show that webre advocating on your behalf. But we also want to do
right by the spirit and letter of the law,b
says Chou.
Google considers as alarming the fact that even countries considered
democratic, such as Spain, France, Poland, UK, US or Canada have
increased their requests related to political expressions.
b We noticed that government agencies from different countries would
sometimes ask us to remove political content that our users had posted
on our services. We hoped this was an aberration. But now we know itbs
not. Just like every other time before, webve been asked to take down
political speech. Itbs alarming not only because free expression is at
risk, but because some of these requests come from countries you might
not suspectbWestern democracies not typically associated with
censorship,b
stated Chou.
Google Transparency Report for July-December 2011
http://www.google.com/transparencyreport/removals/government/
Google denounces an alarming level of governmental censorship (only in
French, 18.06.2012)
http://www.numerama.com/magazine/22912-google-denonce-un-niveau-alarmant-de…
Google refuses the removal of the links that the Protection of Data
requires (only in Spanish, 18.06.2012)
http://tecnologia.elpais.com/tecnologia/2012/06/18/actualidad/1339999915_71…
U.S. Government Requests For Google Users' Private Data Jump 37% In One
Year (17.06.2012)
http://www.forbes.com/sites/andygreenberg/2012/06/17/u-s-government-
requests-for-google-users-private-data-spike-37-in-one-year/
=======================================================================
4. German news article removed from search results after DMCA complaint
=======================================================================
European procedures for the removal of online content that is judged or
accused of being illegal currently depend on the interpretation of the
e-Commerce Directive by Member States and private companies. This means
that whenever sites, blog posts, images or comments on the internet are
accused of being illegal, procedures implementing this Directive are not
clear, not harmonised and lead to legal uncertainty. Internet service
and hosting providers risk liability for the content of their customers
once they have b actual knowledgeb
of its illegality or, possibly, just
its existence, and do not remove the content 'expeditiously'. It is
however very foggy what b actual knowledgeb
or b expeditiousb
means and
what the requirements for a valid notice can be. Any lack of clarity
leads almost automatically to the undermining of fundamental freedoms
and the due process of law, because online companies will seek to defend
themselves by deleting any content that creates a legal risk for them.
In the US, service and hosting providers can maintain their immunity via
the so-called Digital Millennium Copyright Act (DMCA). Under these safe
harbour protections, they cannot be held responsible for material that
has been posted in breach of copyright. However, as soon as they receive
a notification meeting certain conditions, they need to remove it from
their services. Even though it can be argued that the structured US
system is more predictable than the current European approach, it also
has major flaws.
Google's latest transparency report, which focuses on the takedowns for
search links, has revealed how absurd some requests are. Microsoft for
instance has requested the removal of over 2.5 million URLs. The sheer
volume means that the complaints procedure is mainly or fully automatic,
with Google and other recipients of the "notices" automatically deleting
the information in question. On the basis of DMCA complaints, Google
also deletes sites from global search results b with no concern for
whether the content is legal outside the U S.
For example, on 6 June 2012, Microsoft sent a DMCA takedown notice to
Google regarding an article about Windows 8 published by the German
IT-news platform Heise. The link to the article was removed without
questioning the validity of the complaint. It was removed without even
asking if the content would be legal in Germany. And it was removed
without any consultation with the author of the article.
Heise staff noticed accidentally that the link was removed only after
finding the DMCA report on their Webmaster Tools service. The German
publisher immediately sent a counter-notice which however implied that
the counter-notifier gives its consent that the legal competent
authority is the District Court of Santa Clara County in California b
despite the fact that the affected company, blog, news platform or
website owner is based in Europe. The initial notifying party then has
10 working days to react to the counter-notice. During this period, the
website will still not appear in search results. According to Google's
DMCA report received by Heise, it can take up to 11 hours to remove
links from its search result upon receipt of a DMCA takedown request.
However, it can take several weeks until a takedown is reported by the
collaborative archive Chilling Effects Clearinghouse (chillingeffects.org)
This recent example shows that the DMCA is, despite being more
predictable than the European system, a process in which a website is
first shut down and only then questions are being asked with regards to
the legality of the content. In the US and elsewhere, the application of
the DMCA has led to the deletion of speech content without warning in
numerous cases.
In Europe, it is now essential to establish a differentiated approach,
procedures that are transparent and allow for due process to avoid void,
accidental and deliberate abuse leading to the take down of legitimate,
non-infringing content and to ensure the functioning of the Digital
Single Market.
With the aim to establish a framework and to provide guidance on
European notice and takedown procedures, the EU Commission has just
launched a public consultation in order to clarify the implementation of
the e-Commerce Directive by the end of this year. All stakeholders and
interested individuals are invited to reply to the public consultation
and to provide the Commission with input before 5 September.
Microsoft asked to delete Heise article from Google search results (only
in German, 8.06.2012)
http://www.heise.de/newsticker/meldung/Microsoft-liess-Heise-Meldung-aus-Go…
Google's Transparency Report on takedown requests
http://www.google.com/transparencyreport/removals/copyright/
RIAA Demands Unlimited DMCA Power From Google (2.06.2012)
http://torrentfreak.com/riaa-demands-unlimited-dmca-power-from-google-12050…
European Commission consultation questionnaire - A clean and open
Internet: Public consultation on procedures for notifying and acting on
illegal content hosted by online intermediaries
Deadline: 5 September 2012
http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=noticeandaction
(Contribution by Kirsten Fiedler - EDRi)
=======================================================================
5. Article 29 WPbs opinion on the cookie exemptions
=======================================================================
On 12 June 2012, the Article 29 Working Party (WP 29) published an
opinion on the issue, focusing on two exemption criteria established by
the new cookie-related provisions in the ePrivacy Directive:
A- the use of the cookie b for the sole purpose of carrying out the
transmission of a communication over an electronic communications
networkb
and
B - the use of a cookie if b strictly necessary in order for the provider
of an information society service explicitly requested by the subscriber
or user to provide the serviceb
.
WP 29 established in its opinion the circumstances when the exemption
criteria do not apply such as forcing controllers, processors, and third
party actors to obtain informed consent before using a cookie.
As regarding criterion A, the WP 29 considers this exemption can be used
only when the cookies are pivotal to the transmission of the
communication and when the transmission is not be possible without the
use of the cookies. "Simply using a cookie to assist, speed up or
regulate the transmission of a communication over an electronic
communications network is not sufficient," says the opinion.
Regarding criterion B, the opinion says: "There has to be a clear link
between the strict necessity of a cookie and the delivery of the service
explicitly requested by the user for the exemption to apply."
Cookies served for the purposes of providing a specific functionality
within websites will not be considered b strictly necessaryb
unless "the
functionality will not be available" without the cookie and the user has
"explicitly requested" the functionality from the website.
According to the opinion, some cookies can be exempted from informed
consent under certain conditions if they are not used for additional
purposes - these cookies include for example b user-inputb
cookies (used
to keep track of the userbs input when filling online forms or as a
shopping cart, also known as session-id cookies), multimedia player
session cookies and user interface customization cookies (for example
language preference cookies to remember the language selected by a user).
The cookies that should not be covered by the exemption include social
plug-in tracking cookies; third party advertising cookies, third party
and first party analytics cookies.
Regarding third party and first party analytics cookies, WP 29 remarks
however that they carry low privacy risks when they are limited to first
party aggregated statistical purposes and when used by websites which
also provide adequate privacy safeguards.
WP 29 also believes e-Privacy Directive should be amended in order to
introduce a new exemption to consent "for cookies that are strictly
limited to first party anonymized and aggregated statistical purposes."
Opinion 04/2012 on Cookie Consent Exemption (7.06.2012)
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinio…
Article 29 Press Release on cookie consent exemption (12.06.2012)
http://www.statewatch.org/news/2012/jun/eu-wp-29-dp-cookies.pdf
Websites may only place cookies without user consent if services would
not work without them, say regulators (13.06.2012)
http://www.out-law.com/en/articles/2012/june/websites-may-only-place-cookie…
=======================================================================
6. UK websites might have to identify b trollsb
=======================================================================
According to the new UK government proposals, website operators might
soon have to identify users who have posted defamatory messages online,
so that the victims of the respective messages may take legal action
against the "trolls".
Presently in UK, a website operator is liable for everything that
appears on its site and therefore it can be taken to court by anybody
who claims something defamatory has been posted about him/her on the
respective website. The websites are now removing content as soon as a
defamation claim is made, irrespective of whether it is right or wrong.
"As the law stands, individuals can be the subject of scurrilous rumour
and allegation on the web with little meaningful remedy against the
person responsible. Website operators are in principle liable as
publishers for everything that appears on their sites, even though the
content is often determined by users,b
says Justice Secretary Ken Clarke.
The UK Ministry of Justice is now proposing a Defamation Bill, which is
under debate in the House of Commons, that will force operators to
identify the creator of a defamatory message and to give that
information to the victim so that he (she) may take action directly
against the person having posted the defamatory content.
The government states that there will also be measures to strengthen
freedom of speech and prevent false claims meant to get material
removed. "It will be very important to ensure that these measures do not
inadvertently expose genuine whistleblowers, and we are committed to
getting the detail right to minimise this risk," said Clarke.
The present rule that currently counts each separate viewing of a
controversial web page as a separate defamatory offence will be removed
and a one-year time limit will be introduced to online defamation claims
in order to stop people complaining about old articles.
However, privacy advocates are concerned about the possible abuse that
the new bill might bring forth. Privacy International believes that a
large part of the content posted by online trolls is not actually
defamatory being rather b harassment, invasion of privacy or simply
unpleasant but lawfully-expressed opinionb
and is concerned that
"gun-shy website operators will start automatically divulging user
details the moment someone alleges defamation in order to shield
themselves from libel actions".
b If the choice is between protecting users' anonymity and avoiding a
potentially costly lawsuit, many small operators are not going to be
overly concerned about whether or not a user has genuinely defamed the
complainant," said Emma Draper, head of communications at Privacy
International to BBC News.
For the time being, ISPs seem critical to the proposal as they will be
forced to store more information about Internet usage and emails. The
proposal will also force them to block all access to pornography
websites unless customers specifically state otherwise.
Websites to be forced to identify trolls under new measures (12.06.2012)
http://www.bbc.co.uk/news/technology-18404621
Victims of internet abuse to get new power to identify 'trolls' (12.06.2012)
http://www.telegraph.co.uk/technology/news/9324956/Victims-of-internet-abus…
Q&A: Who are internet trolls - and how is the law changing? (12.06.2012)
http://www.bbc.co.uk/news/technology-18408457
=======================================================================
7. Spanish Supreme Court says Google is not breaching copyright
=======================================================================
The Spanish Supreme Court ruled on 3 April 2012 that Google was not in
breach of copyright with its browser and cache services. The ruling was
given in a case filed in 2006 by the owner of a web page
(Megakini.com) for having reproduced and made available its
contents, by means of the Google search engine and the Google Cache
service, without authorisation.
The Supreme Court comes to confirm the previous decision given by the
lower court in Barcelona, on 30 March 2007, and the ruling on the appeal
of the Provincial Audience of Barcelona, on 17 Sept. 2008, which both
concluded the same, although on different grounds.
Regarding the reproduction and making available of parts of the webpage
contents, all three courts agreed this was not an infringement of the
copyright law as it had a temporary, incidental and minimal character.
The Supreme Court also rejected the infringement claim in relation to
Google cache service. The reason that laid at the basis of the decision
was the three-step-test guiding the interpretation of the statutory
limitations to the exclusive copyrights. Google Cache service is a
b socially toleratedb
use which was not prejudicial to the interests of
the claimant.
The claimant had asked for 2000 Euro in damages and for the shut down
the whole operation of the search engine which the court considered a
b maximalist petitum". According to the court the copyright laws "do not
authorize abusive claims nor absurd hypotheses meant to prejudice
another without own benefit".
However, the court made it clear that the ruling only extended to the
specific circumstances of the case and that b courts do not solve
doctrinal polemics.b
Court decision (only in Spanish, 3.04.2012)
http://pdfs.wke.es/8/6/1/5/pd0000078615.pdf
The Supreme Court agrees with Google and considers that its activity
does not breach copyright (only in Spanish, 13.06.12)
http://www.elmundo.es/elmundo/2012/06/13/navegante/1339570444.html
The Supreme Court makes clear that the ruling only extends to the
specific circumstances of this case and Spanish Supreme Court rules in
favour of Google search engine (15.06.2012)
http://kluwercopyrightblog.com/2012/06/15/spanish-supreme-court-rules-in-fa…
=======================================================================
8. Googlebs Street View privacy breach again in the public eye
=======================================================================
Recently, the UK Data Protection Authority - Information Commissioner's
Office (ICO) has decided to reopen its investigation on Google over the
collection of personal information by Google Street View project from
May 2010.
As a reaction to the US Federal Communications Commission (FCC)bs report
issued earlier this year into the Street View data collection, ICO has
now sent a written request to the search engine asking for more details
regarding its knowledge of, and reaction to, the data collection. FCCbs
report concluded that an engineer working for the company, with the
approval of a manager of the company, had written a software code
allowing the Street View cars to collect "payload" data from
unencrypted Wi-Fi networks in the area covered by the cars "for possible
use in other Google projects." The software allowed for the gathering of
entire emails, usernames and passwords.
"The ICO have reviewed the findings of the FCC report and we understand
that a wide range of personal data together with some sensitive data was
present in the payloads including, IP addresses, full user names,
telephone numbers, complete email messages, email headings, instant
messages and their content, logging in credentials, medical listing's
and legal infractions, information in relation to online dating and
visits to pornographic sites and data contained in video and audio
files," says Steve Eckersley, the ICO's head of enforcement, in the
letter addressed to Google.
Having in view that in 2010 Google admitted to have gathered personal
data but stated this had been done by mistake and that now the situation
reported by FCC shows that it is likely that such information was
deliberately captured, the ICO asks now more information regarding what
personal and sensitive personal data was captured in the UK. It also
wants details regarding the time when Google managers first became aware
that personal information was being gathered and about the technological
or organisational measures taken by the company to limit any further
data collection.
Google is also asked to provide a b substantial explanation" of the
sample data sent during the initial assessment of the issue as
well as copies of the design documents and associated logs containing
"managerial decisions and rationale".
Google stands in a better position in Switzerland however where the
Federal Tribunal has recently ruled that Google did not have to
guarantee absolute anonymity for people pictured in its Street View
service. "It must be accepted that up to a maximum of 1 percent of the
images uploaded are insufficiently anonymized," ruled the Supreme Court
on 8 June 2012.
However, the Court also stated that Google had to make it easy for
people to have their images manually blurred, and ensure total anonymity
in sensitive areas such as schools, hospitals, women's shelters and courts.
ICO reinvestigates Google's Street View data collection (13.06.2012)
http://www.out-law.com/en/articles/2012/june/ico-reinvestigates-googles-str…
Google wins partial repeal of Swiss privacy ruling (8.06.2012)
http://www.google.com/hostednews/ap/article/ALeqM5jqamDsi-XekvVlZOrHULCU9Hm…
EDRi-gram: Google admits it was gathering passwords and emails via
StreetView (3.11.2010)
http://www.edri.org/edrigram/number8.21/street-view-collects-emails
=======================================================================
9. Prague ICANN meeting to discuss Whois data
=======================================================================
An ICANN meeting will be held in Prague between 24-29 June 2012,
where issues and topics impacting users, consumers and registrants, like
whois access and the extension of domain space with ongoing new gTLD
program, will be discussed. As a reminder, ICANN is an Internet
governing body managing mainly IP addressing and domain names and which
is implementing a multi-stakeholder model, bottom-up and consensus-based
policy-making process .
ICANN as an organization still needs important improvements on
accountability, transparency and public interest aspects and also in the
involvement of the civil society, activists and academics. It is also
developing more complex structure and processes advantaging insiders.
The debates are dominated by business and trademark perspective and
privacy, human rights, freedom of expression are still marginalized and
not systematically included or assessed in the policy making process.
One of the rare open spaces in ICANN for the participation of the civil
society remains the Non-commercial Stakeholder Group (which includes for
example NCUC - the historical non-commercial users constituency). It is
one of the stakeholders forming the GNSO (the structure responsible for
policy making for gTLD).
Prague meeting is an opportunity for NGOs in Europe to follow ICANN
activities more closely and to participate in the process since there
are several public sessions and in particular the traditional public
forum on Thursdays where they can express their concerns.
>From a European perspective, the discussion about Thick Whois may
definitely interest privacy advocacy organization and also people
interested in data protection. ICANN is getting pressure from LEAs with
support of some governments (US,UK etc), members of GAC (Governmental
Advisory Committee) to implement Thick Whois without real privacy
safeguards or a privacy impact assessment and pushing to include those
provisions in the registrar's agreements or RAA (Registrar Accreditation
Agreement) which is currently under negotiations as well as in the
expected new gTLDs to be launched in next years.
The ongoing new gTLD program also represents new challenges, benefits
and risks for consumers and users. The list of applications for new gTLD
was revealed on the 13 June 2012. The process will continue and will
include a period for community comments and also possible objections
against some TLDs, which may raise a Freedom of Expression issue, in
particular, with giving governments, via GAC, the possibility to send
"early warnings".
Finally, European NGOs are strongly advised to attend the ICANN meeting
to be more familiar with those topics and to see how they can be
involved in the process to influence it although domain names issues
seem narrow as compared to Internet policy topics in general. The
development of policies in ICANN and its own model are setting a
precedent in the Internet governance context that we need to care about.
Website with practical information about ICANN Prague meeting (24-29
June 2012)
http://prague44.icann.org
Explanation of the process to object an applied gTLD
http://newgtlds.icann.org/en/program-status/objection-dispute-resolution
Whois recommendations from the review team (5.12.2011)
http://www.icann.org/en/news/public-comment/whois-rt-draft-final-report-05d…
Homepage of Non-commercial Stakeholder Group
http://gnso.icann.org/en/about/non-commercial.htm
(Contribution by Rafik Dammak - Non-Commercial Users
Constituency/Non-commercial Stakeholder Group)
=======================================================================
10. Culture: Global changes in production and consumption
=======================================================================
The Green MEPs Eva Lichtenberger, Sandrine BC)lier and Helga TrC<pel
hosted an event on 7 June 2012 in the European Parliament on the global
changes in production and consumption of cultural goods.
The first speaker at the event was FrC)dC)ric Martel, writer, journalist,
researcher and book critic who worked at the French Embassy in Boston as
head of the French cultural and academic services. The mutation is due
to two different phenomena: globalisation and digitalisation. The
novelty is that the developing countries are taking part in those
phenomena and they have to adapt to both globalisation and
digitalisation at the same time. The approach to digitalisation is
different in Europe from that in the developing countries. In Europe the
content industries are adopting a defensive behaviour against
digitalisation, while in the developing countries they see it as an
opportunity. The creative industry is changing, but one should not
forget that the big American studios also finance small independent
studios. A new debate on diversity is appearing because even though
there is globalisation, the cultural issues stay national. Countries
like Brazil do not have the capacity to function by the US and European
system of copyright.
The second panellist was Philippe Aigrain, co-funder of la Quadrature du
Net. He introduced his speech by defending the legalisation of file
sharing and the necessity to find a new financing system b such as a
global license. But he focused his speech on looking at the reality of
the cultural production and the example of creative writing as a new
production opportunity. Today, the non-market practices of individuals
are playing an important role even more than the selling and licensing
of content, he said. Internet should not be seen as a distribution
channel but a a place of cultural, creative and expressive activities.
Internet is a creation tool. There is a huge textual production with
blogs, microblogs and so on, that allow fair trade publishing favouring
both authors and readers. It is however true that this cannot apply to
all media.
The last speaker was Lucy Montgomery, from Queensland University of
Technology (Australia). She spoke about the Chinese market. New models
are emerging in China. She took the examples of music, film and fashion
in which even though there is piracy and counterfeit, the market is
booming and people consume a lot, but differently. Getting completely
rid of copyright is a crazy idea, but there is a necessity to understand
the co-evolution of innovation and copyright which creates a complex
eco-system.
Webpage of the event (7.06.2012)
http://www.greens-efa.eu/global-changes-in-the-production-and-consumption-o…
Recorded stream of the event (7.06.2012)
http://greenmediabox.eu/archive/2012/06/07/culture/
(Contribution by Elena Cantello - EDRi intern)
=======================================================================
11. ENDitorial: Data retention - faint heart never won fair lady
=======================================================================
Six years ago, as a result of pressure from the UK, the European Union
adopted the Data Retention Directive. The measure was intended to
harmonise the EU single market for telecommunications, requiring all EU
operators to retain data for the purposes of b investigation, detection
and prosecution of serious crime,b
including terrorism. Member States
were placed under an obligation to produce statistical information about
the use of such data, with an evaluation report planned for September 2010.
None of the elements of that plan has been achieved: The evaluation
report which the Commission was legally obliged to produce by September
2010 was finally released in March 2011. Despite the fact that the legal
basis of the Directive is the creation of a b Single Marketb
, the report
produced a long list of examples of how the Directive has failed to
harmonise the single market b to the point of probably having created
new barriers. The report also shows that several EU Member States have
no definition of b serious crimeb
, meaning that the core safeguard
against disproportionate use of the data has no agreed meaning. Finally,
the report illustrates that the Member States have, with very few
exceptions, failed to live up to their obligation under the Directive to
provide statistical information.
In the context of the lamentable failure of the Directive, Commissioner
Cecilia MalmstrC6m has taken the only decision available to her. She has
decided to review the legislation and her services have recently
completed an b impact assessmentb
which details the various policy
options available to her. In order for a new proposal to become law, it
would need to be approved by a majority of Member States (based on a
complicated weighted voting system) and a majority in the European
Parliament. It is the mathematics of this process which makes the
Commissioner's choice a very difficult political one.
Whatever solution is found also needs to deal realistically with the
fact that the b e-privacy Directiveb
(Article 15) recognises a right for
Member States to introduce data retention with very vague, unclear
safeguards. The uncertainty and confusion created by that provision
(also a UK initiative) was illustrated in the recent Bonnier Audio case
in the European Court of Justice (Case C-461/10). Even a full repeal of
the Data Retention Directive would not stop Member States from
exploiting that loophole to impose retention measures and maintaining
their confused, disproportionate and counterproductive domestic
legislation. The repeal of Article 15 of the E-Privacy Directive is
therefore the only logical policy b and internal Commission politics
(the e-Privacy Directive is not administered by Commissioner MalmstrC6m's
services) should not stop this from happening.
Once that essential step has been taken, the Commission has four
options: it can do nothing, it can propose minor reforms that it knows
the Council will accept, it can propose major reforms or it can repeal
the Directive.
Option 1: Do nothing
On 3 May 2009, Commissioner MalmstrC6m took a personal oath to uphold the
European Charter of Fundamental Rights. The Charter includes Article 52,
which says that restrictions on fundamental rights are only permissible
if they b necessary and genuinely meet objectives of general interest
recognised by the Union.b
It is impossible to read the Commission's
implementation report of the Directive and conclude that there is any
possibility that this requirement is currently being met. Doing nothing
also does not solve the problem that the Data Retention Directive is a
b single market Directiveb
that has not harmonised the single market and
cannot do so in its current form.
Option 2: Minor reforms
Similarly, proposing minor amendments would be expedient and is
definitely a politically attractive option. The Commission could propose
measures that it knows the Member States would accept, such as a small
reduction in the maximum retention period and some others, like
cost-reimbursement for operators, which the Member States would not
accept. The Commission would then have b clean handsb
and could blame the
Member States for not accepting all of its b reformsb
. This approach also
comes with considerable risks. In particular, the European Parliament is
somewhat unpredictable on this dossier. On the other hand, the UK, which
single-handedly pushed through the initial Directive, is now proposing
even more extreme measures, such as the creation of vast silos of
communications data b a 1.8 million pound set of databases of
essentially every online interaction of every citizen. As a Liberal,
Commissioner MalmstrC6m would hardly like to be remembered as the
Commissioner whose legislative proposal has led to EU-wide surveillance
of a scale that would have shocked Orwell.
Option 3: Major reforms
While keeping data retention, the Commission could propose big
reductions in retention periods, to bring them approximately in line
with technically necessary retention of data (for billing and network
security purposes). The problem with this approach is that it would
generate huge opposition among the Member States in the Council. One of
the unwritten rules in the Council is that, if two large Member States
are opposed to a proposal, it is not even put to a vote. Currently,
three large Member States (UK, France, Italy) are vehemently opposed to
any significant reform. Despite the difficulty of the task, overturning
a big majority would however show leadership, show that the Commission
does respect the Charter of Fundamental Rights and show due deference to
the legal framework of the European Union more broadly. A strong
leadership from the Commission supporting fundamental rights stands a
good chance of support from the European Parliament, which would help
put pressure on the Member States.
Option 4: Repeal
All other things being equal (Ceteris paribus), getting enough political
support from the Council and the Parliament for a repeal of the
Directive faces as many barriers as a major reform. However, there is
now a referral of data retention to the European Court. The court has
already expressed concern about the legality of data retention. In the
Telefonica/Promusicae case, the Advocate General questioned whether b the
storage of traffic data of all users without any concrete suspicions b
laying in a stock, as it were b is compatible with fundamental rightsb
.
With the background of the ECJ referral, the failures of the Directive
to achieve its goals and the European Parliament's long-standing
antipathy to the principle of Data Retention, existing doubts in the
European Court about the legality of data retention, a repeal is not as
extreme as it sounds. Solving the single market and predictability
problems created by a repeal of the Directive will be less challenging
than solving the single market and predictability problems created by
the continuing existence of the Directive.
In any event, one thing is clear, the easiest solutions for Commissioner
MalmstrC6m are the least defensible. Courage is needed.
(Contribution by Joe McNamee - EDRi)
=======================================================================
12. Recommended Reading
=======================================================================
EDPS opinion on smart metering (8.06.2012)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
Letter from the Article 29 Working Party addressed to Mr. Juan Fernando
LC3pez Aguilar, Chairman of the LIBE Committee, regarding the
negotiations on the Proposal for a Directive on EU PNR (12.06.2012)
http://ec.europa.eu/justice/data-protection/article-29/documentation/other-…
Letter from the Article 29 Working Party addressed to Ms. Cecilia
MalmstrC6m, Commissioner for Home Affairs, regarding Smart Borders
(12.06.2012)
http://ec.europa.eu/justice/data-protection/article-29/documentation/other-…
=======================================================================
13. Agenda
=======================================================================
24-29 June 2012, Prague, Czech Republic
ICANN 44 meeting
http://prague44.icann.org/
27 June 2012, Brussels, Belgium
Pan-European Forum on Media Pluralism and New Media
http://www.mediapluralism.eu/
2-6 July 2012, Budapest, Hungary
Policies and Practices in Access to Digital Archives: Towards a New
Research and Policy Agenda
http://www.summer.ceu.hu/sites/default/files/course_files/Policies-and-Prac…
9-10 July 2012, Barcelona, Spain
8th International Conference on Internet Law & Politics: Challenges and
Opportunities of Online Entertainment
http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en
11-13 July 2012, Vigo, Spain
The 12th Privacy Enhancing Technologies Symposium
(PETS 2012)
http://petsymposium.org/2012/
25-26 August 2012, Bonn, Germany
Free and Open Source software conference (FrOSCon)
http://www.froscon.de/en/program/call-for-papers/
6-7 September 2012, Cluj-Napoca, Romania
CONSENT policy conference:
Perceptions, Privacy and Permissions: the role of consent in on-line
services
Call for papers by 30 June 2012
http://conference.ubbcluj.ro/consent/
8-9 September 2012, Vienna, Austria
Daten, Netz & Politik 2012
Call for Contributions Deadline: 22 July 2012
https://dnp12.unwatched.org/
12-14 September 2012, Louvain-la-Neuve, Belgium
Building Institutions for Sustainable Scientific, Cultural and Genetic
Resources Commons.
http://biogov.uclouvain.be/iasc/index.php
7-10 October 2012, Amsterdam, Netherlands
2012 Amsterdam Privacy Conference
http://www.ivir.nl/news/CallforPapersAPC2012.pdf
25-28 October 2012, Barcelona, Spain
Free Culture Forum 2012
http://fcforum.net/
6-9 November 2012, Baku, Azerbaijan
Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human,
Economic and Social Development"
http://www.intgovforum.org/cms/
9-11 November 2012, Fulda, Germany
Digitalisierte Gesellschaft - Wege und Irrwege
FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium
http://www.fiff.de/2012
============================================================
14. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 31 members based or with offices in 19 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing
or unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Re: [liberationtech] Single board mini computers as circumvention tools
by Jacob Appelbaum 05 Jul '18
by Jacob Appelbaum 05 Jul '18
05 Jul '18
On 06/23/2012 04:21 AM, Frank Corrigan wrote:
> Does anyone know of any research being done on the use of low-cost
> single board mini computers to run the likes of online circumvention
> tools like VPN, Tor, Gibberbot etc
>
The Guardian Project...?
> Whilst these boards have been around for sometime, since the
> introduction of Rasberry Pi, interest has grown and now there are many
> boards are being created like:
>
Rasberry Pi easily runs Debian - so it's basically the same as the
Torouter project with different hardware:
https://trac.torproject.org/projects/tor/wiki/doc/Torouter
> ARM Mini PCs
> http://www.reghardware.com/2012/05/10/product_round_up_arm_mini_computers_t…
> http://liliputing.com/2012/06/74-mk802-android-4-0-mini-pc-first-impression…
>
Yep that's what we did with the Excito and the DreamPlug.
> Android OS and other Linux OS appears to run easily on these boards and
> allows for use of software from the likes of:
> https://guardianproject.info/apps/ and http://www.whispersys.com/ (sadly
> now defunct)
>
> Some of these boards are also so cheap as to be disposable single use,
> or at least simple reuse after OS/Data erase.
>
There are some really nice things coming soon.
> I am looking at how easy it would be to develop and use a Linux OS that
> only runs from the board's ram (LiveCD/USB/SDcard), such as TAILs
> <http://tails.boum.org>
Use Tails.
All the best,
Jacob
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Myers reported (I think) that his twisted Chord network passes a unit test
where you start with two separate Chord networks and introduce one node from
the first net to one node from the other, and then the two nets merge.
Meanwhile, I've finished implementing a version of ent (based on Kademlia)
which keeps only one node per k-bucket, and fixed several bugs, but there
remains some bug that I haven't investigated (I'm out of time) which causes it
to fail the basic "contruct a network, publish a block, fetch the block" unit
test. (Please, someone fix it, as I'm probably busy this week.)
I just wanted to comment that there is no way known (to me at least) for
Kademlia to pass the unit test that Myers is using on his Chord net -- merging
two separate nets into one. Kademlia can't do that AFAIK. (This is one way
of observing the "Kademlia doesn't self-heal" problem.)
I also wanted to mention that Chord can sometimes fail, too, if the nets
happen to line up so that the resulting merged Chord net is "loopy". The
Liben-Nowell paper [1] explains how to fix that.
--Z
[1] http://citeseer.nj.nec.com/553810.html
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
mnet-devel mailing list
mnet-devel(a)lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel
----- End forwarded message -----
[demime 0.97c removed an attachment of type application/pgp-signature]
1
0