[Via Dave Farber's IP distribution http://v2.listbox.com/member/archive/247/@now] http://www.informationweek.com/news/showArticle.jhtml?articleID=197700861 "Michael Alan Crooker, currently in jail in Connecticut, says security features advertised by Microsoft and its business partners should have kept federal agents from accessing the files on his PC. In court papers filed this week in Massachusetts Superior Court, Crooker says he "suffered great embarrassment" as a result of Microsoft's failure to keep the FBI's prying eyes off his computer." "In the court papers, Crooker says he already has reached settlements with Hewlett-Packard, which owns the Compaq brand, and Circuit City."
We all know not to leave documents in a shared copier. A few years ago I found another problem. Someone had tried to copy a page, but the copier didn't have the correct paper. Some time later, when I put in the correct paper, the copier printed out that page that it had remembered. It happened to have been an employee evaluation. Now, someone has pointed out that most new copiers have hard disks. Even after you've gotten your copy, someone could come along and read what you copied. Ed McLaughlin, president of Sharp Document Solutions, said about shared copiers: "You actually have a better chance at winning 10 straight rolls of roulette than getting those hard drives on copiers rewritten." Above abstracted from: http://p293.news.mud.yahoo.com/s/ap/20070313/ap_on_hi_te/photocopier_risks [See also May Wong, Photocopies with disk drives may hang on to sensitive data, *San Francisco Chronicle*, 14 Mar 2007, C2]
Greetings. As reported by Reuters: http://money.cnn.com/2007/03/13/technology/bc.viacom.youtube.reut Viacom has filed a $1B copyright infringement lawsuit against Google/YouTube. While this may be viewed (accurately, I believe) in some circles as largely a negotiating ploy, the deeper issues go far beyond that. My "you can't effectively censor the Internet" postulate suggests that it will always be possible to post virtually any materials, even if this requires "underground" or otherwise obscured communications channels. However, this is not to say that serious legal and financial risks don't exist related to the YouTube and similar models. I see two biggies: First, the obvious one -- regardless of the ability of users to post "offending" materials in other venues, the large services that are most associated in the public mind with the availability of such items (in this case Google/YouTube) run the greatest risk. This is true both by virtue of their high profile -- they are the natural targets -- but also due to the availability of "deep pockets" for financial settlements or court-ordered payouts. The second risk is actually even more onerous. I sense an increasing discomfort in the courts regarding the concept of retroactive rather than proactive controls over posted Internet information -- the former is the key basis of DMCA enforcement, of course. This issue doesn't apply only to entertainment-oriented materials, but also to the rising chorus of stories from people who claim (sometimes with validity) that their reputations and lives have been disrupted or damaged by posted online campaigns or false information that they are unable to control or successfully expunge. Over the years, I've head many such stories myself that were sent to me personally, but this issue is rising rapidly in the mainstream media. The risk here is vast. Courts may choose to upend the current free speech and related DMCA and defamation models, in favor of a much more proactive approach requiring prescreening and total responsibility for all publicly-hosted materials. The impact of such moves would be impossible to overestimate, especially for the larger players in the so-called "Web 2.0" environment. As noted above, these are the very entities who are most likely to be the targets in such situations. Personally, I don't think that I'd much like the Internet that would result if these sorts of broad government-mandated crackdowns occurred. But the problems are real and do need to be addressed somehow. The laissez-faire approach is reaching a breaking point beyond which the powers-that-be are unlikely to allow it to proceed unaltered. I believe that there are possible routes to a better situation that could avoid the "doomsday" scenarios. Some of these I've outlined in the past, others I have yet to publicly discuss, but an underlying principle is that the major players need themselves to take more responsibility for the effects of their creations beyond the technical necessities. Better them than the courts and governments I hope you'll agree. The humorist Tom Lehrer sang: "'Once the rockets are up, who cares where they come down? That's not my department,' says Werner von Braun." -- referring to the German rocket pioneer who both enabled missile attacks on London and was later the father of the U.S. space program. If officials are able to successfully and publicly paint large Internet corporations as having that sort of attitude, the results could be devastating to the Net. The only ones who can head off this possibility are these firms themselves. Lauren Weinstein email@example.com +1 (818) 225-2800 http://www.pfir.org/lauren Founder, CIFIP California Initiative For Internet Privacy http://www.cifip.org
Comments on Google's Privacy Announcement ( http://lauren.vortex.com/archive/000217.html ) Greetings. Google has announced significant changes to their data retention policy. Since I'm already being asked for my opinion regarding their announcement, I'm sending this out now rather selfishly to avoid having to generate a large number of individual responses (though I'll be glad to discuss this in more depth upon request). First, the "raw" material: Google's Press Release: http://googleblog.blogspot.com/2007/03/taking-steps-to-further-improve-our.html Google's PDF with more details: http://126.96.36.199/blog_resources/google_log_retention_policy_faq.pdf Michael Liedtke's AP piece: http://www.usatoday.com/tech/news/internetprivacy/2007-03-14-google-privacy_N.htm The gist of the announcement is two changes: The obscuration of some IP address bits (currently it appears that this would involve the least-significant octet of IP addresses recorded in the Google user activity logs), and changes to provide for some form of cookie anonymization. Such an IP address change would allow for identification of any one computer out of a group of 256, rather than the existing ability to identify each computer individually. The actual impact of this change from a privacy standpoint would vary greatly depending on the type of addresses (dynamic vs. static) and the total range of those IP addresses associated with any given organization. Cookie anonymization effectiveness is more difficult to analyze until more information regarding the algorithms to be used becomes available. Both of these changes would be applied to data after an 18-24 month period -- during which time data would be retained intact -- unless future government data retention mandates require longer periods. This is in contrast to Google's policy up to this point of maintaining all log data intact on an indefinite basis. The AP piece referenced above notes that AOL apparently already goes farther than Google plans to go in terms of IP address anonymization and some other related issues. In light of that, my many public statements over time that have been critical of Google data retention policies, and my "Open Letter to Google: Concepts for a Google Privacy Initiative" from last year ( http://www.vortex.com/google-privacy-initiative ), what is my take right now on this move by Google? It's much simpler than you might expect. I am not particularly concerned at this point about the details of the policy. I could (and at some point no doubt will) critique the various aspects of Google's changes in detail regarding both perceived strengths and shortcomings, but not today. For now, let's view Google's announcement with the broadest possible scope -- not so much for what it says but for what it might portend for the future. While these changes can be reasonably viewed as only a first step on the road to the kinds of data retention privacy enhancements ultimately needed, taking that first step at all is an immensely positive sea change to Google's attitude toward this data. Time will tell if the rest of that privacy road is traversed in due course. It will be a challenging path indeed, especially in a political environment where the pressure to retain data for extremely broad retroactive investigatory purposes is growing at an alarming rate. And as we've seen in the recent revelations regarding the FBI's violations of the PATRIOT Act ( http://lauren.vortex.com/archive/000215.html ), the issues are all interrelated, and Google of course must obey these laws. But those are issues for another day. For now, I'll simply thank Google for listening, and express the hope that we can move forward together into a very uncertain future, where deeds will always speak more strongly than words, and where the decisions we make now about these matters are likely to have impacts for generations to come -- as we all ideally try to live by the "Don't be Evil" creed. It won't be easy. But we have no honorable choice but to try. Lauren Weinstein +1 (818) 225-2800 Lauren's Blog: http://lauren.vortex.com firstname.lastname@example.org http://www.pfir.org/lauren http://daythink.vortex.com
The election for regional governments (Provinciale staten) in the Netherlands took place yesterday. Many precincts use voting computers, I believe from NEDAP, whose user interface consists of a rather large flat panel with a push-button for each candidate (+ a display and a large "confirm" button, but these are irrelevant here). The layout of the buttons is the same as the layout of the printed candidate list distributed some days before the election. So if you know which button was pushed, you know the candidate voted for. As is common in large elections, TV news showed a few prominent people casting their vote. Mostly, this is a boring show of people depositing folded pieces of paper in a box. Not this time. I suppose RISKS readers have already guessed what happened. Yes, indeed: The panel was in full view on TV news when the prime minister, the leader of a main opposition party and one or two other high-ranking politicians cast their votes. The voting machines have a panel that obstructs the view from the voting officials and the waiting public. But it is completely open towards the side facing away from the public. No privacy cubicles, no curtains, nothing obstructing the view from above. So if one could get away with hiding a camera above the machine, one could record the vote of everybody, and have a picture of the voters as a bonus.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9012499&source=NLT_SEC&nlid=38 A bug in Microsoft's new security product (Windows Live OneCare) wipes out Outlook ".pst" and Outlook Express ".dbx" files when it finds malicious email. So it replaces one security problem (the malware) with another (denial of service). Leads to some interesting new forms of attack - send emails to a victim that are just bad enough to trip up OneCare and cause it to launch a DoS attack on its users. Affects Outlook 97 & 2000, and Outlook Express on WinXP. Shouldn't we have a higher standard for security software in the "do no harm" category? Seems ironic, in particular, that it's a Microsoft product damaging another Microsoft product!
I happened to catch a snippet on the radio this morning where two UK bingo-hall operators (who will soon be forced to ban smoking inside) were said to be considering providing customers who smoke with portable bingo-playing handsets to take outside to a smokers' shelter. I wonder how many risks will be discovered here before and/or after deployment. Chris Ritson (Computing Officer and School Safety Officer) Room 707, Claremont Tower, EMAIL: C.R.Ritson@ncl.ac.uk School of Computing Science, PHONE: +44 191 222 8175 Newcastle University, FAX : +44 191 222 8232 Newcastle upon Tyne, UK NE1 7RU. WEB : http://www.cs.ncl.ac.uk/ [I presume those risks will not be smoked out until afterwards. PGN]
"The signs at the bus stops have been duds," said TransLink spokesman Ken Hardie, adding the company that installed the system said it cannot be fixed. "This system unfortunately just has never worked properly. Siemens has basically thrown up its hands and say they can't make it work." http://www.cbc.ca/canada/british-columbia/story/2007/03/08/bc-signs.html
The following is from one of my "usually reliable" sources: > By the way, I have seen the future of biometric identification and it's > here at Quito Airport. > Ecuadorians have an index fingerprint on their identity cards. Here at the > airport, the biometric check involves the migration officer grasping the > ID card in one hand and the subject's index finger in the other, bringing > the two together and squinting at them. I shall leave it to you or others > to speculate on the accuracy of the system..... Peter Mellor; Mobile: 07914 045072; +44 (0)20 8459 7669
http://www.thisislondon.co.uk/news/article-23387585-details/New%20autopilot%20will%20make%20another%20911%20impossible/article.do I'm sure there are better references. It has potential to be a bottomless pit of falsely raised expectations. At least this is an industry which understands the problem of software testing and things like FCC compliance.
[USAirways is in the process of absorbing America West, and merging its reservation systems into SHARES (Shared Reservations System). The following paragraphs have been excerpted by PGN from "Reservations Migration to SHARES. The good, the bad and 'why move to this Reservations system?'"] We encountered "out of sync reservations," which means that when we migrated the seven million reservations from Sabre to SHARES, approximately 1.5 million of them didn't "sync up," meaning that passengers and agents can't do much easily -- like check in for a flight. The result was that many systems that otherwise were ready to go became bogged down with lots of these reservations that couldn't be processed except by hand. By now we've whittled down the number of "out of sync" reservations closer to a normal level, and continue to reduce them daily. ... The short version is this: Much of the technology that most airlines are built around is "legacy" mainframe systems from the 60's and 70's. These systems are deeply embedded in everything from reservations, to flight operations, to airport operations, to accounting. They are very reliable, but are very inflexible, so as our business changes, we often fight with one hand tied behind our back. ... You say: "So dummy, convert it to a 21st century system." We would like to do that and eventually we will. The biggest reasons we can't do it now are that there is currently no modern system in use to convert to, and the investment would be tremendous -- that is, tremendously expensive. Several companies are building and preparing to implement more modern platforms for airlines to use and we are watching those closely and are in contact with those companies. However, even when the opportunity presents itself, we will have to proceed with caution. In an industry where we lose money more often than we turn a profit, it's not always easy to justify replacing a system that works with a very expensive, untried system that carries additional risk. But stay tuned; we'll get there.
The original article said: "...For example, from 11 Mar through 31 Mar a peak usage period that would ordinarily end at 6pm will instead end at 5pm to compensate for the meters being off by an hour." There is a problem here. According to the PG&E blurb I got (I have a TOU meter), the time period for the interval mentioned is actually 1 hour later (spring forward...). This means that the peak period is actually from 1pm to 7pm (in my case), not 12 Noon to 6pm as it usually is. The risks: Some people haven't gotten this daylight saving time thing right yet. If errors can be made in our discussions, they can be made EVERYWHERE. Just to indicate that this has happened before: The clock chip used in the PC/AT (when it was mostly discrete chips) in 1984 used the Motorola MC146818 clock chip. It was HARD WIRED to change daylight saving time on the LAST Sunday of April, and the LAST Sunday of October. The law was changed to the FIRST Sunday in April back in 1987 (as I recall, check your time zone definitions), and rendered this circuit useless. I don't think anyone actually used it anyway. If you are curious, see the datasheet at: http://pdf1.alldatasheet.com/datasheet-pdf/view/122157/MOTOROLA/MC146818D.html The description is on page 16, where the 'DSE' (Daylight saving time enable) is described. Legislative note: The change in 1987 was supposedly at the behest of those who made barbeques and the consumables (briquettes). The recent change was made for "energy conservation" reasons, but it was mentioned on the news that since we drive more these days, it might cause more energy to be consumed. Time will tell, and we might go back to some previous "standard". [*] The political cartoon that went with the first attempt at changing DST (in the oil "crisis" of 1973) showed the protagonist cutting a swath of his blanket off one end of the blanket and attaching it to the other. "We call this daylight saving time...". Why do we bother with this foolishness. Just have "summer hours" and "winter hours". (*SIGH*) [* A U.C. Berkeley study of Australian energy consumption in 2000/2001 (comparing New South Wales <which extended its DST by two months> and Vitoria <which did not>) concluded that energy savings in the evening were more than offset by increased energy consumptions in the morning. http://www.nzherald.co.nz/category/story.cfm 16 Mar 2007 For those of you who shave in the dark under DST, you might do it in the evening instead, and call it Daylight Shaving Time. PGN]
In the past (or on Unix machines - take your pick), DST dates were configurable with a simple ruleset. As such, you could define 2nd Sunday in May or 12th February or whatever, the time amount and the designator (AEST, DST etc). A comprehensive default set came with the operating system. This allowed the various DST changes around the world to be *managed* by system administrators, including local anomalies for specific events (such as the Olympic Games in Sydney). Now, we appear to have broken that model, and left it all in the hands of the manufacturers. For example, Microsoft have to release a patch for its OS to cope with the change. Shouldn't it be a simple configuration change? (There is a benefit to the patch - it is simpler, but the patch is the only official way of changing it.) I am very wary of such dependence. As for all those manufacturers who have embedded fixed rules, it is about time they started reading RISKs and got their act together.
John Gilliver mentions genealogy software as something which regularly does date calculations "as far back as" 1900. Yes, and most packages that I've seen also claim to correctly handle the switch from the Julian to the Gregorian calendar, although I suspect that most are assuming the switch-over was 1752. However, I don't think genealogy software counts, because nothing depends on the answers being correct. (My program allows events to precede the birth of the participants. Yes it will warn, but genealogy is not an exact science and good programs don't pretend that it is.) (Losing the thread somewhat, imagine the mess if there had been computers around in 1752.)
Steve Summit has accurately observed that Social Security Numbers (SSNs) are now so widely distributed that efforts by states and the federal government to restrict SSN usage are irrelevant to the problem of ID theft. What's frustrating is that a simple, inexpensive, workable solution is possible but Congress is apparently uninterested. The solution is to 1) require businesses to report to the Social Security Administration (SSA) the SSNs that have been presented to them, and 2) require the SSA to report to the legitimate holders of those SSNs the identity of those businesses, thus alerting SSN holders to any improper use of their SSNs. But the SSA can't implement this solution without Congressional action, and members of Congress have shown no interest.
The Ninth Bieleschweig Workshop on Systems Engineering will be held Mon-Tues 14-15 May in the headquarters of Germanischer Lloyd, on the bank of the River Elbe in Hamburg (although I believe the windows in the conference room look to the other side). Participation is free. Germanischer Lloyd has kindly sponsored lunch on both days and dinner on Monday evening. Languages are German and English. The workshops usually attract 30-40 participants from academia and industry. The Ninth Workshop is organised by myself and Karsten Loer of Germanischer Lloyd, and is, as usual, strongly oriented towards safety-critical systems. The Bieleschweig series is now in its fifth year, meeting twice a year, with additional meetings (the "half" series) for CausalML and WBA users. They have "themes", and this time we ask for contributions especially in model-based engineering and in incident analysis, although other topics in critical-system engineering are also welcome. The call, timetable, venue details, and some of the planned talks may be found on the Bieleschweig page at the University of Bielefeld: www.rvs.uni-bielefeld.de -> Bieleschweig -> Ninth Workshop. We publish the slides from the talks, as well as other contributed written material as wished, on the WWW, at the Bieleschweig page at the Technical University of Braunschweig: www.tu-braunschweig.de/ifev/veranstaltungen/bieleschweig and at the Bieleschweig page at the University of Bielefeld www.rvs.uni-bielefeld.de -> Bieleschweig Peter B. Ladkin, Causalis Limited and University of Bielefeld www.causalis.com www.rvs.uni-bielefeld.de
Please report problems with the web pages to the maintainer