Cyber-bullying by the copyright Gestapo
And though they’ll hunt you like a dog
Well they won’t take you alive
Because you make them piles of money
Stacked up twenty stories high
And the boys in every bar
Will not miss you when you gone
From A Heady Tale by The Fratellis
Whenever I write about copyright issues I like to set the record straight right off the bat. Having been a software developer for my entire career and a musician who records and produces music, I am not in any way opposed to the concept of copyright or copyright law. I’m certainly do not espouse the idea that all software wants to be free nor, much as I dislike the entertainment industry, do I advocate torrenting music or movies to avoid paying. So having gotten that out of the way, I’m here to tell you that copyright enforcement is a whole other deal. Here in the US we must contend with the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) who have apparently decided that it’s far easier to blame any decline in revenue on “piracy” and sue potential customers, or threaten to and hope to settle out of court, than it is to come up with a viable distribution model for the digital age. But this week our European friends get to share the pain and witness the quasi-legal shenanigans that Americans have come to know and loathe. In this story by Nick Farrell in the Inquirer we hear about an episode of what I think can best be described as cyber-bullying by a law firm in the name of copyright enforcement.
So far at least 150 innocent people have been wrongly targeted in a crackdown on illegal file-sharing that’s being conducted by the rogue law firm run amok, ACS:Law.
The outfit has sent out letters to thousands of Brits accusing them of ‘piracy’ – that’s copyright infringement to anyone not trying to whip up public sentiment for their own monetary gain – and offering them a chance to settle by paying about £500.
However, loads of people are being accused with what must be inaccurate information. One was a 78 year-old accused of downloading pornography and others are unaware of having done any downloading at all.
“My 78 year-old father yesterday received a letter from ACS Law demanding £500 for a porn file he is alleged to have downloaded. Apparently the poor bloke does not know what file sharing is and has never even heard of BitTorrent. Nor has he given anyone else permission to use his computer.”
Which? Computing estimates that up to 50,000 letters have been sent out and is outraged that too many innocent people are being wrongly accused. Matt Bath, technology editor of Which? told the BBC that innocent consumers are being threatened with legal action for copyright infringements they not only haven’t committed, but wouldn’t know how to commit. But many “will be frightened into paying up rather than facing the stress of a court battle.”
Andrew Crossley of ACS:Law admitted that some cases had been dropped although he declined to give numbers. He told the Beeb [BBC to us yanks] that the method used to detect the IP address used for illegal downloads was foolproof, although that really does not explain why some cases needed to be dropped.
But behold, there is a glimmer of hope in this story. I mean other than the wicked sick ego and reputation boost for the 78-year-old guy accused of torrenting porn – You go, grandpa! No, I mean that you really can’t get too worried about litigation originating from a group whose spokes-weasel actually says “the method used to detect the IP address used for illegal downloads was foolproof” out loud. In public. To the press. I mean seriously, I can only assume that ACS:Law lawyers are the same class of moron as Mr. Crossley. [Andy, dude! - one word: TOR].
But sadly I don’t believe that Mr. Crossley and the gang at ACS:Law are stupid. They know very well that such a statement is ludicrous on it’s face and that no one with any kind of technical expertise will believe it. You know, the kind of technical expertise it takes to illegally torrent copyrighted material. So ACS:Law knows very well that the only folks naive enough to fall for their threats are not capable of doing what they are accusing them of. And that, my friends, smells a whole lot like cyber-bullying to me.
Meanwhile we have this dubious report by the International Federation of the Phonographic Industry (IFPI) [Note: Web of Trust (WoT) rates this site BAD in vendor reliability and privacy so be careful if you follow this link] that claims to provide a basis for such egregious behavior by the copyright gestapo. This article in Sonic State reports it like so.
The IFPI report that 95% of all music downloads are illegal – and they say that “cooperation from Internet Service Providers holds the key to this problem.”
The IFPI made the announcement as part of their Digital Music Report 2009:
Piracy is the major barrier to growth of the legitimate digital music sector and is causing severe damage to local music industries around the world.
Three of the world’s biggest music markets, all heavily dependent on local repertoire – France, Spain and Brazil – have seen a sharp slump in the fortunes of their local music industries:
- In Spain, which has one of the highest rates of illegal file-sharing in Europe, sales by local artists in the top 50 have fallen by an estimated 65% between 2004 and 2009;
- France, where a quarter of the internet population downloads illegally, has seen local artist album releases fall by 60% between 2003 and 2009;
- In Brazil, full priced major label local album releases from the five largest music companies in 2008 were down 80% from their 2005 level.
The report shows that, while the music industry has increased its digital revenues by 940% since 2004, piracy has been the major factor behind the overall global market decline of around 30% in the same period.
Okay… So let me get this straight. All of the music purchased and downloaded from iTunes, Amazon, eMusic, Walmart, Napster and Rhapsody plus all of the smaller independent music label sites like Matador Records and individual artist sites together make up only 5% of music downloads? And that 25% of the internet population of France downloads illegally? And this is what is responsible for the 80% drop in full priced major label local album releases in Brazil? I don’t know what those IFPI guys have been smoking but they’d sure have a better chance of convincing me if I had some too. I mean seriously how would you find out that a quarter of the internet population downloads illegally in France and how can you correlate that to local artist album releases fall by 60% between 2003 and 2009. Hello! This is the internet. It’s everywhere. Like lint. And the copyright gestapo. What’s worse is that these bozos (or is that beau zauxs) are trying to convince ISPs that they should collude with the copyright gestapo. And the really sad thing is that some ISPs are going to buy into this nonsense. Let’s be clear here. I sympathize with the musicians who have seen sales of their albums decline. And I also sympathize with their unemployed fans who can no longer afford to buy music. What I don’t sympathize with is the copyright gestapo and their cyber-bullying.
Keeping up appearances at CSU
This week my alma mater, Colorado State University, is engaged in a bit of bureaucratic theater that has once again thrust the city of Fort Collins into the national media spotlight. Ok flashlight. This article in the Denver Post covers it thusly.
Colorado State University today distributed a draft of its proposed weapons policy that would ban all weapons on the Fort Collins and Pueblo campuses, including guns being held by those with a concealed-weapons permit.
The issue became controversial late last year, when the CSU faculty voted for such a ban while student leaders voted against it. The CU Board of Governors will decide whether to implement the policy at their February meeting in Pueblo.
Drafted by campus administrators, the policy and its risk management approach is consistent with best practices of other colleges and universities, CSU spokesman Brad Bohlander said. It is essentially an extension of the current campus weapons policy banning weapons – including weapons owned by concealed-carry permit holders – in resident halls. The policy now expands those regulations to the entire campus with some exceptions.
So what problem does this proposed weapons policy address? Is CSU reverting to the wild west? Are gunfights erupting in classes and dorms? Are teachers and students threatened by gun-toting thugs? Well… not exactly. The raison d’être for this policy is best described in the preamble to the draft policy itself [emphasis mine].
Colorado State University recognizes that the possession, use, or display of Weapons on Campus should be subject to reasonable control to manage the increased risks associated with having Weapons on Campus, which is consistent with the best practices of other colleges and universities. Some of the data and analysis supporting those best practices are contained in the position statement dated August 12, 2008, by the Board of Directors of the International Association of Campus Law Enforcement Administrators, Inc. (“IACLEA”). According to that statement, the presence of students carrying concealed weapons would not reduce violence on campuses and that having such weapons may dramatically increase violence on campus arising from (a) the potential for accidental discharge or misuse of firearms at on‐campus parties or student gatherings, (b) the potential for guns to be used as a means to settle disputes, and (c) that campus police officers responding to a situation involving an active shooter may not be able to distinguish between the shooter and others with firearms. Colorado State University concurs with IACLEA’s position statement and believes that safety on Campus will be improved by reasonably controlling Weapons.
Ahh, I get it. This is one of those keeping up appearances kind of deals. For those woefully uncultured readers [in case there are any] Keeping Up Appearances is a British sitcom wherein the heroine, one Hyacinth Bucket – who insists her surname is pronounced Bouquet – is a social-climbing snob who passes her time visiting stately homes, hosting “executive” style candlelight suppers, and maintaining the integrity of her woodblock floor, wallpaper, and status in the community. Her aim in life is to impress neighbours, friends, and important people.
“Okay…,” I hear you saying, “so this policy only addresses potential problems, and mainly brings CSU in line with other colleges and universities. What’s wrong with removing guns from college campuses? And what does this have to do with security?”. Great questions. Glad you asked.
The problem is that this policy, like far too many security and anti-terrorism policies, does absolutely nothing except display political correctness. Aptly put by Shakespeare in Macbeth, “It is a tale told by an idiot, full of sound and fury, signifying nothing”. Manifestly, the danger of violence involving firearms on college campuses is real and present. Recall the Virginia Tech massacre in 2007. In fact the 2008 IACLEA position statement referenced so prominently in the CSU draft policy includes this not-so-veiled reference to that incident in it’s potential threats: “campus police officers responding to a situation involving an active shooter may not be able to distinguish between the shooter and others with firearms“. Certainly sounds reasonable. Except for these inconvenient facts – the “active shooter” was already actively violating any number of state and federal laws and there were no “others with firearms” except those who would be exempt in the policy. In other words it does absolutely nothing but keep up appearances. That and waste time with debate and media coverage diverting attention from the fact that CSU, other colleges and universities – and pretty much everybody else including me – have no idea how to address the real problem. Will this policy prevent a tragedy involving guns at CSU? No. Will it make CSU students and staff safer? No. Will it make CSU appear more concerned with campus violence? Bingo! A tale told by an idiot, full of sound and fury, signifying nothing; but keeping up appearances.
Captain Underpants and the Traumatizing Titillation of the TSA
I’ll admit it. I’ve read every one of Dav Pilkey’s epic novels featuring Captain Underpants (the defender of all things pre-shrunk and cottony) and the rest of the crew from Jerome Horwitz Elementary. So when the Christmas underwear bomber incident hit the news, well it was just too easy to adopt the sobriquet for the hapless wannabe suicide bomber. While I’d like to take credit for the idea, I saw it first in tweet from @sectorprivate. But once again I digress.
When Captain Underpants attempted his incredibly inept act of terrorism and lit his privates on fire (that had to smart!) it was followed immediately by the requisite hand-wringing, blameshifting and calls for resignation of leading bureaucrats and political appointees from the opposing political party. In other words, same circus different clowns. The one actionable item that came out of this little in-flight weenie roast was a truly choice bit of expensive security theater. Full-body scanners. Yep, now we’re going to add that to the list of indignities heaped upon air travelers. This has raised privacy concerns within the air traveling public world wide. Witness the German “fleshmob” protesting against the use of full body scanners.
The underwear bomber’s Christmas Day attack has prompted calls for the increased use of full-body scanners at airports that would strip-search passengers down to their naked bodies.
So to protest the use of the so-called Nacktscanner (naked scanner), members of the Pirate Party in Germany organized a “fleshmob” of people who stripped down to their skivvies last Sunday and converged on the Berlin-Tegel airport.
It seems like everyone is worried about some TSA voyeur leering at naked images of them. But having spent a ridiculous amount of time in airports this last week I have several observations to make.
Observation the first – For every air traveling babe there are at least 50 bovines.
Observation the second – A similar ratio of hunks to heifers exists.
Therefore I posit that the real victims of the Nacktscanner are the TSA employees who will be forced to monitor them. I don’t know about you, but I think that it would take less than an hour of closely watching images of the air traveling public in the altogether before I was ready to poke out my own eyes. So if the public doesn’t like them and I can’t imagine anyone on the front lines of the TSA who is waiting breathlessly for them, then what exactly is the point?
Perhaps this is a new TSA plan to develop Super TSA Agents, figuring that if you can withstand a rotation of staring at a full-body scanner then you can handle anything – a real dead-eyed killer. Or maybe they can use them as a diciplinary device – “Jenkins, if you don’t pat down those passengers faster it’s the naked scanner for you!”. Or maybe even an HR screening mechanism – “So Mr. Smith, you would really enjoy being a full-body scan monitor? Sorry, pervert! Try politics or management”.
Being a “circle of life” kind of guy, I could really appreciate the symmetry of making Nacktscanner monitoring part of the punishment for Captain Underpants. Real biblical in a “reaping what you sow” kind of way. He should be forced to monitor high resolution scans of airline passengers in the buff all day every day for the rest of his life. While strapped to a chair so he can’t prematurely end the sentence. But that would truly be cruel and unusual punishment.
The naked truth is that we should just bag the whole lame idea of full-body scanners. But that wouldn’t make for very good theater now would it.
Web 2.0 Miranda
don’t say a word or we’ll surely expose
that it’s you who are wicked and vile
anything you say will be used against you
and now it is you here on trial
from Don’t Say a Word by Cici Porter
For a long time now I’ve tried to get folks to realize that there is nothing private or protected about social networking. To wit, these posts here and here. In case you think I’m overreacting you should check out this post by Sharon Nelson in the {ride the lightning} blog.
Recently, Facebook spokesman Andrew Noyes said that the company has created a team led by a former FBI employee to manage requests for information in criminal cases. According to Noyes, a big part of the job is explaining the applicable laws and the limitations on access to Facebook user information. He said that Facebook strives to respect the balance between law enforcement’s need for information and the privacy rights of citizens.
To be fair to Sharon’s point in the post, judges are increasingly ruling on the side of individual privacy in cases with requests to make social network content discoverable or admissible. But the fact that the number of such cases have increased to the point that FaceBook needs a team to “manage requests for information in criminal cases” is my concern. It almost seems like this has progressed to the point that every social networking site should display your Miranda rights prominently. In actual fact FaceBook does display, albeit not terribly prominently, something like that in their Privacy Policy.
We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities.
Twitter has a similar statement in their privacy policy.
We may disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect Twitter’s rights or property.
So what’s the big deal? These Web 2.0 site have to comply with the law just like everybody else. Exactly. So think about that the next time you want to post a photo of that truly epic party. You know, the one with the funny pictures of you and your peeps totally hammered and passing the bong. Or maybe that post where you really let everyone know how you feel about your sleazy ex. Just remember that you have been “Mirandized”. Sort of. And to the extent you have any rights you didn’t waive by using the social network.
2009 – That’s a wrap!
Wait, I hear it again
Don’t turn on the lights until we
Hear the way it ends
from Peruvian Skies by Dream Theater
During the course of 2009 I wrote about a number of issues that have had recent developments. So by way of winding down 2009 [yeah I'm glad it's over too] here are updates if not possible conclusions to some of these long running sagas.
In posts entitled Does encryption imply expectation of privacy? and No privilege for you! the basic issue involved was reasonable expectation of privacy or rather legal confusion regarding same when applied to digital communication. According to this article in the Washington post the U.S. Supreme Court will be ruling on the issue of expectation of privacy in the spring of 2010.
The case the court accepted Monday involves public employees, but a broadly written decision could hold a blueprint for private-workplace rules in a world in which communication via computers, e-mail and text messages plays a very large role.
A federal appeals court in California decided that a police officer in the city of Ontario had a right to privacy regarding the texts he sent on his department-issued pager, even though his chief discovered that some of them were sexually explicit messages to his girlfriend. That court said the chief’s decision to read the messages without a suspicion of wrongdoing on the part of the officer violated Fourth Amendment protections against unreasonable searches.
Most employers routinely tell their workers that they have no expectation of privacy when it comes to e-mail and other communications that involve company equipment, and the city of Ontario is no different. It says it “reserves the right to monitor and log all network activity including e-mail and Internet use, with or without notice.”
But the police officer in the case, said the department sent a different message when it handed out pagers to SWAT team members. The department said that the devices were limited to 25,000 characters each month, but that officers also using them for personal purposes could pay for any overage charges.
When the police chief wondered whether the devices were being used mostly for personal messages, the company that provided the texting service, Arch Wireless, turned over transcripts. They showed that a large portion of [the officer's] messages were personal and many of them were sexually explicit. According to court documents, a review of one month’s use showed that 57 of 450 messages were business related.
A lawyer who often represents employers in workplace issues, said the issue is “one of increasing importance to employers.” Though the case before the court involves government employees, case law in the private workplace often evolves from such decisions.
In the world of laptops, cellphones and BlackBerrys, the line between business and personal communications is often blurred and that employers are tolerant “within the realm of reason.”
But often they are under legal obligation to monitor computer use. And when employers monitor the computer use of their workers, it is often because of complaints from co-workers.
The case, Ontario v. Quon, will be heard in the spring.
While this case does not explicitly address either encryption or privileged communication it does serve to illustrate that this is far from a done deal. And the Supreme court ruling will only be one small step towards clarifying the issue. So I’m guessing we can expect lots more on this in the coming years.
In a series of posts about ID Theft, Privacy, Fear and Loathing in Colorado [also in this post and this post] I discussed “Operation Numbers Game”. Here’s a quick recap of the controversial investigation.
“Operation Numbers Game” began after a Texas man told Greeley [Colorado] authorities someone there was using his identity. The suspect in that case alerted law enforcement to the firm that prepared his taxes. Investigators obtained a search warrant [and] seized the returns last year from a tax preparation firm that catered to Latinos in Greeley, where Hispanics make up about a third of the population.
A District Court judge halted the investigation in April. He ruled Weld County authorities violated people’s privacy rights and had no probable cause to inspect the tax returns, which were used to file charges of criminal impersonation and identity theft against more than 70 people.
Weld County appealed the decision.
Weld County District Attorney Ken Buck, a Republican U.S. Senate candidate who advocates stricter immigration laws, has maintained the investigation was about identity theft, not illegal immigration.
Well this little fishing expedition may actually be over. As reported by the Denver channel, the Colorado Supreme Court has ruled against Weld County.
The Colorado Supreme Court says Weld County authorities violated privacy rights of immigrants when sheriff’s deputies seized thousands of tax returns to investigate them for identity theft.
The Court’s Monday ruling affirmed a decision by a Weld County District judge who suppressed evidence against one of the defendants. That judge said authorities had no probable cause to search the man’s tax returns and that the documents are confidential.
The Colorado Immigrant Rights Coalition praised the Supreme Court ruling, saying Weld County’s attempt to enforce federal immigration law was “wrong-headed, costly and did great damage to the community.” The Coalition also said the cases “demonstrates why we need solutions to our broken immigration system.”
“Today’s ruling confirms Operations Number Games to have been an egregious abuse of power by Weld County officials,” the Coalition said in a prepared statement. “Paying taxes is not a crime and should not be made to seem like one. Rather, it is what the U.S. government asks of its residents. Those targeted had their privacy rights violated. The ruling goes to show that the Constitution protects the basic rights of all U.S. residents, regardless of suspected immigration status.”
No word yet on how this ruling will effect Weld County District Attorney Ken Buck’s senate bid and I’m smart enough to not hazard guesses involving politics.
In a series of entries that are shaping up to be the most popular of 2009 I wrote about Colorado Weirdness and the subsequent followup Back to normal in Colorado wherein the primary weirdness was the “balloon boy” incident. This just kept getting stranger as it turned out that the whole thing was a hoax perpetrated with the idea of getting a reality TV show. Well, according to the Denver Post this saga may finally have run it’s course. For now.
Richard and Mayumi Heene, the Fort Collins couple who briefly duped law enforcement and the television-watching world this fall by claiming their son was adrift in a home-made balloon, were sentenced to jail time today for perpetrating the publicity stunt.
Richard Heene, who last month pleaded guilty to a felony charge of attempting to influence a public servant and who took blame today as the brains of the hoax, was sentenced to 90 days in jail. He will have to serve 30 days of the sentence full-time in the Larimer County jail, with the remaining 60 days served on work-release. He must also serve four years on probation.
Mayumi Heene, who helped hatch the scheme and who pleaded guilty to a misdemeanor charge of false reporting, was sentenced to four years probation and 20 days of jail, to be served through a program that allows her to perform jail-supervised community service a couple days a week and return home at night.
The Heenes must also pay a still-to-be-determined amount of restitution, a figure a prosecutor said today could be $47,000 or more. Richard Heene’s lawyer said he intends to challenge that figure.
“In summary,” [Larimer County Court Judge Stephen] Schapanski said in imposing Richard Heene’s sentence, “what this case is about is deception, exploitation — exploitation of the children of the Heenes, exploitation of the media and exploitation of people’s emotions — and money.”
Asked after the hearings whether the Heenes have now given up the pursuit of television notoriety, [Richard Heene's attorney David] Lane was ambiguous.
“I don’t know if they’re done with reality TV,” he said. “Is reality TV done with them?”
And finally there’s this pair of posts about the medical marijuana gold rush in Colorado, Once I was a caregiver and didn’t even know it and Caregivers in Colorado: the saga continues. This has well and truly hit the big time with international coverage by CNN. Take this story by Jim Spellman for instance.
Driving down Broadway, it’s easy to forget you are in the United States. Amid the antique stores, bars and fast-food joints occupying nearly every block are some of Denver’s newest businesses: medical marijuana dispensaries.
The locals call this thoroughfare “Broadsterdam.” As in Amsterdam, Netherlands, these businesses openly advertise their wares, often with signs depicting large green marijuana leaves.
“The American capitalist system is working,” said attorney and medical marijuana advocate Rob Corry.
It’s a matter of supply and demand.
“The demand has always been there,” he said, “and the demand is growing daily because more doctors are willing to do this, and now businesses, entrepreneurs, mom-and-pop shops are cropping up to create a supply.”
Colorado voters legalized medical marijuana in 2000. For years, patients could get small amounts from “caregivers,” the term for growers and dispensers who could each supply only five patients. In 2007, a court lifted that limit and business boomed.
Between 2000 and 2008, the state issued about 2,000 medical marijuana cards to patients. That number has grown to more than 60,000 in the last year.
State Sen. Chris Romer, a Democrat whose south Denver district includes Broadsterdam, said the state receives more than 900 applications a day.
“It’s growing so fast, it’s like the old Wild West,” Romer said. “This reminds me of 1899 in Cripple Creek, Colorado, when somebody struck gold. Every 49er in the country is making it for Denver to open a medical marijuana dispensary.”
Wild West indeed. Everywhere in Colorado counties and municipalities are rushing to declare moratoriums on new medical marijuana dispensaries until somebody figures out how to regulate them. “Why is that a problem?”, you ask. Well let me give you some examples. I’ve already mentioned that in the People’s Republic of Boulder there are now twice as many reefer shops [err... dispensaries] as coffee shops. While this may may not be particularly surprising for Boulder, how about the town of Windsor, Colorado (population 18000) where there are more medical marijuana dispensaries than coffee shops, gas stations, grocery stores and liquor stores combined. At this point I’m thinking that maybe the Federal government should wake up, smell the reefer, legalize pot and tax the heck out of it. Everybody wins. And in this economy just think of all the jobs for caregivers that will be created. That’s right, just suck it up and torch that spliff (or vice versa). You know you want to.
How the TSA can be like Rihanna or not
By now everybody has heard about the most recent debacle involving the unredacted TSA manual that was leaked to WikiLeaks. In case you’ve been too busy Christmas shopping or listening to the great free holiday music posted on this blog here, here and here (with a bonus here) CBS news covered it like this.
It was a security breach and a big embarrassment for the Transportation Security Administration. A secret manual that tells airport screeners around the country how to do their jobs somehow wound up on line for all the world to see.
It detailed who should be screened, how often bags are checked for explosives, how to deal with CIA agents traveling with high-value intelligence assets – even provided images of various special identification cards, as CBS News correspondent Bob Orr reports.
The breach reveals some of the government’s most sensitive aviation security secrets. A 93-page manual prepared for federal airport screeners shows samples of law enforcement and official credentials – federal air marshals, CIA officers, and members of Congress – IDs which criminals or terrorists could copy.
Mostly this story has been analyzed to death by everyone from security pros to politicians and pretty much everyone has come to the same conclusion: this was a really bad idea, but good luck getting the nasty genie back into the bottle. That and there are some really clueless TSA employees. But of all the stuff I’ve read about the asinine affair this article by Stewart Baker in the Adfero Group Security Debrief really stands out. Like the Grinch who Stole Christmas [bet you were wondering how I was going to tie this to the season] Stewart has a wonderful, awful idea.
Rep. Peter King, the ranking member of the House Committee on Homeland Security, and other Republican members have sent a letter to Secretary Napolitano expressing concern about the “repeated reposting” of the unredacted TSA security manual on multiple Web sites and asking her to say whether the sites can be compelled to take it down. They’re right to worry. Whenever someone posts a document that compromises our security, there’s much handwringing about this issue and much breast-beating about the first amendment. It seems like an unanswerable conundrum.
But there is an answer. In general, the sites that posted the TSA document don’t post copies of the latest Rihanna album, “Rated R.” That’s because the damages for posting Rihanna’s album is likely to be $150,000 for each of the thirteen cuts — the damages for willful infringement of Rihanna’s (and Def Jam Recordings’) copyright. First amendment or not, Congress and the courts have agreed that this is a perfectly fine way to deter certain kinds of speech. Plenty of Democrats and Republicans on the Judiciary Committee have voted for just such deterrence
So here’s my question. Who thinks that protecting Rihanna’s profits is more important than keeping TSA’s procedures out of al Qaeda’s hands? Why do we create $1.45 million in liability for pirating “Rated R” and no liability at all for the willful posting of sensitive, properly redacted homeland security information?
And here’s a proposal for Rep. King: why not set the penalty for willfully disseminating properly classified or sensitive documents at twice the penalty for willfully disseminating registered copyright materials? And why not let anyone whose security has been put at risk bring that suit? After all, when the music industry finally gives up its litigation campaign against ordinary Americans, its lawyers are going to have to pay the rent somehow.
Holy free speech abridgment, Batman! What an evilly genius idea! Just let the FBI behave like the RIAA. Of course this begs the questions, “why does the RIAA have have this kind of juice?” and “who got us into this crazy situation?“. Actually the answer to both questions is the same: The US congress. That’s right, the usual suspects. But given Stewart’s conclusion, I suspect that he’s being as facetious with this post as I was when I smacked him with the Grinch stick.
Anyone who voted to increase damage awards for copyright infringement should have no trouble supporting the same protection for national security. Since the $150,000 figure comes from the “Digital Theft Deterrence and Copyright Damages Improvement Act of 1999,” I’m guessing that a lot of those folks are still around.
Either way I sincerely hope that congress really does love Rihanna more than air security.
Gift of holiday music for all – present 3
As my holiday gift to you, loyal readers, instead of security related commentary, this series of posts contains holiday music for you to enjoy. For free. For you and whoever you would like to share it with.
The earlier posts in this series present 1: Impressions of Christmas 2001 and present 2: Christmas Child 2002 were original arrangements of traditional Christmas carols or new compositions performed, recorded and produced by Larry Hall and me. This present is a bit different. It this years collection of holiday music performed by musicians utilizing the Garritan sample libraries.
Composers and arrangers use Garritan Libraries to realize their compositions and to simulate what a real orchestra and a real conductor would sound like. While the state-of-the-art of digital music continues to advance, our goal is to provide tools for musicians and create opportunities, rather than replace musicians. What products like the Garritan Personal Orchestra have done is to bring the possibility of realizing orchestral compositions to everybody from the most renowned composers to Hollywood film scorers to TV jingle men down to amateurs and music students in their dormitory rooms.
The work done in the recordings on this album are a testament not only to the sophistication of music technology, but also to the skill of the composers, arrangers and programmers who have used these tools so remarkably well. Finally, let’s not forget the powerful force of the sentiments of the season and the inspiration behind the music. Each year we come back to these melodies and forms because they inspire us like no other.
Many thanks to everyone who submitted a song for the Christmas CD. A big thanks as well to Dan Kury who organized this effort and mastered the songs for the album. And many thanks to James Mireau for the cover art.
The Garritan Community Christmas 2009 CD was a collaborative effort of the Garritan Community and was put together in the spirit of giving for the holiday.
This is the sixth year that the Garritan Community has released an annual collection of free Christmas music. While this is not an endorsement of the Garritan products [they don't compensate me in any way for this], it’s hard not to be completely blown away by the quality of Garritan sound libraries and the talent of the musicians who use them in this project.
A Garritan Community Christmas Volume 6
A Garritan Community Christmas Volume 6Welcome to the 6th Annual Garritan Community Christmas Album, a unique musical project. A community of musicians from all over the world met on the Garritan community forum and agreed to submit their own recordings of holiday music, to be freely distributed. Each of these orchestral recordings were made not with large live orchestras in vast recording studios at huge expense, but rather were created by a single person working on their own desktop or laptop computer. What they have in common is the use of Garritan libraries representing software musical instruments based on samples of real instruments.
Gift of holiday music for all – present 2
As my holiday gift to you, loyal readers, instead of security related commentary, this series of posts contains holiday music for you to enjoy. For free. For you and whoever you would like to share it with.
I should explain where this music comes from. In 2000, Larry Hall and I decided to start recording original arrangements of Christmas Carols. As musicians [Larry is a guitarist, I'm a keyboardist] we were both drawn to Christmas music because traditional Christmas carols are so ingrained in our collective psyche that arrangements can have enormous latitude, exploring different styles and voicing without confusing the listener. By December 2001 we had some material recorded with the help of fellow musicians, drummer Troy Harms and bassist Dean Vendl, so we decided to send the CDs as “Christmas Cards” to those on our collective lists. Thus it began with the music in present 1: Impressions of Christmas 2001.
The “Christmas CD card” idea was such a hit with friends and family that we decided to follow it up with more of the same for the holiday season in 2002. Besides, we already had Larry’s studio configured and a whole bunch of new toys to play with. This musical gift is from that second EP which includes an original composition for which the collection is named. Enjoy.
Christmas Child 2002
1. A Day, Bright Day of Glory – Traditional
2. Patapan (Guillo, Pran Ton Tamborin) – Traditional Burgundian-French
3. We Three Kings of Orient Are – Written by Rev. John H. Hopkins, Jr.
4. Christmas Child – Written by Joe Webster
Larry Hall – acoustic and electric guitars
Joe Webster – keyboards and vocalsArranged by Larry Hall and Joe Webster
Produced by Larry Hall
Production assistance by Joe Webster
Recorded by Larry Hall at Thirsty Ear Studio
Photograph of Alexis Hall by Robin Morris
Art Direction and Design by Rita Kiefer
This music is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. That means you can use it for whatever you want – play it on your iPod, burn a CD, give it to your friends, use it in your podcast, play it on the radio, use it as the theme music to your hit TV series – whatever you want. Just give credit to the musicians who made it.
In case you were wondering, that cute baby in the cover image is now a bright, beautiful, talented young keyboardist who collaborates with her father far more often than I do these days.
Happy Holidays from Security For All!
Gift of holiday music for all – present 1
It’s the holiday season! I love this season, and in particular I love Christmas music. As a musician I’m partial to Christmas music for several reasons: traditional Christmas carols are so ingrained in our collective psyche that as an arranger one can explore many different styles and arrangements without confusing the listener and the Christmas season is just, well, inspirational.
So as my holiday gift to you, loyal readers, instead of security related commentary, this post and the several following will contain holiday music for you to enjoy. For free. For you and whoever you would like to share it with.
Actually there is a little security related stuff here [hey - you didn't think you'd get off that easy]. This music is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. That means you can use it for whatever you want – play it on your iPod, burn a CD, play it on the radio, use it as the theme music to your hit TV series – whatever you want. Just give credit to the musicians who made it, which in this case are Larry Hall, Troy Harms, Dean Vendl and me.
Impressions of Christmas 2001
1. Angels We Have Heard on High – A Caribbean Salvation Army Zydeco band, whose normal drummer is replaced by a rocker meets some strolling mariachis.
Larry Hall – Guitars and programming
Troy Harms – Drums
Joe Webster – Keyboards2. Bring a Torch, Jeanette Isabella_Carol of the Bells – Chris Webster first suggested doing “Carol of the Bells” as a round. It evolved into this quasi-minimalist tone poem somehow.
Larry Hall – Guitars and Mandolins
Joe Webster – Keyboards3. I Heard the Bells on Christmas Day – Counterpoint. The Longfellow poem counterpoints war with the peace and hope message of Christmas. What began with the idea to counterpoint the two traditional melodies ended up counterpointing many melodies and diverse musical styles.
Larry Hall – Guitars and Mandolins
Joe Webster – Keyboards4. O Come, O Come Immanuel – In the weeks following September 11, every TV news show had dramatic, mournful theme music featuring a distant trumpet and and a tolling bell. The inspiration for this arrangement came from that theme music.
Larry Hall – Guitars
Dean Vendl – 7-string electric bass
Joe Webster – KeyboardsCover image by Digital Blasphemy.
Happy Holidays from Security For All!
Gray haired computing part 3
In part 1 of this series we talked about finding the right computer system and decried the lack of availability of such systems. In part 2 we talked about how to get connected with friends and family when access to a computer system is impossible or impractical. So in this part we’ll start from the assumption that the senior in question – most likely yourself, dear reader – already has a computer system that is more or less usable and are ready to do something fun and useful with it. How do you get from senior citizen to senior netizen, from lost in space to hacker space without being pwned in the process. Actually it’s easier than you think. In fact you probably already know a whole lot more than you realize.
First off let’s define some of this confusing cyberspeak. I mentioned being “pwned” so let’s start there:
In hacker jargon, pwn means to compromise or control, specifically another computer, web site, gateway device, or application.
Why would someone want to do that? As it turns out that’s big business these days. You’ve probably heard about botnets. Here’s what that means.
Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. Typically botnets are operated by criminal entities.
And what do those criminal entities do with botnets? Mostly they sell bandwidth and compute resources – from the pwned PCs (bots) – to spammers.
Spam is the abuse of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. The most widely recognized form of spam is e-mail spam.
Basically it breaks down like this: Your computer gets pwned and turned into a bot and becomes part of a botnet that is used to send spam like those “cheap viagra” emails that everybody receives.
Another thing you’ve probably heard about is phishing.
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.
Those are the two biggest threats on the internet. In fact they usually turn out to be a single threat. Here’s how that works: You get a phishing email that purports to be from your bank. Instead of sending you to your bank’s web site it links you to a malicious site that transfers malware to your computer, turning it into a bot.
Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner’s informed consent. The term “computer virus” is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
I’m guessing that right about now you are thinking “this sounds really complicated”. While plenty of companies,both legitimate and fraudulent, would like you to believe that, it’s actually not. In truth phishing and spreading malware is nothing more than con games being run in this new environment, the internet. The point being, it’s up to you to avoid being a mark. And this mainly requires a change in the way you think about communication over the internet.
I’ve written about this issue before in a post called the Technology generation gap.
There have been grifters and scam artists around since time immemorial, but it’s only been with the advent of the ubiquitously anonymous internet that the scams, schemes and spam have become pervasive. Back in the day, a grifter’s work was strictly up close and personal as opposed to nowadays when you can hit millions of marks with a single shot. Kind of like a knife fight versus carpet bombing.
You have to understand is that email is not like actual physical mail. It’s easy to get caught up in the abstraction of sending and receiving electronic mail. It appears to work exactly the same as sending or receiving correspondence. Only much faster. Unfortunately there are some dramatic differences between how mail and email work, and these differences make email significantly less private and reliable than mail. When you send a letter via mail it is picked up from a postal drop, transported through a series of post offices where it is postmarked and finally delivered to the intended recipient. Note that the same physical letter that was sent is received and the content of the letter often validates the identity of the sender. Junk mail is also easily identifiable as such. With email it works much differently. When an email message is sent, a copy is sent to and stored on the outgoing email server owned by the sender’s email provider. Then a copy of the message is broadcast over the internet and received, after any number of intermediate stops along the way, by the incoming email server owned by the recipient’s email provider. From there the recipient gets a copy of the email message. Note that there are at least 5 copies of the message created and stored on at least 5 different computers for that one email message. And the sender and recipient only have control over their respective copies. Also because email is by definition computer generated the content cannot be used to validate the sender’s identity. In other words, anyone can type “Dear Grama, … Love, Katey“, but it doesn’t make them Katey. Also, remember those postmarks on letters? They show you where the letter originated from. While email contains a record of where it was sent from, including all intermediate stops along the way, you can’t trust the voracity of this record. It can easily be “spoofed” to appear to be from anywhere the sender wishes. Furthermore since the bulk of the “daisy chain” of email message copies is not controlled by the sender or receiver it can be altered, corrupted or otherwise misused anywhere along the line and no one will be the wiser.
The next thing to understand is that the internet is designed to be anonymous. Just like the famous New Yorker cartoon: “On the internet nobody knows you’re a dog“. Unlike real life where we tend to trust people until they are proven to be untrustworthy, on the internet there are no people, as in actual living human beings, to trust. Actual humans are not directly responsible for a fair portion of internet traffic. Much of the content on the web is generated by bots or other automated processes. For us actual human internet users this requires a complete reversal of the way we’ve always thought about communication. In other words, we must assume that anything we get from the internet is suspect until proven otherwise. Guilty until proven innocent. This is the hardest thing for most of us who grew up before the information age to do. But it’s critical to understanding how the internet works.
The bottom line is this: Trust no one and don’t be an idiot. If it sounds too good to be true, it is. I mean seriously, when you see a scary message pop up on your screen like “your computer is infected with a terrible virus” ask yourself “why would anyone care about my computer?” The answer is obvious, and unless you enjoy being a sucker you’ll treat it the same way you would the street corner three-card-monty dealer. Move on. Nothing interesting here.
Now hold on there, bucko. It has to be more complicated than that. What about all that anti-virus stuff and anti-phishing services? What about Windows update? Well you got me there. The sad fact is that Microsoft Windows spawned a whole industry of snake oil products [Whoa! I knew I felt a conspiracy theory coming on!] that are now required for Windows users. But at least now the Microsoft serpents have eaten the other serpents [Woo Hoo! A vague biblical reference too!] with the introduction of Microsoft’s own anti-malware tools for free. So at least you won’t have to pony up annual subscriptions. Yet. So if you are running a Windows computer, threaten to cut the person who foisted it on you out of your will until they set this up for you. If you have a Mac or Linux computer just send the clever and generous person who gave you such good advice a digital smooch. But just remember, regardless of how much anti-malware stuff you have on your computer, or how up to date you are with all of those “security patches” you are still at risk if you act like an idiot. By contrast you could be running an old unpatched, unprotected Windows 2000 box and be just fine as long as you refuse to be a mark for online grifters.
So that’s the secret. Like most things in life, the easiest solution is the best.
Creative Commons
Security for All by Joseph Webster is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Security Bloggers Network
Giveaway of the Day
