The US government seems determined that mass electronic spying is justified and necessary to prevent terrorist attacks.

The privacy aspects of spying on average citizens are simply ignored or viewed as a small price to pay for security.

Wired has a good article entitled Mass Spying Means Gross Errors that points out that such mass spying simply does not work. There are so many false positives that the manpower to check them all out does not exist. And of course every false positive is an innocent person who may suffer consequences for no reason.

It also points out how easy it is to hide one’s intentions in communications to evade detection.

No one would argue that the security and safety of any country’s citizens are not important – but what’s the point of spending money on efforts to protect that are ineffective, invade privacy, and cause more harm than good?

Read the Wired article

The GPL is one of the most well known open source software licences. It has been described as part manifesto, and part license.

It also causes confusion in the open source and commercial worlds because of its obligation in certain circumstances to make the source code of derivative works public.

The new draft is open for comment, and is not expected to be finalized for about a year.

Take a look at the following links for the text of the draft, and some commentary. I’ll write a more detailed article for my Free Press column later.

Read the draft on the Free Software Foundation site

Read a CNet article

Read a Wired article

David Canton – For the London Free Press – January 14, 2006

Read this on Canoe

A law has been proposed in a New York City suburb that would require any business or home office with a wireless network to install separate servers to combat Internet attacks. Violators would face fines of $250 US or $500 US.

The purpose of the law is not to protect the owners of the networks, but rather to protect consumers from identity theft and other data threats.

The law would apply to Internet cafes and other wireless hot spots, as well as commercial businesses and home offices which take personal information from consumers. It would require “commercial businesses” with “public Internet access” to have a “network gateway server” with a software or hardware firewall.

It would also require any business or home office that stores personal information to install a firewall-outfitted server — even if its wireless connection is encrypted and not open to the public.

Affected businesses would also have to post a sign that says, “You are accessing a network which has been secured with firewall protection. Since your protection does not guarantee the security of your personal information, use discretion.”

“People don’t realize how easily their personal information can be stolen,” said Andy Spano, the Westchester County executive who proposed the legislation. “All it takes is one unsecured wireless network.”

In that respect, he is correct. Unless precautions are taken, someone using a portable computer can easily steal data from your laptop at a public WiFi hot spot or connect to your home network.

According to Jupiter Research, a company that provides research and analysis on the Internet and other technologies, 14 per cent of WiFi users have logged onto neighbours’ networks during the last year and 30 per cent are worried about their neighbours getting onto their networks.

A person logging on to your home or business network is a problem. It uses up your bandwidth, which slows down your use of the network, but more importantly allows your data to be intercepted.

If the intruder uses your network to commit a crime, send spam or cause other issues, there is a chance you will be held responsible. Even if you’re found not responsible, it may be assumed you were the wrongdoer unless you can prove otherwise.

Since computers are often configured to connect to the strongest signal, you may even be connecting to a neighbour’s computer inadvertently.

WiFi hot spots are a growing phenomenon. While once limited to Internet cafes and airports, some McDonald’s restaurants are now equipped with WiFi access. Some municipalities, such as Philadelphia, have attempted to install networks that blanket the entire city.

These plans, however, are often thwarted by telecommunications companies that have lobbied for laws banning the efforts to avoid competition from the public sector.

The issue of WiFi security deserves attention. While the purpose of the New York proposal is understandable, it seems impractical for technical and financial reasons.

In my view, legislating for specific technical measures rather than a result is not the best approach.

Whether you have a WiFi router or are considering getting a wireless business or home network, data security must be dealt with. Everyone should make sure their wireless connections are secured so only intended users have access.

Anyone installing WiFi devices should turn on security measures or have a computer professional do so.

Noticed an article in todays London Free Press about a privacy probem with Rogers cable that the privacy commissioner is looking into.

Seems that if one knew someone else’s name, phone #, and postal code, you could go on to the Rogers site and find out what cable services and channels that person subscribed to.

Rogers was quoted as saying Friday that : “…we have asked our website team to shut down this feature.” I trust they were referring to the ability to look up ones own services as a “feature” and not the ability to look up other’s.

Never ceases to amaze how entities that claim to have, and believe they have, privacy under control, end up with such blatant holes.

Read the article on Canoe

A couple of recent incidents illustrate how many people just don’t get it when it comes to privacy issues.

On the overprotective side is a report about how Sprint refused to co-operate with parents and police in an emergency. A car was stolen with a baby in a car seat in the back. The owner’s cell phone was also in the car and on. The cell phone had GPS, so Sprint could track the car, but they refused to divulge the information!!

On the opposite side is a report about a complaint from recipients of birthday cards from a member of parliament. The recipients claim the only way the MP could have got their birthday information was from a passport application that the MP facilitated. If that is true, it shows a lack of understanding of the whole privacy issue by the MP.

Read an Engadget post on the Sprint issue

Read David Fraser’s post about the birthday card issue

There have been a few mentions the past few days of a new US law that contains language that makes it illegal to post annoying Web messages or send annoying e-mail messages without disclosing your true identity. There is some uncertainty over exactly what the law means.

Strikes me as another sledge-hammer to kill a fly law that has not been well thought out. We chastise countries outside of North America for having draconian laws affecting speech and the Internet, but sometimes the US seems no better.

David Fraser’s Canadian Privacy Law Blog has a good list of links to an initial CNet article and various other comments.

Read David’s post

Sam Bulte is parliamentary secretary to the Liberal Heritage Minister responsible for copyright reform. There is a great deal of controversy over entertainment industry influence over copyright reform (eg Bill C-60), the most visible being a CRIA sponsored fundraiser for her to be held just days before the election.

Michael Geist posted an entry this week with a good summary of the issue and links to many articles, including some scathing comment and a response from Bulte.

The article is a good read for anyone interested in copyright reform, music downloading, the Federal election, or allegations of government wrongdoing – which covers just about everyone.

Read Michael’s article

Update: Take a look at this Techdirt post entitled Canadian Politician Suggests Content Users Are Just Zealots for their take on “Bulte’s increasingly silly attempt to defend her position…” For those interested in ongoing developments on this issue, keep an eye on Michael Geist’s site.

Read the Techdirt article

Lawrence Lessig’s column in the January Wired magazine talks about the approach to copyright taken by Andy Warhol’s foundation.

Rather than practice the “IP extremism” that we so often see, the foundation’s president says:

The Warhol Foundation is “vigorous in enforcing our rights when it comes to people wanting to use Warhol’s art for commercial purposes,” Wachs said. But when it comes to artists and scholars, the rules are very different. “We permit artists to use and reference Warhol work without charge and without challenge.” And “we let scholars use Warhol imagery for just a nominal fee to cover the cost of administering the rights.” Wachs told me later, “We’re Lessig when it comes to artists and scholars” and “Disney when it comes to commercial use.”

As Lessig states: To people who live outside the IP-extremist­ culture, this sounds quite sen­sible. But inside that culture, the foundation’s values are incomprehensible.

Too often copyright is strictly enforced just because it can be, without looking at the bigger picture of what is in the best interests of both the copyright holder and the public.

Read the Wired article

David Canton – For the London Free Press – January 7, 2006

Read this on Canoe

The “Sony rootkit,” Sony-BMG’s recent attempt to prevent copying of its music CDs, has created a public-relations nightmare, angered privacy and security experts worldwide and exposed them to lawsuits.

Sony decided to use Extended Copy Protection (XCP) on 52 CD titles.

XCP is a rootkit, a program used by virus writers. It enters into a computer uninvited, copies itself to the “root” of a computer and hides its presence from the user by disguising itself as system files.

XCP is cloaked from detection from those wishing to remove it. It prevents the user from playing the CD in certain media player programs. The program transmits information back to Sony about the customer’s listening habits.

Sony dismissed complaints that XCP violated users’ privacy, arguing it was simply protecting its intellectual property rights. Sony relied on the End User License Agreement that appears on the screen when a CD with XCP is played on a computer. EULAs are standard for software, but unusual for music.

The EULA informed users the CD would install a “small proprietary software program” intended to protect the audio files.

The EULA also contained unusual provisions that, among other things, said the company can put backdoor programs on your computer that allow it to use self help to “enforce their rights” and if by doing so it destroys your computer or cause a security risk, it’s not responsible.

Many argued the EULA was insufficient, as it said nothing about installing cloaked files in the root of the user’s computer or transmitting information.

Security experts said computers could be vulnerable to viruses that use XCP’s cloaking feature. Sony claimed these concerns were theoretical until several viruses specifically designed to take advantage of the cloaking feature were discovered.

Sony provided a patch that removed XCP’s cloaking, allowing security software to detect these viruses. This did not placate critics as it did not actually remove XCP and installed new files that could not be removed without Sony-BMG’s consent.

XCP proved nearly impossible for users to uninstall manually without disabling their CD drive or triggering a system crash. When Sony finally offered an XCP uninstaller, users had to fill out online request forms, requiring information such as the user’s name and e-mail address.

This uninstall program caused as many problems as it solved.

Sony then temporarily suspended its use of XCP. It yanked XCP CDs from store shelves and offered replacements for already purchased CDs. About 4.7 million CDs had been shipped and 2.1 million sold. More than half a million networks have been infected.

Sony’s legal problems began when multiple class-action lawsuits were launched based on claims Sony violated U.S. state and federal laws against computer tampering and malicious software and has committed fraud, trespassing and false advertising.

The Texas attorney general filed a civil lawsuit, seeking $100,000 for each violation of that state’s Consumer Protection Against Computer Spyware Act.

There are now claims the XCP software can be prevented from installing merely by putting a piece of tape on a strategic spot on the CD.

So all in the name of copy protection, Sony-BMG has angered customers, musicians and retailers, lost sales, possibly breached privacy and computer trespass laws, exposed customers to viruses, allegedly used code in the XCP they were not licensed to use, denied and covered up what they had done and dismissed legitimate concerns as unfounded.

Leads one to wonder why Canada is considering amending its copyright legislation to make it illegal to defeat digital rights management software.

David Canton – For the London Free Press – January 7, 2006

Read this on Canoe

The “Sony rootkit,” Sony-BMG’s recent attempt to prevent copying of its music CDs, has created a public-relations nightmare, angered privacy and security experts worldwide and exposed them to lawsuits.

Sony decided to use Extended Copy Protection (XCP) on 52 CD titles.

XCP is a rootkit, a program used by virus writers. It enters into a computer uninvited, copies itself to the “root” of a computer and hides its presence from the user by disguising itself as system files.

XCP is cloaked from detection from those wishing to remove it. It prevents the user from playing the CD in certain media player programs. The program transmits information back to Sony about the customer’s listening habits.

Sony dismissed complaints that XCP violated users’ privacy, arguing it was simply protecting its intellectual property rights. Sony relied on the End User License Agreement that appears on the screen when a CD with XCP is played on a computer. EULAs are standard for software, but unusual for music.

The EULA informed users the CD would install a “small proprietary software program” intended to protect the audio files.

The EULA also contained unusual provisions that, among other things, said the company can put backdoor programs on your computer that allow it to use self help to “enforce their rights” and if by doing so it destroys your computer or cause a security risk, it’s not responsible.

Many argued the EULA was insufficient, as it said nothing about installing cloaked files in the root of the user’s computer or transmitting information.

Security experts said computers could be vulnerable to viruses that use XCP’s cloaking feature. Sony claimed these concerns were theoretical until several viruses specifically designed to take advantage of the cloaking feature were discovered.

Sony provided a patch that removed XCP’s cloaking, allowing security software to detect these viruses. This did not placate critics as it did not actually remove XCP and installed new files that could not be removed without Sony-BMG’s consent.

XCP proved nearly impossible for users to uninstall manually without disabling their CD drive or triggering a system crash. When Sony finally offered an XCP uninstaller, users had to fill out online request forms, requiring information such as the user’s name and e-mail address.

This uninstall program caused as many problems as it solved.

Sony then temporarily suspended its use of XCP. It yanked XCP CDs from store shelves and offered replacements for already purchased CDs. About 4.7 million CDs had been shipped and 2.1 million sold. More than half a million networks have been infected.

Sony’s legal problems began when multiple class-action lawsuits were launched based on claims Sony violated U.S. state and federal laws against computer tampering and malicious software and has committed fraud, trespassing and false advertising.

The Texas attorney general filed a civil lawsuit, seeking $100,000 for each violation of that state’s Consumer Protection Against Computer Spyware Act.

There are now claims the XCP software can be prevented from installing merely by putting a piece of tape on a strategic spot on the CD.

So all in the name of copy protection, Sony-BMG has angered customers, musicians and retailers, lost sales, possibly breached privacy and computer trespass laws, exposed customers to viruses, allegedly used code in the XCP they were not licensed to use, denied and covered up what they had done and dismissed legitimate concerns as unfounded.

Leads one to wonder why Canada is considering amending its copyright legislation to make it illegal to defeat digital rights management software.