Category: Internet matters

Posts about the internet

Legal guide for bloggers

Andrea Simms-Karp winking

For those who are serious about their blogging, or simply concerned about the legal ramifications of the practice, the Electronic Frontier Foundation has a Bloggers’ Legal Guide available.

While it is focused on American law, the general principles and issues discussed are likely to be relevant elsewhere. Issues covered include intellectual property, defamation, the legal status of bloggers as journalists, and more. It also includes a page specifically for students.

People living in countries that have weaker protections for free speech might be better served by the BBC’s guide: How to avoid libel and defamation. On a side note, I certainly hope that British law evolves away from requiring the author to prove their comments were justified and towards requiring the person or organization alleging libel or defamation to prove that such things took place. The current approach encourages frivolous lawsuits and drives journalists to bury or tone down stories without due cause.

The ‘SSL strip’ exploit

Emily Horn with garlic bread

The Secure Sockets Layer (SSL) is one of the world’s most important forms of commercial encryption. It is the public key system generally employed by e-commerce websites like Amazon, in order to prevent payment details from being intercepted by third parties. At this week’s Black Hat security conference in Washington, details were released on an exploit that takes advantage of the weak way in which SSL is implemented in secure (HTTPS) websites.

The tool – called ‘SSL strip’ – is based around a man-in-the-middle attack, where the system for redirecting people from the insecure to the secure version of a web page is abused. By acting as a man-in-the-middle, the attacker can compromise any information sent between the user and the supposedly secure webpage. The author of the exploit claims to have used it to steal data from PayPal, GMail, Tickermaster, and Facebook – including sixteen credit card numbers and control of more than 100 email accounts.

This kind of vulnerability has always existed with SSL because it is difficult to be certain about where the endpoints of communication lie. Rather than having a secure end-to-end connection between Amazon and you, there might be a secure connection between you and an attacker (who can read everything you do in the clear), and then a second secure connection between the attacker and Amazon.

To some extent, the problem can be mitigated through technical means (as described in the linked article). Beyond that, the question arises of what constitutes adequate precautions, from both a legal and a personal standpoint, and who should pay the costs associated with data breaches and fraud.

[Update: 23 February 2009] The slides from the original presentation about SSL Strip are available here and here. Both servers are under a fair bit of strain, due to all the popular interest about this topic, so it may be tricky to access them during the next few days.

[Update: 25 February 2009] SSL Strip can actually be downloaded on Marlinspike’s website.

[Update: 5 November 2009] One thing I think these SSL exploits (and others described in comments below) demonstrate is that we cannot rely completely on technical means to avoid fraud and theft online. There is also a role to be played by laws on liability and other means.

Canadian content requirements for the internet?

Apparently, the Canadian Radio-television and Telecommunications Commission (CRTC) is considering Canadian content requirements for the internet. While I do support the existence of public broadcasters, I have never felt the same way about Canadian content rules for television or the radio. To me, they seem parochial and unnecessary; why does it matter whether people want to watch shows or listen to music that originated elsewhere?

Of course, the internet idea is even more dubious. Unlike radio and television, where you get to choose between channels but have no input into what each one is putting out, the internet lets you choose each film or song individually. As such, enforcing Canadian content requirements is both more intrusive and less practically feasible.

I remember when there were high hopes that the internet would be free from this sort of petty governmental manipulation. Unfortunately, with all the censorship, dubious monitoring, and other governmental shenanigans happening now, it isn’t surprising that yet another government agency wants to assert its regulatory influence over what happens online.

Hearings begin on Tuesday, with the aim of reviewing the current policy of not regulating content on cell phones and the internet.

Webs of trust in academic publishing

Geometric sculpture

Public key cryptography was a breakthrough because of the many new types of secure communication it suddenly permitted: most importantly, between people who do not have a trusted channel through which to exchage a symmetric key. Instead, it permits each partner to make a public key widely available, as well as use the public keys of others to encrypt messages that only they can decrypt.

One avenue of attack against this kind of system is for an attacker to make a public key available that they pretend belongs to someone else. For instance, you mighy try to impersonate a government or industry figure, then have people send sensitive materials to you inadvertantly. One way to prevent this kind of attack is to use key signing: an approach employed by both the commercial software PGP and the free GPG alternative. With key signing, you produce a web of trust, in which people use their own secret keys to vouch for the validity of public keys posted by others. That way, if I trust Bob and Bob trusts Jim, I can adopt that trust transitively.

GPeerReview is a system intended to extend this trust function to the review of academic work. Reviewers produce comments on documents and sign them with their keys. These comments can include different levels of endorsement for the work being scrutinized.

It is difficult to know whether the level of academic fraud that takes place justifies this sort of cryptographic response, but it seems like a neat idea regardless. Providing secure mechanisms for people to prove who they are and that things are properly attributed to them is increasingly important as technology makes it ever-easier for nefarious individuals to impersonate anyone in front of a wide audience.

Visualizing power usage

Man on bridge, Ottawa

Of late, Google has certainly committed itself to some novel and ambitious energy projects. Their PowerMeter project probably scores fairly low on the scale of ambition, but it could nonetheless be very useful. The idea is to take in data from smart electrical meters on homes and process it into a form, accessible online, that is useful for the people who live in them. It looks like it will resemble the Google Analytics system for website statistics tracking, but it will be concerned with energy usage instead. Ideally, it will be able to isolate electricity usage associated with different activities and appliances, allowing consumers to better understand how they are using power and adjust their behaviour to do so more economically and sustainably.

Particularly when paired with differing electricity prices at different times (in order to smooth out variations between times of peak demand and times of minimal demand), such a system could encourage efficiency, help to balance the grid, and reduce greenhouse gas emissions.

I certainly hope it is eventually made compatible with the smart meters Ottawa Hydro has installing. I have contacted them to ask, but am still waiting for a response.

Video on the history of the Earth

Seed Magazine has a neat video up, in celebration of Charles Darwin’s 200th birthday. It condenses the 4.6 billion year history of the Earth into one minute of footage. As such, it gives one a sense of perspective, in terms of how little of the history of life humanity has witnessed.

One quibble: the video refers to photosynthesis by ‘blue-green algae,’ which is a misnomer. So-called ‘blue-green algae’ aren’t algae at all; they aren’t even plants. They are cyanobacteria.

Congressional reports on Wikileaks

Wikileaks – a website that has been discussed here before – has performed a significant public service, by making nearly 7,000 reports prepared by the American Congressional Research Service publicly available. The documents are non-secret, and were paid for with a billion dollars of taxpayer money. Prior to the Wikileaks action, they were not available to the general public. The research service is meant to be a non-partisan office that provides factual information and analysis to inform political decision-making.

Topics covered in the reports include Israel’s relationship with the United States, abortion, China, weapons proliferation, and many others.

Contemplating inflation

Because a previous entry has diverged into a largely unrelated conversation about inflation, it seemed best to put up a post about the latter topic and divert the related discussion here.

The questions under discussion include:

  1. What causes inflation, and to what degree can governments control it?
  2. Is mild but positive inflation (say, 2%) socially or economically beneficial?
  3. Through what political mechanism should target inflation rates be chosen?

Personally, my enthusiasm for all things economic is flagging a bit, given how long the ‘credit crunch’ has been dominating news and political commentary. That being said, I am always keen to foster discussion and, ideally, make it available in ways that third parties will find useful at later times.

Oceans added to Google Earth

Google’s decision to add seabed data to Google Earth is welcome. It is now conventional wisdom to argue that humanity knows less about the open oceans than we do about many of the stellar bodies in the solar system. That being said, given the level of pressure humanity is placing upon the oceans, coupled with the vital role they play in the planet’s biological functioning, gaining an appreciation for the nature and importance of the oceans is a critical medium-term undertaking for humanity.

One decidedly welcome thing about my new computer is that it has the processing and graphics power to make the Google Earth flight simulator smooth and visually compelling. It is neat to do something similar with the Mariana Trench.

Lofty ambitions for space travel

This is one of the best bits of satire The Onion has produced in a while: Kim Jong Il Announces Plan To Bring Moon To North Korea. It is especially amusing if you are familiar with some of the actual governmental propaganda about Kim Jong Il. I once saw a North Korean press document claiming that their leader is ‘the most energetic man in history.’ He has a fondness for doctoring photos of Napoleon to include his own face, and North Korean songs claim that he can “dispel raging storms.”

My favourite quotes from the video:

  • “A force of one million men will anchor [the moon] to a resplendent pedestal modeled on the Dear Leader’s perfect hand.”
  • “We will study the moon once it is here to learn the effects of moon possession on national glory.”
  • “The plan is perfect. We have already succeeded.”

The artwork is also an amusing impersonation of a classic propaganda style.