US Customs Searches at Borders

What privacy rights do you have when you cross the border, especially with a computer that may have a hard drive loaded with your personal, private information? Must you give up your privacy rights to travel abroad?

Audio of my talk on border searches of laptops from Dragoncon is up. I gave this talk several times last year, but this was the best version I think.

Electronic Frontiers Forums at DragonCon

This short essay is well worth the couple of minutes it will take you to read it.

Asian children learn to count much faster. Four year old Chinese children can count, on average, up to forty. American children, at that age, can only count to fifteen, and don't reach forty until they're five: by the age of five, in other words, American children are already a year behind their Asian counterparts in the most fundamental of math skills.

gladwell dot com - rice paddies and math tests

We’ve implemented Facebook’s “share” standard for enabling thumbnails on Digg, which means that if you correctly implement the standard below, your thumbnails should appear on both sites when submitting video, news, and image stories.

Excellent. Digg created a standard. MemeStreams ought to support this.

Digg - Digg / Tools / Thumbnails

I previously commented on Verisign's incredulity at the fact that the researchers who produced a phoney SSL certificate didn't put them in the loop prior to public disclosure of their research.

It appears this incredulity has produced a bit of a debate. I'm linking Rob Graham who weighed in the subject:

The researchers behaved perfectly and responsibly. Their worry about being suppressed was justified, and their secrecy was an appropriate response. The very fact that Versign could quickly fix the problem in a day, but malicious hackers would need at least a month to replicate the feat, means that notifying Verisign ahead of time wasn't needed.

He links to a post from Alexander Sotirov who also took issue with Verisign's position:

In a recent post on his company blog, Verisign's vice president of marketing Tim Callan commented on the disclosure of our MD5 collision attack:

VeriSign did not receive any of [the] information ahead of the actual presentation, rendering it impossible for us to begin work on mitigating this issue prior to this morning.

I feel that this statement is inaccurate. Not only did we contact Verisign before our presentation to let them know about our research, we also strongly advised them to stop using MD5 as soon as possible and were given a chance to review their mitigation plans.

Callan responded in the thread on his blog.

Here are the facts as I understand them.

- The "trusted intermediary" was under a strict NDA with you and didn't feel it could reveal anything that was actually actionable or useful. Your NDA prevented the intermediary from telling us what would be announced, by whom, or when.

- You didn't invite us to view the presentation in person or on the webcast. Had VeriSign not discovered by other means that this presentation was coming, we may not have had the opportunity to hear what you had to say until after the fact.

- In addition to Microsoft and Mozilla, at a bare minimum you briefed The Washington Post, Wired Magazine, CNET, and IDG News Service prior to your announcement. You also briefed one or more active security bloggers. Based on the reports from these people, it appears that you obtained promises from them not to share with us either.

- You stood on stage in front of a room full of people and explained that you had actively sought to prevent us from finding out. You had a slide thanking the lawyers who helped you prevent us from finding out.

- VeriSign acquired the RapidSSL product line as part of its acquisition of GeoTrust in September of 2006. That's when we began our process of learnin... [ Read More (0.2k in body) ]

Errata Security: Versign's Bad Response to the MD5-SSL Crisis

The app rewards people with a coupon for BK's signature burger when they cull 10 friends. Each time a friend is excommunicated, the application sends a notification to the banished party via Facebook's news feed explaining that the user's love for the unlucky soul is less than his or her zeal for the Whopper.

Wow!

BK Offers Facebook 'Sacrifice'

South Korea said on Thursday it had arrested an elusive blogger accused of undermining the country’s financial markets with his doom-mongering, ending a case that has illustrated government unease with the growing influence of online ­gossip in the world’s most-wired economy.

I am disappointed to hear that South Korea is no longer a free country. I mean that in all seriousness.

FT.com / Asia-Pacific - Financial blogger arrested in South Korea

Fully 35% of a person’s FICO score boils down to one’s history of making
payments on time. The average FICO score today now is down to 690 after the
borrowing spree of the past seven years. Yet to obtain a plain-vanilla 30-year
fixed rate mortgage, the minimum score is 760. For a 15-year HELOC, it is 740.
And, for a three-year auto loan, the minimum FICO is 720. This is a primary
reason why the credit cycle is not about to be revived. It is not that standards are too tough as much as the unprecedented borrowing binge over the past seven years has left the household sector, at the margin, with a credit profile that is too risky for the banking community to justify to their shareholders.

Merrill Lynch on how fucked things are

As the saying goes, you are entitled to your own opinion, but not your own facts. The instant historical revisionism by Karl Rove in today’s WSJ — mythmaking writ large — contains an egregious combination of false statements, crucial omissions and misleading assertions.

As recently as 6 months ago this sort of self-delusion that has been the hallmark of Conservative thinking in the past years was extremely frustrating, because they were in power. Its been a constant pattern: telling themselves that Iraq had WMDs or that FISA doesn't constrain the power of the President or that the EFF is "in it for the money" or that the UN and the Geneva conventions are irrelevant or that Brown was doing a good job running FEMA... They do it by lying to themselves, over and over and over again until their believe their own bullshit and are comfortable with what they've done.

Believing your own bullshit has consequences. It had consequences in Iraq, it had consequences in New Orleans, it had consequences for our economy, and it will have consequences domestically and internationally when the civil liberties and Geneva conventions chickens come home to roost. Each step of the way people have been calling Conservatives out on their bullshit, and finally after 8 years enough people have finally caught on that the Republican party is no longer in control of the government. But they still haven't learned their lesson. They still haven't figured it out. They are still lying to themselves. They still don't take what they're doing seriously enough to face it honestly. And what scares me is that they are down, but they are not out. These people cannot be allowed back into power until they realize what was actually at the heart of their demise, and it sure as hell wasn't that they "weren't conservative enough" - another line of bullshit their pundits tell them.

We simply haven't seen enough of the Democrats in recent years to know to what extent they suffer from the same problem. The claim that there is no problem with social security was certainly troubling, as was their unwillingness to give the surge time to work before calling it a failure.

What this country needs more than anything is leaders who are not full of shit. Is that too much to ask?

Karl Rove’s Factually Challenged Housing Revisionism | The Big Picture

I have some hard drives. I want to throw them out. They have data on them. Some of that data is personal correspondence and some of these hard drives are rather old and I have no idea what is on them, but I'd rather not provide that data to whoever happens to be buying stuff from the local computer recycling center on the off chance its personal. Furthermore, if the government is going to hold that police searches of garbage can be conducted without either a search warrant or any constitutionally required factual predicate than one must assume that all garbage is monitored by the state. Anything less would be a pre-911 mentality. If you are willing to provide the state with warrantless access to your hard drives there is really no point in complaining about 4th amendment issues or warrantless searches at borders, for example. So, I can't just throw these drives out.

Unfortunately, my local computer recycling center makes stern warnings that they are not responsible for data on devices given to them. I don't see why they won't just buy a degauser, but I'm guessing they don't have one, and I'm not going to go out and drop 2 grand on an industrial degauser for my loft.

This puts me in an odd position that I'm sure many of you have also been in:

What do you do with old hard drives? Do they become a permanent part of your electronics junk pile, carried with you everytime you move? Do you know of an inexpensive way to destroy them?

One of Obama's first tech-related decisions has been to select the Recording Industry Association of America's favorite lawyer to be the third in command at the Justice Department. And Obama's pick as deputy attorney general, the second most senior position, is the lawyer who oversaw the defense of the Copyright Term Extension Act.

Some argue that a lawyer is an objective advocate of his client's interests, which should not be read as his own, but there is a very strong relationship between the leadership of the Democratic party and the upper echelons of the copyright maximalism movement, and these lawyers, along with Joe Biden, are right in the middle of that relationship.

Obama picks RIAA's favorite lawyer for a top Justice post | Politics and Law - CNET News