Wu ruled that Drew could not be guilty of violating the Computer Fraud and Abuse Act for merely violating a website’s terms of service.

Cyber Bullying Case Officially Dismissed for Vagueness | Threat Level | Wired.com

Hadley Leggett:

Starting this fall, you'll have a new reason to trust the information you find on Wikipedia: An optional feature called "WikiTrust" will color code every word of the encyclopedia based on the reliability of its author and the length of time it has persisted on the page.

Called WikiTrust, the program assigns a color code to newly edited text using an algorithm that calculates author reputation from the lifespan of their past contributions. It's based on a simple concept: The longer information persists on the page, the more accurate it's likely to be.

"They've hit on the fundamentally Darwinian nature of Wikipedia," said Wikipedia software developer and neuroscientist Virgil Griffith of the California Institute of Technology, who was not involved in the project.

Noteworthy writes: It's pretty egregious that neither Wired nor the WikiTrust folks bothered to mention the Puppy Smoothies paper, which was published in 2006, a year before the earliest citations on the WikiTrust site. (Why didn't Virgil mention this?)

The reliability of information collected from at large Internet users by open collaborative wikis such as Wikipedia has been a subject of widespread debate. This paper provides a practical proposal for improving user confidence in wiki information by coloring the text of a wiki article based on the venerability of the text. This proposal relies on the philosophy that bad information is less likely to survive a collaborative editing process over large numbers of edits. Colorization would provide users with a clear visual cue as to the level of confidence that they can place in particular assertions made within a wiki article.

Decius: Noteworthy later points out that the Wikitrust people did reference my paper in their first paper. I'm really happy to see these ideas making it into practice regardless of how much credit I'm getting. I pushed the ball a little bit forward but these guys have taken it all the way and thats awesome. Congrats Wikitrust!

Wikipedia adopts Text Coloring for Trust Idea that I helped develop

Mr. Foster,

This afternoon I received an email from you, attached below, which orders me to remove a post from my blog at www.memestreams.net about the cracking of the TI-83 OS Signing Key. Upon receiving your email I removed the post you reference from MemeStreams. However, I do not think that the post you referenced on MemeStreams violates Texas Instruments' intellectual property. Your email does not make clear what aspect of my post you object to, and because it was so vague I suspect you may have emailed me without taking the time to properly digest the context and purpose of my post.

I am a professional computer security researcher. My personal blog on MemeStreams is a place were I regularly comment on matters relevant to computer security in both the technical and policy realm. The purpose of my post about the TI-83 signing key was to report the fact that the key had been cracked, to explain why I felt that event was important and unprecedented, to discuss the implications of that event for the practice of computer security, and to consider potential events that might follow in the future.

Absolutely nothing about my post was intended to encourage or facilitate the violation of Texas Instrument's Intellectual Property. I did not include specific information, such as the numeric keys, which might have facilitated that. Frankly, I don't care about calculator operating systems and neither does anyone else who reads my blog. My interest in the subject is purely academic - its about the implications that this event has for the greater practice of computer security.

I did provide hyperlinks to the forums where the crack was discussed, but I did so only because those are the primary sources that demonstrate that the event that I was reporting on did, in fact, actually happen. While the DMCA has been used to prohibit people from providing hyperlinks in the past, this has only been done in the context where the purpose of providing those hyperlinks was to facilitate infringement. Nothing about my post encourages infringement. In my case the purpose of providing the links was to accurately report the news.

I have a constitutional right to report the news. I have a right to report that this event occurred, to explain what web forums it occurred in, and explain what implications I think it has. This is no different from a newspaper reporting that a murder occurred, reporting what street it occurred on, and explaining why their readers should care. The DMCA does not curtail these fundamental constitutional rights.

I sympathize with your position Mr. Foster. In fact, the post you asked me to remove predicted that Texas Instruments might pursue legal action against the people who are attempting to violate their intellectual property. However, I am not one of those people and I ever expected to receive a legal threat from you. As your email does not make clear what aspect of my post you object to, I've been forced to remove the post in its entirety. I feel this is a significant trespass upon my First Amendment rights and I presume that it could only have happened in error.

Please take a moment to carefully reconsider the position you've taken here.

Thank you,
Tom Cross

The email posted below has been modified from its original form. The original email contained a hyperlink to a third party website that Texas Instruments seems to think violates their intellectual property. Texas Instruments also seems to think that posting that link violates their intellectual property. Because the DMCA notice they sent me includes that link, by their logic, distributing that notice in its original form would also violate their intellectual property. Therefore, I've had to remove that link from the notice.

Here is the notice I received:

From: "Foster, Herbert"
To: "tom@tomcross.info"
Date: Thu, 27 Aug 2009 13:46:24 -0500
Subject: Illegal Offering of Material to Circumvent TI Copyright Protections

To: Tom Cross, Chairman - Memestreams

Re: Illegal Offering of Material to Circumvent TI Copyright Protections

VIA: E-mail to: tom@tomcross.info

It has come to our attention that the web site www.memestreams.net contains material and/or links to material that violate the anti-circumvention provisions of the Digital Millennium Copyright Act ("DMCA"). This letter is to notify you, in accordance with the provisions of the DMCA, of these unlawful activities. Pursuant to the safe harbor provisions of the DMCA, we request that you remove any whole or partial reproductions of and/or disable links to the following:

The link at the bottom of the www.memestreams.net page entitled "TI-83 Plus OS Signing Key Cracked - ticalc.org."

[ED: The text "TI-83 Plus OS Signing Key Cracked - ticalc.org" was originally a hyperlink that TI claims I cannot make.]

Texas Instruments Incorporated ("TI") owns the copyright in the TI-83 Plus operating system software. The TI-83 Plus operating system uses encryption to effectively control access to the operating system code and to protect its rights as a copyright owner in that code. Any unauthorized use of these files is strictly prohibited.

www.memestreams.net is distributing or providing links to information (found at http://www.memestreams.net/users/decius/blogid10355905) that bypasses TI's anti-circumvention technology. By providing copies of or offering links to such information, www.memestreams.net has violated the anti-circumvention provisions of the DMCA at 17 U.S.C. 1201(a)(2) and 1201(b)(1).

Please confirm to the undersigned in writing no later than noon on August 28, 2009 that you have complied with these demands. You may reach the undersigned by telephone at (972) 917-1522 or by email at h-foster@ti.com. TI reserves all further rights and remedies with respect to this matter.

I hereby confirm that I have a good faith belief that use of the Illegal Material in the manner complained of in this letter is not authorized by the copyright owner, its agent, or the law, that the information in this letter is accurate, and that, under penalty of perjury, I am authorized to act on behalf of TI, the owner of the exclusive rights in the TI-83 Plus operating system software that are allegedly misappropriated using unlawful methods.

Texas Instruments Incorporated

Herbert W. Foster

Manager, Business Services
Education Technology Group

The federal Cybersecurity legislation that was proposed earlier this year is back on the docket. The text about the President shutting down networks has been reworded and it sounds less silly now. They want the power to identify stuff that is too sensitive to be connected to the Internet, or possibly too overrun with malware, and disconnect it. Whether they should have the power to do that to private sector networks is certainly a subject for debate, but now that we know what they are talking about at least we can debate it.

I personally think its still too vague. It could be interpreted to mean that if you are a private company and you haven't installed the patch for the latest Windows vulnerability the "Internet Police" can come and pull the plug on your whole operation. Who actually makes these calls? What are the limits of this power? Are these decisions subject to review? Is this really the right way to resolve security problems on the Internet?

Unfortunately the section about mandatory licensing of Computer Security professionals is still there. As I say in the thread attached to the bill, that section has graft written all over it.

As for that thread, I'm linking OpenCongress, a website built by the PFF and the Sunlight Foundation which I've never used before. OpenCongress lets you read, research, and comment on legislation. Its got some nice features and interface. If they can manage to keep the discussion civil this will turn into a very powerful tool. However, there are still some bugs they need to work out, including the fact that you can't login using Safari!

Text of S.773 as Introduced in Senate: Cybersecurity Act of 2009 - U.S. Congress - OpenCongress

The new Obama flavor laptop border search policy makes an interesting statement about reasonable suspicion and terrorist watch lists:

The presence of an individual on a government-operated and government-vetted terrorist watch list will be sufficient to create reasonable suspicion of activities in violation of the laws enforced by CBP.

Objectively, I'm inclined to agree, and I'm glad they drew this line in the sand, as its an important negotiating point with regard to when searches should and should not be authorized. If you think about the way that reasonable suspicion is used by police officers in deciding whether or not to stop someone, clearly "suspect matched the description of a wanted felon" is sufficient to establish that, even if it later turns out of be a case of mistaken identity. A terrorist watch list is a similar kind of thing. If the United States had a real process for flagging people who are genuinely suspected terrorists, I'm sure that being flagged by that system would meet the criteria for reasonable suspicion.

I think that employing terrorist watch lists and passenger screening systems in making determinations about reasonable suspicion in the context of border searches is a good thing. It eliminates the rhetorical argument that if we constrained border searches of laptops to contexts where reasonable suspicion exists, we might miss a terrorist. People who are likely to be terrorists are going to be flagged by these systems, and so reasonable suspicion is going to exist in those cases. Therefore, requiring it would not hamper our anti-terrorism efforts.

However, it is possible to imagine a "terrorist watch list" that is so mismanaged that it is not objectively reasonable to suspect that people on the list might be involved with terrorism. Unfortunately, it sounds like that is exactly the kind of list that we have right now. A list with 1.2 million names on it including people who are dead, vague entries that seem to only include common place names, and people who are obviously not involved in terrorism. If the ACLU's characterization of this list is anywhere near accurate, the list is a complete joke. It simply is not objectively reasonable to suspect that someone on this list is dangerous.

Two implications follow from that:
1. If the list is ever used in a real prosecution to establish reasonable suspicion of someone who does not turn out to be a terrorist but is prosecuted for some unrelated crime, that person might be able to challenge the reasonableness of that suspicion because the list is too unreliable.

2. It would behoove those who wish to make use of these lists in this fashion to make sure that they are reliable, so the courts will take them seriously when they are relied on in a context where they run up against Constitutional rights.

Thanks to two other MemeStreams users I learned that the new Obama flavor DHS laptop search policies are out and that the ACLU is suing DHS for more specific information.

I read through all of this stuff.

The most important take away is that Obama is continuing the civil liberties excesses of the Bush years. That impression is no longer theoretical. This isn't some lawsuit that they were already up to their ears in when he took office. This is administration policy that was radically expanded during the Bush years which Obama's team took the time to review, reconsider, and rewrite. This is Obama on civil liberties. Its not pretty.

While I'm glad that DHS took the step of publishing this information it will not resolve the substantive policy debate in any way.

Janet Napolitano seems to disagree:

“The new directives announced today strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders.”

In fact, with one minor exception that I'll discuss, there is no "civil liberty" acknowledged here, so this policy cannot be said to strike any sort of balance.

These documents explain that DHS randomly seizes laptops, cellphones, and cameras and "detains" them for indepth forensic analysis in search of evidence of any crime. They will usually keep these items for less than 5 days but they can keep them for extended periods of time. By randomly I mean without any suspicion at all. They literally pick you out of the line at random.

We're told that DHS will store the electronics in a secure location and destroy any copies when they are done with them, but anything else would be totally irresponsible. The mere fact that they aren't leaving your laptop in an insecure location doesn't balance your civil liberties interests!

The privacy impact study does take the time in its introduction to acknowledge that "the... central privacy concern is the sheer volume and range of types of information available on electronic devices as opposed to a more traditional briefcase or backpack." It almost sounds like they are off to a good start, but the document never directly addresses the privacy implications of having Customs officers forensically examine that information, which includes detailed records of personal correspondence, work product, web surfing history, photographs and music collections, etc. That is the central concern here and the document steps around it with a creepy degree of bureaucratic blindness:

CBP and ICE have identified six privacy risks associated with the examination, detention, retention, and/or seizure of a traveler’s electronic device or information during a border search: (1) t... [ Read More (0.5k in body) ]

DHS Secretary Napolitano Announces New Directives on Border Searches of Electronic Media

The President's Council of Advisors on Science and Technology predicts that as many as 120 million people are likely to exhibit symptoms of the H1N1 virus. Half of these people will seek medical attention, exposing countless healthcare workers to the disease, the panel reported. Furthermore, it expects that up to 300,000 patients could require intensive care services. Seasonal flu typically leads to 36,000 deaths and 200,000 hospitalizations, up to 90% of which occur in the elderly population. The science advisors predict up to 90,000 deaths and 1.8 million hospitalizations from H1N1, also known as swine flu.

Half of Americans could catch swine flu, healthcare workers still reluctant to get vaccinated - McKnight's Long Term Care News

This will be the most important political conflict of the medium term future.

Can we really balloon the deficit to $1 trillion and expect business as usual in 4 to 5 years given the precedents and given the low savings and high debt?

My answer is no. The U.S. economy cannot possibly work itself out of the greatest financial crisis in some 70-odd years in a mere 4 years and then expect to raise taxes on the middle class without a major recessionary relapse.

So, when you hear policy makers talking about reducing the deficit as soon as possible, what you should think is 1938 and continued depression.

Beware of deficit hawks - Credit Writedowns

# Recovery of some sort seems to be at hand.
# However, we may be seeing an inventory correction and nothing more.
# America could be headed toward a Japanese-like decade or more long period of stagnant growth aka the modern Depression.
# After all, consumers are not coming back to the party.

naked capitalism: Stephen Roach: The case against Bernanke