Immutable Security

I had the good fortune recently to take a few days off. We decided to travel to a city a few hours away by train, a method of travel that is generally comfortable and relaxing.

Being a security guy, I couldn’t help but notice the lack of security. My ID was checked only once when heading to our destination, but not on the leg back. The guy obviously didn’t even look at it very closely and he didn’t use one of those little ultraviolet lights. My luggage wasn’t inspected at all, nor was my person. There were no metal detectors. All I noticed was a few cameras and a sign telling me to watch out for suspicious stuff.

It would have been trivial to load myself up with automatic weapons or even pack my suitcase with explosives. At a minimum, I could have destroyed the portion of the train I was on and killed everyone on it.

I got to thinking–in the post 9/11 world we live in, how could this be? Didn’t they think to secure the rail system? Wouldn’t an attack on the railway instill fear in America and be an easy target? Of course they must have thought about this. There must be other explanations.

Perhaps the intelligence indicates that the railway really isn’t a target. Perhaps Amtrak doesn’t have enough money to implement something like the airlines have, and since they haven’t been given a mandate or been taken over by the government, they haven’t done anything. Maybe it’s “in the works.” Maybe there aren’t enough resources to go around and this is at the bottom of the list.

Whatever the case, I came to realize that I really, really enjoyed the lack of security. I didn’t feel any less safe by not having my luggage swabbed. I realized that I most likely had a much higher risk of dying in the car on the way to the Amtrak station than I did by a terrorist attack on the actual train.

Would I feel differently if there had been a recent terrorist attack on a train, or if I had survived a terrorist attack anywhere? Possibly. But not having gone through that experience, I realize that fearing an attack on a train is a mostly irrational fear and a risk that may not be worth doing anything about.

Now the lack of on-board wi-fi is another matter entirely…

The new version of Ubuntu includes integration with the 7digital.com music store. No longer do open source users have to rely on proprietary applications like iTunes. They can now purchase good-quality music using only free software.

Like most other online music stores today, 7digital sells non-proprietary, but patent-encumbered MP3 files. This is leaps and bounds better than the DRM-laden files which used to be sold by stores like Amazon and iTunes.

And while there is a bug which discusses some of the issues surrounding relying on a patent-encumbered format, rather than something free like Vorbis, there is one critical issue that free software users are not debating.

Allow me to demonstrate by quoting from the 7digital.com Terms and Conditions:

(i) You are authorized to use the Content only for personal, non-commercial use, and not for redistribution, transfer, assignment or sublicense, to the extent permitted by law.

So, unlike a traditional CD you buy at the store, you are contractually agreeing not to lend it to your friend, donate it to your library, or when you’re tired of it, throw it up on eBay for sale. In short, it makes it a breach of contract to share your music or even to sell it when you’re you have outgrown it or lost your job.

The Terms and Conditions continue:

(ii) You are authorized to use the Content on up to five authorized devices at any time. 7 reserves the right to limit the number of authorized devices further and the number of authorized downloads to comply with the wishes of its licensors.

And there we have the DRM. The difference here is that it is implemented in a contract, not in technology.

And just when you thought it might be over, they throw in this little gem:

(iii) You may not use Content as a musical “ringer” in connection with mobile phone calls.

Take all the fun away, why don’t you.

Ubuntu certainly isn’t the only one guilty of implementing the DRM through a contract rather than technology, but honestly, I hoped for better from a distribution that espouses to be freedom-focused.

If the free software community can accept this, what hope do we have for retaining the rights under U.S. copyright law that we have enjoyed for so long? If we contractually give up those rights on music, video and most importantly, books, what does that say for the future of the independent after-markets, fair use and archival?

One of the nice things about having your own blog is that you get to warn others about companies to avoid. One such company is Blooms Today.

We ordered flowers from Blooms Today quite some time ago and recently they have taken to sending me “checks” in the mail. These are checks for about six dollars and change. There’s a catch, obviously. If you cash the check then you’re agreeing to sign up for some kind of expensive recurring service, for which they will take the liberty of charging your credit card almost $200.

The mailing looks like a check you might receive from your employer or maybe even as a tax refund. It’s one of those tear-across-the-sides-and-top type of envelopes.

It’s a shame that companies have to stoop to the level of baiting you with dishonest sleaze-ball tactics such as this. Instead of interesting me in future business, they have only served to ensure I will not only never order anything from them again, but also warn others about their shady business practices. If I feel particularly ornery, I might even just send it along to my state Attorney General.

Beware and be safe!

My wife got an Apple iPhone over the weekend. It’s an amazing piece of technology. Apple has done a fine job adapting a traditional computer into a phone form-factor. It truly sets the bar at an entirely new level for portable computing. Of course, there’s also an integrated phone.

I emphasize that it’s a computer because it has all of the characteristics of a computer. With the iPhone, the phone is simply another application on the computer–not unlike a Skype application might be installed on your Windows computer.

Our models of computers and phones have strong, but mostly disassociated relationships. We have a history of using computers as an important extension of all sorts of information. We understand that allowing others to have total control over our computers in generally a bad thing, whether that someone is a government entity, corporation or script-kiddie. Phones, on the other hand, have traditionally been far less complicated. There is a pretty basic hardware device and a service provider. The risks are well understood.

As I was playing with the iPhone and trying to find ways to meet my wife’s IT needs, it became increasingly clear how little control I had over this computer. Without jailbreaking the phone, I had no way to get a shell, and therefore no way to collect logs, change passwords, harden the underlying OS, install intrusion detection, or do any of the other things I would normally do to a computer I managed. Apple was my only source for applications and only those applications which Apple approved of could be installed. My hands were completely tied.

Unless I jailbreak this phone and accept the risk of something else not working, or Apple breaking it in an update, and explore the ethical questions as a result of doing so, I am completely at the mercy of Apple for the phone security and functionality. My risk assessment is theirs. My acceptance of risk is their acceptance of risk, which undoubtedly is primarily influenced by their bottom line.

This goes far beyond risk management. Imagine the outcry if Microsoft only allowed applications which they permitted to be run on Windows. We would have a world entirely dominated by Microsoft.

We need to lobby our lawmakers to, without equivocation, absolutely require computing platforms to be open enough for fair competition and where one company cannot call all of the shots. This is not about open source, this is simply setting requirements for a heterogenous platform where the risk of total control of data is minimized.

As the world becomes more mobile, this will need to be increasingly recognized as an essential liberty.

From the “What can we do to stop terrorism, without actually addressing terrorism” department, comes the news that scientists are researching how to sniff out scared people at checkpoints.

In the research, scientists discovered that they could literally detect the pheromones produced when someone is afraid. That’s not so surprising, but what is mind-boggling is that one of the proposed implications of the research is to be able to identify “scared” terrorists.

I’m not even sure where to begin with this one, but let’s give it a try. Here are just some of the potential vulnerabilities in this stupid idea:

• Many terrorists seem to be so brainwashed into believing that they are about to get 72 virgins that they’re probably more likely to be a bit “happy,” rather than scared if you know what I mean.
• Sociopaths won’t be scared.
• When we recently took my three year old daughter through an airport checkpoint she probably would have been tagged. It would have been because they took her Cabbage Patch doll to scan for hidden bombs.
• We better hope there are no nearby spiders and arachnaphobes.

Do I really need to continue?

Fighting terrorism with stupid ideas like this only serves to take the focus off those areas where we need to pay attention. With limited resources, we can’t afford to divert our attention from those techniques law enforcement has been using for years and which are proven to detect and stop criminals.

This idea smells stupid because it is.

Who knew that a bunch of librarians could produce cool, online tools? Well, the folks over at the Copyright Advisory Network have done just that. Here are four tools to help you navigate the sometimes confusing and seemingly obscure US copyright law:

• The Public Domain Slider is my favorite of all of these tools. For example, did you know that a copyrighted work first published prior to 1923 is now in the public domain? That means you can use, sell, redistribute and do whatever else you want to all sorts of wonderful print, audio and video. Go ahead and post them to the file sharing sites and have a chuckle if you get a cease and decist letter.
• The Section 108 Spinner is primarily for librarians and archivists. Under certain circumstances, they get to reproduce entire copyrighted works. Those wiley librarians get to have all the fun!
• The Exceptions for Instructors eTool is for, well, instructors.  Just like librarians, instructors can laugh off all of those litigious attorneys who would rather they didn’t know their rights under copyright law.  Am I the only one picturing a teacher with a cape and a big © on their chest?
• Finally, the Fair Use Evaluator helps you to make a subjective determination whether your use is defensable as fair under the law. Remember, fair use of a copyrighted work does not require the permission of the copyright holder. Also remember that it is a defense to infringement, which means that a judge gets to decide if your use was fair once sued.

Until next time…

To the best of my knowledge (and I am not an expert), material produced by the government, (with certain exceptions) with taxpayer money is in the public domain. As well it should be. If we paid to produce it, it makes sense that we should have access to it. Public domain material is truly free. It is not copyrighted. It’s accessible to anyone for any reason to do anything they want with it. You can copy it, re-use it, make it into other works and make nice bird houses out of it.

Bill Harbaugh, Professor of Economics at the University of Oregon has challenged the Oregon Attorney General by posting the “Oregon Attorney General’s Public Records and Meetings Manual” online, in direct defiance of a warning from the AG.

The AG believes this is copyrighted material, despite his public position and despite that this is a guide which explains how one can access various public records. That’s an understandable position for the Oregon AG to take since they sell it for $25.

Today, I applaud Bill Harbaugh. This guy has a set. We need more people, and especially more well-educated and respected people to draw a line in the stand against abuse of copyright law. Remember, copyright law (at least in the U.S.) was designed to ensure a balance of rights between the creator and the recipient. It is not designed to give the creator absolute rights. At least in this case, it doesn’t even appear that copyright law should apply. It seems clear that this document should be in the public domain.

Way to go, Professor Harbaugh!

Recently, I blogged about how Amazon removed certain legitimately purchased eBooks from Kindle readers. One of those books, ironically, was George Orwell’s “1984.”

Today, I learned that they’re trying to make up for the incident. According to this thread, affected users are being offered the book back or a $30 credit.

While the DRM issues are still concerning, this is a truly great response from Amazon. They know it was a mistake and are trying to make good.  Hats off for customer service.

Amazon, let’s take it one step further and get rid of the DRM on the books. Get rid of the contractual agreements that force users to leave their rights under US copyright at the door. People will still pay for a good product and we will have freed the information. Do the right thing and I’ll become a customer of your digital wares.

By now you’ve probably heard about how the Amazon Kindle erased some e-Books that were legitimately purchased. One of those was George Orwell’s “1984.” I don’t think I have to explain how that just oozes irony. Amazon apologized–a truly class act.

Today, the Consumerist ran a story on how they can’t quite get a straight answer about Kindle licensing. Licensing for a book, you say? Well, yes. Remember, with DRM things aren’t always what they seem.

You see, when you buy the eBook, you’re not really buying the book. I know, it seems like you paid for it, so it’s yours. But, according to Amazon, you really only have a license to read the eBook. It’s as if there’s some sort of special privilege they are granting you to feast your eyes on the author’s creation. Think of it as a long-term rental, which may expire at any given time.

They limit how much text you can clip from the book. US Copyright law allows you to use portions of copyrighted work without the author’s permission under certain circumstances. How much you can use very much depends on context. The courts have looked at individual cases in the past and applied certain sniff tests to determine if the use was fair. But if you buy an eBook, the author calls the shots. What you end up with is a situation where you don’t need their permission to sample the work, but where the digital locks, to which only they hold the key, effectively keep you from exercising that right.

Finally, as the Consumerist article points out, not much of this is that clear up-front. You may not actually find out about the restrictions until you run into them. By that time it’s too late.

eBook readers are convenient–there’s no doubt about that. But as I’ve said before, realize that this convenience comes at a price. That price is the loss of freedom. Think about that.

Awhile back I bought a new Toshiba laptop. I got a great deal and it looked like it would serve my needs just fine. I knew exactly how I was going to use it.

When powering new computers on for the first time, most of them immediately lead you into the Windows installation routine. That makes sense because most people want Windows. But I didn’t. This laptop came with Vista, which from a previous experience playing with, I knew wasn’t for me. For kicks, I reviewed the license agreement. That was the nail in the coffin. I declined the EULA, rebooted to an Ubuntu installation CD and proceeded to send Vista to the bit-bucket.

I knew I couldn’t return Windows for a refund. Toshiba covered that nicely with a small notice on bright paper in the laptop box. But perhaps someone else can use the copy and I can get a few bucks back, I thought. Even thirty bucks would be enough for a casual dinner out.

I decided to look at the possibility of selling my copy on eBay. According to eBay’s policy on OEM software, I cannot sell it unless I also sell the original hardware the computer came with. Apparently, I can’t just ship the customer an old motherboard. Or if I do, it sounds like it would be a technical violation of the policy.

So, here I am. I have a copy of Vista I don’t want. I did not agree to the license terms and still, I can’t sell my copy of Windows (at least on eBay). Although I in no way agreed to Microsoft’s terms and conditions, including the condition that OEM software must be sold with hardware, I am still somehow bound by it.

If copyright law grants me the first-sale doctrine right and if I refuse to accept additional licensing terms from the copyright holder, how can the copyright holder assert any additional rights over what the law allows? Food for thought.