The most annoying thing about the UK "poll tax" fiasco was that it was completely incompetantly managed and they never bothered to tell you when you were being taken to court. It was (and still is) perfectly possible to get a criminal record due to the administrative incompetance of what used to be your local council. With all the credit record and job application problems that involved.
I sincerely hope that the ALCU win, but that the binding precedent set is that it is impossible to commence a case (excepting federal / criminal) if the defendant has not been proven to have been informed. Then all we need to do (!) is import it across the Atlantic...
Couldn't we see CmdrTaco flaying Bill with a steel wire copy of the cease and desist email, alternating with drowning Jeff in a sea of his own patent applications?
I'm pretty sure Jon Katz could think of some interesting things to do with / to those nice persons at Pinkerton.
We are talking "Intellectual Property Rights" here, so Dell wouldn't have much of a come-back unless you made a machine that looked like a Dell (out of spare parts) and then sold it (registered design infringment & pasing off.)
With IPR - copyright and the more complex things for software, it is all down to the contract (as previous posters have said.)
Mind you, in the UK it would have been the empoyer who was liable, rather than the contract coder (it isn't writing a copy that is a crime, it is using it commercially.)
Or, from the UK point of view (the Demon / Godfrey case):
* The ISP is not liable for any content passed through them, but not "published" or otherwise owned by them unless:
1. They are informed that the content is offensive / libelous (sp?) or otherwise daft.
2. They then refuse to remove it.
This is the whole "cease and desist" nonsense.
Where is the problem? Obviously, in the ISP's response - the actual case law seems to be sensible (on both sides of the Atlantic.) If I post an objectionable USENET or/. message, all the content provider needs to do is remove that one post. Fine.
What actually happens - for the one duff message, the entire site is normally taken down. Solution?
Proposition: more common sense, fewer law suits. (Don't see it happening, myself.)
Fully modular and multipurpose mobile Internet appliance based on SMARTDATA's CHIPSLICE achitecture. EP patent pending / design registered
IANAPL, but is an EP patent one of the everywhere in Europe (EU, EEA + a couple of others) bundles? I would assume that the actual patentable idea is the way they have managed to clag the modules together, rather than a patent on pure size.
The law is called the "Regulation of Investigatory Powers" Bill, normally abbreviated R.I.P., which is, at least, ironic.
Not only can they force you to hand over a key, but it is an offence under the bill to tell anyone that you have handed over the key - so you legally required to keep using your old key! Worse if you are not the key issuer - they just get it off your company / key provider, and no-one tells you.
"But, Sir, I've lost the key." NT problems have meant, for example, that I have had to change PGP keys twice in the past 12 months. Oh dear, under the current proposal, the burden of proof that you do not have access to the key is on you, not them. So, I send an email with some {kiddie porn, spoof drugs information, death threats etc} to you, using the public key of a key pair I generated just to get you into trouble. I then bin the keys and the spooks raid you and demand the private key. You must prove (logically impossible that it it) that you do not possess the key.
Or, an ex-employer of yours is involved in something dodgy (after you have left, of course.) You hand back your corporate laptop, having deleted your private key. 12 months later, you are required to produce that key!
Them: "Where is the backup?"
Us: "Oh, I think I used that disk to try out a new Linux distro - its been reformatted."
Them: "Prove it!"
This bill is scarey. Fortunately, it is not yet law. Mind you, it isn't ?UCITA?, so it is only the government cracking your computers, not every Corp who wrote any piece of software you use.
Last rant: the ISPs are being made to pay for installing their ends of this system. They reckon it is going to cost between $75k and $250k per year for them to snoop for the Govt. They are not happy.
Forget my.com (hosted in California), what about my other sites? If they were members of affiliate programmes of non-US sites (ie bol), would a US vistor clicking through violate this patent. Mind you, bol is.com, so could Amazon sue them to get Internic to drop their domain?
It was much simpler with the RSA patents. I got to use apache_ssl, the US had to buy Stronghold.
1. Don't assume they're stupid just because they work for the NSA.
2. Please don't assume that they use wintel / linux / solaris sparc for anything more than writing reports up about/. haven't read the EFF "Cracking DES" book.
3. Specific targetting (ie Saddam, Bill C's girlfriends, Jamie after the Holland victory - well done) isn't Echelon's problem. They have other kit to target you once you are a known subversive (they, you, known and subversive all having very different meanings depending on precisely where you live)
4. 160,000 workstations. Assume they have a quality factor of 10, 'cause they are better at this than us (allow them practise, if not expertise.) My Black Box catalogue has a $100 per port controller that can run up to 3000 workstations (Sun, Wintendo & Mac). Therefore, assuming it's all linked with something better than NT User Mangler for Domains, you could control the boxes from 6 terminals.
Okay, the math doesn't allow for human committed time but hell, call it 500 controllers. Bet you there are more than 500 techies per shift at Fort Meade.
Yup, the French have their own version of Echelon but, due to lobbying by the Academie Francaise, it doesn't have an English language translator built in...
On a more serious note, we (the UK) don't need our own Echelon, we're part of yours (like Canada, Australia, and, when they're not complaining about US nuclear powered warships, the Kiwis.) It is called the "Five Power Agreement" and regularly gets an mention in Mr Campbell's articles.
Just like the NSA aren't supposed to spy on US citizens, our Intelligence services aren't supposed to spy on us without either a warrant or ministerial permission (with our equivalent of a Congressional committee overseeing the whole thing.) Interestingly, they manage to get around this in a number of ways, but nowhere near as well as when we all had analogue mobile phones and it could just be plucked out of the ether.
Please don't either confuse the national governments of European nations with the EU (much as certain people would like them to be the same organisation) or (and this is a much more fundamental error) underestimate the hypocrisy of the modern politician.
We know that proper scientific research can be done with free software - Seti At Home. I appreciate that it isn't open source, but then thay have had problems with people trying to boost their scores anyway - if we had the code, it would be so much easier.
IMO, the biggest problem is going to be research funding: much of this comes from the commercial sector, therefore any software developed for such programmes is likely to be the property of the funding corporate and unless they are particularly public spirited, no for free release, never mind open-source. As the article stated - most of the software released was from academic sources, so I suppose we need to hope for a massive increase in government / charity funding of scientific research (and can ignore all the problems that brings.)
I suppose, in once sense, that the recent database hacks are all related - people so keen to get their wonderful site onto the net that they forget (aka are too lazy) to worry about basic database security.
You can secure (effectively, not absolutely) a database: there are plenty of architectures, secure SQL gateways available. Even a firewall will help, if you can be bothered to set it up properly.
Is this incident linked to the recent DDoS attacks? I doubt it. Cracking a database requires a more skill than launching a readily available attack tool.
Is e-commerce secure? Probably not, but then neither is ordering over the telephone or letting somebody take your credit card out of your sight. Remember the Dilbert with the waitress and the fur coat?
Slashdot Mirror
Yahoo have to comply with court orders but;
...
The most annoying thing about the UK "poll tax" fiasco was that it was completely incompetantly managed and they never bothered to tell you when you were being taken to court. It was (and still is) perfectly possible to get a criminal record due to the administrative incompetance of what used to be your local council. With all the credit record and job application problems that involved.
I sincerely hope that the ALCU win, but that the binding precedent set is that it is impossible to commence a case (excepting federal / criminal) if the defendant has not been proven to have been informed. Then all we need to do (!) is import it across the Atlantic
Oh well.
Couldn't we see CmdrTaco flaying Bill with a steel wire copy of the cease and desist email, alternating with drowning Jeff in a sea of his own patent applications?
I'm pretty sure Jon Katz could think of some interesting things to do with / to those nice persons at Pinkerton.
Well,
We are talking "Intellectual Property Rights" here, so Dell wouldn't have much of a come-back unless you made a machine that looked like a Dell (out of spare parts) and then sold it (registered design infringment & pasing off.)
With IPR - copyright and the more complex things for software, it is all down to the contract (as previous posters have said.)
Mind you, in the UK it would have been the empoyer who was liable, rather than the contract coder (it isn't writing a copy that is a crime, it is using it commercially.)
Or, from the UK point of view (the Demon / Godfrey case):
/. message, all the content provider needs to do is remove that one post. Fine.
* The ISP is not liable for any content passed through them, but not "published" or otherwise owned by them unless:
1. They are informed that the content is offensive / libelous (sp?) or otherwise daft.
2. They then refuse to remove it.
This is the whole "cease and desist" nonsense.
Where is the problem? Obviously, in the ISP's response - the actual case law seems to be sensible (on both sides of the Atlantic.) If I post an objectionable USENET or
What actually happens - for the one duff message, the entire site is normally taken down. Solution?
Proposition: more common sense, fewer law suits. (Don't see it happening, myself.)
The law is called the "Regulation of Investigatory Powers" Bill, normally abbreviated R.I.P., which is, at least, ironic.
Not only can they force you to hand over a key, but it is an offence under the bill to tell anyone that you have handed over the key - so you legally required to keep using your old key! Worse if you are not the key issuer - they just get it off your company / key provider, and no-one tells you.
"But, Sir, I've lost the key." NT problems have meant, for example, that I have had to change PGP keys twice in the past 12 months. Oh dear, under the current proposal, the burden of proof that you do not have access to the key is on you, not them.
So, I send an email with some {kiddie porn, spoof drugs information, death threats etc} to you, using the public key of a key pair I generated just to get you into trouble. I then bin the keys and the spooks raid you and demand the private key. You must prove (logically impossible that it it) that you do not possess the key.
Or, an ex-employer of yours is involved in something dodgy (after you have left, of course.) You hand back your corporate laptop, having deleted your private key. 12 months later, you are required to produce that key!
Them: "Where is the backup?"
Us: "Oh, I think I used that disk to try out a new Linux distro - its been reformatted."
Them: "Prove it!"
This bill is scarey. Fortunately, it is not yet law. Mind you, it isn't ?UCITA?, so it is only the government cracking your computers, not every Corp who wrote any piece of software you use.
Last rant: the ISPs are being made to pay for installing their ends of this system. They reckon it is going to cost between $75k and $250k per year for them to snoop for the Govt. They are not happy.
Forget my .com (hosted in California), what about my other sites? If they were members of affiliate programmes of non-US sites (ie bol), would a US vistor clicking through violate this patent. Mind you, bol is .com, so could Amazon sue them to get Internic to drop their domain?
It was much simpler with the RSA patents. I got to use apache_ssl, the US had to buy Stronghold.
1. Don't assume they're stupid just because they work for the NSA.
/. haven't read the EFF "Cracking DES" book.
2. Please don't assume that they use wintel / linux / solaris sparc for anything more than writing reports up about
3. Specific targetting (ie Saddam, Bill C's girlfriends, Jamie after the Holland victory - well done) isn't Echelon's problem. They have other kit to target you once you are a known subversive (they, you, known and subversive all having very different meanings depending on precisely where you live)
4. 160,000 workstations. Assume they have a quality factor of 10, 'cause they are better at this than us (allow them practise, if not expertise.) My Black Box catalogue has a $100 per port controller that can run up to 3000 workstations (Sun, Wintendo & Mac). Therefore, assuming it's all linked with something better than NT User Mangler for Domains, you could control the boxes from 6 terminals.
Okay, the math doesn't allow for human committed time but hell, call it 500 controllers. Bet you there are more than 500 techies per shift at Fort Meade.
Yup, the French have their own version of Echelon but, due to lobbying by the Academie Francaise, it doesn't have an English language translator built in ...
On a more serious note, we (the UK) don't need our own Echelon, we're part of yours (like Canada, Australia, and, when they're not complaining about US nuclear powered warships, the Kiwis.) It is called the "Five Power Agreement" and regularly gets an mention in Mr Campbell's articles.
Just like the NSA aren't supposed to spy on US citizens, our Intelligence services aren't supposed to spy on us without either a warrant or ministerial permission (with our equivalent of a Congressional committee overseeing the whole thing.) Interestingly, they manage to get around this in a number of ways, but nowhere near as well as when we all had analogue mobile phones and it could just be plucked out of the ether.
Please don't either confuse the national governments of European nations with the EU (much as certain people would like them to be the same organisation) or (and this is a much more fundamental error) underestimate the hypocrisy of the modern politician.
We know that proper scientific research can be done with free software - Seti At Home. I appreciate that it isn't open source, but then thay have had problems with people trying to boost their scores anyway - if we had the code, it would be so much easier.
IMO, the biggest problem is going to be research funding: much of this comes from the commercial sector, therefore any software developed for such programmes is likely to be the property of the funding corporate and unless they are particularly public spirited, no for free release, never mind open-source. As the article stated - most of the software released was from academic sources, so I suppose we need to hope for a massive increase in government / charity funding of scientific research (and can ignore all the problems that brings.)
I suppose, in once sense, that the recent database hacks are all related - people so keen to get their wonderful site onto the net that they forget (aka are too lazy) to worry about basic database security.
You can secure (effectively, not absolutely) a database: there are plenty of architectures, secure SQL gateways available. Even a firewall will help, if you can be bothered to set it up properly.
Is this incident linked to the recent DDoS attacks? I doubt it. Cracking a database requires a more skill than launching a readily available attack tool.
Is e-commerce secure? Probably not, but then neither is ordering over the telephone or letting somebody take your credit card out of your sight. Remember the Dilbert with the waitress and the fur coat?