I remember, once upon a time, when it was said by many that the Internet transcended mere political boundries. A user in the United States could chat with another user in France, read breaking news in Japan, and swap code with hackers in Iceland. Those were the times when it cost beaucoup to register your own domain; Network Solutions was the only game in town and you paid through the sinuses to own smartcards.com or energy-efficient-lanters.org. That began to change around 1999 or 2000 and now anybody with a couple of bucks to spare can register a domain …
It seems like every time we turn around, somebody else is trying to enact another scheme to make the Internet a little less open, a little less useful, and more of a surveillance tool for people who can't quite make out what the writing on the wall seems to say.
The latest, and possibly most frightening salvo in the as-yet undeclared War On the Internet is something called the PROTECT IP Act (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act). In a real sense, it's COICA v2.0 in that it still allows the US …
The hot topic these days is the January 25th revolution in Egypt: the people rose up and demanded that their president (who is known for, among other things, having bloggers raided, torture, censorship, and general repression of the people of an entire country) step down and do whatever it is that retired dictators do (which is usually not what the people wish he or she would do). For the record, the United States was well aware that this was happening, and in fact aided the government of Egypt to the tune of 1.5 billion US dollars a year because …
For a couple of years now the US Department of Homeland Security has reserved the right to confiscate the laptop computers of US citizens for forensic analysis upon re-entry to the country after traveling abroad. It didn't matter if you were on one of their watchlists (and who isn't these days?), it didn't matter if you'd mouthed off to a security guard, it didn't matter whether or not they had probable cause, they could do it and possibly never return it to you depending on when the got around to going through it and how they felt that morning. It's …
A basic maxim of information security is that when someone has physical access to a machine, all bets are off. If someone can touch a box, they can do pretty much whatever they want to it: if the console is unlocked they can poke around at whatever the access privileges of the logged in account will allow (how many of you configure your screensavers to require a password to turn off? how many of you walk away without logging out?), and possibly copy data to a removable storage device, such as a USB key. An intruder can also power the …
A major problem faced by data forensics professionals and law enforcement was how to confiscate computer systems without running the risk of damaging or losing access to information. It's all well and good if you seize a machine running full-disk encryption while it's online because, by definition, the disk is being transparently decrypted so that the machine can operate. Once you power it down, however, all bets are off because the machine won't boot back up without someone supplying a passphrase to the disk encryption system, and no one with anything shady in mind is going to give up their …
There's been another disturbing development pertaining to the Forth Amendment recently, in that laptop computers may be seized for inspection without a warrant. This isn't the first time this has been in the news, but now a couple of precedents have been set in court, which is doubly worrisome; this was from the Ninth Circuit Court of Appeals (United States v. Ziegler), and upholds statements in employment contracts that state that you have no privacy whatsoever if you're at work and using their equipment, and most of the time you don't have any privacy if you're using your own equipment …