I can’t shake the feeling that this fellow is just an idiot. I am more worried about the problems keeping hard drive searches as narrow as possible, much like warrants have traditionally worked with physical searches, regardless of encryption. I think it is always safest to assume that no matter how strong the encryption you use today may be, thanks to Moore’s law, it will only ever get cheaper to crack. That being the case, encryption doesn’t obviate the need from some basic morality and, of course, common sense.

Technorati Tags: privacy, encryption

No big surprise that this happened. Discussion of possible defenses is already underway. I don’t think some of the ideas will hold water. For instance, the idea that since the user has to input the keys and the tool only runs the standard AACS decryption. It may not trigger the anti-circumvention clauses, specifically, but I don’t think the MPAA would have a hard time making arguments that there really are not any non-infringing uses for a such a tool, at least under the DMCA and in the wake of Grokster. I hope I am wrong and there is a tenable defense.

Technorati Tags: AACS, DMCA, intellectual property

This is a fairly coherent piece that I wish had stay much more with the technical details with which it started. The article loses focuses about where it delves a little into apologism, then goes on to double back and try to hold Apple’s feet to the fire.

There are some interesting if weakly framed questions about real market pressures for why Apple has little incentive to act to remove DRM contrasted against real technical costs for maintaining such a complex system. I am not sure I completely buy the arguments about selling DRM-free music side-by-side with FairPlay enabled files. I think he’s more right about regression risks and potentially opening exploits which the labels would gladly use to extort damages from Apple. I just disagree with the magnitude of the problem and that it needs to be solved in the way he postulates.

I think he hints at an aspect that many overlook, though, that while DRM-free music would no longer require key distribution and encryption, it still needs authorized sales and to prevent download in the absence of such. I just don’t buy that Apple would have to re-purpose their existing authorization to work as is but skip the key mangling based on the presence or absence of DRM. Why not embedded a second “store” within the existing store? As long as the front end experience is seamless, who cares?

I’d say read the first part of the article because it does very clearly explain what AAC is and is not as a format. I get a little tired of the misconceptions around AAC. “AAC is an enhanced podcast.” “AAC is DRMed music.” Read that part and stop spreading such misinformation. Take the rest with a grain of salt, as commentary that isn’t really any more or less on the mark than anyone else try to read Jobs’ mind.

Technorati Tags: DRM

I saw the story at Schneier on Security but the 27B Stroke 6 blog at Wired has the full details. The Wired coverage actually seems to have shown this was a gaffe committed by a design company, not an actual hack. However, this was a pretty bad mistake as it certainly has all the hallmarks of a phishing site. Has DHS/TSA never heard of staging servers? What sort of freaking QA, if any, do they have? This is a pretty crummy screw up to commit, given how contentions a point the no fly list is.

I’m pretty well positive that this is not the first time we’ve seen something like this, although I cannot recall the proof. Still, the very idea of malware “evolving” to the point where they are effectively competing directly against each other for the scarce, precious resource of our PC compute cycles.

This is very different from the slap on the wrist I and others predicted would be the worst outcome of the whole Mooninite fiasco. Is it because the signs were electronic? Would the same thing have happened if they had plastered the exact same spots through the city with vinyl stickers? I guess the stage AG passed the point of no return, early on, and Turner realized regardless of the merits of the situation that she wasn’t going to stop until she got her pound of flesh.

I also suppose Turner paying for the emergency response costs is better than the poor tax payers who are already apparently blighted by some of the most clueless administrators imaginable. But, really, as the billing was ticking up towards one million dollars in man hours and other costs, no one thought to pull the whistle stop over a freaking lite brite?!

I’m coming to realize that part of expertise is understanding where common sense betrays us, leading us to conclusions that are incorrect though plausible. Schneier always does a great job on security issues pointing out these variances between common sense and what a genuine understanding of the field of security actually reveals to be true.

This time, he has a great write up on the Real ID program, leading off with a brief history. Others, as he points out, have tallied a conservative financial cost estimate. The bulk of this article is him applying his expertise to derive what actual security benefit that cost would net the nation.

The net-net, which Schneier has actually said before and frequently, is that this is a poor trade off. He again elucidates the gap between common sense and actual security, here, which is often quite ridiculous.

He also points to a story that I included in last week’s quick links, that Maine has rejected Real ID. He interprets this as cause of for optimism, that other states will follow.

Technorati Tags: privacy, national ID card

In the last news cast, I mentioned the Security Now interview of Peter Guttman, author of the now infamous longest suicide piece about Vista’s draconian DRM. I also pointed out Microsoft’s response on the Vista team blog. Now Guttman has written a response to the response. (At the moment, the BB link is not active, here’s the direct link.)

The linked article is actually a response to what Guttman is guessing is PR spin. As he mentioned he would do in the preamble of the original paper, he’s simply updated its contents to reflect the technical clarifications from Microsoft. The PR comments seem to come in two flavors: Orwellian double speak that doesn’t really say anything or outright contradictions with what has been said by Vista engineers elsewhere.

The technical updates to the original paper do not seem to have changed it substantively. Actually, it looks like Guttman has collected further evidence and anecdotes to support his concerns.

Technorati Tags: DRM

This story speaks for itself.

This is just too funny. I haven’t had a belly laugh at Diebold’s expense lately. Thanks, Professor Felten and Ross Kinard.

If Diebold wasn’t already under massive scrutiny and the state of evoting more broadly wasn’t being so actively scrutinized and discussed, this might be ever so slightly more forgivable even if still inexcusable and blatantly irresponsible. I think “weakness in depth”, though, is pretty damned accurate and abolishes any shred of empathy they might otherwise deserve.

Technorati Tags: eVoting