feeds | grep links > Digital Census in Brazil, Ads that Stalk Surfers, Cyanogen Supports FroYo, and More

TCLP 2010-08-08 News

This is news cast 221, an episode of The Command Line Podcast.

In the intro, my thanks to Mike for his donation for which he has earned a merit badge. A final reminder there will not be a feature cast this coming week, I’ll be out in San Francisco for most of the week. Also, a quick review of George Mann’s “The Osiris Ritual“. I reviewed his first novel, “The Affinity Bridge”, earlier in the Summer.

This week’s security alerts are RFIDs can be provably read at over 60 meters and an algorithmic attack on reCAPTCHA.

In this week’s news an algorithm to improve the energy efficiency of mesh networks, concerns over a citizen vigilante group monitor ISPs though the groups claims may be overstated, Google ends Wave development though is dedicated to learning from its failure in this case probably from its complexity despite adding more resources and opening up to more users, and unpacking what exactly went on between Google and Verizon especially as they deny claims of an anti-neutrality pact (even on Twitter). Odds are good they are still meeting and talking to some end which may be why the NYT is sticking to its story. Cringely has the most intriguing guess at their possible goal.

Following up this week EFF offers assistance to targets of the US Copyright Group and the FCC ends closed door discussions on its net neutrality plan.

View the detailed show notes online. You can also grab the flac encoded audio from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Quick Security Alerts for Week Ending 6/6/2010

Excellent Interview with Privacy Commissioner Ann Couvakian

Search Engine’s Jesse Brown interviews the Canadian Privacy Commissioner in his usual fearless and thoughtful style in this first of a two part series.  My only complaint is that there is a bit of fear mongering here.  Jesse cops to that but beyond his witty hyperbole, repeatedly pants centric, there are a couple of telling omissions.  There are indeed secure RFID implementations out there despite the poor choices many governments are making, most likely in pursuit of the lowest bid.  RFID is by and large a passive technology, it doesn’t radiate anything in and of itself.  That being said, he is not wrong about the accessibility of off the shelf readers and the attractiveness of the target.  It actually makes the governments’ various roll outs more tragic as what is really going on here is that they could be pressing for much more secure implementations–strong encryption, randomized serial numbers, authenticating readers–but they are not.

I will give Couvakian credit for advancing a beautifully simple idea that should be cost effective enough for the cheapest bureaucrat to approve–an off switch.  I don’t know why I haven’t heard anyone else espouse this idea.  Or that it hadn’t occurred to me in my own criticisms of poor implementations of the technology.  If you introduced a simple gap into the RFID’s copper loop antenna and add the kind of contact switch she describes in the piece, voila–the RFID is inert until the carrier takes some action.  I think this is a beautiful compromise given the point that Jesse and Ann make that RFIDs are just going to get more ubiquitous.

That should now be our rallying cry in the face of any kind of RFID rollout that threatens our individual privacy–give us an off switch!

That and make sure the corresponding databases are secure.  While I am glad that Jesse pressed this point, I wished Couvakian had given her response more thought.  Perhaps she is right in the case of the enhanced driver’s license that data will be centralized and access controlled.  But that is one case in an emerging trend.  Jesse’s question should be the very next one on the lips of citizens after asking how secure the RFID implementation itself is–how secure is my associated data?