EFF Supports Tor with a Relay Challenge, Legal FAQ

EFF has just announced a challenge, asking all comers to consider setting up a relay for the anonymizing Tor network. Tor stands for The Onion Router referring to the layers of encryption added with each routing hop. Relays are critical to increase the capacity of the network overall as they are the nodes doing the encrypting and routing heavy lifting. Traditionally clients have far outstripped relays yielding a less than optimal experience when making use of Tor.

There is far more information at the challenge page, including both instructions and most critically a legal FAQ. If you are going to run a relay, whether or not you will do so as an exit relay, you need to be aware of the legal issues inherent in doing so. The FAQ is a good resource to that end and even links to a list of ISPs that are known tolerant of and prohibiting Tor relays around the world.

Tor Challenge, EFF

NYPD Anti-Terrorist Cameras Used for Much More

I wish I could say that this New York Times piece linked to by Slashdot surprises me in the least. It isn’t entirely clear that this is a case of mission creep. That uncertainty may be intentional, remarks from the law enforces responsible make it sound like they envisaged use of this growing network of automated cameras in regular criminal investigations was envisioned all along. The key question is whether that was part of the policy that funded their purchase, deployment and operation in the first place.

Donna Lieberman, the executive director of the New York Civil Liberties Union, nails the problem with the system right on the head.

She said it was hard to tell whether interest in “effective and efficient law enforcement” was being balanced with the “values of privacy and freedom.”

“We don’t know how much information is being recorded and kept, for how long, and by which cameras,” Ms. Lieberman said. “It’s one thing to have information about cars that are stopped for suspicious activity, but it’s something else to basically maintain a permanent database of where particular cars go when there is nothing happening that is wrong and there is no basis for suspicion.”

Most of the uses listed in the article seem innocuous enough but we don’t know if the system is restricted to just effectively extended human driven BOLOs. Operational transparency and privacy safeguards should really be inviolate conditions of establishing networks like this. How else can the public interest hold them accountable and audit they are not in fact creeping in their mission? Too bad that point is really only a very small part of the article which otherwise largely lionizes the cameras.

NYPD Anti-Terrorism Cameras Used For Much More, Slashdot

Act Now in Support of Patriot Act Reform

Apologies that this is coming so late in the day but not too late. Some measures of the Patriot Act are set to expire at the end of this month. The Senate Judiciary Committee is to convene to review them tomorrow. EFF has posted an action alert to aid concerned citizens in contacting their elected representatives to urge a reigning in of powers under the Act. This dove tails with EFF’s analysis of documents recovered through dogged FOIA requests that show a sustained and clear pattern of abuse of these very powers.

Contact the Senate Judiciary Committee Today to Support Reforms to PATRIOT Act! EFF

California Supreme Court Allows Search of Cell Phones without a Warrant

As the Slashdot summary of this SFGate story makes clear, there are some big caveats on this ruling from the California Supreme Court. Warrantless searches of cell phones are only allowed after a defendant is arrested and taken into custody. The inclusion of cell phones is part of a larger rule allowing police to seize and search any personal effects.

The dissenting judges saw the massive amount of information potentially squirreled away in a modern cell phone as worthy of an additional barrier. This is consistent with rulings from other courts, including mostly notably the Ohio Supreme Court in a case from as recent as December of 2009.

In trying to reason through how a cell phone differs from other personal effects that would seem more reasonable for law enforcers to examine, I have to wonder what about a thumb drive? A personal media player? Laptops traditionally have posed more of a challenge, usual because of the addition of a password or even encryption. What about the pin codes and passwords offered by many smart phones? Would these raise the bar enough to make the California judges, or even the Supreme Court, see more of a bright line? I think there is more to consider here than just data capacity but am not clear in my own mind what would rise to the level of a domain outside of immediate and personal effects to something more like what the SCA and other laws cover in terms of stored data. (I realize the Stored Communications Act is a flawed analogy but the rulings protecting cell phones clearly beg some more definitional work.)

I haven’t seen much in the way of crypto for cell phones, beyond password safes. I wonder if rulings like these might encourage the development of encrypted alternatives to the built-in address book and other apps.

Police Can Search Cell Phones Without Warrants, Slashdot

Standing Up to Internet Censorship

The EFF is launching a new campaign in the wake of multiple attempts to stem the data from WikiLeaks latest activity. Whatever you think of the content of the cables or the legality and morality of their acquisition, we all should agreed on one point:

Let’s be clear — in the United States, at least, WikiLeaks has a fundamental right to publish truthful political information. And equally important, Internet users have a fundamental right to read that information and voice their opinions about it. We live in a society that values freedom of expression and shuns censorship. Unfortunately, those values are only as strong as the will to support them — a will that seems to be dwindling now in an alarming way.

The announcement and the project page list out some of the recent threats to free speech online. They don’t mention COICA and the domain seizures, which according to recent remarks by the US IP Czar may become even more common, but I think the same principles definitely apply.

EFF is supplying a variety of badges and ribbons you can display on your web site and social media profiles. I certainly endorse this idea because I think it is far more critical to focus in on why media here in the US has failed so miserably to hold those in power accountable that the Internet, like an immune reaction, has fostered sites like WikiLeaks and Cryptome.

How Will Device Fingerprinting Fare Against “Do Not Track”?

I linked to the preliminary report on privacy released by the FTC yesterday. Chief among their suggestions is a lightweight Do Not Track system based on browser headers, a scheme that is technically sound but raises questions about compliance and complaint.

More concerning is this Wall Street Journal posting about an outfit, BlueCava, looking to assemble a massive database of unique identifiable networked devices.

He’s off to a good start. So far, Mr. Norris’s start-up company, BlueCava Inc., has identified 200 million devices. By the end of next year, BlueCava says it expects to have cataloged one billion of the world’s estimated 10 billion devices.

Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a “credit bureau for devices” in which every computer or cellphone will have a “reputation” based on its user’s online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people’s interests and activities.

This is entirely continuous with EFF’s research into browser fingerprinting and sustains Professor Ed Felten’s warnings about going after mere tracking cookies too zealously. Nothing about the fingerprinting is necessarily incompatible with the proposed Do Not Track system. The article merely raises the urgency in answer questions around how to determine whether an advertiser is honoring the DNT header and how to enforce an action against them.

Race Is On to ‘Fingerprint’ Phones, PCs, Wall Street Journal (via Hacker News)

Harnessing Chaos for Computation

John Timmer at Ars Technica explains some fascinating new work on a type of processor that could build on the advantages of FPGAs and provide the speed of more conventional CPUs. Timmer explains the relationship between specialized chips, like DSPs, and traditional CPUs pretty well. In the course of doing so, he notes how a field programmable gate array in many ways represents the best of both, allowing such a chip to dedicate all of its silicon to specialized tasks but able to change the type of task as needed. In reality, FPGAs have limits that make them useful only in certain circumstances, like prototype new chip designs without dedicating fabrication capabilities to building set chips.

The key to this new approach is harness chaos theory.

Those who think of chaos as completely unpredictable are likely to be wondering how unpredictable behavior can be used to perform logic operations. But chaos theory isn’t concerned with unpredictability; instead, it focuses on what are called nonlinear functions, ones where the ultimate output is very sensitive to the initial conditions. When you can control the initial conditions, you can still predict the output.

That ability is at the heart of a chaotic processor. The authors of a recent paper in Chaos describe what they call “chaogates,” which use simple, nonlinear functions to perform logic operations. The basic idea is that, ultimately, you want a logical output, a binary 1 or 0. It’s possible to convert the output of even a complex function into that sort of binary distinction using a strategically placed less than or equal to (<=) operation. If this sort of function is hardwired into the chip, then it’s simply a matter of knowing how to select your inputs so that you get the operation of your choice.

This is very early stage work. While there is a working prototype, it is far from the scale that would make it comparable to existing FPGAs. Timmer notes one aspect of these “chaogates” that already has worked out well, that is they can be re-purposed in about a single clock cycle. If that holds as they are accelerated from the current 30MHz to useful speeds, that would be a considerable advantage.

The biggest barrier is that the existing hardware description languages, used in programming FPGAs, do not apply to these new chips. In addition to proving the theory and building workable prototypes, the researchers have to invent an entirely new, compilable language as well.

Researchers harness chaos theory for new class of CPUs, Ars Technica

Latest Attempt at Secure E-Voting

Something largely missing from the run up to the elections here in the US yesterday was discussion of e-voting, either recent advances or new problems. Maybe the absence was a consequence of it being a mid-term election. TED released this talk into the void on the day of the elections.

The speaker, David Bismark, hits on some of the key challenges of e-voting. Reliability and privacy are indeed critical but accuracy and accessibility are missing from his presentation. I cannot find anything when searching for Bismark’s name and evoting other than this TED talk. The paper receipt he shows seems very similar to systems about which I’ve read before like David Chaum’s Punchscan.

Does anyone have any more info about this project, even a name? So far, promises of software independent, accurate, and reliable voting haven’t passed muster, mostly due to the intense difficulty of mastering conflicting goals. I’m curious for more information on how Bismark’s work stacks up.

An Anonymous, Verifiable E-Voting Tech, Slashdot

UK Action Alert Against Updated Surveillance Plan

Cory at Boing Boing shares this action alert from the foks at the Open Rights Group.

This Kafka-esque “Intercept Modernisation Plan”, was stopped near the end of the last government, but was quietly revived in the 2010 Spending Review. While billions of pounds is being slashed from education, welfare and defence, the government plans to waste vast sums trying to snoop on our emails and Facebook communications.

If you live in the UK, sign the ORG petition. Better yet, find the contact info for your elected representatives and write or call them about the Plan. You may want to take a look at the efforts of Digital Due Process for more detailed talking points as it speaks to the same urge behind IMP as similar efforts to update surveillance laws and requirements here in the US. I know the site is US specific and aimed at the ECPA primarily but the more detailed you can be in your correspondence and conversation about the issues, the better.

Brits: Email the gov’t to stop plan to spy on every email, Facebook post, tweet, etc!, BoingBoing

Another Privacy Policy Tool

Slashdot has news, from Forbes, of a collaboration between The Internet Society, the University of Colorado, the EFF and the Center for Democracy and Technology. It is similar to ToSBack release by the EFF some time ago. Instead of tracking complete policies, though, and providing a centralized, dense tool for tracking changes, the ISOC Policy Audit Plugin, an extension for Firefox, works a bit differently but to similar ends.

From the plugin’s page at Mozilla’s addon directory:

The plugin accesses the Policy Library and alerts the user when they visit a website that publishes a policy that the Policy Monitor is tracking. The alert indicates whether or not the user has viewed the policy page(s) associated with the site. The user is able to view the policy page(s) from the alert icon displayed within the lower-right of their browser. If the policy page(s) changed since the last time they were viewed using the plugin, they are also presented with the ability to perform a “difference” comparison between the current version and the one they previously viewed.

It is clearly distinct from P3P which is the other tool that popped into my head when reading the story. That largely stalled initiative required machine readable policies and would actually mediate interactions in the browser based on a user’s preferences.

This plugin can only notify users of changes though it does so closer to the point of concern than ToSBack. It doesn’t offer any assistance in comprehending policies, another complaint I have with ToSBack. I really feel like there is a missed opportunity here, even more so pulling this much more in-line into the browser. Compare it to projects like Recap and Herdict which harness collective action.

Granted, parsing policies does require more expertise than these other efforts but I could easily see an extra registration step for legal experts, scholars and activists to enable supplemental interfaces for helping analyze and explain policies and in particular the changes the tool will already highlight.

New Tool Suite Helps Track Privacy Policies, Slashdot