Zeroday 01100100011010010

The next time someone raves about the advances of computing ask them about this challenge. Truly a benchmark for the next 100 years in computing a paper published by Adi Shamir and Eran Tromer entitled “On the Cost of Factoring RSA-1024″ [pdf] hypothesizes a device which could “break a 1024-bit RSA key in one year using a devices whose cost is about $10M”. emphasis mine.
$10M is a sizable amount of start up cost so this type of power certainly isn’t going to fall into the hands of criminal organizations (maybe narco lords in South America) but defense agencies could certainly handle this type of cost. It isn’t difficult to imagine a scenario where a message is important enough to necessitate this type of effort. However advances such as perfect forward secrecy make even these herculean efforts less effective. Courts have been dealing with this issue in a different way. Some realize they can’t coerce a private key while others attempt to force decryption with the threat of jail time. My question is how well does Moore’s law really fit here? Using the simple 1/2 price in 1 year version of this axiom we can expect to crack 1024 bit keys with as little as $10k (in one year) 10 years from now.

Release scheduled for: February 4, 2008

Unfamiliar with TrueCrypt?

Creates a virtual encrypted disk within a file and mounts it as a real disk.

1) Hidden volume.
2) No TrueCrypt volume can be identified
Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: LRW.
Further information regarding features of the software may be found in the documentation.

The 2005 study from LEK Consulting commissioned by the MPAA tripled the actual amount of college downloading from 15% to 45%. The industry group now admits they were incorrect about the amount of downloading by college students however they are NOT changing their minds about the rider they attached to the College Opportunity and Affordability Act of 2007. The timing of the MPAA admission is greatly suspect since the bill has already gone through many rounds with the erroneous numbers intact. Do the men and women in Congress and the House know about these new corrections?

Applying this framework, the Article explores ways — some of them bound to be unpopular among advocates of an open Internet represented by uncompromising end-to-end neutrality — in which the Internet can be made to satisfy genuine and pressing security concerns while retaining the most important generative aspects of today’s networked technology.

Zittrain, Jonathan, “The Generative Internet” . Harvard Law Review, Vol. 119, 2006 Available at SSRN: http://ssrn.com/abstract=847124

Professor of Internet Governance and Regulation
Oxford University
Oxford Internet Institute
1 St Giles
Oxford OX1 3JS,
United Kingdom
+4401865287210 (Phone)
+16175880201 (Fax)
HOME PAGE: 

Filed in Non Sequiter, Rights Online, spyware | Comments (0) | Permalink

Legal perspective on Internet Filtering from John Palfrey.

More on Psiphon

Psiphon is a censorship circumvention solution allowing users to access blocked sites in countries where the Internet is censored. Psiphon turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere.

The FSF is conducting a end of year campaign to increase membership. If you read this blog you are likely a person who appreciates the work that FSF does. Show some support and donate ($120 annual) and become a member. You get some rad gear + stickers.

check out the video
Donate now or Become a member

TASER International, Inc. (Nasdaq:TASR) has sent a take down notice to Daily Kos for a blog post about the Vancouver killing of an immigrant man using a Taser. Clearly TASER International is upset that people are linking their offerings to deaths however the facts are hard to ignore. Many of the apologists seem to take the line that other medical reasons are the main factors such as drugs in the system however unless police officers are instructed to only use the taser on perfectly healthy suspects I don’t see how this logic can stand. Even then it is improbable Law Enforcement Officers (LEO) can make snap medical assessments before using tasers.
The ability to have these discussions online is extremely important and should not be undermined by corporate spin control. If you have received one of these letters please visit, Chilling Effects for information on how to proceed.

It is often times hard to take serious the small slights of willful and petty companies like Comcast when much larger issues are presenting themselves in other countries. The Open Net Initiative has just released a report on the total suspension of Internet and cellular services in the country of Burma. [pdf] The military junta which rules the country cut off all access to the internet and cellular towers on September 29th. Internet connectivity was then brought back online but only during daylight hours around October 4th. This may seem an odd time but the country has around a one percent Internet penetration rate. This means that most citizens will get their connectivity from cyber cafes. With martial law in effect it is much easier to pinpoint and surveil antagonists uploading damaging information. Full service is thought to be restored but it is surely still heavily monitored and censored.

There was nothing fancy in the way that Burma shut down access. It simply shut down all inbound and outbound connections in the country. The technical team at ONI used AS (autonomous system) reporting to track peering announcements from the neighbors of the two ISPs.

source: Pulling the Plug report from the Open Net Initiative.

Comcast has be shown by the AP and others to engage in willful blocking of Bittorrent seeding. It does not matter if the seed is completely legal or not. Comcast has decided that a unilateral blocking approach is what they want. Comcast will send RST (reset) packets in both directions if a new seed is detected using technology from Sandvine.

A blog entry at TorrentFreak has some ideas on how to get around these blocks. It is still uncertain what the contractual ramifications here are for Comcast subscribers. Does Comcast stipulate that no Bittorrent traffic is permitted on their network? If they don’t then is it against the ToS to use features of the protocol to simply outwit them? Only time will tell on this.

from TorrentFreak:
1. Quite a few Comcast users report that forcing protocol header encryption completely eliminates the problems. This is the easiest solution since most BitTorrent clients support encryption. Please note that simply enabling encryption is not enough, it has to be forced. More details on how to do this can be found over here.

4. One of the best options, if possible, is to switch to another ISP.

I’m always amused at how certain attorneys will wave the sword of copyright on behalf of their client. In a post from CL&P Blog a story is unraveled where a scam busting site has set its sights on a company called Direct Buy, Inc. I haven’t looked into the case of Direct Buy nor plan to. However the last paragraph of the C&D (pdf) sent by Mr Donald E. Morris, Esq. of Dozier Internet Law is extremely amusing. His letter states:

“Please be aware that this letter is copyrighted by our firm, and you are not authorized to republish it in any manner. Use of this letter in a posting, in full or in part, will subject you to further legal causes of action.”

While the FBI letters may be able to enforce silence on inquiries or demands I don’t think that Cease and Desist letters hold quite the same sway. To quote Justice Ginsberg in his Eldred V. Ashcroft opinion, “the fair use defense allows the public to use not only the facts and ideas contained in a copyrighted work, but also expression itself in certain circumstances”.

Those circumstances were defined in his opinion as “criticism, comment, news reporting, teaching, scholarship or research”. If the CL&P blog were attempting to resell the PDF as a boilerplate C&D to others who are hoping to squelch bad publicity I might not believe that their republication falls within the contours laid out by Ginsberg. Their republication of the letter within their blog entry appears to fit very neatly into the categories of criticism and comment. The republication is also used as a needed reference point to their response (pdf).

Dozier oddly has responded by putting their claims on their website and posting a direct response to CL&P. A quick look at the Dozier website shows a link to Cembrit Blunn Ltd & Anor v. Apex Roofing Services LLP & Anor. Dozier purports that this case shows “a court finding that protects the copyright of an attorney letter”. While this may seem interesting at first blush a more detailed look will disappoint. First the finding is in the England and Wales High Court. Second the issue of the letter was determined to be the republication outside of the Dansk group of companies of an internal communication containing confidential data.

“In my judgment the Letter was clearly a private internal communication written by Mr Jorgensen to Mr Fisher and Mr Bailey of Cembrit UK. It contained an expression of Dansk’s views about Apex, the reasons for the problems with the slates and the tactical approach which Mr Jorgensen thought should be adopted and it recorded his concern that litigation should be avoided, particularly if the claimants had a bad case. I accept the submission advanced by the claimants that it was plainly not intended for circulation outside the Dansk group of companies.”

The Cease and Desist letter was not some internal document sent between Dozier and Direct CD, Inc. It was an external document sent to those who were running the scam busting websites. All the facts of the C&D were known to the public so neither facet of the case they present are relevant to their claim.

note: The pdfs are hosted at citizen.org and I am linking directly to them. If those of you at citizen.org wish me to stop linking directly to you please contact me and I will stop.