Many of you out there use wireless networks on a daily basis. Some of you may even conduct important, confidential business on a wireless network. The bursts of radiation that emanate from your wireless device can be fairly easily captured by passersby. Unfortunately, this is part of what you give up for the convenience of wireless computing. Fortunately, you can be prepared and as close to secure as humanly possible. This requires knowing a bit about wireless networks and the steps you can take to ensure that you're computing securely independent of the nature of the wireless network you happen to be using.
The first thing that you should know about is wireless network encryption. Encryption in general is a way of securely communicating between two people where the message is encoded into what seems like gibberish before transmitting (and then it is translated from gibberish on the other side). Most wireless networks have a few options when it comes to encryption: none, WEP or WPA.
No encryption means that the wireless packets transmitted from your wireless device and from the wireless network are not encrypted. An attacker could capture these signals and see almost exactly the information that you see on your wireless device.
WEP and WPA encryption are very similar. Both of these types of encryption ensure that the signals that leave and enter your wireless device are enciphered so that it makes it difficult for a passerby to eavesdrop. Unfortunately, WEP is both the most commonly used form of wireless network encryption and the most insecure. That is, with a good deal of traffic in the air (which serves as "data" for the intruder), WEP encryption can be hacked. WPA is a more robust encryption scheme where the encryption changes now and then which makes it much harder for an intruder--casual or determined--to eavesdrop.
Unless you don't do a lot of mobile wireless computing, you'll likely be using a mixture of the three encryption options above. For example, at UC Berkeley we have Airbears which is unencrypted.
With the ubiquity of unencrypted wireless networks (and even with the weak encryption afforded by WEP), there are a few things you should do in order to ensure that you can conduct confidential, secure business:
In a surprising development (via Larry Lessig), Diebold has filed a memorandum with the San Jose Federal court in which they state:
[...] Diebold, having issued notifications in good faith compliance with the DMCA, has decided not to take the additional step of suing for copyright infringement for the materials at issue. Given the widespread availability of the stolen materials, Diebold has further decided to withdraw its existing DMCA notifications and not issue further ones for those materials.
This means I'll be mirroring Ping's archive here:
http://pobox.com/~joehall/diebold/
If you find yourself wondering to what use the content of the memos has been put, see the following three documents that Jim March has filed with the CA Secretary of State that each use material obtained from the memo archive to take Diebold to task: (one, two and three).
Via Aaron Swartz, you can listen to Larry Lessig argue the Eldred case in the Supreme Court... with a pretty picture of each speaker and the transcript text. If you've got a SMIL-enabled media player (like the most recent RealPlayer), click here. That's some good stuff.
Check out, "Nachi worm infected Diebold ATMs" by Kevin Poulsen at Security Focus. Why is this story on Diebold ATMs infected with viruses so interesting?
Diebold runs Windows CE on it's voting machines. Not only could votes be mis-recorded and/or stolen, but they could also be affected by viruses, worms and the like. The memos (currently the subject of an EFF/Stanford Clinic court case, OPG, Pavlosky and Smith v. Diebold) have revealed that Diebold doesn't get their Windows CE code certified (page 5) eventhough their technicians write a lot of it. (Jim March has been hard at work examining the memos.)
(For the Geeks: Granted, CE hasn't been specifically vulnerable to worms, but it could, of course, be vulnerable to one specifically designed for Diebold's version of CE. To boot, their Windows CE software isn't certified by election officials--they claim it is COTS or "commercial off-the-shelf" which doesn't need certification.)
Donna and Ed Felten blog this quote from the recent Secretary of State's (Kevin Shelley) position paper requiring VVPAT (voter-verified paper audit trail):
Any electronic verification method must have open source code in order to be certified for use in a voting system in California.
Actually, looking back over the report, this open source requirement has nothing to do with the VVPAT (voter verified paper audit trail). The open source requirement has to do with electronic verification mechanisms. That is, the task force looked at other options (other than paper-based) for voter-verification and also explored the idea of electronic verification. From page 5 of the SoS's report [emphasis mine]:
When I directed the Task Force to examine paper verification and attempt to arrive at a consensus, I was impressed that they tried to look at the issue from other perspectives. Instead of seeing paper as the only possible solution, the Task Force looked for other ways to approach the verification issue to see if any other solutions are possible to address the confidence and security concerns of touch screen systems. The consensus recommendation to implement electronic verification is a creative approach to pursue a long-term solution to this issue
I am therefore requiring:
Electronic Verification Required to Assure Accessibility- All DREs must include electronic verification, as described by in the Task Force’s report, in order to assure that the information provided for verification to disabled voters through some form of non-visual method accurately reflects what is recorded by the machine and what is printed on the VVPAT paper record. Any electronic verification method must have open source code in order to be certified for use in a voting system in California. The timeline for implementation is the same timeline for implementation of accessible VVPAT.
UPDATE (2003-11-25 09:33:52): This appears to be the first open-source software mandate from any U.S. government official ever. (Before you send me email, know that this is my schtick and I'm aware of the moves in various states to legislate open-source and to prefer open-source... but there appears to have been no out-right mandates. If you know differently, please correct me!)
Man, does this paper by Jason Mazzone of Brooklyn Law School resonate, or what? "Too Quick to Copyright" expresses the idea that, sure teenagers flaunt copyright, but then so do businesses. I'm already biased having recevied a takedown notice from big-business lawyers in the recent Diebold memos case (in which Diebold has been claiming copyright on works that they never intended to publish). Here's a taste:
[...]Copyright law gives corporations an irresistible urge to claim ownership, however spurious, in everything. The Copyright Act provides no penalty for falsely claiming ownership in public domain materials, and there is no reward for catching this form of cheating. So corporations stick copyright notices everywhere. And while the U.S. Copyright Office registers copyrighted works, there is no official registry for works belonging to the public.
[...]
Derek Slater is a bad-ass... check out this rebuttal to Aimee Deep's plea on Declan McCullagh's Politech for support on their petition to be heard by the Supreme Court.
From Steven Aftergood's Secrecy News:
THE OLDEST FOIA REQUESTS"The oldest Freedom of Information Act requests that are still
pending in the federal government date back to the late 1980s,
before the collapse of the Soviet Union," according to a new
study by the National Security Archive at George Washington
University.The Archive is conducting a full-fledged audit of the way the
Freedom of Information Act functions, and fails to function,
throughout the government. It is demonstrating by example the
kind of penetrating oversight of the FOIA that Congress has
largely neglected.The newest installment of the National Security Archive FOIA audit
is entitled "Justice Delayed is Justice Denied," by Tom Blanton,
Meredith Fuchs and Barbara Elias.http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB102/index.htm
This just in: Today, the downstream Internet service provider, Hurricane Electric, for the Online Policy Group (who host the IndyMedia site) received a "second notice" of copyright infringement from Diebold's lawyers. This is on the very same day of the OPG v. Diebold hearing in San Jose. What's worse is that this notice claims that excerpts of the email archive are now infringing.
In a 23rd-hour letter and declaration to the Court, the EFF's Cindy Cohn argues that this proves Diebold is improperly using copyright law to silence democratic debate (the declaration contains the text of the second cease and desist notice):
[...]The second cease and desist notice repeats Diebold's assertions that Hurricane Electric has potential copyright liability for co-locating and providing Internet access to OPG because OPG co-locates and provides Internet access to San Francisco Indymedia and the Indymedia site contains a link to the e-mail archive.
Additionally, and even more disturbing in light of today's hearing, Diebold claims that Indymedia's hosting of excerpts from the e-mail archives, as part of a story discussing the "gems" available in the archive, also violates its copyrights. Mr. Ng's Declaration includes a print out of the web site containing the excerpts from the e-mail archive, highlighting the excerpts that Diebold alleges infringe its copyrights.
[...]
We believe that this second cease and desist notice confirms our assertions that, unless immediately restrained by this court, Diebold will continue to use cease and desist notices to try to remove the e-mail archive, and even excerpts from it, from public discussion.
[...]
I'm going to make a prediction that we're going to win this one. Now, let's get some knowledgeable folks in the Secretary of State's office to 1) launch a full investigation into Diebold's actions and 2) properly sanction Diebold at the 16 December 2003 VSP meeting.
OPG v. Diebold--No Decision YetThis just in: U.S. District Court Judge Jeremy Fogel heard arguments this morning from both sides in OPG v. Diebold--but it turns out that we won't have a decision until next week as to whether the court will stop Diebold from threatening its critics.
More from David Weekly of OPG (at Boing Boing).
UPDATE: Ping has a first-hand account of the hearing here.
This is easily the coolest picture of Michelle and me that I've ever taken.... and it was taken with my Nokia 3650!
This is the fourth really good example of stencil graffiti that I've found in the local Oakland area... here are the other three: I, II, III. Once again, if anyone can clue me in to this culture, I'd love a kick in the pants.
One day, this house was no longer as attached to the ground as before... (full-size iamge below)
This is a pretty old school toy firetruck... (full-size image below)
I'll be heading down to the San Jose Federal Courthouse to see the EFF et al. v. Diebold hearing tomorrow morning. If anyone wants to come, let me know and I'll pick you up around 7:15am. The preliminary injunction complaint is here, the opposition brief is here and the plaintiff's reply brief is here.
Why the antiwar left must confront terrorismThe director of Amnesty International USA warns that the left must confront terror with the same zeal that it battles Bush -- or risk irrelevance.
- - - - - - - - - - - -
By Mark FollmanNov. 15, 2003 | More than two years into the Bush administration's lurching war on terror, William Schulz, executive director of Amnesty International USA, is aiming some of his sharpest criticism not at the White House, but at the American political left. His message: Take on the terror threat, or risk irrelevance.
War protesters of various stripes, alongside anti-globalization and human rights activists, have staged several large rallies nationwide this year, channeling their anger at the Bush administration through slogans like "No blood for oil," "End the imperialist occupation" and "Regime change begins at home." But in an interview with Salon, Schulz said that the political left has thus far botched a key mission. "There's been a failure to give the necessary attention, analysis and strategizing to the effort to counter terrorism and protect our fundamental right to security," he said. "It's a serious problem."
In his new book, "Tainted Legacy: 9/11 and the Ruin of Human Rights," Schulz argues that rising global terrorism requires the left "to rethink some of our most sacred assumptions." A vigorous defense of human and civil liberties, while essential to spreading democracy worldwide, is not enough to stop terrorists from blowing up airplanes or shopping malls, he says. And that presents the left with a problem, because some of the tools needed to fight terror, such as stricter border controls or beefed up intelligence work -- and, perhaps, war against states that support terrorists -- chafe against traditional leftist values.
[...]
I disagree with this man. Why? Because the "terrorists" and the conservative agenda of the Bush camp have a lot in common. Specifically, both are adverse to change unless, in the case of the Bush camp, change makes them richer. I remember someone mentioning that before the digital age, people of the world were largely oppressed and poor, but didn't realize it. Now, people are oppressed and poor and know that they are... they see this on TV... as well, they see ridiculous commercials telling them that they'd be better off or cooler if they were to buy stuff.
That, my friends, is the root of "terrorism". They see the "values" of the western world "infecting" their society and changing their people. The only answer for them is to try as best as they can to "bring down the rule of the American pigs." So, I counter, how do we change what parts of the Western world are imported into other countries? I'm not so sure how to do this. Social diffusion coupled with globalization are far from easy concepts to grasp, understand and control.
Here's a start: We need to fundamentally re-examine the culture, society, politics and economics of the western world through the lens of a global community. Should multi-national corporations be trying to push Coca-Cola to the people of Papa New Guinea? Definitely not. Should we re-examine our policies of invasion and destruction and seriously address the real, more complex problem of living together on the planet? Definitely yes.
Ask yourself: What would Ghandi do? What would Al Gore have done as president of the United States? I guarantee that we wouldn't have gone to war with Iraq. More so, if terrorism aims to inject terror into the hearts of the targets and completely disrupt a culture from the ground up... they have already successfully accomplished their objective.
I don't care what anyone says, Emusic is better than the other downloadable music services in a few repects. As said well by Emusic itself:
Q: How can eMusic compete with the major label-backed services?A: That's simple - like we always have. We're not trying to be like everyone else - in fact our strategy is to specifically not follow the same blueprint of all the other services. eMusic will differentiate itself in two important ways:
MP3. This is the format of choice for music consumers and we are committed to giving you all the interoperability and flexibility that comes from an open format. We're still the only major service offering music in the MP3 format.
We're building a SERVICE for the millions of avid music fans that want something beyond the mainstream. We will continue to focus on music from the world's best independent labels and finding unique ways for you to explore, discover and acquire great music. In addition, we're committed to continuing to offer you more music at lower per track costs than any other service.
I hate to sound like an asshole, but if you find their catalog limited, you listen to crap.
There seems to be a common mis-perception that the Diebold memos were originally obtained by Bev Harris from a publicly-available web site.
Ms. Harris did, in fact, come across a good chunk of information on a publicly-available ftp site (which provided the basis for Avi Rubin's team's analysis) but the memos, a bug database and even more code was obtained from a hacker who broke into Diebold's computer network in March 2003 (see this Scoop.nz bulletin and this Wired article). These are two separate instances of Diebold security being compromised... once by lax protocol and another by a pretty ridiculous network architecture (especially considering the lengths they go to in order to protect the source code... escrow, etc.).
You're free to argue that this hacker could have had help on the inside... in which case it wouldn't technically be stealing... but don't smush the facts together into falsity.
The Congressional Research Service (CRS) has issued a report (4 Nov 2003) called "Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues".
I've blogged before about how valuable the CRS is to those of us who really enjoy truly unbiased writing from an analytical, researchy point of view but this report proves beyond a doubt how valuable the CRS is. I'll read the report and update this blog entry later with comments.
This is about the most ridiculous thing I've heard (Orbdev Files US Federal Suit Over Asteroid Claim [links are totally slashdotted]). Some guy is claiming that he owns the asteroid that the spacecraft NEAR landed on and is charging NASA $20 to allow the defunct spacecraft to remain there. What a load of shit. Have I mentioned that I find space law as interesting (if not more so) as cyberlaw?
All I'll do here is repeat treaty language (to which Orbdev is bound as a non-governmental organization that works under the auspices of a treaty-bound nation).
Read on for specific snipets of treaty language from the AGREEMENT GOVERNING THE ACTIVITIES OF STATES ON THE MOON AND OTHER CELESTIAL BODIES (1979)
This means, even if this guy was the first to go to said asteroid, he wouldn't have a valid property claim... and all this guy did was point at the asteroid and say, "See that one? That's mine."
AGREEMENT GOVERNING THE ACTIVITIES OF STATES ON THE MOON AND OTHER CELESTIAL BODIES (1979)
Article 1
1. The provisions of this Agreement relating to the moon shall also apply
to other celestial bodies within the solar system, other than the earth,
except in so far as specific legal norms enter into force with respect to
any of these celestial bodies.
[...]
Article 11
[...]
3. Neither the surface nor the subsurface of the moon, nor any part
thereof or natural resources in place, shall become property of any
State, international intergovernmental or non-governmental organization,
national organization or non-governmental entity or of any natural
person. The placement of personnel, space vehicles, equipment,
facilities, stations and installations on or below the surface of the
moon, including structures connected with its surface or subsurface,
shall not create a right of ownership over the surface or the subsurface
of the moon or any areas thereof. The foregoing provisions are without
prejudice to the international rgime referred to in paragraph 5 of this
article.
AnnaLee Newitz is a goddamn bad-ass. Her most recent column (Techsplotation: Die, Diebold, Die!) is on the Diebold controversy... and, as usual, she's providing a very interesting addition to the dialogue surrounding this issue. I'm quoted as is UC Berkeley SIMS/CS student Ka-Ping Yee (If you care about this issue (copyright vs. freedom of speech, democracy v. the illusion of-), follow the directions on Ping's diebold site (here) and make sure that you have the files... the advantage of having his version is that it includes both the original, unadulterated email archives and a threaded version that is very easy to read.).
Read on for the full text of Ms. Newitz's column...
TECHSPLOITATION: Die, Diebold, Die!
By Annalee Newitz, AlterNet
November 12, 2003
In yet another stunning example of how the Digital Millennium Copyright Act can be abused, voting-machine manufacturer Diebold has issued a series of cease and desist orders to college students protesting the company's shoddy and irresponsible business practices. Several weeks ago an anonymous whistle-blower leaked several years' worth of Diebold internal e-mails on the Internet. Shockingly, these documents revealed that software engineers and sales staff were fully aware Diebold voting machines had troubling memory problems and multiple security vulnerabilities.
Political Web site Why War? posted a list of all the places where you can download these memos, along with choice excerpts from them. Soon after people began hosting the Diebold files on their machines, however, the company started sending out cease and desists – known as "takedown notices" – claiming that posting the documents amounted to a copyright violation.
The idea was that Diebold internal memos were copyrighted material and that somehow posting them elsewhere was like pirating. While many attorneys and civil liberties groups question this use of the DMCA, these takedown orders are nevertheless tantamount to censorship. The person receiving the notice must immediately remove the material or risk a lawsuit. Since most of the individuals hosting the documents were university students who had put them on their schools' servers, they had little choice but to comply.
Working jointly, the Electronic Frontier Foundation and Center for Internet and Society Cyberlaw Clinic at Stanford Law School are defending one ISP, the Open Policy Group, which refused to comply with Diebold's takedown notice and continues to host the files. The legal organizations have requested a restraining order against Diebold that would forbid the company from harassing people with legal threats that represent a misuse of copyright law. A judge will hear the case Nov. 17.
Three students at UC Berkeley were hosting the Diebold files on school computers. One, Joseph Hall, a graduate student at Berkeley's School of Information Management, received a takedown notice two days after he put the files online Oct. 28. He says he risked a lawsuit because "I want this information out there. The way Diebold has behaved doesn't fit with my vision of the way democracy works." He says one of the main problems he has with Diebold is that it doesn't release its code to the public. "Any code that counts votes needs to be open to public audit," he says. He also points out the Diebold memos reveal the company has changed its software without getting it recertified, which is a violation of federal and state laws.
Bradley Clark, registrar of voters for Alameda County, admits his county used some of this uncertified software in the last two elections: a statewide recall election that installed Arnold Schwarzenegger as governor and a municipal election that was held last week. Although this would mean the two elections were held in violation of state law, he says he's not concerned: "I'm not worried because the software is federally certified and [state certification] is just paper shuffling." Nevertheless, the state of California is holding an investigation to look into the matter.
While we wait to find out the results of this investigation, as well as what the judge will rule in the restraining order case against Diebold, the incriminating Diebold documents just keep on circulating. Currently they're available in popular file-sharing systems like Freenet, eMule, and BitTorrent. And every time a student is served with a takedown notice, it seems three others pop up to take her or his place.
Ka-Ping Yee, a UC Berkeley computer science grad student, started hosting the documents at the same time Hall did. As someone who studies human factors in computer security, Yee is particularly concerned about security flaws in the machines. He says his ideal e-voting system would allow "voters themselves to verify their voting record – a simple way to do this would be to give people a paper receipt of their votes." If he receives a takedown notice, Yee says he's tempted not to comply with it because "we're not breaking the law. This is fair use."
This is one of those moments when I love the Internet. Sometimes there just isn't room in my heart for irony.
Annalee Newitz ( dieboldatemyvote@techsploitation.com) is a surly media nerd who is waiting for some angry security geek to hack the shit out of one of those Diebold boxes and prove to the world how truly exploitable they are. Her column also appears in Metro, Silicon Valley's weekly newspaper.
Scott Granneman of Security Focus has posted this very thorough and precise article that reviews the issues of the Diebold debacle. Anyone who's wondering about specifics of the Diebold controversy should go here first.
The Daily Californian is running a story (pdf) on Diebold, Not Quite a Blog and me. Andrea La Pietra definitely does a better job with this story than the recent Harvard Crimson article on Derek Slater.
A few comments:
Kim Zetter of Wired drops another bomb. (I learned of this development through Joseph Holder... that man is on top of things!) In this article she reports that the California Office of the Secretary of the State is making Diebold pay "for an independent audit of all its hardware and software used in 13 other California counties to determine if uncertified components have been installed [...]."
Interestingly, the Diebold memo that sparked all of this is here (yup, that's SIMS student Ping Yee's mirror). It reads, in part:
Hi,Found something interesting here in Alameda County, and want to see if anyone has found this in the field. Especially those of you who are doing [...] modem upload from the precincts.
Running:
BS 4.3.11
GEMS 1.18.14
NT 4.0 6aI am dialing the central computer's bank of modems (connected via Digi PCI
X/em) and connecting to NT's Remote Access Server.[...]
I tried pinging the AVTS unit and only get timeouts. I then tried
simulating the connection with my laptop and was able to successfully
upload. [...]
The relevant information here is the version number of the GEMS software (this version was not certified by the state of California yet) and the fact that this guy could transfer data and connect to one of the Diebold machines! This could be the source of strange activity in some elections and would allow someone with malicious political intent access to the pool of votes for a given election.
Other notables from the Zetter report: (read on)
[...]Diebold must also cooperate fully with the independent auditors and with the secretary of state's office during its investigation of the certification violation, and attend a voting system panel meeting in mid-December, when the state will review the results of the audit and determine what, if any, sanctions may be appropriate.
[...]
Kyle said the state would inventory the systems of other vendors and other counties once the Diebold investigation was complete. The state will also begin requiring all counties to maintain and submit logs of the hardware, firmware and software versions they use.
Starting in 2004, the state will also conduct random audits of voting systems to ensure that all software and hardware is certified. And in the future, the state will require CEOs of vendors to affirm under penalty of perjury that the company will not change systems without obtaining written approval from the secretary of state. Failure to do so may result in de-certification and possible criminal charges, Kyle said.
[...]
It's widely believed by voting machine makers that Secretary of State Shelley, who has previously stated his preference for electronic voting machines to offer a voter-verifiable receipt with their machines, may announce plans within a week or so to require this on voting machines used in the state.
A voter receipt would allow voters to verify that their ballot has been cast correctly before depositing the receipt into a secure ballot box to be used in case of a recount.
Script-kiddies, crackers and hackers beware... some types of computer conduct could spark an FBI investigation in the name of terrorism. Just as our wars have become pre-emptive, it looks like our investigations of abnormal cyber activity are heading that way as well. I suppose everyone's going to be considered a "terrorist" by John Ashcroft someday...
Ashcroft takes on foreign government hackersBy Kevin Poulsen, SecurityFocus Nov 7 2003 5:16PM
How seriously does the U.S. government take computer intrusion? Seriously enough for the threat of foreign hacking to take a prominent role in new rules governing the FBI's national security investigations issued by U.S. Attorney General John Ashcroft this week.
Ashcroft released a new version [This is a link to the redacted, released document on the DoJ site.] of the "Guidelines for FBI National Security Investigations and Foreign Intelligence Collection" on Wednesday. The new guidelines, billed as a response to the September 11 terrorist attacks, permit the Bureau to engage in the "proactive collection of information on threats to the national security," displacing an older policy that obliged the FBI to have a specific investigative purpose before collecting information on individuals or groups.
Like the older rules, the new guidelines allow the Attorney General to specify anything as threat to national security at any time. But a few threats are specifically hardcoded into the new rules: terrorism, espionage, sabotage, political assassination, and "foreign computer intrusion."
The latter is defined as "the use or attempted use of any cyber-activity or other means by, for, or on behalf of a foreign power to scan, probe, or gain unauthorized access into one or more U.S.-base computers."
[...]
I happened upon the scene below during my walk to teach Astro 10... The kids were running up to it thinking it was snow. Unfortunately for them, I'm pretty sure it was a routine cleaning procedure for the fountain. Belatedly would they realize it was a fountain and not snow. California is weird.
 |
|
|
|
My political compass score is:
|
|
This puts me near Ghandi, Nelson Mandela and the Dalai Lama... I'll take that as being a good thingTM.
This is pretty interesting... The Hungarian Ambassador to the US, Andras Simonyi, will be coming to the Rock and Roll Hall of Fame (and Museum) and saying the following:
"Hungary's ambassador to the United States is coming to the Rock and Roll of Fame to explain his belief that when rock 'n' roll found its way into his country, it helped spark a yearning for freedom and an eventual end to a communist government.Not only for me but also for other Hungarians of my generation, this became the stuff that really linked us to the free world. As I listened to this kind of music, I felt I was part of the free world myself.
I started out with the Beatles, but then I pretty much moved on. I embraced the really exciting and progressive part. I became a great Cream fan and Jimi Hendrix fan. There was one hero that I had, and this was Stevie Winwood, who established the group called Traffic."
(via the bad-ass Tyler Cowen at Volokh via Mike Daly)
(In an effort to not blog what others are blogging...)
Congressional Research Service (CRS) reports are something that I've found very useful. They are commisioned by congress to provide analysis and background on certain issues and subsequently enter the public domain upon publication. For an unexplained reason, Congress removed them from the web recently, following a Bush administration tradition of depriving the public from valuable information. Here's how (one of my heros) Steven Aftergood (of the FAS) reports it in his Secrecy news bulletin:
ACCESS TO CRS REPORTS AT ISSUETwo weeks ago, Congress abruptly terminated the limited public access that had existed for several years to the official database of reports prepared by the Congressional Research Service (Secrecy News, 10/28/03).
Now, with his trademark resourcefulness and ingenuity, Russ Kick of TheMemoryHole.org has given back much of what Congress had taken away.
Hundreds of recent CRS reports, copied from the now inaccessible database, have been posted here:
http://www.thememoryhole.org/crs/
Meanwhile, dozens of public interest groups from around the country are petitioning members of Congress to support continued public access to the CRS database.
"We urge you to work with CRS to restore at least the same level of access to CRS reports that your web site has provided in the past," the organizations wrote to Rep. Christopher Shays and Rep. Mark Green in a November 3 letter organized by the American Library Association.
See a copy of the letter here:
http://www.fas.org/sgp/news/2003/11/crs110303.pdf
(note: I'm actually 26, not 28 as Declan says.)
Students buck DMCA threat
By Declan McCullagh
Staff Writer, CNET News.com
http://news.com.com/2100-1028-5101623.html
Story last modified November 3, 2003, 5:17 PM PST
When Diebold Election Systems learned that its internal e-mail correspondence had popped up on the Web, it used a common legal tactic: sending cease-and-desist letters to Webmasters.
But in the months since the North Canton, Ohio-based company began trying to rid the Internet of those copyrighted files, it has arrived at a very unusual impasse. Far from vanishing, the files have appeared on more than 50 Web sites, run mostly by students who claim Diebold has a suspiciously cozy relationship with the Republican Party and that the e-mail conversations demonstrate its election software is flawed and should not be trusted.
On Tuesday, Diebold will find itself on the defensive in court as well. The Electronic Frontier Foundation and Stanford Law School's Center for Internet and Society are planning to file a lawsuit asking for a temporary restraining order that would effectively halt Diebold's campaign against the loosely organized network of mirror sites. A hearing could be held as early as Tuesday in federal district court in San Francisco.
[...]
EFF attorneys say the case is the first time that someone who has received a "notice and takedown" request--one of the many Diebold made, repeatedly invoking the Digital Millennium Copyright Act (DMCA)--has attempted such a pre-emptive strike before being sued.
"We're saying that the hosting of the documents is fair use" and therefore legal, said Wendy Seltzer, an EFF staff attorney. "They're very thinly protected by copyright in the first place and being posted as part of a political debate."
Diebold did not respond on Monday to a request for comment. Diebold Election Systems sells electronic voting systems used in states including California, Georgia, Ohio and Texas. Its parent company, Diebold Inc., is publicly traded and reported revenue of $1.9 billion in 2002.
As part of the same suit, Stanford's Jennifer Granick is representing two Swarthmore College students, Nelson Pavlosky and Luke Smith, who mirrored the Diebold documents and received a DMCA notification. EFF is representing the Online Policy Group, a free hosting service that had hyperlinks to the Diebold documents, but not to the documents themselves, on its server.
"Irregardless of the copyright status of the underlying documents, copyright law does not allow you to go after someone who merely links to the documents," Seltzer said.
Because the legal status of hyperlinking to copyrighted documents is unclear, the lawsuit is noteworthy for that reason as well. In a November 2001 case that pitted the major movie studios against 2600 magazine, the 2nd Circuit Court of Appeals ruled that linking to illegal content can be restricted "consistent with the limitations of the First Amendment." That ruling is not binding on California courts.
In an unusual move for a college, Swarthmore decided to back its students against the legal threats by Diebold. Its president, Alfred Bloom said in a statement: "The college is deeply proud of its students' resolve to act on behalf of an open and fair democracy."
The wealth of Diebold e-mail, which totals about 11MB when compressed, includes internal conversations that cast doubt on the company's ability to sell secure software. Some messages note that lists of bugs were "irrecoverably lost," while others complain that "I have never been at any other company that has been so miss [sic] managed."
Diebold gave at least $195,000 to the Republican Party during a two-year period starting in 2000, and its chief executive, Walden W. O'Dell, once pledged to deliver Ohio's electoral votes for President George W. Bush.
Joseph Lorenzo Hall, a 28-year-old master's student at the University of California at Berkeley, said he mirrored the Diebold documents because the broader issue involves the "fundamental tenets of our democracy, which is a fair and open election process."
"My opinion is that it's clearly a misuse of copyright law," said Hall, a Linux buff who recently finished his master's degree in astrophysics and is now enrolled in the School of Information Management and Systems. After receiving a DMCA notice from Diebold last Thursday, Hall disabled his mirror and has not decided whether to put it back online, which would expose him to a possible lawsuit.
A typical DMCA letter sent out by Diebold's attorneys says: "Please note that (your) page actively encourages infringing activity. It initially pointed to one infringing Web site. When that Web site was removed two additional links were added pointing to a new Web site hosting the same infringing material."
Copyright ©1995-2003 CNET Networks, Inc. All rights reserved.
This is a spectacular image of the Cat's Eye Nebula (NGC 6543), a planetary nebula. Planetary nebulae are stars in their death throws, shedding their outer layers as they become increasingly unstable. You can think of these as spherical smoke rings that the star has blown outward from itself.
 |
Click below for a larger image...
 |