Code=Law

Topics discussing when software code acts as a form of policy, what Lawrence Lessig , author of Code and Other Laws of Cyberspace would call (US) "East-coast-code meets West-coast-code".

Sony, Rootkits and Digital Rights Management Gone Too Far

SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system.

Please write your MP to ensure that they realize that it is Sony and other music distributors that are the ones "cracking" security and breaking into computers, and not people who are circumventing DRM in order to protect their rights (property, privacy, etc).

See also: p2pnet: New: Sony BMG rootkit DRM, The Register: Removing Sony's CD 'rootkit' kills Windows, CNET News.com: Sony CD protection sparks security concerns, PCPro: Sony DRM burrows into rootkit code, BetaNews: Sony to Help Remove its DRM Rootkit, BBC: Sony slated over anti-piracy CD

Do you want your home entertainment system to monitor your private life?

Canadian New Media included an article titled "Lack of education, standards hindering home networks". These are not traditional networks of computers, but networking other devices such as home entertainment. It suggested a new study from NPD Group reports that the interconnected home is still a long way off for many Canadians.

I sent the following letter as additional feedback.

There are more reasons for not wanting current generation consumer electronics devices networked. The legacy content industries want to monitor, meter and control the private activities of their customers in order to extend their past business models and monopolies. They are working with specific technology companies to try to ensure that these devices are not under the control of their owners, but under remote control and monitoring. These technology companies are quite happy to play along as they believe that if they manage the "digital keys" to unlock the digitally encoded content rather than their competitors that it will help them protect existing market monopolies with a captive customer base. The technology companies embed these digital keys in software within their specifically branded access devices, and claim it is illegal for the owners to extract and use these keys in competing software.

What's wrong with technology companies having to ask entertainment companies for permission?

This document titled The 3-minute Guide to the Broadcast Flag by Canadian-born Cory Doctorow (EFF European Affairs Coordinator) is written about the US Broadcast Flag proposal, but is a good introduction to why it is wrong for creators of technology to have to ask permission of content companies before creating new technology.

It's like a law ordering that every car sold in America have its hood welded shut. Sure, most of us never plan on fixing or modifying our own car, but very few of us would take a hood- welding law lying down. It's not fair for the government to tell us that we're not allowed to peek inside, fix, and improve our own property.

Remember: It is our property, not the property of the copyright holders, that is being regulated here. Anyone who supports tangible property rights should be aggressively opposed to these types of proposals that would allow the questionable business models of a few to trump the property rights of everyone.

US Government Accountability Office confirms e-voting problems

This FCW article by Michael Hardy includes:

GAO found that some e-voting systems do not encrypt ballots cast or audit logs, and either one could be altered without detection. In addition, some machines are insecure enough that someone could alter a ballot's appearance so that votes cast for one candidate would be recorded for an opponent.

GAO also found that vendors sometimes installed uncertified versions of their software in local voting jurisdictions.

Note: democratic elections need voter verifiable ballots. As long as there is not a voter verifiable ballot there is room for tampering with the election, whether transparent and accountable (Meaning FLOSS) software is used or not.

US drink/drive laws could push open source

In what I hope is an indicator of a larger trend, a Florida court will hear arguments on Friday in a case where the accuracy of a breathalyser is being scrutinised because the manufacturer has refused to release the source code. (vnunet.com article, SlashDot discussion) This is a situation where the source code may be forced to be released, but where the software authors did not receive the benefits of peer production during the authoring of the software. If this becomes a trend, it may encourage more software authors to use modern methods of production, distribution and funding of software.

A Techlaw Student Summit will be held on the afternoon of Thursday September 29, 2005

Summit Activities (PDF version of announcement):

12:00 PM - Book Release & Press Conference: In the Public Interest: The Future of Canadian Copyright Law. As Canada embarks on a new round of digital copyright reform, this collection of 19 essays from Canada's leading copyright experts provides context and analysis of the latest reform proposals.

1:00 PM - Special Lecture: Dr. Tom Faunce, Australian National University

2:00 PM - ITLS Student Panel

3:30-5:00 PM - An Informal Discussion of copyright reform Bill C-60 with respresentatives from Industry Canada and Canadian Heritage

(Updated posting date from Sept 12 to Sept 28 to bring to top of list again)

Paper Trail Urged as E-Voting Fix

This Wired Magazine by Kim Zetter includes:

After five months of hearings and deliberations, a high-level election-reform commission led by former President Jimmy Carter and former Secretary of State James Baker recommended that Congress require electronic-voting machines to produce a voter-verifiable paper audit trail by 2008.

Access to Information request about the "Shared Services" initiative.

I have been aware of the "Common and Shared Services Strategy" (AKA: Shared Services) within PWGSC. There seems to be two incompatable visions: one involves moving towards vendor-neutral interoperable standards and the provision of shared infrastructure when appropriate, and another vision is an imposed vendor choice on the entire of the government for specific IT products and services.

I have sent an ATIP request to Industry Canada (Update: This should have been sent to PWGSC, and has been redirected) asking for the following:

Provide details regarding the information being sought
List of vendors consulted and text of documents created by vendors in relation to the "Shared Services" initiative. The results of any negotiations with vendors that are being considered to supply the so-called common operating system, common application or servers software, and common directory services.

Any policy analysis of whether the "shared services" initiative will be compliant with government procurement requirements in trade agreements, including but not limited to NAFTA Article 1007: Technical Specifications. For further clarification, see CITT File No. PR-2000-073.

PR-2000-073 is the PLCOM case which I document in Canadian International Trade Tribunal and Free/Libre and Open Source Software.

HRSDC denied request for source code under ATIP request...

I have thus far been denied my Access to Information request for the source code and documentation for the HIFIS system. What I find interesting is the reasoning, which is the claim that disclosing the source code would expose vulnerabilities in the software. They seem to be admitting that the software is currently vulnerable, meaning that it inadequately implements the government policies it was authored to automate.

Syndicate content