- Election 2011
- Chronology (including bills)
- Electoral District (list)
- Participate in mailing lists
A few days ago, I ran Arch Linux's update process and it pulled down and installed a new version of GIMP, version 2.8. This version incorporates some changes in the user interface which apparently were under development for a long time, but only very recently finally put into the "stable" distribution stream.
The one that interests me may appear on the surface to be very small, but it is and is meant to be a really significant shift in the entire definition of what GIMP is. GIMP used to be, as the name "GNU Image Manipulation Program" implies, an image editor. With version 2.8, GIMP has become an XCF file editor with the ability to read and write other formats.Read More
The Latest in Nationwide Internet User Identification - Part 2 (the All-New, So-Called Federal Co-Conspirator Theory)
Since Part 1 in this series a few months ago, Plaintiffs have continued to file "pure bill of discovery" suits in Florida state court. These proceedings typically involve "John Does" who are accused of copyright infringement via peer-to-peer networks. The Plaintiffs (copyright-holders or their delegates) have continued to name as defendants in those "pure discovery" proceedings not the entities from whom they seek discovery (i.e., the Internet service providers) but instead John Does, from whom no discovery is sought. After filing their suits, Plaintiffs promptly seek and obtain an ex parte order for expedited discovery of the John Does' names from the ISPs, even though the ISPs are not then represented or present in the proceeding. Because the ISPs are not technically parties, the Plaintiffs can use these orders to issue subpoenas to ISPs from across the country regardless of whether the ISPs or their subscribers would be subject to the jurisdiction of a Florida state court.
The Plaintiffs' lawyers certainly must know that this is not right. For one thing, they tend to withdraw their subpoenas whenever it appears a court is actually going to hear the reasons why their use of the proceeding is improper.
Recently, several ISPs stood firm and proceeded to a hearing on their motions for protective order in a couple of these proceedings. The Plaintiffs' lawyers, in typical fashion, tried to withdraw their subpoenas and argued that the judges should not listen to the ISPs' arguments. Not surprisingly, the Plaintiffs did not fare well in an adversarial proceeding.
Both judges not only granted the ISPs' motions, but went farther. One of the judges dismissed the case, also quashing all outstanding subpoenas. The court also noted that, if the Plaintiff should amend (to name the ISPs as defendants, subject to their personal jurisdiction and other defenses), the Plaintiff must certify that the Does as to which discovery is sought committed a tortious act in the State of Florida. In the other case, the court quashed all subpoenas and required the Plaintiff to notify all ISPs of the court's order and an opportunity to object. If a given ISP, in turn, notifies the court that the ISP objects, then the subpoena will remain quashed. (In this manner, the court compensated for the cost and inconvenience to many of the ISPs of a challenge to this improper proceeding in a Florida state court.) Hopefully, this is the beginning of the end of this flagrant abuse of an equitable state-law proceeding.
On a similar theme, the Plaintiffs have also been trying a new tactic in federal courts, transparently designed to avoid procedural details such as personal jurisdiction, venue, and joinder. In this scheme, the Plaintiffs' lawyers sue a single John Doe defendant (who is believed to reside in the forum), and then seek expedited discovery not only as to that defendant but also as to hundreds of other John Does on the theory that they could be "co-conspirators" with the named John Doe. In such a manner, the Plaintiffs seek identification of the long list of so-called "co-conspirators" without any need to show that those Internet subscribers are properly joined and are subject to the jurisdiction of the Court.
Not surprisingly, when a federal judge was able to scrutinize such a tactic (outside the context of an abbreviated, one-sided, ex parte discovery hearing), it was solidly rejected as improper. Ruling on several motions to compel, Chief Judge Holderman of the U.S. District Court for the Northern District of Illinois held that the discovery sought as to the so-called "co-conspirators" in several cases was not relevant to the claims asserted against the single John Doe defendants in those cases. The Court noted that the true purpose of the discovery sought was not to litigate the Plaintiffs' claims in these lawsuits, but rather "to either sue the individuals whose identity they uncover, or, more likely, to negotiate a settlement with those individuals." The Court pronounced that "[w]hat the plaintiffs may not do" is "improperly use court processes by attempting to gain information about hundreds of IP addresses located all over the country in a single action." The Court also took note of the aggregate burden imposed by virtue of the volume of subpoenas being generated by these Plaintiffs' lawyers in their numerous lawsuits.
Fictional pleading for the purpose of gathering names in order to pursue settlements should not be tolerated by the courts. The courts are likely to agree, as long as both sides of the arguments have the opportunity to be heard.
Today, I submitted public comments to the CA/Browser Forum. CA/B Forum is an industry group started by Certificate Authorities -- the companies that sell digital certificates to web sites so that your browser can encrypt your communications and can tell you whether it's connecting to the genuine site. It is important that CAs do a good job, and there have been several examples of Bad Guys getting fraudulent certificates for major web sites recently. You can read the comments below, or download a pretty PDF version.
Public Comments to the CA/Browser Forum Organizational Reform Working Group
I am pleased to respond to the CA/Browser Forum's request for comments on its plan to establish an Organizational Reform Working Group. For more than a decade, Internet users have relied upon digital certificates to encrypt and authenticate their most valuable communications. Nevertheless, few users understand the technical intricacies of the Public Key Infrastructure (PKI) and the policies that govern it. Their expectations of secure communication with validated third-parties are set by the software that they use on a daily basis--typically web browsers--and by faith in the underlying certificates that are issued by Certificate Authorities (CAs). CAs and browser vendors have therefore been entrusted with critically important processes, and the public reasonably relies on them to observe current best practices and to relentlessly pursue even better practices in response to new threats.
The CA/B Forum emerged after the PKI system on the Internet was already established, but it has become one of the de facto venues for the industry to discuss and define policy standards. Although it began as a mechanism for creating the "Extended Validation" certificate policy standard, it has recently asserted a broader role in defining policy standards for the much larger set of certificates used throughout the industry. The Forum is the industry's attempt to create a self-regulatory structure that can keep up with the rapid operational developments and security vulnerabilities in this area. It should be commended for its efforts.
Nevertheless, the current organizational structure suffers from at least two major shortcomings. First, the Forum includes no representatives from the public or from CAs' customers--these are commonly referred to by CAs as "Relying Parties" and "Subscribers," respectively. This is troubling, given that these are the entities that are most at risk from poor policies or practices. Second, the Forum conducts its business largely in secret, with little public transparency into the process by which policies are developed and implemented. While there may be benefits to keeping some security vulnerability information private for short amounts of time, there is no compelling reason to do most of the Forum's work in private.
Fortunately, there are indications that the Forum is open to change. The call for comments notes that CA/B Forum will consider, "wider membership and participation," and "a more open and public process." The Forum derives its legitimacy from its users and the others in the PKI ecosystem that choose to implement its guidance. A major change in posture in the two areas cited is necessary for it to secure and retain this legitimacy.
Wider membership should include representatives from all parts of the ecosystem, in proportions and with voting authority that allows them to meaningfully represent their interests. As a result of the industry structure, CAs dominate current membership. Some of this is inevitable given that there are simply far more CAs in existence than browsers, but the formal addition of relying parties, subscribers, and perhaps the auditor community would help promote a more diverse and healthy consideration of stakeholder interests. Likewise, the Forum should consider how to structure voting rights to ensure that these interests are appropriately represented the process, and how to encourage new entities that seek to take part.
The processes of the CA/B Forum should be made completely open to the public, absent some compelling reason in individual cases. Most of the rest of the PKI ecosystem, and indeed most policy processes related to the Internet as a whole, are conducted in public due to the broad set of stakeholders involved. The public posture of technical standards groups like the IETF and W3C should be guidance for opening the policy processes at the CA/B Forum. Email discussion lists, draft documents, and face-to-face meetings should all be made significantly more public.
The comments that PayPal has already submitted to the Forum succinctly summarize the need for an, "open, public, multi-stakeholder process."
If the CA/B forum truly wishes to play a broader role in fostering industry best practices through proposed policies, it must be seen as representative, responsive, and transparent. If it cannot do this, it could fail not only to fulfill that mission but also to provide a dynamic industry-driven alternative to hands-on government intervention. The recent security breaches and revelations of troubling industry practices have not lent confidence to a process that is seen by many as being far too insular. Given the high likelihood of similar headline-grabbing developments in the future, CA/B Forum should change course while it still has that opportunity.
 The comments and opinions presented here are entirely my own, and do not necessarily reflect those of Princeton University, the Center for Information Technology Policy, or any other entity.
 "CA/Browser Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.0" at http://cabforum.org/Baseline_Requirements_V1.pdf
 "PayPal supports reform at the CA/Browser Forum" at http://www.thesecuritypractice.com/the_security_practice/2012/03/paypal-supports-reform-at-the-cabrowser-forum.html
Professor Ed Felten, while on loan to the Federal Trade Commission for 2011 and Spring 2012, has a new Tech Policy Blog, Tech@FTC. When he's in his role as Chief Technologist of the FTC, he'll blog there; when he's wearing his regular hat as Professor of Computer Science and Director of the Center for Information Technology Policy, he'll blog here at freedom-to-tinker.
Of course, the big news from the FTC this week is the official report, Protecting Consumer Privacy in an Era of Rapid Change, and I see that Ed has something to say about that. But he's also got an article about SQL injection and our friend, little Bobby Tables.
Tomorrow afternoon, the Center for Information Technology Policy is hosting an event that looks at the state of online copyright enforcement and the policy perspectives of the parties involved. We've got a great lineup, with folks from the content industry, internet service providers, web companies, academics, and the press.
Date: Tuesday, March 13, 2012
This conference is free and open to the public. Please register here.
Copyright enforcement in the digital era has been an ongoing game of cat-and-mouse. As new technologies emerge for storing and transmitting creative works, content creators struggle to identify the best response. The content industry has employed different tactics over time -- including technological copy protection, litigation against infringers, and collaboration with Internet Service Providers (ISPs). In August of 2011, some members of the content industry signed an historic Memorandum of Understanding (MOU) with some of the largest ISPs, agreeing to a "graduated response" system of policing. ISPs agreed to notify their subscribers if allegedly infringing activity was detected from their connection and, if infringement continued after multiple warnings, to impede access. Meanwhile, a wave of "copyright troll" litigation has continued to sweep the country and burden the courts. Use of takedown notices under the Digital Millenium Copyright Act has continued to evolve. This event will examine enforcement efforts to date, and debate the merits of the new private approach embodied in the MOU framework.
New York, New Jersey, and Pennsylvania CLE credit is available for attorneys who attend. (details)
Keynote: Technology and Trends (1:00 PM - 1:30 PM)
Mike Freedman, Assistant Professor in Computer Science, Princeton University
Moderator: Bart Huffman, Locke Lord LLP
Break (3:00 PM - 3:30 PM)
Moderator: Stephen Schultze, Princeton CITP
A student group at the University of Pennsylvania Law School has put together a fantastic symposium on the state of fashion law, but along the way they (allegedly) snagged themselves on Louis Vuitton's trademarks. After creating a poster with a creative parody of the Louis Vuitton logo, they received a Cease & Desist letter from the company's attorneys claiming:
While every day Louis Vuitton knowingly faces the stark reality of battling and interdicting the proliferation of infringements of the LV Trademarks, I was dismayed to learn that the University of Pennsylvania Law School's Penn Intellectual Property Group had misappropriated and modified the LV Trademarks and Toile Monogram as the background for its invitation and poster for the March 20, 2012 Annual Symposium on "IP Issues in Fashion Law."
Ironically, the symposium aims to further education and understanding of the state of intellectual protection in the fashion industry, and to discuss controversial new proposals to expand the scope of protection, such as the proposed bill H.R. 2511, the “Innovative Design Protection and Piracy Prevention Act".
The attorneys at Penn responded by letter, indicating that Louis Vuitton's complaint failed any conceivable interpretation of trademark law -- outlining the standard claims such as confusion, blurring, or tarnishment -- and asserted the obvious defenses provided by law for noncommercial and educational fair use. It indicated that the general counsel had told the students to "make it work" with the unmodified version of the poster, and concluded by inviting Louis Vuitton attorneys to attend the symposium (presumably to learn a bit more about how trademark law actually works.)
I, for one, am offended that the Center for Information Technology Policy here at Princeton has not received any Cease & Desist letters accusing us of "egregious action [that] is not only a serious willful infringement" of fashion trademarks, but "may also may mislead others into thinking that this type of unlawful behavior is somehow 'legal' or constitutes 'fair use'." You see, our lecture this Thursday at 12:30pm at Princeton by Deven Desai, "An Information Approach to Trademarks", has a poster that includes portions of registered fashion industry trademarks as well. Attorneys from Christian Dior and Ralph Lauren, we welcome you to attend our event.
The U.S. Department of Homeland Security Office of Inspector General (DHS OIG) released their report on safety of airport backscatter machines on February 29. The report has received criticism from ProPublica among others for what it says as well as what it doesn’t, mostly focusing on issues of incremental risk to the traveling public, the large number of repair services, and the lack of data analyzing whether the machines serve their claimed purpose. (The report does not address millimeter wave machines, which most scientists believe are safer.)
But what’s surprising in both the report and the critiques about it is that they have only discussed the radiation aspects when used as intended, and not the information systems embedded in the devices, or what happens if the scanners are used in unintended ways, as could happen with a computer system malfunction. Like any modern system, the scanners almost certainly have a plethora of computer systems, controlling the scanning beam, analysis of what the beam finds, etc. It’s pretty likely that there’s Windows and Linux systems embedded in the device, and it’s certain that the different parts of the device are networked together, for example so a technician in a separate room can see the images without seeing the person being scanned (as TSA has done to head off the complaints about invasion of privacy).
The computer systems are the parts that concern me the most. We should be considered about security, safety, and privacy with such complex systems. But the report doesn’t use the word “software” even once, and the word “computer” is used twice in reference to training but not to the devices themselves.
On the safety front, we know that improperly designed software/hardware interaction can lead to serious and even fatal results – Nancy Leveson’s report on the failure of the Therac-25 system should be required reading for anyone considering building a software-controlled radiation management system, or anyone assessing the safety of such a system. We can hope that the hardware design of the scanners is such that even malicious software would be unable to cause the kind of failures that occurred with the Therac-25, but the OIG report gives no indication whether that risk was considered.
On the security and privacy front, we know that the devices have software update capabilities – that became clear when they were “upgraded” to obscure the person’s face as a privacy measure, and future planned upgrades to provide only a body outline showing items of concern, rather than an actual image of the person. So what protections are in place to ensure that insiders or outsiders can’t install “custom” upgrades that leak images, or worse yet change the radiation characteristics of the machines? Consider the recent case of the Air Force drone control facility that was infected by malware, despite being a closed classified network – we should not assume that closed networks will remain closed, especially with the ease of carrying USB devices.
Since we know that the scanners include networks, what measures are in place to protect the networks, and to prevent their being attacked just like the networks used by government and private industry? Yes, it’s possible to build the devices as closed networks protected by encryption – and it’s also possible to accidentally or intentionally subvert those networks by connecting them up using wireless routers.
Yes, I know that the government has extensive processes in place to approve any computer systems, using a process known as Certification and Accreditation. Unfortunately, C&A processes tend to focus too much on the paperwork, and not enough on real-world threat assessments. And perhaps the C&A process used for the scanners really is good enough, but we just don’t know, and the OIG report by neglecting to discus the computer side of the scanners gives no reassurance.
Over the past few years, Stuxnet and research into embedded devices such as those used in cars and medical devices have taught us that embedded systems software can impact the real world in surprising ways. And with software controlled radiation devices potentially causing unseen damage, the risks to the traveling public are too great for the OIG to ignore this critical aspect of the machines.
David Robinson and I have just released a draft paper—The New Ambiguity of “Open Government”—that describes, and tries to help solve, a key problem in recent discussions around online transparency. As the paper explains, the phrase "open government" has become ambiguous in a way that makes life harder for both advocates and policymakers, by combining the politics of transparency with the technologies of open data. We propose using new terminology that is politically neutral: the word adaptable to describe desirable features of data (and the word inert to describe their absence), separately from descriptions of the governments that use these technologies.
Clearer language will serve everyone well, and we hope this paper will spark a conversation among those who focus on civic transparency and innovation. Thanks to Justin Grimes and Josh Tauberer, for their helpful insight and discussions as we drafted this paper.
“Open government” used to carry a hard political edge: it referred to politically sensitive disclosures of government information. The phrase was first used in the 1950s, in the debates leading up to passage of the Freedom of Information Act. But over the last few years, that traditional meaning has blurred, and has shifted toward technology.
Open technologies involve sharing data over the Internet, and all kinds of governments can use them, for all kinds of reasons. Recent public policies have stretched the label “open government” to reach any public sector use of these technologies. Thus, “open government data” might refer to data that makes the government as a whole more open (that is, more transparent), but might equally well refer to politically neutral public sector disclosures that are easy to reuse, but that may have nothing to do with public accountability. Today a regime can call itself “open” if it builds the right kind of web site—even if it does not become more accountable or transparent. This shift in vocabulary makes it harder for policymakers and activists to articulate clear priorities and make cogent demands.
This essay proposes a more useful way for participants on all sides to frame the debate: We separate the politics of open government from the technologies of open data. Technology can make public information more adaptable, empowering third parties to contribute in exciting new ways across many aspects of civic life. But technological enhancements will not resolve debates about the best priorities for civic life, and enhancements to government services are no substitute for public accountability.
You may have seen the preprint posted today by Lenstra et al. about entropy problems in public keys. Zakir Durumeric, Eric Wustrow, Alex Halderman, and I have been waiting to talk about some similar results. We will be publishing a full paper after the relevant manufacturers have been notified. Meanwhile, we'd like to give a more complete explanation of what's really going on.
We have been able to remotely compromise about 0.4% of all the public keys used for SSL web site security. The keys we were able to compromise were generated incorrectly--using predictable "random" numbers that were sometimes repeated. There were two kinds of problems: keys that were generated with predictable randomness, and a subset of these, where the lack of randomness allows a remote attacker to efficiently factor the public key and obtain the private key. With the private key, an attacker can impersonate a web site or possibly decrypt encrypted traffic to that web site. We've developed a tool that can factor these keys and give us the private keys to all the hosts vulnerable to this attack on the Internet in only a few hours.
However, there's no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers. (It's certainly not, as suggested in the New York Times, any reason to have diminished confidence in the security of web-based commerce.) Unfortunately, we've found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis.
We're not going to announce every device we think is vulnerable until we've contacted their manufacturers, but the attack is fairly easy to reproduce from material already known. That's why we are working on putting up a web site that you can use to determine whether your device is immediately vulnerable.
Read on for more details, and watch for our full paper soon.
Don't worry, the key for your bank's web site is probably safe
SSL is used to authenticate every major web site on the Internet, but in our analysis, these were not the keys that were vulnerable to the problems outlined in this blog post.
So which systems are vulnerable? Almost all of the vulnerable keys were generated by and are used to secure embedded hardware devices such as routers and firewalls, not to secure popular web sites such as your bank or email provider. Only one of the factorable SSL keys was signed by a trusted certificate authority and it has already expired. There are signed certificates using repeated keys; some of them are generated by vulnerable devices, some of them are due to website owners submitting known weak keys to be signed, and for some of them we have no good explanation.
Embedded devices are well known to have entropy problems. However, until now it wasn't apparent how widespread these problems were in real, Internet-connected devices.
Background: key generation
Websites and networked computers use public-key cryptography for authentication. The kind of authentication that we will be talking about here is a server certifying to a client that it really is the server that the client intended to connect to. An attacker who knows the private key to one of these systems would be able to impersonate the real system to a client or in many cases decrypt encrypted traffic between the client and server.
The most widely used cryptosystem for this purpose is RSA. The RSA cryptosystem is intended to be based on the difficulty of factoring large numbers. An RSA public key consists of a pair of integers: an encryption exponent e and a modulus N, which is a large integer that itself is the product of two large primes, p and q. If an adversary can factor this integer N back into its prime factors p and q, then the adversary can decrypt any messages encrypted using this public key. However, even using the fastest known factoring algorithm, to public knowledge nobody has yet been able to factor a 1024-bit RSA modulus.
It is vitally important to the security of the keys that they are generated using random inputs. If the inputs used to generate the keys were not random, then an adversary may be able to guess those inputs and thus recover the keys without having to laboriously factor N.
On modern computers and servers, key generation software attempts to collect random information from physical sources (often through the underlying operating system): the movements of the mouse, keyboard, hard drive, network events, and other external sources of unpredictable information. However, if the keys are generated from a small set of possibilities, that is, using too little entropy, then the keys may be vulnerable to an attacker. Gathering strong entropy and verifying its strength is a very difficult problem that has given rise to multiple vulnerabilities over the years.
Two versions of the problem
We decided to investigate the prevalence of this issue by scanning the Internet for all SSL and SSH public keys. We scanned every IPv4 address on the Internet, collecting a copy of each SSL certificate and SSH host key. We were able to complete both scans in less than a day: we first used a standard tool called nmap to find hosts with the relevant ports open, and then used our own optimized software to query those hosts. In our SSL scan, we collected 5.8 million certificates. In our SSH scan, we collected 10 million host keys.
We found that entropy problems resulted in two different types of weaknesses:
Repeated public keys. We found that 1% of the RSA keys in our SSL scan data were repeated, apparently due to entropy problems. When two different devices have the same public key, it means they also have the same private key. In effect, the devices that share keys are "in the same boat" as one another--an attacker would only need to compromise the weakest one of these devices, in order to obtain the repeated private key that protects all of the devices. This has long been a known problem, but until now, none of the publicly available security literature has documented how widespread the problem was.
We manually verified that 59,000 duplicate keys were repeated due to entropy problems, representing 1% of all certificates, or 2.6% of self-signed certificates. We also found that 585,000 certificates, or 4.6% of all devices used the default certificates pre-installed on embedded devices. While these devices are not using keys generated with poor entropy, they are suspectible to the same attack as their private keys are found on every device of a given model. We manually verified these keys because a large number of websites may utilize repeated keys for legitimate reason; these provide no risk to users.
Factorable public keys. More surprisingly, we discovered that entropy problems can allow a remote attacker with no special access to factor a significant fraction of the RSA keys in use on the Internet. We were able to factor 0.4% of the RSA keys in our SSL scan. We did this by computing the greatest common divisor (GCD) of all pairs of moduli from RSA public keys on the Internet.
We identified 1724 common factors which allowed us to factor 24,816 SSL keys, and 301 common factors which allowed us to factor 2422 SSH host keys. This means we were able to calculate the private keys for almost half of 1% of the RSA keys in use for SSL. We will explain how we did this calculation below.
Specific vulnerable devices
Embedded devices often generate cryptographic keys on first boot, when their entire state may have been pre-determined in the factory. This can result in the kinds of entropy problems we observe in this study.
We were able to use information from the SSL certificates to identify classes of devices that are prone to generating weak keys. Many more devices than the ones whose keys we factored are probably also producing weak keys that could be compromised by a determined attacker. The list of vulnerable devices that we have already identified includes more than thirty different manufacturers, including almost all of the biggest names in the computer hardware industry. The kinds of products that we identified include firewalls, routers, VPN devices, remote server administration devices, printers, projectors, and VOIP phones.
We're not going to list specific devices or brands until we've told the manufacturers, but here are some examples:
Firewall product X:
Consumer-grade router Y:
Enterprise remote access solution Z:
How could this happen?
It wasn't obvious at first how these types of entropy problems might result in keys that could be factored. We'll explain now for the geekier readers.
Here's one way a programmer might generate an RSA modulus:
If the pseudorandom number generator is seeded with a predictable value, then that would likely result in different devices generating the same modulus N, but we would not expect a good pseudorandom number generator to produce different moduli that share a single factor.
However, some implementations add additional randomness between generating the primes p and q, with the intention of increasing security:
If the initial seed to the pseudorandom number generator is generated with low entropy, this could result in multiple devices generating different moduli which share the prime factor p and have different second factors q. Then both moduli can be easily factored by computing their GCD: p = gcd(N1, N2).
OpenSSL's RSA key generation functions this way: each time random bits are produced from the entropy pool to generate the primes p and q, the current time in seconds is added to the entropy pool. Many, but not all, of the vulnerable keys were generated by OpenSSL and OpenSSH, which calls OpenSSL's RSA key generation code.
Computing the GCDs of all pairs of keys
If any pair of RSA moduli N1 and N2 share, say, the same prime factor p in common, but have different second factors q1 and q2, then we can easily factor the moduli by computing their greatest common divisor. On my desktop computer, computing the GCD of two 1024-bit RSA moduli took about 17µs.
For the mathematically inclined, I'll explain how we were able to use this idea to factor a large collection of keys.
The simplest way that one might try to factor keys is by computing the GCD of each pair of RSA moduli. A back of the envelope calculation shows that doing a GCD computation for all pairs of moduli in our data sets would take 24 years of computation time on my computer.
Instead, we used an idea Dan Bernstein published in the Journal of Algorithms in 2005 for factoring a group of integers into coprimes which allowed us to do the computation in a few hours on a desktop computer, in a few lines of Python. The algorithm is no great secret: a long stream of published papers has worked on improving these ideas.
The main mathematical insight is that one can compute the GCD of a single modulus N1 with every other modulus N2,…,Nm using the following equation:
gcd(N1,N2…Nm) = gcd(N1, (N1*N2*…*Nm mod N12)/N1)
The secret sauce is in making this run fast--note that the first step is to compute the product of all the keys, a 729 million digit number. We were able to factor the SSL data in eighteen hours on a desktop computer using a single core, and the SSH data in about four hours using four cores.
The bottom line
This is a problem, but it's not something that average users need to worry about just yet. However, embedded device manufacturers have a lot of work to do, and some system administrators should be concerned. This is a wake-up call to the security community, and a reminder to all of how security vulnerabilities can sometimes be hiding in plain sight.
Last June, I wrote about the decision at the business meeting of IEEE Security & Privacy to adopt the USENIX copyright policy, wherein authors grant a right for the conference to publish the paper and warrant that they actually wrote it, but otherwise the work in question is unquestionably the property of the authors. As I recall, there were only two dissenting votes in a room that was otherwise unanimously in favor of the motion.
Fast forward to the present. The IEEE Security & Privacy program committee, on which I served, has notified the authors of which papers have been accepted or rejected. Final camera-ready copies will be due soon, but we've got a twist. They've published the new license that authors will be expected to sign. Go read it.
The IEEE's new "experimental delayed-open-access" licensing agreement for IEEE Security & Privacy goes very much against the vote last year of the S&P business meeting, bearing only a superficial resemblance to the USENIX policy we voted to adopt. While both policies give a period of exclusive distribution rights to the conference (12 months for USENIX, 18 months for IEEE), the devil is in the details.
For the IEEE, authors must assign "a temporary joint and undivided ownership right and interest in all copyright rights" to the IEEE, giving the IEEE an exclusive to distribute the paper for 18 months. Thereafter, the license "expires."
Those quotation marks around "expires" are essential, because there's language saying "IEEE shall nonetheless retain the sole and exclusive right to archive the Work in perpetuity" which sounds an awful lot to me like they're saying that the agreement doesn't actually expire at all. It just moves into a second phase. For contrast, USENIX merely retains a non-exclusive right to continue distributing the paper. That's an essential difference.
There are some numbered carve-outs in the IEEE contract that seem to allow you to post your manuscript to your personal web page or institutional library page, but not to arXiv or anything else. (What if arXiv were to offer me a "personal home page service?" Unclear how this license would deal with it.) This restriction appears to apply in both the initial 18 month phase and the "in perpetuity" phase.
My conclusion: authors of papers accepted to IEEE Security & Privacy should flatly refuse to sign this. I don't have a paper of my own that's appearing this year at S&P, but if I did, I'd send them a signed copy of the USENIX agreement. That's what the members agreed upon.
Disclosure: I am currently running for the board of directors of the USENIX Association. That's because I like USENIX. Of all the venues where I publish, USENIX has been the most willing to break with traditional publishing models, and my platform in running for USENIX is to push this even further. Getting ACM and IEEE caught up to USENIX is a separate battle.
This morning, the Supreme Court handed down its decision in United States v. Jones, the GPS tracking case, deciding unanimously that the government violated the defendant's Fourth Amendment rights when it installed a wireless GPS tracking device on the undercarriage of his car and used it to monitor his movement's around town for four weeks without a search warrant.
Despite the unanimous result, the court was not unified in its reasoning. Five Justices signed the majority opinion, authored by Justice Scalia, finding that the Fourth Amendment "at bottom . . . assure[s] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted" and thus analyzing the case under "common-law trespassory" principles.
Justice Alito wrote a concurring opinion, signed by Justices Ginsburg, Breyer, and Kagan, faulting the majority for "decid[ing] the case based on 18th-century tort law" and arguing instead that the case should be decided under Katz's "reasonable expectations of privacy" test. Applying Katz, the four concurring Justices would have found that the government violated the Fourth Amendment because "long-term tracking" implicated a reasonable expectation of privacy and thus required a warrant.
Justice Sotomayor, who signed the majority opinion, wrote a separate concurring opinion, but more on that in a second.
I think the Jones court reached the correct result in this case, and I think that the three opinions in this case represent a near-optimal result for those who want the Court to recognize how its present Fourth Amendment jurisprudence does far too little to protect privacy and limit unwarranted government power in light of recent advances in surveillance technology. This might seem counter-intuitive. I predict that many news stories about Jones will pitch it as an epic battle between Scalia's property-centric and Alito's privacy-centric approaches to the Fourth Amendment and quote people expressing regret that Justice Alito didn't instead win the day. I think this would focus on the wrong thing, underplaying how today's three opinions--all of them--represent a significant advance for Constitutional privacy, for several reasons:
1. Justice Alito? Maybe I'm not a savvy court watcher, but I did not see this coming. The fact that Justice Alito wrote such a strong privacy-centric opinion suggests that future Fourth Amendment litigants will see a well-defined path to five votes, especially since it seems like Justice Sotomayor will likely provide the fifth vote in the right future case.
2. Justice Scalia and Thomas showed restraint. The majority opinion goes out of its way to highlight that its focus on property is not meant to foreclose privacy-based analyses in the future. It uses the words "at bottom" and "at a minimum" to hammer home the idea that it is supplementing Katz not replacing it. Maybe Justice Scalia did this to win Justice Sotomayor's vote, but even if so, I am heartened that neither Justice Scalia nor Justice Thomas thought it necessary to write a separate concurrence arguing that Katz's privacy focus should be replaced with a focus only on property rights.
3. Justice Sotomayor does not like the third-party doctrine. It's probably best here just to quote from the opinion:
More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U.S., at 742; United States v. Miller, 425 U.S. 435, 443 (1976). This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as JUSTICE ALITO notes, some people may find the "tradeoff" of privacy for convenience "worthwhile," or come to accept this "dimunition of privacy" as "inevitable," post, at 10, and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.
Wow. And Amen. Set your stopwatches: the death watch for the third-party doctrine has finally begun.
4. This was the wrong case for a privacy overhaul of the Fourth Amendment. Most importantly, I've had misgivings about using Jones as the vehicle for fixing what is broken with the Fourth Amendment. GPS vehicle tracking comes laden with lots of baggage--practical, jurisprudential and atmospheric--that other actively litigated areas of modern surveillance do not. GPS vehicle tracking happens on public streets, meaning it runs into dozens of Supreme Court pronouncements about assumption of risk and voluntarily disclosure. It faces two prior precedents, Karo and Knotts, that need to be distinguished or possibly overturned. It does not suffer (as far as we know) from a long history of use against innocent people, but instead seems mostly used to track fugitives and drug dealers.
For all of these reasons, even the most privacy-minded Justice is likely to recognize caveats and exceptions in crafting a new rule for GPS tracking. Imagine if Justice Sotomayor had signed Justice Alito's opinion instead of Justice Scalia's. We would've been left with a holding that allowed short-term monitoring but not long-term monitoring, without a precise delineation between the two. We would've been left with the possible new caveat that the rules change when the police investigate "extraordinary offenses," also undefined. These unsatisfying, vague new rules would have had downstream negative effects on lower court opinions analyzing URL or search query monitoring, or cell phone tower monitoring, or packet sniffing.
Better that we have the big "reinventing Katz" debate in a case that isn't so saddled with the confusions of following cars on public streets. I hope the Supreme Court next faces a surveillance technique born purely on the Internet, one in which "classic trespassory search is not involved." If the votes hold from Jones, we might end up with what many legal scholars have urged: a retrenchment or reversal of the third-party doctrine; a Fourth Amendment jurisprudence better tailored to the rise of the Internet; and a better Constitutional balance in this country between privacy and security.
It has been an exceptionally busy week for copyright policy. We heard from all three branches of the US Federal Government in one way or another, while the citizens of the Internet flexed their muscles in response.
The most covered story of the week was the battle over SOPA and PIPA -- the twin proposed bills that aimed to cut down on online piracy of copyrighted works by giving the government significant new authority to block access to allegedly infringing web sites. Other authors on this blog have pointed out how the bills show inconsistency in the copyright industry's position on regulating the internet, could threaten free speech in repressive regimes, and may ultimately be found by the courts to violate fundamental constitutional liberties. On Wednesday some of the most popular sites on the web "went dark" or otherwise heightened awareness of the issue, and the surge citizen pleas to Congress caused a surprising reversal of momentum in the House and Senate. [Update: Both PIPA and SOPA have now been shelved.]
Buried in the day's developments was the Judicial branch's copyright contribution. In a highly anticipated decision, the Supreme Court ruled on the case of Golan v. Holder. At issue was the question of whether or not Congress had the right to make a law that moved public domain works into copyright. Opponents of this law claimed that such a move violated not only the First Amendment, but also the purpose of the Copyright Clause -- not to mention and age-old legal principles. The majority did not agree, and in a 6-2 vote it stated that individuals do not have any particular right that guarantees their use of the public domain, so they have no claim if Congress removes materials from it. Justices Breyer and Alito dissented, explaining that the ruling upset the delicate balance that the Founders had struck in affording limited monopoly rights to content creators. Nevertheless, the majority clearly demonstrated that the Judicial branch continues to trend toward greater expansion of copyright protection.
On Thursday, the Executive Branch weighed in. The Department of Justice announced that it had seized the domain name and servers of the popular file-sharing site Megaupload and had indicted several of the site's operators. Although Megaupload claimed to be complying with US copyright law -- in particular the notice-and-takedown provisions of the Digital Millennium Copyright Act -- the feds claimed that the operators knew full well that the majority of the content on the site was infringing. Within minutes of the announcement, hacktivist group Anonymous had launched a denial-of-service attack on the Department of Justice web site, which remained unreachable for hours [Update: days].
Opponents of SOPA and PIPA welcomed the opportunity to reflect on why these developments demonstrated the shortcomings of the proposed bills. Some of them noted that the DoJ's actions were done without any additional authority from harmful new bills, while others observed that such approaches to enforcement are ultimately ineffective -- they observed that it was only a matter of time until Megaupload returned, or the many other file-sharing sites filled their shoes. By Thursday night, all four GOP presidential candidates had come out against SOPA.
It is hard to consolidate all of these developments into a coherent story of where things are headed. However, a few things seem clear. First, the SOPA/PIPA backlash is shows us that the internet can help citizens to rally a truly remarkable effort that penetrates the beltway bubble. Second, internet freedom is a compelling and accessible counter-narrative to copyright maximalism and government policing. Third, the courts continue to favor an approach to copyright that emphasizes property rights of those who have already created works over the free speech rights of those who may rely on those works to create new works. Fourth, the enforcement arms of the government are interested in taking ever-more-extreme measures to take down those accused of infringement, and are committing more taxpayer resources to a problem that continues to grow despite their approach.
But perhaps most significantly, this week shows us that there is just plain turmoil in this area. Policymakers are struggling to find good answers, and sometimes their "solutions" provoke far more criticism than praise.
As Americans know, the 2012 presidential season began “officially” with the Iowa caucuses on January 3. I say “officially”, because caucuses are a strange beast that are a creation of political parties, and not government.
Regardless, the Republican results were interesting – out of about 125,000 votes cast, Mitt Romney led by eight votes over Rick Santorum, with other contenders far behind. The “official” results released today show Santorum ahead by 34 votes.
However, it’s not so simple as that.
First, there’s the matter of paper ballots. The good news is that Iowa caucuses, unlike primaries and general elections in some states, are recorded on paper. So in a case like this, there’s paper to turn to, unlike all-electronic systems where the results rely on correct software.
Second, there’s the matter of proper chain of custody. In releasing the updated results, it appears that some of the records from the caucuses cannot be located. It doesn’t matter whether the records are paper or electronic – if the chain of custody is weak (or non-existent!), then the results are at best suspect.
Third, and perhaps most importantly, “the early part of the Presidential Primary series is the only case in American politics that I know of where the preliminary election results may be actually more important than the final certified results.” [Thanks to David Jefferson for this observation.] While this is not a technical issue, it points out that our technical solutions for voting systems must recognize the reality that timely accurate results are important – timely results that are wrong aren’t helpful, and slow results that are right will be ignored.
Finally, it’s critical to realize that caucuses, like primaries in some states, are run by the parties, and not by the election professionals. Perhaps if the caucuses were run by the pros, some of these problems might not have happened.
The common law tort of "hot news" misappropriation has been dying a slow and justified death. Hot news misappropriation is the legal doctrine on which news outlets like the Associated Press have repeatedly relied over the years to try to prevent third-party dissemination of factual information gathered at the outlets’ expense. Last June, the Second Circuit Court of Appeals dealt a blow to the hot news doctrine when it held that financial firms engaged in producing research reports and recommendations concerning publicly traded securities could not prevent a third party website from publishing news of the recommendations soon after their initial release. The rationale for the court’s decision was that state law claims of hot news misappropriation can only very rarely survive federal preemption by the Copyright Act, which excludes facts from the scope of copyright protection. The rule that facts are not eligible for copyright (called the fact-expression dichotomy) is at the heart of the copyright system and serves the interests of democracy by promoting the unfettered dissemination of important news to the populace. Creative arrangements of facts can be protected under copyright law, but individual facts cannot.
Given the declining fortunes of the hot news doctrine, I was a little surprised to discover a recent case out of Pennsylvania called Eagle v. Morgan, in which the parties are fighting over ownership of a LinkedIn account containing the plaintiff’s profile and her professional connections. The defendant, Eagle’s former employer, asserted a state law counterclaim for misappropriation of ideas. Ideas, as it happens, are—like facts—excluded from the scope of federal copyright protection for a compelling policy reason: If we permit the monopolization of ideas themselves, we will stifle the communal intellectual progress that intellectual property laws exist to promote. Copyright law thus protects only the expression of ideas, not ideas themselves. (This principle is known as the idea-expression dichotomy.) Accordingly, section 102(b) of the Copyright Act denies copyright protection “to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied.” The statute really could not be clearer.
In its opinion denying Eagle’s motion for judgment on the pleadings, the trial court did not consider whether the state law tort of misappropriation of ideas is federally preempted by the Copyright Act, which seems to me to be a really important legal question. The court explained that a claim for misappropriation of an idea in Pennsylvania has two elements: “(1) the plaintiff had an idea that was novel and concrete and (2) the idea was misappropriated by the defendant.” To determine whether a misappropriation has occurred, the court further explained, Pennsylvania law requires consideration of three factors:
Setting aside the oddity of classifying digital information as a “thing,” the first of these factors collides head on with the Supreme Court’s clear repudiation in Feist Publications v. Rural Telephone Service of the “sweat of the brow” theory of intellectual property.
In Feist, the Court held that “sweat of the brow” as a justification for propertizing information “eschew[s] the most fundamental axiom of copyright law—that no one may copyright facts or ideas.” Given copyright law’s express prohibition on the propertization of ideas, there is a strong case to be made that state law claims for misappropriation of ideas are in direct conflict with both the letter and spirit of the federal copyright scheme. On that basis, they are akin to claims of hot news misappropriation, and they should likewise be treated as preempted.
A few weeks ago, the New York Times published a piece covering a new report launched by OECD calling member-countries to “promote and protect the global free flow of information”. The article lists three BRIC-members, China, India and Russia, as examples of countries taking actions harmful to online freedom. One BRIC member is missing from the list: Brazil. Despite hiccups, Brazil has been taking a strong position for protecting freedom and other civil rights online. Why is that?
One reason is that Brazil is a rather young democracy. From 1964 to 1985 the country was governed by a military regime, which imposed strict censorship rules. Major artists, newspapers, and tv networks had to submit their activities to prior approval by a censorship board. When democracy was reestablished in 1986, censorship was eliminated, but the trauma of 20 years of repression had been painfully imprinted in the Brazilian society. This trauma has made Brazil very sensitive to new threats of censorship, in its many forms.
Another landmark was a decision taken by the country's Supreme Court in 2009. The court struck down the Press Law, adopted in 1967 by the military government (the same law that had established censorship). When the country was re-democratized, the censorship articles were revoked. Nonetheless, other parts regulating libel, defamation and the “right of reply” survived. The court decided to strike everything down (in spite of a heated debate claiming that the remaining articles were reasonable), stating the law was incompatible with the freedom of expression clause of the Brazilian constitution.
Another factor is that president Dilma Rousseff has been taking a public stance in favor of freedom of expression. It makes sense. In the 1960s, she was imprisoned and tortured during the military regime for participating in a dissident group. Unswervingly, she declared at a recent human rights conference that she “prefers the noise of the press to the silence of the dictatorship”.
Moreover, Brazil has a vigorous civil society, which emerged especially with the country’s new democratic constitution in 1988. Many civil society organizations are concerned with online freedom issues, including consumer associations, artists groups, newspapers and journalists associations, NGOs for education, free and open source software organizations, the academia, lawyers and judges associations, to name a few. Their claims have been taken into account by the political system. Government and Congress in Brazil remain permeable to the civil society. Even if lobbying and special interests do exist and exercise strong influence, it is rather difficult for politicians to save face for policies flagrantly against the public interest.
The strength of civil society reinforced Brazil’s commitment to internet freedom and also led to concrete policy-making. One example is the Marco Civil ("Civil Rights Framework for the Internet”), a draft bill seeking to protect civil rights online, such as freedom of expression and privacy, and to create balanced rules for the liability of internet intermediaries.
The bill is the result of a two-year online debate open to the public at-large. The process was put together by the Ministry of Justice and the Center for Technology & Society, a research center in Rio de Janeiro (full disclosure – I am the director of the Center for Technology & Society, and was involved in the Marco Civil process). The bill was sent to Congress by the Federal government in 2011, with co-sponsorship of five Ministries. Marco Civil has become a well-known issue in the Brazilian public sphere, and it has gathered strong public support. Approval is expected sometime in 2012.
Internationally, some view Marco Civil as an alternative approach to SOPA (Stop Online Piracy Act), the bill currently in discussion in Congress in the US, under strong criticism. While SOPA tilts the balance of the law in the direction of expedite enforcement, by-passing the judiciary in favor of a private notice-and-takedown system, Marco Civil supports a more balanced approach. It seeks to translate the principles established by the Brazilian Constitution into online practices, paying especial attention to due process, freedom of expression, and the protection of an environment favorable to innovation. Because of that, some also view Marco Civil as a counterpoint to ACTA, the controversial Anti-Counterfeiting Trade Agreement, criticized for potentially harming fundamental rights.
Of course the situation in Brazil is not all roses. The Brazilian Ministry of Culture has changed its policies in the beginning of 2011. Under the guidance of the new Minister Ana de Hollanda (claimed to have close ties to the controversial copyright collecting society in Brazil - ECAD - which is currently under investigation for fraud by by a special Congressional Inquiry Commission) has been trying to introduce legislation in Congress for creating a private systems for removing online content, inspired in part by the DMCA. This effort and other actions of the Ministry have raised vast waves of criticism, both by civil society and also by many sectors in the government´s party.
These hiccups, nevertheless, do not change the fact that, for now, Brazil seems to be committed to protect internet freedom against all odds. That is a good way of taking the recommendation of the OECD seriously, and also of setting a good example for the BRIC colleagues.
Harlan Yu and I recently wrote an article for XRDS Magazine entitled Using Software to Liberate U.S. Case Law. The article describes the motivation behind the CITP project called RECAP, and it outlines the state of public access to electronic court records.
Using PACER is the only way for citizens to obtain electronic records from the Courts. Ideally, the Courts would publish all of their records online, in bulk, in order to allow any private party to index and re-host all of the documents, or to build new innovative services on top of the data. But while this would be relatively cheap for the Courts to do, they haven't done so, instead choosing to limit "open" access.
Since the first release, RECAP has gained thousands of users, and the central repository contains more than 2.3 million documents across 400,000 federal cases. If you were to purchase these documents from scratch from PACER, it would cost you nearly $1.5 million. And while our collection still pales in comparison to the 500 million documents purportedly in the PACER system, it contains many of the most-frequently accessed documents the public is searching for.
As with many issues, it all comes down to money. In the E-Government Act of 2002, Congress authorized the Courts to prescribe reasonable fees for PACER access, but "only to the extent necessary" to provide the service. They sought to approve a fee structure "in which this information is freely available to the greatest extent possible".
However, the Courts' current fee structure collects significantly more funds from users than the actual cost of running the PACER system.
Professor Jonathan Zittrain is well-known for his concern that the general-purpose computer may be disappearing. The recent rise of app stores is putting his fears in a new light. After trading some thoughts about the issues in the blogosphere, he and I sat down at our respective keyboards for a conversation about the future of computing. This is a lightly edited version of our exchange.
JG: I suppose the place to start is with your concern about “appliances”: single-purpose devices like the TiVo. What’s wrong with boxes that do one thing and do it well?
JZ: Nothing’s inherently wrong with single-purpose devices. The worry comes when we lose the general-purpose devices formerly known as the PC and replace it with single-purpose devices and “curated” general-purpose devices.
JG: In the last few years, the appliance has taken on a new face, thanks to downloadable apps. An appliance with an app store is no longer just a single-purpose device: it can do all kinds of things. But that, you’ve argued, doesn’t really fix the fundamental problem.
JZ: It may look like the best of both worlds, but I worry it’s the worst of both worlds.
JG: I wanted to focus on your critique of the Mac App Store. This one is interesting because it sells programs that run, not on a closed device like the iPhone but on a traditional, general-purpose computer. The day that Apple activated the Mac App Store, it didn’t reduce the Mac’s generativity one iota. Every Mac in the world was just as capable of doing everything it used to be able to do, just as easily. All Apple added was a new way to install programs: so they made the Mac even easier to use, without reducing its power. But you’re skeptical. Why?
JZ: Let’s see how much of an advantage a developer sees from having an app in the App Store vs. “sideloaded,” even on a Mac OS that doesn’t require jailbreaking for sideloading. To the extent that users are looking to the App Store for their wares, it’s a de facto limit on generativity even if not a literal one. But I agree that the real worry is if Mac OS should become routinely configured not to allow sideloading at all.
JG: So let’s take up some of the countervailing arguments. One that’s high on a lot of people’s lists is the idea that an app store is more secure because it’s more tightly controlled. And of coure, security is the major reasons you cite in your book The Future of the Internet for why computer makers and users may be tempted to turn their back on open, generative systems. What do you think the Mac App Store does for security, if anything?
JZ: As a security measure, I give the Mac App Store three out of five stars. That’s because the software it is likely to turn away is more gray market sludge sloppily written or poorly documented than outright badware. There’s nothing to stop a software developer from registering under a cat’s paw, especially to offer a free app, and then build a bomb into the app . It could appear exemplary while Apple tests it and users then use it, until a designated H-hour at which point all bets are off.
JG: I might not be so quick to dismiss the security benefits. We know that Apple does run static analysis tools against iOS App Store submissions. And then there’s sandboxing. Regular programs have substantially free run of the computer, but Mac App Store programs are severely restricted in what they can see and do. It’s as if they’re playing safely with soft rubber toys in a glass-encased sandbox: your solitaire game isn’t going to suddenly overwrite your spreadsheets. Doesn’t that have some significant security benefits?
JZ: Sandboxing can prevent some damage from an app bound and determined to wreak havoc, but sandboxing is a phenomenon independent of the App Store: Mac OS could implement it with or without Apple screening the software up front.
JG: True. But sandboxing and Apple’s code review go together. The code review ensures that programs are placed in the smallest appropriate sandbox for their needs. Apple will only let the application have permissions if really needs them to do its job: there’s no reason for a stock ticker to save files to arbitrary places. Without the up-front review, how many developers would voluntarily agree to play only in the sandbox?
JZ: The real question at the intersection of security and freedom is whether the user has an opportunity to choose to override the sandbox’s boundaries. If the user can’t do it, then a bunch of functionality is foreclosed unless Apple chooses to allow it and Apple can be fooled as easily as anyone else by a truly bad actor. If the user can do it, there’s no particular need for the App Store.
JG: This is a question about routine practice and interface design. If I rarely need to override the sandbox’s limits, then when an app comes to me and asks for additional privileges, my eyebrows are more likely to go up.
JZ: Don’t forget that Apple reserves the right not only to prevent software distributions up front, but also retroactively: software can be removed from machines that have already downloaded it. Perhaps helpful in some limited cases of security troubles, but all the more troublesome as regulators realize that cats can be put back into bags.
JG: Well, if we’re thinking about retroactive nuking, Apple has shown that it can uninstall even user-installed programs. After the Mac Defender malware started tricking Mac users into installing it, Apple came out with an operating system update that uninstalled it. Yes, Apple gave users a dialog box with a choice, but technologically, there’s no reason it had to. Do you see a difference between this and the Mac App Store?
JZ: Only in how this evolves our conception of code and who “owns” it: if the app lives in the cloud, our expectations are that it’s a service, and a service can change from day to day. If it’s on our own machines we feel like we own it, and look skeptically — and vendors tread carefully — over attempts to modify it without clearing it with us first.
JG: How much of this is about the fact that this is Apple’s app store we’re talking about? Do you feel differently about app stores that aren’t offered by the same company that controls the hardware and the operating system? So take something like Valve’s highly successful Steam, which is basically an app store for games. It runs on both Windows and Mac, and it handles all of the payment and DRM for the game developers.
JZ: I worry less if there’s not vertical integration, but there’s still a concern if, through natural monopoly, we end up with a single gatekeeper or a mere handful of them. Hence Facebook’s platform as a worry, despite (or because of!) it being not tied to any one OS or browser.
JG: I’d like to bring in an idea from your book: “Red” and “Green” PCs. Your computer would have two “virtual machines,” which couldn’t easily affect each other. The Green one would be for important data and would only run software you were confident in; the Red one would be easy to reset back to a safe point.
JZ: Well, as I say in the book:
“Someone could confidently store important data on the Green PC and still use the Red PC for experimentation. Knowing which virtual PC to use would be akin to knowing when a sport utility vehicle should be placed into four-wheel drive mode instead of two-wheel drive, a decision that mainstream users could learn to make responsibly and knowledgeably.”
JG: I read that and thought it sounded like a good idea. And it was pretty much the first thing I thought of when Apple announced the Mac App Store. Everything you install manually is like the Red PC; everything you install from the Mac App Store is like the Green PC. You have a safe mode for greater security, and an unsafe mode for greater generativity. Since you’re a fan of the Red/Green hybrid between open and closed, why not the Mac App Store hybrid?
JZ: The Red PC isn’t the same as a sandbox. Software developers in a Red/Green environment still only write one piece of code, and it doesn’t have to be otherwise vetted. The whole point of the red zone is to contain any bad effects of iffy code. The point of a sandbox is to mitigate the risks of iffy code, by limiting its functionality outright. This is a subtle but important point. The Mac App Store with a sandbox requirement means that a competent, legitimate developer who wants to do things beyond the sandbox either has to plead a special case or write two versions of the code: one for the Store and one not for the Store.
JG: Can’t this argument be turned back against the Red/Green model? The competent, legitimate developer who wants to write code that indexes and optimally compresses your Word documents needs to plead a special case to whoever controls the green certification. She doesn’t even have the choice to write both red and green versions of her code.
JZ: My conception of the green model is not that it’s guarded by a third party, but that the user gets to place iffy apps into a place where, if they blow up, stuff in the green zone doesn’t get hurt.
JG: I keep coming back to the fact that participation in the Mac App Store is voluntary. And this isn’t just voluntary in the sense that participation in the iOS App Store is “voluntary” because no one held a gun to your head and forced you to write iPhone games. You have no good alternative to the iOS App Store if you want your app to run on an iPhone, but you can perfectly easily write, sell, and distribute software that users install on Macs in the time-honored fashion: clicking on an installer or dragging an icon into the Applications folder. How can adding the Mac App Store as an additional option be a net loss?
JZ: Well, that’s the question. If sideloading is trivial, I’m in your corner. But one wonders why any developer would take the 30% hit in profits to distribute through the App Store if he or she could put it on a Web site and sell it through sideloading. (And, when did the front become the side?!)
JG: Is this really a case against truly voluntary app stores? Put another way, should we be digging in to prevent Apple from offering the Mac App Store, or should we be digging in to prevent Apple from turning off the ability to install programs manually?
JZ: I see it more as a spectrum than a dichotomy. Compare the Mac App Store with a program that provided an Apple Good Housekeeping seal for good code. They’re functionally the same, but wildly different in practice thanks to the power of the default.
James Grimmelmann is an Associate Professor at New York Law School.
Bill C-32, the government’s latest attempt at reforming copyright laws, brings Canadians a Jekyll and Hyde. On a positive note, the bill demonstrates that Parliamentarians were listening to Canadians during the Copyright Consultations last year. It legalizes fair parody and satire, and clarifies that educational use of content can qualify as fair dealing. It also legalizes format shifting and time shifting, recognizing that Canadians want be able to legally put music on their computers and iPods, and record content using VCR's and PVR's.
Unfortunately, this fair balance does not permeate through to Bill C-32's legal protection of digital locks. Here, the bill caters to U.S. demands rather than the views of Canadians. The bill allows distributors to restrict access to content, skirting around the balance that is struck by fair dealing provisions. Reporters won't be able to fairly use locked content in news stories, filmmakers won't be able to insert protected clips in documentaries, and whistleblowers seeking justice will not be able to release encrypted documents.
Other key sites