- Election 2011
- Chronology (including bills)
- Electoral District (list)
- Participate in mailing lists
You may have seen the preprint posted today by Lenstra et al. about entropy problems in public keys. Zakir Durumeric, Eric Wustrow, Alex Halderman, and I have been waiting to talk about some similar results. We will be publishing a full paper after the relevant manufacturers have been notified. Meanwhile, we'd like to give a more complete explanation of what's really going on.
We have been able to remotely compromise about 0.4% of all the public keys used for SSL web site security. The keys we were able to compromise were generated incorrectly--using predictable "random" numbers that were sometimes repeated. There were two kinds of problems: keys that were generated with predictable randomness, and a subset of these, where the lack of randomness allows a remote attacker to efficiently factor the public key and obtain the private key. With the private key, an attacker can impersonate a web site or possibly decrypt encrypted traffic to that web site. We've developed a tool that can factor these keys and give us the private keys to all the hosts vulnerable to this attack on the Internet in only a few hours.
However, there's no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers. (It's certainly not, as suggested in the New York Times, any reason to have diminished confidence in the security of web-based commerce.) Unfortunately, we've found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis.
We're not going to announce every device we think is vulnerable until we've contacted their manufacturers, but the attack is fairly easy to reproduce from material already known. That's why we are working on putting up a web site that you can use to determine whether your device is immediately vulnerable.
Read on for more details, and watch for our full paper soon.
Don't worry, the key for your bank's web site is probably safe
SSL is used to authenticate every major web site on the Internet, but in our analysis, these were not the keys that were vulnerable to the problems outlined in this blog post.
So which systems are vulnerable? Almost all of the vulnerable keys were generated by and are used to secure embedded hardware devices such as routers and firewalls, not to secure popular web sites such as your bank or email provider. Only one of the factorable SSL keys was signed by a trusted certificate authority and it has already expired. There are signed certificates using repeated keys; some of them are generated by vulnerable devices, some of them are due to website owners submitting known weak keys to be signed, and for some of them we have no good explanation.
Embedded devices are well known to have entropy problems. However, until now it wasn't apparent how widespread these problems were in real, Internet-connected devices.
Background: key generation
Websites and networked computers use public-key cryptography for authentication. The kind of authentication that we will be talking about here is a server certifying to a client that it really is the server that the client intended to connect to. An attacker who knows the private key to one of these systems would be able to impersonate the real system to a client or in many cases decrypt encrypted traffic between the client and server.
The most widely used cryptosystem for this purpose is RSA. The RSA cryptosystem is intended to be based on the difficulty of factoring large numbers. An RSA public key consists of a pair of integers: an encryption exponent e and a modulus N, which is a large integer that itself is the product of two large primes, p and q. If an adversary can factor this integer N back into its prime factors p and q, then the adversary can decrypt any messages encrypted using this public key. However, even using the fastest known factoring algorithm, to public knowledge nobody has yet been able to factor a 1024-bit RSA modulus.
It is vitally important to the security of the keys that they are generated using random inputs. If the inputs used to generate the keys were not random, then an adversary may be able to guess those inputs and thus recover the keys without having to laboriously factor N.
On modern computers and servers, key generation software attempts to collect random information from physical sources (often through the underlying operating system): the movements of the mouse, keyboard, hard drive, network events, and other external sources of unpredictable information. However, if the keys are generated from a small set of possibilities, that is, using too little entropy, then the keys may be vulnerable to an attacker. Gathering strong entropy and verifying its strength is a very difficult problem that has given rise to multiple vulnerabilities over the years.
Two versions of the problem
We decided to investigate the prevalence of this issue by scanning the Internet for all SSL and SSH public keys. We scanned every IPv4 address on the Internet, collecting a copy of each SSL certificate and SSH host key. We were able to complete both scans in less than a day: we first used a standard tool called nmap to find hosts with the relevant ports open, and then used our own optimized software to query those hosts. In our SSL scan, we collected 5.8 million certificates. In our SSH scan, we collected 10 million host keys.
We found that entropy problems resulted in two different types of weaknesses:
Repeated public keys. We found that 1% of the RSA keys in our SSL scan data were repeated, apparently due to entropy problems. When two different devices have the same public key, it means they also have the same private key. In effect, the devices that share keys are "in the same boat" as one another--an attacker would only need to compromise the weakest one of these devices, in order to obtain the repeated private key that protects all of the devices. This has long been a known problem, but until now, none of the publicly available security literature has documented how widespread the problem was.
We manually verified that 59,000 duplicate keys were repeated due to entropy problems, representing 1% of all certificates, or 2.6% of self-signed certificates. We also found that 585,000 certificates, or 4.6% of all devices used the default certificates pre-installed on embedded devices. While these devices are not using keys generated with poor entropy, they are suspectible to the same attack as their private keys are found on every device of a given model. We manually verified these keys because a large number of websites may utilize repeated keys for legitimate reason; these provide no risk to users.
Factorable public keys. More surprisingly, we discovered that entropy problems can allow a remote attacker with no special access to factor a significant fraction of the RSA keys in use on the Internet. We were able to factor 0.4% of the RSA keys in our SSL scan. We did this by computing the greatest common divisor (GCD) of all pairs of moduli from RSA public keys on the Internet.
We identified 1724 common factors which allowed us to factor 24,816 SSL keys, and 301 common factors which allowed us to factor 2422 SSH host keys. This means we were able to calculate the private keys for almost half of 1% of the RSA keys in use for SSL. We will explain how we did this calculation below.
Specific vulnerable devices
Embedded devices often generate cryptographic keys on first boot, when their entire state may have been pre-determined in the factory. This can result in the kinds of entropy problems we observe in this study.
We were able to use information from the SSL certificates to identify classes of devices that are prone to generating weak keys. Many more devices than the ones whose keys we factored are probably also producing weak keys that could be compromised by a determined attacker. The list of vulnerable devices that we have already identified includes more than thirty different manufacturers, including almost all of the biggest names in the computer hardware industry. The kinds of products that we identified include firewalls, routers, VPN devices, remote server administration devices, printers, projectors, and VOIP phones.
We're not going to list specific devices or brands until we've told the manufacturers, but here are some examples:
Firewall product X:
Consumer-grade router Y:
Enterprise remote access solution Z:
How could this happen?
It wasn't obvious at first how these types of entropy problems might result in keys that could be factored. We'll explain now for the geekier readers.
Here's one way a programmer might generate an RSA modulus:
If the pseudorandom number generator is seeded with a predictable value, then that would likely result in different devices generating the same modulus N, but we would not expect a good pseudorandom number generator to produce different moduli that share a single factor.
However, some implementations add additional randomness between generating the primes p and q, with the intention of increasing security:
If the initial seed to the pseudorandom number generator is generated with low entropy, this could result in multiple devices generating different moduli which share the prime factor p and have different second factors q. Then both moduli can be easily factored by computing their GCD: p = gcd(N1, N2).
OpenSSL's RSA key generation functions this way: each time random bits are produced from the entropy pool to generate the primes p and q, the current time in seconds is added to the entropy pool. Many, but not all, of the vulnerable keys were generated by OpenSSL and OpenSSH, which calls OpenSSL's RSA key generation code.
Computing the GCDs of all pairs of keys
If any pair of RSA moduli N1 and N2 share, say, the same prime factor p in common, but have different second factors q1 and q2, then we can easily factor the moduli by computing their greatest common divisor. On my desktop computer, computing the GCD of two 1024-bit RSA moduli took about 17µs.
For the mathematically inclined, I'll explain how we were able to use this idea to factor a large collection of keys.
The simplest way that one might try to factor keys is by computing the GCD of each pair of RSA moduli. A back of the envelope calculation shows that doing a GCD computation for all pairs of moduli in our data sets would take 24 years of computation time on my computer.
Instead, we used an idea Dan Bernstein published in the Journal of Algorithms in 2005 for factoring a group of integers into coprimes which allowed us to do the computation in a few hours on a desktop computer, in a few lines of Python. The algorithm is no great secret: a long stream of published papers has worked on improving these ideas.
The main mathematical insight is that one can compute the GCD of a single modulus N1 with every other modulus N2,…,Nm using the following equation:
gcd(N1,N2…Nm) = gcd(N1, (N1*N2*…*Nm mod N12)/N1)
The secret sauce is in making this run fast--note that the first step is to compute the product of all the keys, a 729 million digit number. We were able to factor the SSL data in eighteen hours on a desktop computer using a single core, and the SSH data in about four hours using four cores.
The bottom line
This is a problem, but it's not something that average users need to worry about just yet. However, embedded device manufacturers have a lot of work to do, and some system administrators should be concerned. This is a wake-up call to the security community, and a reminder to all of how security vulnerabilities can sometimes be hiding in plain sight.
Last June, I wrote about the decision at the business meeting of IEEE Security & Privacy to adopt the USENIX copyright policy, wherein authors grant a right for the conference to publish the paper and warrant that they actually wrote it, but otherwise the work in question is unquestionably the property of the authors. As I recall, there were only two dissenting votes in a room that was otherwise unanimously in favor of the motion.
Fast forward to the present. The IEEE Security & Privacy program committee, on which I served, has notified the authors of which papers have been accepted or rejected. Final camera-ready copies will be due soon, but we've got a twist. They've published the new license that authors will be expected to sign. Go read it.
The IEEE's new "experimental delayed-open-access" licensing agreement for IEEE Security & Privacy goes very much against the vote last year of the S&P business meeting, bearing only a superficial resemblance to the USENIX policy we voted to adopt. While both policies give a period of exclusive distribution rights to the conference (12 months for USENIX, 18 months for IEEE), the devil is in the details.
For the IEEE, authors must assign "a temporary joint and undivided ownership right and interest in all copyright rights" to the IEEE, giving the IEEE an exclusive to distribute the paper for 18 months. Thereafter, the license "expires."
Those quotation marks around "expires" are essential, because there's language saying "IEEE shall nonetheless retain the sole and exclusive right to archive the Work in perpetuity" which sounds an awful lot to me like they're saying that the agreement doesn't actually expire at all. It just moves into a second phase. For contrast, USENIX merely retains a non-exclusive right to continue distributing the paper. That's an essential difference.
There are some numbered carve-outs in the IEEE contract that seem to allow you to post your manuscript to your personal web page or institutional library page, but not to arXiv or anything else. (What if arXiv were to offer me a "personal home page service?" Unclear how this license would deal with it.) This restriction appears to apply in both the initial 18 month phase and the "in perpetuity" phase.
My conclusion: authors of papers accepted to IEEE Security & Privacy should flatly refuse to sign this. I don't have a paper of my own that's appearing this year at S&P, but if I did, I'd send them a signed copy of the USENIX agreement. That's what the members agreed upon.
Disclosure: I am currently running for the board of directors of the USENIX Association. That's because I like USENIX. Of all the venues where I publish, USENIX has been the most willing to break with traditional publishing models, and my platform in running for USENIX is to push this even further. Getting ACM and IEEE caught up to USENIX is a separate battle.
This morning, the Supreme Court handed down its decision in United States v. Jones, the GPS tracking case, deciding unanimously that the government violated the defendant's Fourth Amendment rights when it installed a wireless GPS tracking device on the undercarriage of his car and used it to monitor his movement's around town for four weeks without a search warrant.
Despite the unanimous result, the court was not unified in its reasoning. Five Justices signed the majority opinion, authored by Justice Scalia, finding that the Fourth Amendment "at bottom . . . assure[s] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted" and thus analyzing the case under "common-law trespassory" principles.
Justice Alito wrote a concurring opinion, signed by Justices Ginsburg, Breyer, and Kagan, faulting the majority for "decid[ing] the case based on 18th-century tort law" and arguing instead that the case should be decided under Katz's "reasonable expectations of privacy" test. Applying Katz, the four concurring Justices would have found that the government violated the Fourth Amendment because "long-term tracking" implicated a reasonable expectation of privacy and thus required a warrant.
Justice Sotomayor, who signed the majority opinion, wrote a separate concurring opinion, but more on that in a second.
I think the Jones court reached the correct result in this case, and I think that the three opinions in this case represent a near-optimal result for those who want the Court to recognize how its present Fourth Amendment jurisprudence does far too little to protect privacy and limit unwarranted government power in light of recent advances in surveillance technology. This might seem counter-intuitive. I predict that many news stories about Jones will pitch it as an epic battle between Scalia's property-centric and Alito's privacy-centric approaches to the Fourth Amendment and quote people expressing regret that Justice Alito didn't instead win the day. I think this would focus on the wrong thing, underplaying how today's three opinions--all of them--represent a significant advance for Constitutional privacy, for several reasons:
1. Justice Alito? Maybe I'm not a savvy court watcher, but I did not see this coming. The fact that Justice Alito wrote such a strong privacy-centric opinion suggests that future Fourth Amendment litigants will see a well-defined path to five votes, especially since it seems like Justice Sotomayor will likely provide the fifth vote in the right future case.
2. Justice Scalia and Thomas showed restraint. The majority opinion goes out of its way to highlight that its focus on property is not meant to foreclose privacy-based analyses in the future. It uses the words "at bottom" and "at a minimum" to hammer home the idea that it is supplementing Katz not replacing it. Maybe Justice Scalia did this to win Justice Sotomayor's vote, but even if so, I am heartened that neither Justice Scalia nor Justice Thomas thought it necessary to write a separate concurrence arguing that Katz's privacy focus should be replaced with a focus only on property rights.
3. Justice Sotomayor does not like the third-party doctrine. It's probably best here just to quote from the opinion:
More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U.S., at 742; United States v. Miller, 425 U.S. 435, 443 (1976). This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as JUSTICE ALITO notes, some people may find the "tradeoff" of privacy for convenience "worthwhile," or come to accept this "dimunition of privacy" as "inevitable," post, at 10, and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.
Wow. And Amen. Set your stopwatches: the death watch for the third-party doctrine has finally begun.
4. This was the wrong case for a privacy overhaul of the Fourth Amendment. Most importantly, I've had misgivings about using Jones as the vehicle for fixing what is broken with the Fourth Amendment. GPS vehicle tracking comes laden with lots of baggage--practical, jurisprudential and atmospheric--that other actively litigated areas of modern surveillance do not. GPS vehicle tracking happens on public streets, meaning it runs into dozens of Supreme Court pronouncements about assumption of risk and voluntarily disclosure. It faces two prior precedents, Karo and Knotts, that need to be distinguished or possibly overturned. It does not suffer (as far as we know) from a long history of use against innocent people, but instead seems mostly used to track fugitives and drug dealers.
For all of these reasons, even the most privacy-minded Justice is likely to recognize caveats and exceptions in crafting a new rule for GPS tracking. Imagine if Justice Sotomayor had signed Justice Alito's opinion instead of Justice Scalia's. We would've been left with a holding that allowed short-term monitoring but not long-term monitoring, without a precise delineation between the two. We would've been left with the possible new caveat that the rules change when the police investigate "extraordinary offenses," also undefined. These unsatisfying, vague new rules would have had downstream negative effects on lower court opinions analyzing URL or search query monitoring, or cell phone tower monitoring, or packet sniffing.
Better that we have the big "reinventing Katz" debate in a case that isn't so saddled with the confusions of following cars on public streets. I hope the Supreme Court next faces a surveillance technique born purely on the Internet, one in which "classic trespassory search is not involved." If the votes hold from Jones, we might end up with what many legal scholars have urged: a retrenchment or reversal of the third-party doctrine; a Fourth Amendment jurisprudence better tailored to the rise of the Internet; and a better Constitutional balance in this country between privacy and security.
It has been an exceptionally busy week for copyright policy. We heard from all three branches of the US Federal Government in one way or another, while the citizens of the Internet flexed their muscles in response.
The most covered story of the week was the battle over SOPA and PIPA -- the twin proposed bills that aimed to cut down on online piracy of copyrighted works by giving the government significant new authority to block access to allegedly infringing web sites. Other authors on this blog have pointed out how the bills show inconsistency in the copyright industry's position on regulating the internet, could threaten free speech in repressive regimes, and may ultimately be found by the courts to violate fundamental constitutional liberties. On Wednesday some of the most popular sites on the web "went dark" or otherwise heightened awareness of the issue, and the surge citizen pleas to Congress caused a surprising reversal of momentum in the House and Senate. [Update: Both PIPA and SOPA have now been shelved.]
Buried in the day's developments was the Judicial branch's copyright contribution. In a highly anticipated decision, the Supreme Court ruled on the case of Golan v. Holder. At issue was the question of whether or not Congress had the right to make a law that moved public domain works into copyright. Opponents of this law claimed that such a move violated not only the First Amendment, but also the purpose of the Copyright Clause -- not to mention and age-old legal principles. The majority did not agree, and in a 6-2 vote it stated that individuals do not have any particular right that guarantees their use of the public domain, so they have no claim if Congress removes materials from it. Justices Breyer and Alito dissented, explaining that the ruling upset the delicate balance that the Founders had struck in affording limited monopoly rights to content creators. Nevertheless, the majority clearly demonstrated that the Judicial branch continues to trend toward greater expansion of copyright protection.
On Thursday, the Executive Branch weighed in. The Department of Justice announced that it had seized the domain name and servers of the popular file-sharing site Megaupload and had indicted several of the site's operators. Although Megaupload claimed to be complying with US copyright law -- in particular the notice-and-takedown provisions of the Digital Millennium Copyright Act -- the feds claimed that the operators knew full well that the majority of the content on the site was infringing. Within minutes of the announcement, hacktivist group Anonymous had launched a denial-of-service attack on the Department of Justice web site, which remained unreachable for hours [Update: days].
Opponents of SOPA and PIPA welcomed the opportunity to reflect on why these developments demonstrated the shortcomings of the proposed bills. Some of them noted that the DoJ's actions were done without any additional authority from harmful new bills, while others observed that such approaches to enforcement are ultimately ineffective -- they observed that it was only a matter of time until Megaupload returned, or the many other file-sharing sites filled their shoes. By Thursday night, all four GOP presidential candidates had come out against SOPA.
It is hard to consolidate all of these developments into a coherent story of where things are headed. However, a few things seem clear. First, the SOPA/PIPA backlash is shows us that the internet can help citizens to rally a truly remarkable effort that penetrates the beltway bubble. Second, internet freedom is a compelling and accessible counter-narrative to copyright maximalism and government policing. Third, the courts continue to favor an approach to copyright that emphasizes property rights of those who have already created works over the free speech rights of those who may rely on those works to create new works. Fourth, the enforcement arms of the government are interested in taking ever-more-extreme measures to take down those accused of infringement, and are committing more taxpayer resources to a problem that continues to grow despite their approach.
But perhaps most significantly, this week shows us that there is just plain turmoil in this area. Policymakers are struggling to find good answers, and sometimes their "solutions" provoke far more criticism than praise.
As Americans know, the 2012 presidential season began “officially” with the Iowa caucuses on January 3. I say “officially”, because caucuses are a strange beast that are a creation of political parties, and not government.
Regardless, the Republican results were interesting – out of about 125,000 votes cast, Mitt Romney led by eight votes over Rick Santorum, with other contenders far behind. The “official” results released today show Santorum ahead by 34 votes.
However, it’s not so simple as that.
First, there’s the matter of paper ballots. The good news is that Iowa caucuses, unlike primaries and general elections in some states, are recorded on paper. So in a case like this, there’s paper to turn to, unlike all-electronic systems where the results rely on correct software.
Second, there’s the matter of proper chain of custody. In releasing the updated results, it appears that some of the records from the caucuses cannot be located. It doesn’t matter whether the records are paper or electronic – if the chain of custody is weak (or non-existent!), then the results are at best suspect.
Third, and perhaps most importantly, “the early part of the Presidential Primary series is the only case in American politics that I know of where the preliminary election results may be actually more important than the final certified results.” [Thanks to David Jefferson for this observation.] While this is not a technical issue, it points out that our technical solutions for voting systems must recognize the reality that timely accurate results are important – timely results that are wrong aren’t helpful, and slow results that are right will be ignored.
Finally, it’s critical to realize that caucuses, like primaries in some states, are run by the parties, and not by the election professionals. Perhaps if the caucuses were run by the pros, some of these problems might not have happened.
The common law tort of "hot news" misappropriation has been dying a slow and justified death. Hot news misappropriation is the legal doctrine on which news outlets like the Associated Press have repeatedly relied over the years to try to prevent third-party dissemination of factual information gathered at the outlets’ expense. Last June, the Second Circuit Court of Appeals dealt a blow to the hot news doctrine when it held that financial firms engaged in producing research reports and recommendations concerning publicly traded securities could not prevent a third party website from publishing news of the recommendations soon after their initial release. The rationale for the court’s decision was that state law claims of hot news misappropriation can only very rarely survive federal preemption by the Copyright Act, which excludes facts from the scope of copyright protection. The rule that facts are not eligible for copyright (called the fact-expression dichotomy) is at the heart of the copyright system and serves the interests of democracy by promoting the unfettered dissemination of important news to the populace. Creative arrangements of facts can be protected under copyright law, but individual facts cannot.
Given the declining fortunes of the hot news doctrine, I was a little surprised to discover a recent case out of Pennsylvania called Eagle v. Morgan, in which the parties are fighting over ownership of a LinkedIn account containing the plaintiff’s profile and her professional connections. The defendant, Eagle’s former employer, asserted a state law counterclaim for misappropriation of ideas. Ideas, as it happens, are—like facts—excluded from the scope of federal copyright protection for a compelling policy reason: If we permit the monopolization of ideas themselves, we will stifle the communal intellectual progress that intellectual property laws exist to promote. Copyright law thus protects only the expression of ideas, not ideas themselves. (This principle is known as the idea-expression dichotomy.) Accordingly, section 102(b) of the Copyright Act denies copyright protection “to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied.” The statute really could not be clearer.
In its opinion denying Eagle’s motion for judgment on the pleadings, the trial court did not consider whether the state law tort of misappropriation of ideas is federally preempted by the Copyright Act, which seems to me to be a really important legal question. The court explained that a claim for misappropriation of an idea in Pennsylvania has two elements: “(1) the plaintiff had an idea that was novel and concrete and (2) the idea was misappropriated by the defendant.” To determine whether a misappropriation has occurred, the court further explained, Pennsylvania law requires consideration of three factors:
Setting aside the oddity of classifying digital information as a “thing,” the first of these factors collides head on with the Supreme Court’s clear repudiation in Feist Publications v. Rural Telephone Service of the “sweat of the brow” theory of intellectual property.
In Feist, the Court held that “sweat of the brow” as a justification for propertizing information “eschew[s] the most fundamental axiom of copyright law—that no one may copyright facts or ideas.” Given copyright law’s express prohibition on the propertization of ideas, there is a strong case to be made that state law claims for misappropriation of ideas are in direct conflict with both the letter and spirit of the federal copyright scheme. On that basis, they are akin to claims of hot news misappropriation, and they should likewise be treated as preempted.
A few weeks ago, the New York Times published a piece covering a new report launched by OECD calling member-countries to “promote and protect the global free flow of information”. The article lists three BRIC-members, China, India and Russia, as examples of countries taking actions harmful to online freedom. One BRIC member is missing from the list: Brazil. Despite hiccups, Brazil has been taking a strong position for protecting freedom and other civil rights online. Why is that?
One reason is that Brazil is a rather young democracy. From 1964 to 1985 the country was governed by a military regime, which imposed strict censorship rules. Major artists, newspapers, and tv networks had to submit their activities to prior approval by a censorship board. When democracy was reestablished in 1986, censorship was eliminated, but the trauma of 20 years of repression had been painfully imprinted in the Brazilian society. This trauma has made Brazil very sensitive to new threats of censorship, in its many forms.
Another landmark was a decision taken by the country's Supreme Court in 2009. The court struck down the Press Law, adopted in 1967 by the military government (the same law that had established censorship). When the country was re-democratized, the censorship articles were revoked. Nonetheless, other parts regulating libel, defamation and the “right of reply” survived. The court decided to strike everything down (in spite of a heated debate claiming that the remaining articles were reasonable), stating the law was incompatible with the freedom of expression clause of the Brazilian constitution.
Another factor is that president Dilma Rousseff has been taking a public stance in favor of freedom of expression. It makes sense. In the 1960s, she was imprisoned and tortured during the military regime for participating in a dissident group. Unswervingly, she declared at a recent human rights conference that she “prefers the noise of the press to the silence of the dictatorship”.
Moreover, Brazil has a vigorous civil society, which emerged especially with the country’s new democratic constitution in 1988. Many civil society organizations are concerned with online freedom issues, including consumer associations, artists groups, newspapers and journalists associations, NGOs for education, free and open source software organizations, the academia, lawyers and judges associations, to name a few. Their claims have been taken into account by the political system. Government and Congress in Brazil remain permeable to the civil society. Even if lobbying and special interests do exist and exercise strong influence, it is rather difficult for politicians to save face for policies flagrantly against the public interest.
The strength of civil society reinforced Brazil’s commitment to internet freedom and also led to concrete policy-making. One example is the Marco Civil ("Civil Rights Framework for the Internet”), a draft bill seeking to protect civil rights online, such as freedom of expression and privacy, and to create balanced rules for the liability of internet intermediaries.
The bill is the result of a two-year online debate open to the public at-large. The process was put together by the Ministry of Justice and the Center for Technology & Society, a research center in Rio de Janeiro (full disclosure – I am the director of the Center for Technology & Society, and was involved in the Marco Civil process). The bill was sent to Congress by the Federal government in 2011, with co-sponsorship of five Ministries. Marco Civil has become a well-known issue in the Brazilian public sphere, and it has gathered strong public support. Approval is expected sometime in 2012.
Internationally, some view Marco Civil as an alternative approach to SOPA (Stop Online Piracy Act), the bill currently in discussion in Congress in the US, under strong criticism. While SOPA tilts the balance of the law in the direction of expedite enforcement, by-passing the judiciary in favor of a private notice-and-takedown system, Marco Civil supports a more balanced approach. It seeks to translate the principles established by the Brazilian Constitution into online practices, paying especial attention to due process, freedom of expression, and the protection of an environment favorable to innovation. Because of that, some also view Marco Civil as a counterpoint to ACTA, the controversial Anti-Counterfeiting Trade Agreement, criticized for potentially harming fundamental rights.
Of course the situation in Brazil is not all roses. The Brazilian Ministry of Culture has changed its policies in the beginning of 2011. Under the guidance of the new Minister Ana de Hollanda (claimed to have close ties to the controversial copyright collecting society in Brazil - ECAD - which is currently under investigation for fraud by by a special Congressional Inquiry Commission) has been trying to introduce legislation in Congress for creating a private systems for removing online content, inspired in part by the DMCA. This effort and other actions of the Ministry have raised vast waves of criticism, both by civil society and also by many sectors in the government´s party.
These hiccups, nevertheless, do not change the fact that, for now, Brazil seems to be committed to protect internet freedom against all odds. That is a good way of taking the recommendation of the OECD seriously, and also of setting a good example for the BRIC colleagues.
Harlan Yu and I recently wrote an article for XRDS Magazine entitled Using Software to Liberate U.S. Case Law. The article describes the motivation behind the CITP project called RECAP, and it outlines the state of public access to electronic court records.
Using PACER is the only way for citizens to obtain electronic records from the Courts. Ideally, the Courts would publish all of their records online, in bulk, in order to allow any private party to index and re-host all of the documents, or to build new innovative services on top of the data. But while this would be relatively cheap for the Courts to do, they haven't done so, instead choosing to limit "open" access.
Since the first release, RECAP has gained thousands of users, and the central repository contains more than 2.3 million documents across 400,000 federal cases. If you were to purchase these documents from scratch from PACER, it would cost you nearly $1.5 million. And while our collection still pales in comparison to the 500 million documents purportedly in the PACER system, it contains many of the most-frequently accessed documents the public is searching for.
As with many issues, it all comes down to money. In the E-Government Act of 2002, Congress authorized the Courts to prescribe reasonable fees for PACER access, but "only to the extent necessary" to provide the service. They sought to approve a fee structure "in which this information is freely available to the greatest extent possible".
However, the Courts' current fee structure collects significantly more funds from users than the actual cost of running the PACER system.
Professor Jonathan Zittrain is well-known for his concern that the general-purpose computer may be disappearing. The recent rise of app stores is putting his fears in a new light. After trading some thoughts about the issues in the blogosphere, he and I sat down at our respective keyboards for a conversation about the future of computing. This is a lightly edited version of our exchange.
JG: I suppose the place to start is with your concern about “appliances”: single-purpose devices like the TiVo. What’s wrong with boxes that do one thing and do it well?
JZ: Nothing’s inherently wrong with single-purpose devices. The worry comes when we lose the general-purpose devices formerly known as the PC and replace it with single-purpose devices and “curated” general-purpose devices.
JG: In the last few years, the appliance has taken on a new face, thanks to downloadable apps. An appliance with an app store is no longer just a single-purpose device: it can do all kinds of things. But that, you’ve argued, doesn’t really fix the fundamental problem.
JZ: It may look like the best of both worlds, but I worry it’s the worst of both worlds.
JG: I wanted to focus on your critique of the Mac App Store. This one is interesting because it sells programs that run, not on a closed device like the iPhone but on a traditional, general-purpose computer. The day that Apple activated the Mac App Store, it didn’t reduce the Mac’s generativity one iota. Every Mac in the world was just as capable of doing everything it used to be able to do, just as easily. All Apple added was a new way to install programs: so they made the Mac even easier to use, without reducing its power. But you’re skeptical. Why?
JZ: Let’s see how much of an advantage a developer sees from having an app in the App Store vs. “sideloaded,” even on a Mac OS that doesn’t require jailbreaking for sideloading. To the extent that users are looking to the App Store for their wares, it’s a de facto limit on generativity even if not a literal one. But I agree that the real worry is if Mac OS should become routinely configured not to allow sideloading at all.
JG: So let’s take up some of the countervailing arguments. One that’s high on a lot of people’s lists is the idea that an app store is more secure because it’s more tightly controlled. And of coure, security is the major reasons you cite in your book The Future of the Internet for why computer makers and users may be tempted to turn their back on open, generative systems. What do you think the Mac App Store does for security, if anything?
JZ: As a security measure, I give the Mac App Store three out of five stars. That’s because the software it is likely to turn away is more gray market sludge sloppily written or poorly documented than outright badware. There’s nothing to stop a software developer from registering under a cat’s paw, especially to offer a free app, and then build a bomb into the app . It could appear exemplary while Apple tests it and users then use it, until a designated H-hour at which point all bets are off.
JG: I might not be so quick to dismiss the security benefits. We know that Apple does run static analysis tools against iOS App Store submissions. And then there’s sandboxing. Regular programs have substantially free run of the computer, but Mac App Store programs are severely restricted in what they can see and do. It’s as if they’re playing safely with soft rubber toys in a glass-encased sandbox: your solitaire game isn’t going to suddenly overwrite your spreadsheets. Doesn’t that have some significant security benefits?
JZ: Sandboxing can prevent some damage from an app bound and determined to wreak havoc, but sandboxing is a phenomenon independent of the App Store: Mac OS could implement it with or without Apple screening the software up front.
JG: True. But sandboxing and Apple’s code review go together. The code review ensures that programs are placed in the smallest appropriate sandbox for their needs. Apple will only let the application have permissions if really needs them to do its job: there’s no reason for a stock ticker to save files to arbitrary places. Without the up-front review, how many developers would voluntarily agree to play only in the sandbox?
JZ: The real question at the intersection of security and freedom is whether the user has an opportunity to choose to override the sandbox’s boundaries. If the user can’t do it, then a bunch of functionality is foreclosed unless Apple chooses to allow it and Apple can be fooled as easily as anyone else by a truly bad actor. If the user can do it, there’s no particular need for the App Store.
JG: This is a question about routine practice and interface design. If I rarely need to override the sandbox’s limits, then when an app comes to me and asks for additional privileges, my eyebrows are more likely to go up.
JZ: Don’t forget that Apple reserves the right not only to prevent software distributions up front, but also retroactively: software can be removed from machines that have already downloaded it. Perhaps helpful in some limited cases of security troubles, but all the more troublesome as regulators realize that cats can be put back into bags.
JG: Well, if we’re thinking about retroactive nuking, Apple has shown that it can uninstall even user-installed programs. After the Mac Defender malware started tricking Mac users into installing it, Apple came out with an operating system update that uninstalled it. Yes, Apple gave users a dialog box with a choice, but technologically, there’s no reason it had to. Do you see a difference between this and the Mac App Store?
JZ: Only in how this evolves our conception of code and who “owns” it: if the app lives in the cloud, our expectations are that it’s a service, and a service can change from day to day. If it’s on our own machines we feel like we own it, and look skeptically — and vendors tread carefully — over attempts to modify it without clearing it with us first.
JG: How much of this is about the fact that this is Apple’s app store we’re talking about? Do you feel differently about app stores that aren’t offered by the same company that controls the hardware and the operating system? So take something like Valve’s highly successful Steam, which is basically an app store for games. It runs on both Windows and Mac, and it handles all of the payment and DRM for the game developers.
JZ: I worry less if there’s not vertical integration, but there’s still a concern if, through natural monopoly, we end up with a single gatekeeper or a mere handful of them. Hence Facebook’s platform as a worry, despite (or because of!) it being not tied to any one OS or browser.
JG: I’d like to bring in an idea from your book: “Red” and “Green” PCs. Your computer would have two “virtual machines,” which couldn’t easily affect each other. The Green one would be for important data and would only run software you were confident in; the Red one would be easy to reset back to a safe point.
JZ: Well, as I say in the book:
“Someone could confidently store important data on the Green PC and still use the Red PC for experimentation. Knowing which virtual PC to use would be akin to knowing when a sport utility vehicle should be placed into four-wheel drive mode instead of two-wheel drive, a decision that mainstream users could learn to make responsibly and knowledgeably.”
JG: I read that and thought it sounded like a good idea. And it was pretty much the first thing I thought of when Apple announced the Mac App Store. Everything you install manually is like the Red PC; everything you install from the Mac App Store is like the Green PC. You have a safe mode for greater security, and an unsafe mode for greater generativity. Since you’re a fan of the Red/Green hybrid between open and closed, why not the Mac App Store hybrid?
JZ: The Red PC isn’t the same as a sandbox. Software developers in a Red/Green environment still only write one piece of code, and it doesn’t have to be otherwise vetted. The whole point of the red zone is to contain any bad effects of iffy code. The point of a sandbox is to mitigate the risks of iffy code, by limiting its functionality outright. This is a subtle but important point. The Mac App Store with a sandbox requirement means that a competent, legitimate developer who wants to do things beyond the sandbox either has to plead a special case or write two versions of the code: one for the Store and one not for the Store.
JG: Can’t this argument be turned back against the Red/Green model? The competent, legitimate developer who wants to write code that indexes and optimally compresses your Word documents needs to plead a special case to whoever controls the green certification. She doesn’t even have the choice to write both red and green versions of her code.
JZ: My conception of the green model is not that it’s guarded by a third party, but that the user gets to place iffy apps into a place where, if they blow up, stuff in the green zone doesn’t get hurt.
JG: I keep coming back to the fact that participation in the Mac App Store is voluntary. And this isn’t just voluntary in the sense that participation in the iOS App Store is “voluntary” because no one held a gun to your head and forced you to write iPhone games. You have no good alternative to the iOS App Store if you want your app to run on an iPhone, but you can perfectly easily write, sell, and distribute software that users install on Macs in the time-honored fashion: clicking on an installer or dragging an icon into the Applications folder. How can adding the Mac App Store as an additional option be a net loss?
JZ: Well, that’s the question. If sideloading is trivial, I’m in your corner. But one wonders why any developer would take the 30% hit in profits to distribute through the App Store if he or she could put it on a Web site and sell it through sideloading. (And, when did the front become the side?!)
JG: Is this really a case against truly voluntary app stores? Put another way, should we be digging in to prevent Apple from offering the Mac App Store, or should we be digging in to prevent Apple from turning off the ability to install programs manually?
JZ: I see it more as a spectrum than a dichotomy. Compare the Mac App Store with a program that provided an Apple Good Housekeeping seal for good code. They’re functionally the same, but wildly different in practice thanks to the power of the default.
James Grimmelmann is an Associate Professor at New York Law School.
Bill C-32, the government’s latest attempt at reforming copyright laws, brings Canadians a Jekyll and Hyde. On a positive note, the bill demonstrates that Parliamentarians were listening to Canadians during the Copyright Consultations last year. It legalizes fair parody and satire, and clarifies that educational use of content can qualify as fair dealing. It also legalizes format shifting and time shifting, recognizing that Canadians want be able to legally put music on their computers and iPods, and record content using VCR's and PVR's.
Unfortunately, this fair balance does not permeate through to Bill C-32's legal protection of digital locks. Here, the bill caters to U.S. demands rather than the views of Canadians. The bill allows distributors to restrict access to content, skirting around the balance that is struck by fair dealing provisions. Reporters won't be able to fairly use locked content in news stories, filmmakers won't be able to insert protected clips in documentaries, and whistleblowers seeking justice will not be able to release encrypted documents.
Other key sites
Digital Copyright Canada BLOG