Thursday, December 29, 2011

A copyright-obsessed French government gets a taste of its own medicine

As you might expect when your president is married to a singer, the French government takes a fairly totalitarian line on copyright. The infamous HADOPI law effectively enables citizens to be prohibited from contracting Internet access with an ISP on the basis of copyright infringement complaints, apparently with such complaints centering around access from a particular IP address.

So it would be slightly embarrassing if it turned out that IP addresses belonging to the president's official residence and a French government ministry turned up in a database of illegal downloads. Unfortunately, this is precisely what appears to have happened: records of apparently "illegal" downloads from the French Ministère de la Culture and Élysée (official presidential residence and offices) have turned up in the databases of YouHaveDownloaded.com, a site publishing records from (among other sources) various public BitTorrent servers.

So, should we conclude that a poverty-stricken Sarkozy has had to resort to using public resources to download illegal copies of his favourite flicks and tracks in these times of austerity? Should we now engage in month-long trial to determine whether we can prove beyond reasonable doubt that Mr Sarkozy did or did not download that dodgy low-quality MP4 of La Cage aux folles? Should the Élysée now spend public money on a lengthy witch-hunt to establish which petty office clerk or work experience temp is responsible for this shocking infringement of some random fat cat's right to stuff his coffers a little fuller?

Well, I would suggest not-- but that's the point. Hopefully this revelation may help the French government to understand people's concerns about the glib connection that they are insistent to draw between an IP address in a database and the download in question having definitely occurred under the actions of a particular person, and to weigh up the pros and cons of establishing totalitarian means in an attempt to enforce the practically unenforceable with arguable benefit to society.

Monday, December 19, 2011

Is copyright worth breaking the Internet over?

The truth is that for some time now, the Internet can no longer be relied on to fulfil its simple infrastructural purpose of delivering bytes from A to B unhindered when requested to do so. The appetite of the powers that be for intruding on their citizens' privacy on the one hand and for succumbing to capitalist pressures on the other make any Internet connection an increasingly noisy channel.

Lemley, Levine and Post now outline and give an enlightening critique of some recent and alarming steps being taken in their essay Don't Break the Internet. As an author, I completely sympathise with concerns about copyright, and I would possibly agree that the current process of having infringing material removed is insufficient-- whilst also suspecting that the impact of the "copyright problem" is massively overexaggerated. But as with traffic shaping measures (among others), it is particularly concerning to see proposals to allow fundamental pieces of infrastructure to be undermined almost on a whim. Is this really the most intelligent counter-measure to copyright infringement that we can think of?

Sunday, December 4, 2011

Can more indeed be done to disincentivise smartphone theft?

San Francisco Chronicle columnist C.W.Nevius has an interesting article on how Australian mobile operators do far more than in the US to block stolen phones. On the surface, it is intriguing that more governments, manufacturers and operators can't bang their respective heads together to put more measures in place, both technologically and legislatively, to curb mobile phone theft, particularly that of high-end smartphones.

Direction from governments is probably required. As the aforementioned article mentions, if left to capitalism alone, there is little incentive for mobile operators and manufacturers to put such schemes in place: for them, theft simply equates to more sales. Another interesting thought is that various countries in Latin America do apparently have some measures in place to block the connection of stolen phones. If the US doesn't, then this situation presumably serves to make the US an even more prime target market for the criminals selling stolen devices.

However, such measures surely aren't a panacea. Any system is only as strong as its weakpoints. What measures would need to be put in place to ensure the accuracy of the database and eliminate "false positives"? Since (presumably) operator staff have the ability to override the system in order to deal with cases of error, how does one prevent them from becoming targets for blackmail, bribery and gang involvement, in effect simply shifting the problem? What methods could criminals fight back with (e.g. replacement of the chip containing the serial number), and what impact would this ultimately have in terms of where new criminal opportunities would spring up? And what more serious crimes would criminals then commit instead of stealing mobile phones?

Nonetheless, I haven't seen much debate of these issues and it does seem that potential measures at least deserve more consideration from governments and operators and a clearer explanation for why they cannot be put in place if indeed they can't.

Friday, December 2, 2011

The Carrier IQ debacle

In case you've missed the commotion, concerns have been raised over the last few days about a component produced by a company called Carrier IQ and installed on many smartphones which (a) is set to run by default on some smartphones; (b) may be more covert than other processes running on the system; and (c) seems to have hooks to which it is passed various confidential data such as the identity of keypresses, the content of SMS messages and the cleartext version of data sent over HTTPS.

Such is the concern that some commentators are already describing the Carrier IQ software as a rootkit.

It is possible that the module in question is entirely innocent, and that the reason for confidential data being passed to its hooks is simply due to some slightly diabolical API design. Be that the case, I would then expect:

- smartphone manufacturers who have embedded the Carrier IQ component in their OS's to come forward with details about the close scrutiny that the software underwent on their part before being approved;
- Carrier IQ to come forward with some convincing and reassuring details about why this confidential data is apparently being passed to the process without constituting a breach of trust and confidentiality.

As I say, the Carrier IQ component may be entirely innocent and above board. But the longer the above two actions continue not to occur, the more concerning things appear. And sometimes, it isn't whether there is anything untoward that matters, but whether there appears to be...