Feeds

* Posts by Graham Cobb

69 posts • joined 13 May 2009

Page:

No, Minister. You CAN'T de-Kindle your eBooks!

Graham Cobb

If you bought a good old fashioned dead tree book written in English, would you expect to be able to translate it into a dead tree version in French for free?

Yes -- why not? Of course, I would expect to pay the translator, if I didn't do it myself, but why would I pay the author or publisher anything? If the translator offered their services for free (such as Google Translate) then the answer to your question is a resounding yes.

Of course, if I buy a French translation of a book, then I would expect that some of my money goes to the translator and some to the author.

2
0
Graham Cobb

Parody is handled fine elsewhere --- there may need to be a few cases to establish some principles, but no court is going to be fooled by scribbling in the book.

As for ebooks -- DRM on ebooks is just stupid anyway. The market and volumes are tiny compared to things like movies, and the sort of people who read a lot are unlikely to heavily pirate. It is just costing them business. Unlike some other commenters, I don't remove DRM -- I will not pay money to any publisher (of any media, in any format) who only sell DRM-encumbered content. I just limit myself to purchasing books which are available DRM-free. I still have many more books in my bookreader than I can read in the foreseeable future!

2
0

Spooks vs boffins: MIT bods say they've created PRISM-proof encryption

Graham Cobb

Re: better than nothing

Not just "better than nothing" -- an important capability which needs to be widely adopted.

Of course, this doesn't stop all attacks, but it does stop one important attack: you can't just serve the provider of the service with a demand for the key (and an instruction not to tell anyone). The service provider doesn't have the key. This stops the Lavabit-style attack.

Sure, it doesn't stop a determined attacker from moving on to other things. But those things may be more expensive, more targetted (always a good thing), more risky, possibly illegal, less likely to get co-operation from 3rd parties and courts, etc. Anything which makes dragnet surveillance more expensive is good.

Ultimately, it isn't law which restricts the actions of spooks, it is cost. That is why, in the days when surveillance meant having a human being follow someone around, they didn't just follow everyone around. We need to do everything we can to make surveillance as expensive as possible, so it will be used in a limited way, on high-value targets.

0
0

Research bods told: Try to ID anonymised data subjects? No more CASH for you

Graham Cobb

Re: Research vs commercial interest

Doesn't sound very ethical to me. Basically, you want deluxe low coverage for a known shite car.

I strongly recommend reading Tim Harford's "Undercover Economist". Whether it is ethical or not depends on whether you know you are at increased risk (and whether you are taking out the policy because of that knowledge). Unfortunately, that is not easy to determine!

Harford explains the complexity of this (serious) problem very well. Unfortunately there is no good solution. The best solution for now seems to be for the health insurers to agree to deliberately forgo knowing much about you -- that has a chance of evening out the risk (and the premiums), at least until people become generally much better informed than they are today about what they are at risk of. At that point, the health insurance business will collapse altogether.

0
0

ISPs CAN be ordered to police pirates by blocking sites, says ECJ

Graham Cobb

Re: Next up.....

This is like informing a courier that they may no longer deliver parcels from a particular company

No it isn't. This is like informing a turnpike operator that they may no longer permit drivers to use their road if they say they are going to collect parcels from somebody who is known to distribute pirated materials. There is no commercial relationship between the (alleged) pirate and the turnpike operator/ISP. And it just encourages people to lie about where they are really going "oh no, I am not going to those nasty pirates, I am just off to see my friends at VPN Inc".

8
0

GitHub probes worker's claims of hostile, sexist office culture

Graham Cobb

Re: Hmm

A manager has to treat people differently. Different people react differently and must be managed differently. Any professional manager understands that.

If your goal is a dressing-down sufficiently serious to bring someone to tears then you are going to have to be much harder with some people than others. If your goal is not to bring someone to tears then don't.

And public feedback like you describe in your previous post is just bullying, whomever is the target -- it has no place in the work environment.

5
1

It's BANKS v TELCOs: Mobe payments systems go head-to-head

Graham Cobb

Identity, not payments

This article seems to confuse payments and identity. They can be related but they are very definitely not the same thing. My understanding about Mobile Connect is that it is purely about Identity: it is a way to use your mobile phone number as a "token" with a website or app -- just like you might use a Facebook login on a non-Facebook website. The website might be, for example, The Register comments section: El Reg really doesn't need to know who you really are, it just wants to know that when you log in again the next time you can access your previous comments. Your mobile phone number is fine for that.

A mobile operator may choose to link the Mobile Connect identity to their M-Payments system, of course, but that would just be an example of an app (M-Payments) using the Mobile Connect identity (just like Amazon or Google or a bank can, if they want to).

[Full disclosure: I have been involved in marketing Digital Identity for a company not mentioned in the article, but these comments are my own view]

0
0

Court allows EFF to keep donor list secret from patent troll

Graham Cobb

Re: i am sure spotify has done this before the application was even made

What The Register needs is an option to read comments with all ACs removed.

1
1

Bugger the jetpack, where's my 21st-century Psion?

Graham Cobb

Re: Well we almost had it

I don't think that is entirely true. Sure, the N900 only sold to geeks (like me) but my wife is a normal business user and she really dreads the day she is going to have to stop using her Blackberry with its usable keyboard, and go to a touch keyboard. I still think the problem is that Blackberry really screwed up, lost its business customers to the (shiny) iPhone and collapsed in market share. Now no one is willing to buy Blackberries (no apps, end-of-life could happen any day, no one has a BES any more) even though a lot of the business users would really like a keyboard.

2
0

Review of UK data protection: Should fines go OVER HALF A MIL?

Graham Cobb

No review of punishments for misuse of our data?

Have I misunderstood the article or does it really say that the current government review of the penalties is only about the penalties for stealing the data, not the penalties on data controllers for losing or misusing the data? This seems to be about increasing the punishment for the evil hackers instead of increasing penalties for those who do not apply sufficient care to protect our data or (worse) deliberately misuse the data.

0
0
Graham Cobb

Re: interesting!

Fines aren't about justice -- that is what prisons are for. Fines are about deterrence -- make it cheaper to comply with the law than to break it.

0
0
Graham Cobb

@Chris Miller: Although fines do, indeed, end up paid by customers, they do have a very material effect on the company. In particular, if fines are heavy enough, they don't end up being paid at all: they cause a change in behaviour (which is what we want to achieve) because good behaviour becomes much the lower cost (thus maximising the shareholders' benefit).

0
0

Even HTTPS can leak your PRIVATE browsing

Graham Cobb

This is an important analysis, although I suspect that the main giveaway is that I visit the site at all (which HTTPS does nothing to hide). If I visit lend-me-money-at-extortionate-rates.com then I am probably having a financial crisis, and if I visit cancer-information.com then there is an increased likelihood I have a serious illness.

But it is important to know that this fairly obvious theoretical attack is actually quite feasible and gives quite high accuracies. It is a useful data-point to feed into the work on the next versions of the protocol to minimise what can be achieved with this approach.

1
0

Facebook pays $19bn for WhatsApp. Yep. $45 for YOUR phone book

Graham Cobb

Re: While I can't argue with the conclusions in the article

I agree -- I think the main purpose is defensive. Although I don't think they see WhatsApp itself as a competitor, it would be a good social network to base a Facebook competitor on, so they want to buy it before someone else can.

0
0

TV scraper Aereo pulled off air in six US states after tellyco court injunction victory

Graham Cobb

Shooting themselves in the foot

I agree with the posters who think that Aereo is a win for the broadcasters. Of course, Orlowski and others point to the high prices Aereo currently charge and want a cut of it. But Aereo are charging what the market will bear. There is nothing to stop NBC or anyone else setting up a similar service -- the barriers to entry are not particularly high. Of course, once the legal situation is clarified, that is exactly what many competitors will do and Aereo's prices will fall, to be litle more than cost. The result will be that the networks gain more viewers and a few companies make a little bit of money out of it. Sounds perfectly reasonable to me.

The supreme court should rule that as long as the service (content and ads) is not being modified in any way it is perfectly legal. And. while they are about it, they should kill the cable charges (unless the cable company is showing its own ads, in which case they should have to buy the content at commercial rates).

1
1

Microsoft: C'mon, you can trust us... look at our gov spook-busting plans

Graham Cobb

Re: Security Theater Only

I never thought I would write a comment supporting Microsoft -- I am as much an MS hater as almost anyone here. However, I think that btrower is being a little unfair to Microsoft.

Adding encryption to inter-datacentre links is definitely a significant improvement. This encryption will presumably not be TLS based so the fact that Verisign will print a certificate for the government whenever asked won't help. And even the FISA court won't be able to order MS to release the keys for those internal links (MS would fight that one all the way, and start to call in some really high level favours). I believe that Microsoft will succeed in actually making those links secure.

That is an improvement, not just security theatre, because the NSA will then have to fall back on actually asking MS for data about customers. MS can then possibly take legal actions and, in any case, will know (even if it is not allowed to tell anyone) that the action has happened. The NSA will know that a record exists, inside Microsoft, of their actions -- which could come to light at a later date. That is an improvement over the case today where the NSA just watches the links and not even MS knows what is being caught.

Of course, MS should have done this years ago. And it should do much more (the announcement, for example, does not say they will fight gagging orders for individual customers, only for business customers). And the NSA still has massively over-reaching legal powers available to it. But at least this announcement closes down one important part of the NSA toolset.

I agree completely that the right thing is for MS to stop having the keys to anyone's data. This makes providing some of their higher value outsourced services hard (how does an outsourced office system send an out-of-office response if it cannot look at the message without the user being online?). But they have some really good R&D people and they should redirect them to work on these challenges on being able to do (limited) processing on encrypted data without decrypting it.

0
0

Why a Robin Hood tax on filthy rich City types is the very LAST thing needed

Graham Cobb

Time for some damping

I am no economist, but I don't see that the article's conclusion follows from the premise. I am willing to accept that the (pseudo-scientific) consensus is that a complete market, with shorting and speculation, is required for the EMH to work and even that the housing market might work better if that was possible. However, I do not see any consensus that high-frequency trading is required (or even a good idea), nor that a small amount of friction introduced by a tax would seriously damage the EMH. A lot more work would be required to demonstrate either of those propositions.

My gut feel is that modern markets (particularly stock markets and currency markets) are suffering from far too much incentive for both market manipulation and for magnifying small oscillations into larger swings. My control theory course from 30 years ago would suggest to me that a little damping might be a good idea.

34
2

Highways Agency tracks Brits' every move by their mobes: THE TRUTH

Graham Cobb

How is anonymisation done?

The important point here is that this is more or less intrusive depending on how well the anonymisation is done. For example, if the Dept only receives the analysed trafic numbers (73 cars entered the motorway at J3 and exited at J8 between 8 and 9 AM) that would be very unintrusive. On the other hand, they almost certainly receive much more itemised data. Then we have to ask: how often is the "pseudonymous id" (used to correlate different position reports to identify the various points on someone's journey) changed? Every hour? Every day? Never?

The principle is that every time personal data is used to create "anonymous" data sets, the details of how the anonymisation is done must be published so that people affected can check.

Ideally, experts in anonymisation should be involved to create the algorithm, tailored to the particular need and carefully designed to leak the minimum of information. This is a difficult task, that requires considerable experience in privacy, that is almost certainly just being left to programmers today.

Bottom line: anyone who passes on personal data should be required to describe the anonymisation in detail. And public bodies (at least) should be required to do an expert privacy analysis of data they either acquire or release.

0
0

Snowden journalist's partner gave Brit spooks passwords to seized files

Graham Cobb

Re: And from our

If the police believe that an individual is in possession of highly sensitive stolen information that would embarass the government, then they should act and the law provides them with a fig-leaf to harass and intimidate whistle-blowers. Those who support this sort of action need to think about what they are condoning.

1
1
Graham Cobb

Re: "Legally and procedurally sound"

But what makes you think they give a flying fuck about public disapproval?

What they do care about is the risk that their supporters will turn to 3rd parties (LibDems or UKIP). The last thing they want is to have to share power in a coalition. That is about the only weapon we (the people) have against them. We saw that with the U-turns on immigration to appease UKIP sympathisers.

Now we need to convince the politicians (and their friends in the newspapers) that both Labour and Conservative supporters are in danger of switching to the LibDems over this issue of authoritarianism.

1
0
Graham Cobb

Re: "Legally and procedurally sound"

Then it seems that we need to change the laws and procedures. I guess that's where our MPs come in.

I have written to my MP (who happens to be Dave) demanding that the law be changed and asking him to pass on my requests to both the Home Secretary and Foreign Secretary to resign over the disgraceful actions of their departments in abusing the existing laws.

I'm not holding my breath but if others feel the same then a few letters may help them understand the level of disapproval of actions which belong in a tin-pot police state.

4
0
Graham Cobb

He didn't cross the border -- he was in international transit.

Itmight be reasonable to investigate him if he was suspected of terrorist crimes as there would be an airport safety issue. That is why the law is there. It was abused.

5
1

OWN GOAL! 100s of websites blocked after UK Premier League drops ball

Graham Cobb
Holmes

Re: Interesting...

and why does opposing council not label it a clear case of 'excrementum bovum'?

Because there is often no opposing counsel in these cases.

0
0

The secure mail dilemma: If it's useable, it's probably insecure

Graham Cobb

Might be better to join an existing project

Keep an eye on the PRISM Break site for suggestions for alternatives. Bitmessage is working on an approach that is a similar to what you describe. I am sure there are others as well.

1
0

Gov: Smart TV bods must protect users from smut-riddled badness

Graham Cobb
Holmes

Re: I know what *would* be nice

What would be really nice, would be a machine-readable indication of whether what is being broadcast was editorial content or advertising

Now that would be actually be the government doing something useful for us for a change. It might actually win votes!

People tend to consider connected TVs to be a TV-like experience and expect to be more protected than they are from content accessed through PCs and laptops.

No they don't. If they have bought a connected TV they have bought it to access the Internet. People understand the difference and don't need the nanny state to warn them.

1
0

Typical! Google's wonder-dongle is a solution looking for a problem

Graham Cobb
Unhappy

Re: Selective pricing quotes?

The point is Google don't have the Ashes at any price, they have cat videos

I am no fan of the Google device (just how much info will Google be collecting about me?) but I will point out that although they may not have the Ashes, they certainly have a lot of content I am interested in. For example they have the America's Cup, and the Extreme Sailing Series. At the moment I have to download those using get_flash_videos so that I can play them on my TV streamer -- direct YouTube access (at a low price) is a major selling point.

mainstream hardware like game consoles or smart TVs

Games consoles are mainstream hardware? I think not -- gaming is a limited market. I suspect that this device (with Google's name attached and its cheap price) will outsell any games console once it is available. Smart TV's are more mainstream but are expensive (and bring a big concern over whether the software can/will be upgraded over their full lifetime).

It is just a shame it is Google doing it, with their hidden price of tracking everything you do. I would rather pay double for the same features without the tracking.

0
0

Bill Gates' nuclear firm plans hot, salty push into power

Graham Cobb

Re: One small problem

Interesting comment. But I assume this is not necessarily focused on the US. Plenty of other countries with spent fuel rods.

3
0

Royston cops' ANPR 'ring of steel' BREAKS LAW, snarls watchdog

Graham Cobb

In many serious cases, it becomes important to know where the subject of interest went before he was known to be "of interest"...

If this is true (which I doubt -- "useful", yes, "important" no) then it will have dramatically reduced the costs of investigations of these serious cases -- no need to go around looking for witnesses to the movements, or tailing the suspects. So, I propose that the budgets for these cases be cut by 50% and the funds transferred to CEOPS.

Let's make this offer to some senior CID officers and see what they say... if ANPR is so important to them they will happily take the offer. My bet is that they would choose to give up the ANPR and keep the budget.

The police can't have it both ways: if surveillance, ANPR, snooper's charter, etc are what they want then they have to give up the people budget. The government should be using the funding to make sure the police are asking for what they really need.

0
0

Sysadmins: Keep YOUR data away from NSA spooks

Graham Cobb

Re: No, no, no, no and no - this is NOT a technical problem

One way or another a government is GOING to get their hands on your data.

I would put this a little differently... you cannot stop a government from getting their hands on your data if the REALLY want to. However, I believe you can make it harder and more expensive. Possibly so expensive that if you are not a major target they will choose to spend their resources elsewhere instead. And, of course, that also helps with protecion against more run-of-the-mill thieves who do not have the resources of governments behind them.

But that is a small disagreement really. I agree with your point that "We're entering an era of unprecedented interaction with companies sovereign to powers we have no rights with". The only way Microsoft or Google or Amazon are going to get international cloud service business from now on is if they successfully get their government to provide their users (even when not US citizens) with significant rights.

It will take a while, but I think it will happen eventually -- the campaign contributions from US high-tech companies will dwarf even those of Hollywood. And we all know how many laws they bought!

0
0

Apple, Google, Facebook, Microsoft, world+dog urge NSA transparency

Graham Cobb

Re: @Frances Banana

But is the percentage of CEOs dumb enough to think that European governments don't do the same, also growing?

That isn't the issue. If you live and work in country X and are CEO of a company based in country X you have no choice but to trust (to some extent) the government of country X. You may campaign for more openness or regulation of your own government or to change your own government but ultimately you have no choice to either abide by the laws of your country or leave.

That doesn't mean you also have to trust the US government! A government over which you have absolutely zero influence, which may dislike you more than your own government do, which may choose to favour your competitors, or (like in the UK) be a tool for your own government to get around restrictions on its actions.

Any CEO of a company based outside the US can readonably expect to be fired by his shareholders as soon as they discover that he has decided to expose them not just to the vagaries of their own government but to the US as well.

1
0

US secret court renews government telephone snooping

Graham Cobb

Re: Damage Limitation

Not a bad idea. I noted that one of the reports last week said that although the government had collected all that phone data, they had only searched it about 300 times last year. That is perfectly manageable with warrants. So, your idea of requiring a warrant to access the data scales perfectly well.

Although I am still keen on my suggestion for limiting the damage: dramatically CUT both police and spy budgets. As technology now means they can "tail" people while sitting at a desk (and even after the fact) all that money previously spent on people to follow and watch suspects should be returned to the public purse. Seriously cutting budgets would force senior management to make some hard decisions about what they REALLY need -- not just collecting everything in case it might be useful one day. And it would be appropriate in these times of austerity.

0
1

UK gov's smart meter dream unplugged: A 'colossal waste of cash'

Graham Cobb
FAIL

Re: Seems unlikely they would be used for cut-off...

The cut-off capability is my most serious concern. I raised all these points in my response to the government consultation.

1) My electricity supply is unreliable enough as it is. ANY switch (even if there are no deliberate attempts to use it) will decrease that reliability even further -- some proportion will malfunction. I asked for the government to require that overall power reliability (measured at the consumer's side of the meter) should have to IMPROVE as part of the programme. But there is no such requirement -- does anyone know how much it will actually decrease?

2) Reducing the costs to the energy companies of cutting people off is extremely bad social policy. It will encourage the companies to cut people off in cases which are marginal today. Cutting someone off should be an absolute last resort -- and the cost to the companies of doing it must be kept very high for that reason. If their promises that disconnections will decrease because of smart meters are right then it doesn't matter how expensive disconnection is -- no need to reduce the costs!

3) I have, in the past, had a problem with my energy company collecting their bill payment -- they messed up the direct debit but didn't notice. The first I heard about the problem was receiving a call from a debt collector. Of course, I got this resolved (after some weeks) and a suitable compensation payment and apology made to me. But with a smart meter, might the first thing I heard about this be a "load limitation" or even a disconnection?

4) And then there is the hacker/security problem. How long before it will be possible to remotely disconnect someone for kicks or as part of a harassment campaign or protection racket?

For all these reasons, I asked that the government require that there be a physical by-pass for the remotely operable switch which can be installed by the householder and can only be removed by the electricity company if they have a court order (and physical access). The company could even be allowed to put you on a punishingly expensive tariff if you use the local override (so you would only use it if you knew you were in the right and they we wrong), but it should be there. It hasn't happened of course.

6
0

ACLU warns of mass tracking of US drivers by government spycams

Graham Cobb

Why it matters

Many people don't seem to realise why this matters. Here is an example which seems to be real in the UK today...

You drive somewhere to join a rally or demonstration about something (anything: Iraq war, abortion, anti-abortion, immigration, anti-facsism, animal rights, ...). You are picked up on ANPR as being in the general area. Do that 2 or 3 more times and the analytics can easily spot you as a trouble-maker, particularly combined with the make of the car (BMW and Mercedes drivers are obviously not militants), and your postcode (protestors don't live in Conservative-voting streets). You then find yourself stopped for "random checks" much more often than other people, particularly when in the areas of future demos, or trying to cross the "ring of steel" in central London.

This seems to be real. Even 15 years ago, police were parked in all the lay-bys near Witney recording the number plates of cars around the times of the cat farm protests. They were also stopping anyone in old cars, or VW campers, or who looked young for 5 miles around (I live around there and was never stopped -- but then I drove an expensive car).

Earlier this year judges forced police to delete surveillance records it had kept on 88-year-old John Catt. The judges said "Mr Tudway states, in general terms, that it is valuable to have information about Mr Catt's attendance at protests because he associates with those who have a propensity to violence and crime, but he does not explain why that is so, given that Mr Catt has been attending similar protests for many years without it being suggested that he indulges in criminal activity or actively encourages those that do."

Obviously, now that police can record all the people who turn up at demonstrations they have decided they should do so.

11
0

Snowden leak: Microsoft added Outlook.com backdoor for Feds

Graham Cobb
Big Brother

Re: Don't blame Microsoft but...

Don't blame Microsoft, BUT: Blame the big brother government of the United States instead.

Blaming MS, and costing them some international business, might actually cause some change -- their campaign contributions count for a lot more than votes!

2
0
Graham Cobb
Big Brother

Re: Not just Microsoft

As I said on slashdot the other day...

My email is very dull and boring. But there are people I respect who's email is NOT dull and boring. Campaigners, activists, journalists, even lawyers and policiticans. Unless I protest nosily, and adopt privacy tools myself, the government can get away with recording the correspondence of people for whom it does matter. In fact, they can even spot the ones to watch because they are the ones using encryption and privacy tools.

Remind yourself of https://en.wikipedia.org/wiki/First_they_came

0
0

Yahoo!: We! tried! to! protect! your! info! ... secret! court! case! will! prove! it!

Graham Cobb

Legal requirements

It may be that this access to monitor us non-US people is a legal requirement and that Yahoo, Microsoft, etc had no choice. However, fortunately for us, using Yahoo, Microsoft, etc is not a legal requirement. We can take our business to companies which are not US-based and do not have to follow US law.

There may not be many of them so far, but this will encourage a lot of non-US competitors to spring up.

Every CIO I know already understood the risks of storing data in the cloud, outside their control and even outside their legal remit, but was under pressure from their CEO and CFO to do it for cost reasons. This whole scandal will give them ammunition to fight, or at least to use a local competitor (who may be more expensive but at least is in the same legal jurisdiction).

The impact to the campaign contributions from major US companies seeing loss of international business may well be an interesting factor.

0
0

French snooping as deep as PRISM: Le Monde

Graham Cobb

Different from PRISM

This French news is very different from PRISM: PRISM was about the co-operation of commercial companies, allowing NSA to look at the unencrypted services being provided. The French, on the other hand, seem to be limited to watching the traffic on the wires.

If people use encryption to access their Google/Microsoft/Facebook/... services then watching the traffic on the wire tells them nothing. That is why PRISM exists: to be able to see the actual service being provided.

Of course, almost all email is still unencrypted so, if the DGSE can catch the email in transit, they can capture it.

1
0

Osbo jacks up spending on spooks to keep us safe from TERROR

Graham Cobb
Flame

What are you doing to protect us against the US?

The Council of Europe's commissioner for human rights has just said, "European states are obliged to protect individuals from unlawful surveillance carried out by any other state". How much of the money designated for "further investment in the protection of UK interests in cyberspace, making it harder for hostile states and criminals to target the UK" will be spent on protecting people and businesses in the UK from the US government and companies?

6
0

US trade commish kicks off patent-troll-nixing plan

Graham Cobb

@Tom 13 Re: hints that the Commission will look at claimants being an actual tech company,

In your scenario, Mr. Smythe couldn't complain to the ITC but he can still sue in the US courts.

That seems reasonable: the ITC process should be about stopping unfair impact on the US home markets by imports which will be later declared illegal. Personally I don't think it should extend to patents at all, but I have no problem with it being restricted to use by US companies selling real products in the US market. And I am a Brit!

0
0

Snowden dodges US agents in Moscow, skips out on flight

Graham Cobb
Black Helicopters

Re: @sisk It's not illegal, but it is uncool

They can make it "legal" (if it isn't already) and they can fool the (supine) American voters with the usual Four Horsemen but they can't undo the damage internationally.

Of course anyone who thought about it knew the NSA were tracking everything entering and leaving the US but we didn't think about it. Nor did we realise that they were looking at corporate data from the inside.

But now we are thinking about it. The backlash has begun: companies and individuals are switching from US IT and cloud providers to ones in their own country, or personal clouds, or third countries with less sophisticated spying capabilities. The EU will be forced to terminate the discussions on companies being allowed to store personal data in the US without telling their customers. Encryption is becoming more routine (and less suspicious) -- how many downloads of Https-Everywhere have happened since Snowden?

People are thinking and caring more about what data is stored and transferred, by whom, and where.

0
0

Home Office boffins slip out passport-scanning Android app

Graham Cobb
Big Brother

Re: immigration/visa check

My understanding is that having made a reasonable attempt to check is a valid defence, and that the law (or the courts) recognise that we are not experts in validating passports. Although it is wise to have a written policy and to keep a record that you can produce if asked. Of course, IANAL.

This does lead me into a concern about this app, though. If an app like this is available, many people might decide they need to use the app, and record the details, to protect themselves. For employers keeping records of right to work it might be reasonable, but how long before a local pub or club decides that you have to produce and scan your passport in order to get in? And then come under presure to turn over the records to the police when they discover that a terrorist suspect had been in the pub??

In other words, with apps like this around, a passport could become a de-facto national ID card, by the back door. I, for one, will not be producing my passport for any UK business that wants to do business with me.

0
0

KEEP CALM and Carry On: PRISM itself is not a big deal

Graham Cobb

Follow the money

One of the most worrying aspects here is the apparently tiny amount of cost involved. Of course the NSA can turn their hand to snooping anything -- the protection that society needs is to make sure it is expensive!

The difference between a democratic society and a police state is not so much about the legal powers of the police as the resources they have to use those powers. As long as it is expensive to track people, to record their conversations, to read their email, to monitor their cars, we have reasonable protection from a police state. But the point of the Communications Data Bill and, apparently, of PRISM, is to make it easier for the police and the spooks. That is why it needs to be resisted.

Those capabilities need to be very expensive to use. That way they cannot be used routinely or widely but will be kept in reserve for limited use.

0
0

Google 'DOES DO EVIL', thunders British politician

Graham Cobb

Re: Google, the law, and morality

Morals (as opposed to laws) are purely personal. What I consider immoral and what you do are completely separate. It may be grandstanding from the PAC but I think it is very valuable to have the actions of these big corporations exposed. Then we can each make our own decisions on the morality and on whether that changes my willingness to do business with them.

Some people require the companies they do business with to follow moral standards which are different from those enshrined in law. That is their right: they can do business with whomever they choose.

I think that this publicity is likely to cause some of these big companies to be less aggresive in their tax avoidance as they will see a public relations benefit (i.e. increased sales) in being perceived by people to be "not doing evil".

0
1

Who is Samsung trying to kid? There will NEVER be a 5G network

Graham Cobb

Re: 5G WHY at All ?

For things like (future better versions of) Google Glass -- full video feeds of everything you look at stored in the cloud for you (or the spooks) to go back to later, overlaid with full augmented reality overlays and head-up displays, etc. Specialised video and data feeds (two way) for various jobs (emergency services, doctors, ...). Automatic monitoring and control of high speed machines (driverless cars, drones, etc).

And a whole lot of other things we haven't thought of yet which can be enabled by having cloud-based (i.e. network based) services with access to a personal or mobile environment at speeds which are currently only available for local storage and processors - saving power, weight, cost, etc.

Sure, wired connections will always be faster/cheaper but they are neither personal nor mobile.

0
0

Government admits seizing two months of AP phone records

Graham Cobb

Re: They have the authority

The issue isn't really about whether they should have that authority -- it is about what controls are on using that authoriy and who takes responsibility and feels consequences for using the authority.

It is very similar to the case here in the UK where the tax authority have admitted abusing their similar powers (designed to root out major criminal tax fraud conspiracies) to track down the whistle-blower who reported to a parliamentary committee that the head of the inland revenue had agreed a deal to let a major financial firm off their unpaid tax, after a nice lunch.

Should they have these powers? Probably. Should they be required to get a judge to approve? Absolutely (exceptions for urgent cases need to be genuine exceptions, not the rule). Should the senior manager who approves the request be fired if it is later determined the powers were abused (for example the judge was mislead)? Certainly. Should they be subject to civil or criminal penalties? In some cases, yes.

1
0

Brits' phone tracking, web history touted to cops: The TRUTH

Graham Cobb

Check out ORG blog

Unfortunately there is also nothing in there which says they can't. And they would claim that if it is "anonymised" then it isn't personal data any more. And where can we (or the data protection authorities) check up on how well it is "anonymised"?

That is why the latest Open Rights Group blog calls for: "Ask for users’ permission before offering their anonymised data. Make this legally required in data protection, helpfully being debated right now."

1
0

Canadian TV station wails: NFC bonking... it's not SAFE

Graham Cobb
Black Helicopters

Privacy, not fraud

I am less worried about fraud than I am about privacy. I don't worry too much about fraud. Travelling for work, I use cards all the time, all over the world, in some quite dodgy places: I have rarely been a fraud victim and when I have been it has been sorted out.

But I do worry about the privacy & safety implications. I don't want shops to be able to track my coming and going, particularly in a way which they could relate to my card number (and hence my purchases). More seriously, I don't want a criminal to watch for people leaving a train station carrying Gold AmEx cards (or something) because they are likely to also be carrying more cash. Worse still, I don't want it to be easy for the terrorist to set up their IED to explode when someone carrying a Western credit card walks past.

In other words, my credit card information is mine, and private to me. I don't want some device broadcasting it to anyone nearby who asks. NFC could, and should, have required that the user press a physical button to enable the read-out. As they didn't, it is dangerous.

0
0

Internet freedom groups urge W3C to keep DRM out of HTML

Graham Cobb

Re: Do they realize what they just said?

No, that isn't the point of EME at all. The entire point of EME is to provide a W3C-approved veneer of a standards-based tag to invoke those same proprietary plugins. Microsoft's Silverlight will still be the most widely used EME.

As far as I know, no one is working on, let alone proposing to W3C, "non-proprietary components for content rights management".

1
0
Graham Cobb

EME is not Open DRM

Unfortunately, batfastad, EME us not what you are looking for: it is not, in any way, "an open and cross platform DRM system". All it is is a set of new tags for invoking proprietary, service-specific, closed, browser plugins -- it is just a new "object" tag, but one which can claim that DRM is now endorsed by W3C. That is it. No change to the current "horrible proprietary browser plugins".

Silverlight will still be one of the (most popular) choices for the EME (although Microsoft might give it a new name). There certainly won't be any discussion "sensibly in an open environment, by adults, with a technical background, ending up with me being able to play back media on any device/platform I choose".

That is why the FSF and others are complaining about the proposal.

2
0

Psst, wanna block nuisance calls? BT'll do it... for a price

Graham Cobb

Re: AC dribble

I realise you were trying to simplify, for the purpose of this discussion, but actually BT gets two separate pieces of information about the originator when the call is handed over from another UK operator: the calling party number and the CLI are separate (and may be different, for several legitimate reasons). All BT is permitted to tell the user is the CLI. It can't change that (there used to be an exception that if it didn't trust that the originator was following the CLI rules it could replace the CLI with UNAVAILABLE, but that was all, and I am not sure if that still exists).

Even if BT was allowed to use it, the calling party number may not be useful to the called party. It might not be a valid, callable, number -- it might not even be a sequence of digits. It's main use is for reconciliation in case of inter-carrier billing queries or fault handling.

0
0

Page: