He will be missed
Caspar was a rare man - his integrity, morals and conviction were paramount to everything he did. I will miss him.
156 posts • joined 1 Jul 2009
Caspar was a rare man - his integrity, morals and conviction were paramount to everything he did. I will miss him.
@John Lilburne And oh how wrong you are on that one - nice try though.
WTF would anyone even consider attending this festival with this level of surveillance?
Been using Inkscape longer than I can remember - love it just installed 0.91 last week and it really is an improvement even though I loved the previous version.
Absolutely correct, in the Microsoft case the DoJ is using the Stored Communications Act because it really is that easy for the US gov to demand data from US companies. Of course s215 of the PATRIOT Act could have been used as well and will probably be the instrument used in these situations where US companies are setting up subsidiaries in Europe (Twitter, Dropbox etc.) as it comes with a gag order.
I wrote about the situation here:
The problem is there is a huge amount of mis-reporting on the issues in the general press and I am still trying to figure out if that is down to a lack of fact gathering or a vested interest to support the deceptions.
This is utter tosh - seriously. If the US gov approach Dropbox with a s215 order (which always comes with a gag attached) are you seriously going to tell me that the executives from Dropbox are going to refuse and go to jail instead? Don't be ridiculous.
This is a PR stunt and nothing more, it makes absolutely zero difference to the US surveillance machine being able to access that data. Furthermore, the Irish DPA can't do jack about it - they don't even have the power to issue fines/penalties.
Please go and educate yourself on the matter, it might save you the 5 minutes it took you to write that nonsense you wrote above.
Dropbox irish company is a wholly owned subsidiary of Dropbox in the US as far as I can tell and as such PATRIOT and FISA still apply - US gov can force Dropbox to hand over data/give access to systems with the same secret court orders and gag orders as they could if the data was held in the US.
This is nothing but sleight of hand intended to mislead customers into thinking that their data will no longer be subject to US surveillance laws - it is wholly unethical and intentionally misleading. Personally I trust any company which uses such tactics even less than I trusted them before.
I recently wrote about the situation here:
I really wish the press would start to make this point clear in their articles - by failing to mention it they are basically complicit in the deception. It is poor reporting at the very least.
everyone knows you need to be on the deep web via an evil twin router to buy a Kalashnikov!
One also needs to understand that under the new Regulation, it is highly likely the EU Commission will have the powers to intervene in situations where a DPA has not taken sufficient action in a case. This means that ICO are likely to take more action against the private sector than they have in the past, especially as they are probably the most complained about DPA in Europe.
In my experience of the EC, at least one situation involving the ICO became the second largest public complaint issue the Commission had ever handled and it is certainly likely based on my ongoing work in this arena, that the situation has not improved.
That said, even if ICO do not significantly increase their actions against the private sector, the Commission will soon be in a position to do something about it, directly. Therefore, it is advisable that the private sector start to take privacy and security matters more seriously - ICO may not be an ally they can hide behind for much longer.
I witnessed Sabu "persuading" people carry out criminal attacks on 3rd parties. I have given several statements to the press since his role as an FBI informer was made public. He was an agent provocateur pure and simple.
This is also a very valid point - I have sat in many a closed session where "civil society" representatives have not stood against industry when I felt they should. Inaction or staying quiet can be as harmful as actively supporting - in fact I would argue it can be even more harmful because if those calling the meeting don't even hear opposing views - how can they make balanced and objective decisions.
I have seen this so many times it makes my blood boil.
You are asking the wrong question.
What you should be asking is how many consultations, roundtables, workshops, seminars and conferences have EFF attended as civil society and presented arguments which could be seen as favourable to Google.
For example, on Do Not Track, Behavioural Advertising etc. there have been a large number of closed session events with governments and regulators in Europe and the US where often these civil society NGOs offer a less than "privacy focused" opinion (I have personally witnessed this) and offer a more "compromising" position (such as supporting pseudonymous tracking etc.)
I am not saying EFF have been responsible for this type of behaviour but then I can't claim to have been to every closed event they have attended - I have however seen this from MANY civil society groups over the last 6 years and it infuriates me as an advocate.
Don't assume that an NGO or civil group posts everything they say on their web site - because they don't. There is a huge amount of dialog going on behind the scenes every single day that the public are not privy to. What you see published is usually just the tip of the iceberg - the real news is the backroom deals, compromises and incredibly subtle opinions which whilst coming from a civil society group are actually pro-industry.
"Ireland does not have a version of RIPA, but it is subject to the EU Data Retention Directive which requires all telcos and internet service providers to retain metadata on users phone calls, location (for mobile phones), and emails,"
No it doesn't - the Data Retention Directive requires Communications Service Providers to retain meta data of emails (which is different to ISPs) and is a loophole used by online services (web mail for example) to avoid metadata retention (the Netherlands is one very good example of where the law does not classify a CSP as an ISP).
Not condoning the breach but I do find David Smith's "Ignorance is no excuse" comment laughable. When Google were caught sniffing up everyone's wifi traffic with Streetview ICO's entire reason for NOT taking action was that Google claimed they were ignorant and that it was the work of a lone, rogue engineer.
So Mr Smith, perhaps you can tell us why a charity with limited funds to purchase a secure system and skilled IT administrators cannot use ignorance as an excuse but Google, a multi-billion dollar megacorp with some of the "best technical minds in the world" working for them are perfectly entitled to use ignorance as an excuse when they are caught intentionally capturing massive amounts of communications data?
Charity fined £200 000 for a stupid mistake which actually resulted in no harm and could end up shutting down a charity that helps pregnant women (a pretty important charity in my mind).
Google fined £0.00 for intentionally grabbing emails, web traffic, passwords, instant messages etc. etc. etc. so they can monetise that data through behavioural analytics. A company where even the maximum fine would have had absolutely zero impact on Google's operational abilities.
But then, I daresay ICO don't get kickbacks from BPAS like they do from Google and I doubt very much their senior executives are offered highly paid roles at BPAS unlike certain ICO staff who went on to work for Google.
It is pretty obvious that the real reason Apple don't want to do this is because they are currently involved in a massive legal debate regarding inheritance of virtual goods purchased on iTunes. Apple don't want to be forced to allow those goods to be passed on because they stand to make more money if they aren't - they are arguing (along with other players in the industry) that only a license is purchased, not the item and therefore this cannot be legally passed on upon death.
A recent study I read (which I can't find at the moment but pretty sure I read about it here first) illustrated that even in the present day consumers digital media collections are growing in value to many thousands of dollars, which is expected to increase in the future. Apple and the entertainment industry in general, would much prefer that you can't include these virtual items in your estate when you die - for obvious reasons.
So, what we are seeing here isn't Apple being anal over security, it is Apple trying to block inheritance without making it look like that is what they are doing because to do so is likely to cause a shit storm and lead to changes in law to force them to allow it (under current laws they are not required to under the terms of the EULAs).
Feel free to disagree with me, but it seems pretty obvious to me.
You can turn it off but that doesn't stop 95% of apps asking for permission to use it even if it is turned off and if you say no, you cannot install the app. My understanding is that even if you have it turned off if you allow it for an app it is enabled for the app. I would be very happy to be proved wrong.
You should include stats for Windows Phone apps too if you can find them - in my experience every single app I wanted to install on Windows Phone required access to location and after researching this it turns out this is down to the advertising platforms that app developers are forced to use.
Except pretty much EVERY Windows Phone app requires permission to access location data due to a requirement in the windows phone advertising API.
Mr Badvok, your interpretation is completely erroneous. The users of the devices had removed their consent for the placing of third party cookies being placed on their devices by using Safari (which block third party cookies). READ THE JUDGMENT. The cookies (lets call them what they are not a "small tag") were placed onto the end users terminal equipment (the device) which was physically located in the UK ergo the cookies were physically located in the UK also - not somewhere else in the world, the UK.
The targeted adverts were viewed on the same devices IN THE UK which is another part of the complaint - the Misuse of Private Information part of the complaint. The Claimants' private information was used to display those adverts IN THE UK, on the physical devices they were using IN THE UK - they were not displayed on some remote server where the web site was located at all, a script sent those specific ads to those specific users devices and other visitors to the same web site stored on the remote servers were most likely shown completely different ads (also sent directly to their devices in whichever country they were physically using said devices.)
So it seems the only person here who doesn't understand the technology, is you.
I think you need to read the judgment more carefully. The Judge very clearly states (citing historical cases to support his view) that jurisdiction is determined based on where the activity took place. In the case of the Google Safari issue, the users viewed those adverts on devices in the UK - and the cookies were placed on devices in the UK - therefore the action which the complainants are asking permission to sue for took place in the UK - Douglas vs Hello! is the main supporting case cited in support of this argument.
To put this into context - if you went into a supermarket in Las Vegas, tripped over a bad piece of flooring and broke you knee - the injury took place in the US and you would sue in the US, not the UK.
As for UK companies abiding by applicable laws in the US, you need to follow the news more. For extradition to the US based on laws they have broken there (even if they have never set foot in the country), that is before you even consider SAFE Act in the US which has extra-jurisdictional powers written into it.
It is not unusual for courts to extend their jurisdictional reach beyond their borders - especially US courts.
You can read my summary of today's proceedings along with all the court documents on the following URL:
It was actually a very significant judgment creating the first new English tort in 80 years.
Interesting to note that many places are reporting this update as for ALL Lumia devices - that doesn't appear to the be case. My Lumia 900 cannot see any updates. I am guessing that means yet again that this is only for WP 8+ devices...
Actually no it isn't - Target have confirmed that it was 70 million ADDITIONAL customers and confirmed the total is now 110 million.
And that is relevant to the story how?
Spain are one of several DPA's across Europe involved in this joint action (including the UK).
That would be a really dangerous decision for Google because the Spanish order is just one of many EU decisions to come. EU is one of Google's largest markets (probably their largest) and is the second largest economy in the world (last I checked a couple of months ago) - if they start playing that game, what do they do if other regulators take the same action as the Spanish (remember this was part of a regulatory "coalition" spearheaded by CNIL)? Do you seriously think they will block access to their biggest market - that would be akin to cutting their nose off to spite their face.
But all this is speculation because there is no comprehensive explanation as to what the full reach of the decision is and what the termination order actually means.
You don't appear to have reported on the full story here - which is no surprise as no-one appears to have a clear understanding as to what the penalties actually are (including Spanish privacy / data protection lawyers) - but perhaps you can use your journalistic skills to provide a more comprehensive understanding of the action.
I am referring to the fact that the text of the sanctions does not just mention the fines it also talks about a termination order. Many privacy people have been engaged in discussion over this for the past 24 hours and what it actually means. It has been suggested that Google have been ordered to terminate -all- data collection across all their services until such time as they obtain explicit consent from Spanish users.
This means no scanning Gmail and targeting ads, no Android data collection, no search, no doubleclick collection etc. Did you look into this? Of course the fine is paltry but if the termination clause means what it is currently being interpreted as - it is a far more significant penalty than the fine.
And the line of red dots are Cylons flying in formation?
Don't take what I said above as an attack on Jan, he has been working incredibly hard with his staff to produce a workable solution, he is a pro-privacy guy - but on this particular point I think he got it wrong, seriously wrong - and my concern is this pseudonymous exemption renders the entire premise of privacy for EU citizens, void.
This clause will be massively abused and will become the default argument for processing data in exactly the same way as it is today.
As for who actually put the pseudonymous stuff in there, I think you will find it was Jan Albrecht MEP - it was his draft that LIBE voted on although it had been significantly edited since his original. If my memory serves me correctly the pseudonymous exemptions were in his original draft. I called him out on this in Brussels last January but didn't receive a satisfactory answer, rumour has it he had been subjected to heavy lobbying on this issue prior to the draft being published but one would have to check his diary to confirm such rumours.
But you didn't hear the entire speech, just selective quotes.
Outlaw is run by Pinsent Masons, a significantly large law firm which almost definitely has a number of clients in the mobile telecoms industry - an industry that desperately wants to see Kroes discredited due to her stance on roaming which is set to cost the industry billions in reduced profits.
You need to look at the whole picture and follow the whole story not just snippets. I have been engaged in this entire fiasco from the start and have seen the dodgy dealings and lobbying first hand. Kroes is absolutely industry friendly, I have called her out on this many many times - as I said, I am no fan. But she is NOT responsible for the LIBE draft and she has no control over the EU Parliament or their Committees. Being EU Commissioner responsible for Digital Agenda doesn't make her responsible for the actions of the European Parliament - the Commission and the Parliament are two completely separate entities with a chasm between them.
Should we criticise Kroes for her industry friendly views - yes. Should we criticise her for being too susceptible to lobbying - absolutely. Should she be removed from her position in the Commission because she is compromised - of course. Is she responsible for LIBE - absolutely not.
Law firms don't just deal with litigation and contracts any more - many of the big firms receive significant funds to run campaigns which are set to discredit individuals or companies - this happens all over the world and is well documented. So try to be a little more open when reading industry propaganda instead of just accepting the snippets as fact.
I was at the event and sat right in the front row for Kroes' speech (which was given by proxy via Prince Constantijn van Oranje-Nassau - not by Neelie herself). It seems to me this article is using some rather selective quoting. I am no fan of Kroes (in fact I am one of her biggest critics) but this article is somewhat misleading.
There are limited uses for pseudonymous data use within the LIBE draft - these edits were made by LIBE not by Kroes and have already been passed by LIBE (so there is bugger all Kroes can do about it). It is not Kroes fault these were passed, it is the fault of your MEPs who voted for them.
Kroes has always been industry friendly - this is not news, it was her cabinet who ran the OBA roundtables on cookies and pretty much single handedly introduced the implied consent situation we are currently in (I was part of those roundtables and walked out very vocally in protest at the industry bias the chair was showing). She has always supported pseudonymous data use and opt-out vs opt-in - but the real focus here should be on the MEPs in LIBE who added and voted for this amendment - it was not present in the Commission draft.
Nothing, they lied to the judge in the US court saying I was living in the US - the judge passed a summary judgment on that basis for I think about 45k USD which could not be served (because I lived in the UK not the US).
FACT are talking complete bollocks. When I got sued by the MPAA for DVDR-CORE I sent them a very thorough and long business plan to make the site "legit" and pay the industry their dues - they flat out refused - they have zero interest in allowing torrent sites to go legit.
I was part of a Nominet "forum" on the "suspension of domains involved in illegal activity" as Nominet were looking to develop policy on the issue. The process lasted well over a year with many meetings discussing what Nominet should do. Civil society wanted Nominet to insist on court orders with the exception where there was a risk of significant harm in the short term (in other words would people be at risk of fraud or identity theft over the weekend when a judge is not available to issue an order) but the police and industry wanted to carry on just having stuff shutdown on request.
The police have literally forced Nominet to suspend thousands of domains without a court order - they threaten Nominet with charges under Proceeds of Crime Act (POCA) leaving Nominet with the decision of either having to pay significantly high legal fees defending the charges or simply shutting down the domains - up until the point of the policy discussion, they always chose to shut down the domains. I am yet to receive any information since the discussions ended illustrating that Nominet have changed this policy. The discussions ended at a stalemate between civil society and the police.
The police state that because Nominet receive fees for domains, they are receiving proceeds from a crime when that domain is used for "illegal" purposes - the entire premise is a stretch at best, we had some top legal people on the group who completely disagreed with the police's position since Nominet receive their fees before the domain is used to commit any illegal activity.
This has been going on for years, I am glad a registrar finally had the balls to stand up to them.
It is incredibly easy - follow these simple steps:
1. I steal your phone
2. I take it home, take off my coat, make a coffee and sit down at my PC
3. I lift the lid on my very cheap Canon 3-in-1 (budget model) which has a 2400 DPI scanner
4. I place your iphone on the glass, close the lid and scan the phone
5. I open the scanned image in GIMP or any other half decent graphic editing app
6. I find a complete print and crop the image around it
7. I save the image at 2400 dpi
8. I print it onto plastic (I presume OHP transparency for inkjet will do?)
9. I wait for it to dry and then paint a thin film of liquid latex over it (very easy to purchase on the high street or online)
10. Lift the print, unlock the phone.
I don't understand why so many people are saying "Yeah but who has a 2400 dpi scanner laying around?" - actually most of us probably do - even budget level 3-in-1s have 2400 DPI capabilities nowadays and many have 4800+ DPI capabilities if you are willing to spend a little more.
Apple screwed up - their main USP (which isn't even a USP given the Aria) is compromised within a couple of days of launch and no amount of "How will you get my fingerprint?" "Who has a 2400 dpi scanner?" or other attempts to mitigate this will change that fact.
Ok first of all your response made absolutely no sense in the context of what you were replying to, but I will humour you all the same.
Your first paragraph is completely irrelevant - the difference between leaving my fingerprints everywhere (along with lots of others people's) is they have to be manually collected at considerable cost. As for your border crossing point - what exactly were you addressing with this with regards to my original comment? Let me answer it for you - absolutely nothing.
Second paragraph - again completely irrelevant to my original comment.
Read the following very slowly so you can take it in and maybe comprehend.
My comment was not about how often we leave our fingerprints behind in spaces we interact with.
My comment was not about the fingerprints we leave on our passports or the cases to our phones and laptops.
My comment WAS about the fact that nothing Apple say regarding the security of the fingerprints automatically stored on the iPhone 5S can be trusted - let me explain again why - again with the hopes you might actually bother to read instead of just responding with random crap.
CALEA is a law in the US which requires all companies in the US manufacturing telecommunications hardware to provide a backdoor into that hardware for surveillance purposes. That means the iPhone 5S (and all previous iPhones, Android Phones made by US companies, Windows Phones made by US companies) almost definitely already have a backdoor into the device BY LAW.
FISA, PATRIOT and National Security Letters all give access to the device and the fingerprints stored upon it BY LAW and kept quiet via accompanying gag orders.
So again, THE POINT - Apple CANNOT guarantee that the security of the fingerprints stored on the device will not or has not already been compromised as a matter of law neither could they tell us if it had.
Apple are in an almost unique position with regards to CALEA since Apple are classed as the manufacturer (yes they outsource the fabrication but the design and manufacturing are completely under Apple's control - a US company under the jurisdiction of CALEA, FISA, PATRIOT).
Google may be in a similar situation with regards to Motorola and their original Nexus devices but most other Android devices are manufactured and sold by non US based companies.
Microsoft now they have bought Nokia are also vulnerable to CALEA and were already vulnerable to FISA/PATRIOT.
Now whether or not you give a flying fsck about your fingerprints being stored in a massive database for whatever purpose the government chooses to use them for is entirely your choice - but the vast majority of the civilised world do not want the same.
Next time you respond to a post, actually read it instead of typing completely irrelevant nonsense in reply.
All this crap about the fingerprint data being secure is exactly that, crap. There is absolutely no way Apple can assure people that the data is not shared with anyone given the revelations about the NSA and their buddies at GCHQ etc.
We simply cannot trust that the NSA don't already have access to the fingerprints and that Apple are under a Gag Order - in fact you have to assume that Apple have already provided access to the phone through a backdoor because of CALEA which requires manufacturers to backdoor -all- telecommunications hardware - last I checked a cell phone was a piece of telecommunications hardware (as are android and windows phones). So before you even begin to think about National Security Letters, PATRIOT, FISA & FISC you have CALEA.
Furthermore, if you have an iPhone 5S and you travel to the US, can we now assume that if your device is taken at the border accessing the contents is now a trivial matter since all people entering the US have to give their fingerprints - which presumably can be used to unlock the device.
Your fingerprints are not safe on this device - there is nothing Apple can do to guarantee their security and that security is probably already compromised as a matter of law. Don't drink the cool-aid.
I wrote this in June, seems very relevant with the news today:
There is more info here including both the legal papers served on Google Inc. and further info on Google's response:
Actually I would disagree with your bootnote. Under Protection from Harassment Act 1997 there is no requirement for threats of violence or sexual assault - simply the following:
1 Prohibition of harassment.
(1)A person must not pursue a course of conduct—
(a)which amounts to harassment of another, and
(b)which he knows or ought to know amounts to harassment of the other.
(2)For the purposes of this section, the person whose course of conduct is in question ought to know that it amounts to harassment of another if a reasonable person in possession of the same information would think the course of conduct amounted to harassment of the other.
I recently filed criminal complaints against two of my own online stalkers after a 5 year campaign of libelous harassment from them. You can read about it here:
So don't assume that just because you have not been threatened with violence that your aggressors are safe from the law - because there is a chance they are not if the harassment has been ongoing and "a reasonable person in possession of the same information would think the course of conduct amounted to harassment of the other".
It is time we stood up against this sort of behaviour.
I would beg to differ with that statement. Last summer I switched to an old traditional safety razor (because I moved countries and the cost of my usual Gillette heads are incredibly expensive in my new country of residence) and was pleasantly surprised to find that actually I get a far better shave with it than I did with my previous Branded 2, 3 and 4 blade razors.
Granted the first couple of times the bathroom looked like a scene out of Sweeney Todd because the Wilkinson Sword blades are incredibly sharp and you have to change the way you shave a bit - but once I got the hang of it I have never looked back.
5 blades costs me the equivalent of £1 and I shave 2-3 times a week (too lazy to do it more frequently) - a single blade lasts me several weeks with -full- (part from legs obviously) body shave once a week so from a single 5 pack I get a good 2 months usage. The razor handle/head cost me also the equivalent of £1 so in total I spend around £6 a year on razor blades with an initial investment of £1 for the tool to do it.
When you consider that Gillette 4 blade heads here cost at least £11 for 3 (the cheapest ones, there are several types available now) which are good for about 3-4 shaves each before they start to get scratchy, it really is a no brainer
Which they could have done through a RIPA warrant, which are very easy to obtain.
As stated, the police do not need additional powers - RIPA gives them the ability to intercept communications - the reason they want extra powers is because they want powers that do not require judicial oversight. All this crap about them needing Communications Data Bill to look at communications is a red herring - they want sweeping powers to look at -all- communications -all- the time - they want to silo everything. They hate the fact that there is oversight in place to (in theory) prevent the total erosion of privacy and turn the UK into a police state.
Amazing movie about evil, intelligent Ants. If you haven't seen it, it is a must.
Brown Paper Bag is irrelevant given so many different ways to identify someone. Gait Recognition, Ear Recognition, Full Body Biometrics to name just 3.
Actually MS -did- get to tablets first, just a long time before the public wanted them...
hehe I have been a regular reader here since oooo '97ish and I have seen a lot of trolls come and go in the comments but rarely see genuinely dumb responses like the fool above.
The Facebook group was set up because Olswang wanted a medium people are familiar with - the issues with this have been pointed out and an independent web site will be available towards the end of the week.
That is the dumbest reply to a post I have ever seen on ElReg - you realise that Dutch regulations on Cookies are actually more strict than UK and require EXPLICIT consent (opt-in) whereas ICO in the UK is allowing implied consent (opt-out).
And there you go wrongfully assuming I have multiple accounts. I said I tested this several times, I didn't say I have multiple accounts. I had plenty of volunteers willing to participate in this test.
Facebook had a checkbox at the bottom of the vote page to share your vote with your friends - however, I ran several tests of this checkbox with several accounts and it didn't work. Seems clear to me that Facebook didn't want people to know the vote existed or that friends had voted against the changes.