This is a collection of political cartoons about the Democrat's failure in the recent election. Should provide a nice segway into the nature of politics for the next two years...

DEMOCRAT DOOM!

] "Jon Lech Johansen has been acquitted of all charges in a
] trial that tested the legality of the DeCSS DVD
] decryption utility he produced, Norwegian paper
] Aftenposten reports."

Jon Johansen Freed

] "Here goes: So (a) if a law like the one I propose is
] passed on a national level, and (b) it does not
] substantially reduce the level of spam, then (c) I will
] resign my job. I get to decide whether (a) is true;
] Declan can decide whether (b) is true."

Good Lord! If (a) is true then Lessig will be on the street! Any notion that a tagging law is going to reduce the number of emails you receive from compromised servers in Korea is just downright silly. These people are already commiting computer fraud. Whats a little fine going to mean to them? IF we had the ability to enforce the anti-fraud laws internationally THEN you might consider something like this, but right now we need to start by prosecuting people who hack websites in other countries.

politechbot.com: Larry Lessig bets his job on spam law -- with me as judge?

OK, time to replace news paper sensationalism with a
little down to earth fact.

First off, the author of the story everyone is forwarding
around is John Markoff. This is the guy who brought you
the Kevin Mitnick fiasco. Just keep that in mind and don't
forget to bring along a few grains of salt.

I'm linking here the September version of the document.

On the whole, this document is excellent. As a computer
security professional I would strongly support this set
of proposals. In fact, the general outline reminds me of
the set of recommendations I gave South Korea's "Cyber
Terror" Response Center two years ago. Of course, its much
more detailed and far better. I only had a 45 minute talk
given through translators. However, I strongly agree that
this is the correct direction for us to be moving in.

Furthermore, it should be noted that the need to protect
personal privacy and liberty are specifically underlined
through out the document. These concerns form a much more
significant part of the document then the text in question,
and the government correctly observes that often privacy,
liberty, and infrastructural security can be improved
simultaneously, and that improvements in one area often
assist the other.

This is the specific text in question:

] ISPs, hardware and software vendors, IT
] security-related companies, computer emergency
] response teams, and the ISACs, together, should
] consider establishing a Cyberspace Network
] Operations Center (Cyberspace NOC), physical or
] virtual, to share information and ensure
] coordination to support the health and reliability
] of Internet operations in the United States.
] Although it would not be a government entity and
] would be managed by a private board, the Federal
] government should explore the ways in which it
] could cooperate with the Cyberspace NOC.

My answer is a resounding YES. I've been responsible for
security for a large ISP. Almost every attack occurs
across multiple networks, and it is very important to
be able to rapidly coordinate between different networks.
However, in the past, efforts to build such organizations
have failed. ISPs do a good job of sharing ideas about
technical problems and up to date information on outages
through forums like nanog, but for various reasons, attempts
to get REAL TIME access to engineers at other ISPs for
security emergencies have failed. I suspect that this is
because providing real time assistance to a competitor in
an emergency is not something most ISPs feel highly
motivated to do.

Currently, if you track a security problem into another ISP's
network, you are left sitting on hold at their customer
service department. You get a level one tech who d... [ Read More (0.4k in body) ]

RE: Bush Administration to Propose System for Monitoring Internet

] "The Bush administration is planning to propose requiring
] Internet service providers to help build a centralized
] system to enable broad monitoring of the Internet and,
] potentially, surveillance of its users."

This is the big story of the day. This is the Communications Assistance for Law Enforcement Act 2.0... Unlike the streets, where people seem to be meek, on the net this sort of thing never flies. They have people howling all over the place and the report hasn't even been released yet! :)

Bush Administration to Propose System for Monitoring Internet

] "You are a member of the Settlement Group if you are a
] person (or entity) in the United States or its
] Territories and Possessions who purchased prerecorded
] Music Products, consisting of compact discs, cassettes
] and vinyl albums, from one or more retailers during the
] period January 1, 1995, through December 22, 2000."

The music industry might owe you $20, no joke.

] "(Barlow) now believes Congress won't take technologists
] seriously until they organize themselves and "take out"
] one of Hollywood's elected lackeys in an upcoming
] election."

More information about what went down at Comdex. Barlow's quote here is the most interesting part. RMS writes good code but he is not a good person to put in a debate.

The Real Battle at Comdex: Intellectual Property vs. Internet Protocol

] "A U.S. citizen accused of plotting to explode a
] radiological "dirty bomb" in the United States must be
] granted access to an attorney to challenge his detention
] as an enemy combatant, a federal judge in New York ruled
] yesterday."

This should be considered a significant victory in the fight to prevent the establishment of an alternative legal system which does not operate under constitutional requirements.

Judge Grants 'Combatant' Access to an Attorney (washingtonpost.com)

] The radical deregulation of the radio industry allowed by the
] Telecommunications Act of 1996 has not benefited the public or
] musicians. Instead, it has led to less competition, fewer
] viewpoints, and less diversity in programming. Deregulation has
] damaged radio as a public resource.

The reason radio sucks is because of the deregulation of station ownership limits from the telecom act of 1996. This is an important conclusion.

The actual single reason why radio sucks.

I posted the following thoughts to Politech:

One can imagine that other then those who shouldn't be on these lists, no one is more annoyed about this activity then the FBI themselves. Clueless people who self-deputize generally do more harm then good to real security efforts. The fastest way to get them to stop is to have a recognized source of authority explain to them that they do not know what they are talking about.

The FBI ought to establish a web page which clearly explains the meaning of the list, explains that there are copies of the list circulating which are out of date or inaccurate, points the reader at up to date information about who the FBI is looking for, and explains that this information is subject to change and should not be considered permanently valid. Authoritative disclaimers have been useful in the past with respect to virus hoaxes. It might be useful here. And its a lot easier then having FBI agents deal with people who've been impacted by this on a case by case basis.

If the FBI wanted list was available in XML then people who wanted to cross-reference it with their databases could do so easily and be constantly up to date. Through such an effort they could easily turn a big mess into an effective tool for them.

Of course, this is the sort of thing that keeps privacy advocates up at night. There are all kinds of pit falls here, both legal (how can one prevent the misuse of the information) and technical (how can one prevent malicious modification of the information), but the implications ought to be considered anyway because one would think that the FBI will come up with something like this sooner or later. If the self-deputies kept up to date and accurate on who the FBI is looking for this would obviously be preferable to the situation we have now with this list. Its also greatly preferable to the "information awareness" effort on many levels.

Of course, I have no idea who needs to hear all of this.

-=-=-=-=-=-

I think I ought to make one more point...

Of course, this is the sort of thing that keeps privacy advocates up at night. There are all kinds of pit falls here...

I guess the question worth asking here is: What is my expectation of privacy with respect to a consumer database (like that of a car rental company) being shared with the FBI? Is this any different from said database being shared with a marketing company? Are there material differences between sharing the whole database, and telling the FBI that you found a particular record about an individual person they have expressed interest in? What is the difference between telling the FBI that you think you found a wanted person in your database, and telling the FBI that you think you saw a wanted person in your store (which is certainly legal)?

(I have my own ideas about how to answer these questions, but they are better addressed by a lawyer in a technical way in this context.)