More on file sharing…

Interesting article about the legalities of file sharing.

By the way, before you start having an opinion about my views, I’d like to point out that I am not a file-sharing, all-information-should-be-free, record-companies-are-a-bunch-of-bastards type person. I am in fact a fair-use type person. Every stereo in my house (geek that I am) is driven by a single icecast server that streams a different “channel” to each room. My entire CD collection is digitised (roughly 1.5 million seconds of music, if you care) and the ongoing viability of the entire system (and justification for my not inconsiderable investment) relies on me being able to rip CDs in the future.

I’ve never downloaded a track from the P2P networks that I’ve not then either deleted or gone on to purchase the CD, and I’ve only allowed other people access to my ripped files if the CD is now deleted and the music unavailable elsewhere (for example – Dr Phibes and The House of Wax Equations first and best album, Whirlpool). What matters to me is the fact that once I have bought the CD I should have the right to be able to do with it as I see fit….

They’ve pulled it already

That was quick… The BBC link in the story below now goes to the ‘Pentagon axes online terror bets’ story. Luckily I still have the text of the original:


The Pentagon is planning to set up an online trading market in which
bets could be made about future terrorist attacks and other major
political developments.

The idea is to try to improve the prediction and prevention of events by
using the expertise of the open market instead of relying on government
agencies which have often failed in the past.

One example used on the website set up for the programme is the possible
overthrow of King Abdullah of Jordan.

Castro, who the CIA has failed to kill in the past, could be worth a bet

But the plan has already run into fierce opposition in the US Congress.

Senators Ron Wyden of Oregon and Byron Dorgan of North Dakota, both
Democrats, have written to the Pentagon urging it to abandon the idea.

“The idea of a federal betting parlour on atrocities and terrorism is
ridiculous and it’s grotesque,” said Senator Wyden.

Senator Dorgan said that it was “useless, offensive and unbelievably
stupid”. He said he had trouble in persuading other people that it was
not a hoax.

“How would you feel if you were the King of Jordan and you learned that
the US Defence Department was taking bets on your being overthrown
within a year?” he asked.

Market vision

The US Defence Department defended the initiative and compared the
proposed market to those predicting the price of petroleum, the results
of elections and even the demand for cinema tickets.

“Research indicates that markets are extremely efficient, effective and
timely aggregators of dispersed and even hidden information,” it said in
a statement.

Markets have done this in economics for some time and the Iowa
Electronic Markets does it for US presidential elections, so it is not
really novel

The scheme is called the Policy Analysis Market (PAM) and it is run by a
Pentagon unit known as the Defence Advanced Research Projects Unit.

This is under the control of retired Admiral John Poindexter who has
been involved in another controversy recently in a plan for a sweeping
electronic intelligence operation.

The market would work by getting traders to deposit money in an account
and using that to buy and sell contracts. They would make their money if a particular event actually happened.

Invitations have gone out online for an initial 1,000 traders to
register on 1 August and the programme is designed to start on 1
October.

Cost effective insight

Senator Wyden explained the system by saying: “You may think early on
that Prime Minister X is going to be assassinated. So you buy the
futures contracts for 5 cents each.

“The payoff if he is assassinated is $1 per futures. So if it comes to
pass, those who bought at 5 cents make 95 cents and those who bought at
50 cents make 50 cents.”

One of the organisations providing data for the project is the Economist
Intelligence Unit in London.

Its Director of Risk Services, Merli Baroudi, told News Online: “It is
trying to gather insights of people in a cost effective way. Markets
have done this in economics for some time and the Iowa Electronic
Markets does it for US presidential elections, so it is not really
novel.”

The website set up by PAM says that “it should prove as engaging as it
is informative”.

Terrorism Index

This story has to be one of the weirdest pieces of nonsense I’ve come across in a while, and it’s from the BBC, and it would appear to be true!

The Pentagon has started a futures index in terrorism activity. Apparently (and I quote) “Research indicates that markets are extremely efficient, effective and timely aggregators of dispersed and even hidden information,” it said in a statement.

To quote Doug:
No it doesn’t. Research indicates that markets haven’t got a fucking clue. Imagine if we had a “terrorism bubble”. Ye gods.

Voting machines hacked…

Please excuse the length of this one, but I think it’s a good one…

One of the news lists that I am subscribed to by a friend (i.e. he mails me
all the good stuff from it) is the one at http://www.fipr.org/
which discusses privacy issues of pretty much all types (although with a technology focus).

I’m primarily interested in this list because of Claire’s work on location aware technology (which people can describe as a bit "big brother"), but occasionally it turns up gems on other subjects, like the one below

Prof. David Dill is a leader in challenging the new voting machines that are being proposed. Not that he’s against the idea in principal, just that he feels (and so do I) that these things aren’t inherently secure, and that a mixture of big business and Government will sweep the security issues under the carpet to ensure a timely launch… Anyone with any experience of major IT projects will know what that’s like

Anyway, this is from Prof. David Dill’s “verifiable voting” newsletter, which
you can read and subscribe to at: http://www.verifiedvoting.org/article_text.asp?articleid=65″


From: David L. Dill
Sent: 24 July 2003 07:22

Since I entered the fray in January, I’ve been constantly challenged to
“prove that DREs can be hacked.” My answer was usually something like
the following:

“It is very hard to find out enough details about these systems to
determine what security flaws they have. However, we know it is
practically impossible to stop tampering by insiders.
Furthermore, any system that has not been designed and thoroughly
scrutinized by top-flight computer security professionals is
guaranteed to have major security holes.”

I believe this to be obvious to anyone with a casual acquaintance with
computer security (such as me).

Now I can “prove that the machines can be hacked” by citing the
following paper which just appeared on the web. Computer security
researchers an Johns Hopkins and Rice Universities have inspected the
Diebold code that appeared on a web site in New Zealand a few weeks ago.
The report appears at: http://avirubin.com/vote.pdf

My understanding is that this analysis took about a week. Very serious
security blunders were discovered in a matter of hours. While I still
believe that insider attacks are still the hardest to stop and
potentially the most damaging, it is now clear that there are serious
security holes that can be exploited by election workers and even
voters. Unlike insider tampering, most of these problems could have
been easily avoided had competent computer security people been involved
in the system design and implementation.

For, example, it appears that it is easy to make counterfeit “voter
cards,” which can be used to vote as often as you like. One can easily
make a fake “administrator” card. Hackers could rearrange the candidate
order on the ballot so that votes are credited to the wrong candidates.

We’ve been told by voting machine vendors, regulators, and election
officials that “hacking” DREs is almost impossible because the machines
are designed carefully, use cryptography, and have proprietary software;
that there are stringent Federal regulations; that Independent Testing
Authorities (ITAs) scrutinize every line of code; that states have
exhaustive certification processes; and localities do extensive Logic
and Accuracy Tests.

It’s just not true. That was obvious before the report, but now it
should be undeniable.

There is no reason to believe that Diebold’s system is less secure than
other vendors. Their code just happened to be available. All the other
vendors are implementing the same indadequate
security requirements and satisfying the same inadequate reviews.

There is also no reason to assume that the worst problems have been
found. The authors felt that it was important to get the information
out quickly. Additional weeks or months of review might reveal even
worse problems.

I hope this settles the debate on DRE security. They’re not secure.
There needs to be an independent audit trail.