In The Hill today, Lawrence Nordin and I make the case that the Holt e-voting bill, while far from perfect, would be a step toward more secure elections.
Alexander Wolfe points out that every DRM system known to man has been cracked. Slashdot seems to think this is news.
Ars reports that Teleflex is beginning to have a real impact on the outcome of software patent litigation:
Friskit filed a patent infringement lawsuit against RealNetworks in 2003 that sought over $70 million in damages. In a ruling issued last week, Judge William W. Schwarzer granted Realnetworks’ motion for summary judgment, citing “Real’s clear and convincing evidence of obviousness.”
Judge Schwarzer cited the Supreme Court’s decision on KSR v. Teleflex in his opinion. “Two principles from the Supreme Court’s recent opinion in KSR Int’l Co. v. Teleflex Inc. guide the analysis of whether sufficient difference exists between the prior art and Friskit’s claims to render the patents nonobvious,” he wrote. The first of those is patents that rearrange old elements to create a new—but obvious—combination. The second comes from situations where a person of “ordinary skill” pursues known options, and the result is the product of “ordinary skill and common sense.”
“All of the individual features of Friskit’s patents which allow a user to easily search for and listen to streaming media existed in the prior art,” noted the judge, who went on to cite a number of media player
Good for Judge Schwarzer. This bodes well for Vonage.
The New York Times has a story on voting reform that suggests an explanation for something that’s puzzled me for a while. One of the consistent patterns you’ll find in the e-voting debate is that state election officials tend to side with e-voting vendors rather than with security experts. This always struck me as a little bit puzzling, because the case against e-voting isn’t that hard to understand, and people who work with these technologies every day, of all people, should be able to understand them.
One explanation is that once a state has chosen a particular voting technology, they get egg on their face if they subsequently have to admit that the technology in question is a disaster. But some voting officials’ vehemence, especially as documented by Avi Rubin, seemed too strong to be explained purely as not wanting to admit you own mistakes.
Things make more sense if there’s a revolving door between state election officials and voting equipment vendors. You don’t even have to imagine explicit corruption. If many of your friends and former colleagues work for e-voting vendors, you’re more likely to believe them than some Ivory Tower security researcher you’ve never heard of.
I also think this is another reason that touch-screen voting machines are a bad idea—even with paper trails, audits, and the rest. Voting machine vendors have an incentive to make their products as complicated as possible so that they can charge the state more money for them. Making a touch-screen machine more secure means buying more hardware—fancier printers and diagnostic and auditing tools. On the other hand, making paper balloting more secure mostly means investing more in human inputs—hiring more election observers, giving election judges more training, conducting more hand recounts. Those aren’t things for which voting equipment vendors can charge a premium.
A voting machine with a paper trail is still a lot better than a voting machine without one. So I hope the Holt bill passes. But it would be much happier if Congress passed a law simply outlawing the use of touch-screen voting machines. (perhaps with an exception for disabled voters) Such a bill would be a lot shorter and less intrusive, because it wouldn’t include all these extra provisions aimed at papering over the weaknesses of DRE+printer combinations.
The FCC’s 700 MHz plan adopted yesterday embraces, for the most part, Frontline Wireless’s plan for a national public safety network. It’s really an amazing thing considering that nine months ago Frontline Wireless didn’t exist (at least not in public), while Cyren Call had been making noise for months. As I’ve said before, I’m not crazy about Frontline’s plan, but I like it better than Cyren Call’s ill-fated proposal. That said, here are the pros and cons of the new rules ad I see them (and without the benefit of the actual rules in front of me because the FCC apparently hasn’t heard of this publishing technology called the World Wide Web).
Randy May of the Free State Foundation has a good piece out today, picking up on an prediction by the investment firm of Stifel Nicolaus that the exact meaning of “open access” under yesterday’s 700 MHz decision likely won’t be determined for years. Stifel Nicolaus says 2009 is the likely date — that strikes May (and me) as optimistic, given the eight years it took to settle the unbundling rules under the 1996 telecom act.
This definitional long tail has consequences, May points out. This is because that veritable economic theorem that “people don’t want to provide a pig in a poke” holds true, even for the FCC. “Think about it,” he says. “In how many auctions have you bid when the rules concerning what you can do with your winning bid won’t be known until several years later?”
A good, but hardly reassuring, point. So you might as well get comfortable. This may go on for a while.
This week’s cavalcade of 700 MHz posts was an interesting opportunity to see and explore the interesting divisions on the issues among TLFers and with our friends in the commentsphere.
Because I have just finished a rejoinder in one, I noticed that a couple of these posts broke out into point-by-point discussions. The response I just wrote to TLF friend Doug Lay stretched to about two pages of text – and I never want to do that again!
Is there some practice we should all engage in to minimize excessively long point-by-point discussions? They are very time consuming, and they may not benefit visitors to the site very much – other than those of us point-by-pointing each other.
True, these are multi-faceted issues, but it might make sense for commenters and TLFers both to focus carefully on the precise thrust of each post, as best we can discern them. Alternatively, when a point-by-point breaks out, we could make the tangents into new posts and let the discussions of each blossom in its own little hothouse.
Ideas?
(A point-by-point response in the comments to all I’ve said here would not – well, yes it would – be funny.)
This week, the Senate Commerce Committee will apparently be considering S. 602, the “Child Safe Viewing Act of 2007,” which was introduced by Sen. Mark Pryor (D-AR) earlier this year. The measure marks an important turning point in the ongoing battle over content regulation in the Information Age–in one way for the better, but in some other ways for the worse.
The measure wisely avoids direct content regulation and instead focuses on empowering families to make media consumption decisions on their own. Unfortunately, the measure seeks to accomplish that goal through government actions that could have potentially troubling regulatory implications, especially because of the First Amendment issues at stake here. Specifically, S. 602 opens the door to an expansion of the FCC’s authority over media content on multiple platforms and threatens to undermine private, voluntary rating systems in the process.
I have just released a brief analysis of the measure discussing these concerns. This 5-page paper can be found online at:
http://www.pff.org/issues-pubs/pops/pop14.17pryorchildsafetyviewingact.pdf
On the one hand, I’m glad Kip Hawley took the time to answer some skeptical questions about the TSA’s security regime. On the other hand, I don’t find this remotely reassuring:
Bruce Schneier: You don’t have a responsibility to screen shoes; you have one to protect air travel from terrorism to the best of your ability. You’re picking and choosing. We know the Chechnyan terrorists who downed two Russian planes in 2004 got through security partly because different people carried the explosive and the detonator. Why doesn’t this count as a continued, active attack method?
I don’t want to even think about how much C4 I can strap to my legs and walk through your magnetometers. Or search the Internet for “BeerBelly.” It’s a device you can strap to your chest to smuggle beer into stadiums, but you can also use it smuggle 40 ounces of dangerous liquid explosive onto planes. The magnetometer won’t detect it. Your secondary screening wandings won’t detect it. Why aren’t you making us all take our shirts off? Will you have to find a printout of the webpage in some terrorist safe house? Or will someone actually have to try it? If that doesn’t bother you, search the Internet for “cell phone gun.”
It’s “cover your ass” security. If someone tries to blow up a plane with a shoe or a liquid, you’ll take a lot of blame for not catching it. But if someone uses any of these other, equally known, attack methods, you’ll be blamed less because they’re less public.
Kip Hawley: Dead wrong! Our security strategy assumes an adaptive terrorist, and that looking backwards is not a reliable predictor of the next type of attack. Yes, we screen for shoe bombs and liquids, because it would be stupid not to directly address attack methods that we believe to be active. Overall, we are getting away from trying to predict what the object looks like and looking more for the other markers of a terrorist. (Don’t forget, we see two million people a day, so we know what normal looks like.) What he/she does; the way they behave. That way we don’t put all our eggs in the basket of catching them in the act. We can’t give them free rein to surveil or do dry-runs; we need to put up obstacles for them at every turn. Working backwards, what do you need to do to be successful in an attack? Find the decision points that show the difference between normal action and action needed for an attack. Our odds are better with this approach than by trying to take away methods, annoying object by annoying object. Bruce, as for blame, that’s nothing compared to what all of us would carry inside if we failed to prevent an attack.
This is totally unresponsive to Schneier’s question. What Schneier was looking for was some sort of coherent explanation for why shoes and bottles of liquids were a bigger threat than cell phones and fake bellies. He didn’t have any such explanation, probably because there isn’t one. We’ve given the TSA an impossible job and so they’ve responded with security theater. These “security measures” won’t stop a determined terrorist, but it might make travelers (at least those who don’t think about it too hard) feel better.
There’s lots more great (appalling) stuff where the blockquote came from so click on through to part 1 and part 2.
After weeks of intense lobbying, the FCC today set rules for the auction of former UHF TV channels 60-69 (in the prime 700 MHz range of frequencies). The full details are not yet out, but the decision seems to be largely what was expected: a “public-private partnership” for newly-allocated public safety spectrum, and — for commercial spectrum — new regulations that impose “open access” rules on 22 megahertz of the allocated frequencies.
No one was completely satisfied. Google and other wireless net neutrality proponents notably failed in their bid for more expansive regulation — with the Commission rejecting their calls for mandated interconnection and wholesale leasing of spectrum.
This loss — in part — may be due to a tactical fumble by Google itself. Its pledge last week to bid a minimun of $4.6 billion if the Commission adopted four proposed rules for these frequencies was perceived (rightly or wrongly) as an ultimatum to the FCC. Had the Commission then adopted the Google’s proposed rules, the agency’s own credibility and independence would have been put at risk.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.