[liberationtech] Interesting things in keyservers

[Micah Lee]

I'm working on a talk for OHM2013 about PGP. Can anyone send me examples
of interesting keys in key servers that you know of?

For example, attempts at XSSing Enigmail (I think one of these is mine
from long ago -- and BTW, Enigmail isn't vulnerable):

http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x6E5D912BBF74A1A6
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xBDE99D48C65A27EC
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x06AB7A6AA7B3C04D
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xC1BBD7FB306E2139

I remember seeing a key once that was full of ASCII art user IDs or
maybe sigs, but I don't remember what to search for. Anything else
interesting?

-- 
Micah Lee
@micahflee

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] WC3 and DRM

[Catherine Roy]

Hi Jonathan,

On 2013-07-16 02:04, Jonathan Wilkes wrote:

Hi Catherine,
Thanks for the link!  I didn't know about that effort until now.

It seems like there are two fronts-- one, which you address by 
jettisoning EME in freedomhtml, and another which is to keep member 
organizations from standardizing software/hardware on EME. Is there 
any way for the current members of all the working groups to put 
pressure on the WC3?  If they all banded together and threatened to 
leave would that have any effect on the administration?  It's only 
anecdotal evidence but I see a lot of articulate arguments against EME 
in the archives I've looked over, and no principled stances in favor.


If I am not mistaken, W3C is a private consortium, their operations are 
mostly funded[1] by their member organisations via membership fees[2], a 
significant part of which comes from their corporate members[3]. It has 
been brought up more than once on the Restricted Media Community Group 
mailing list (a group btw, that has no power over the EME draft aside 
from discussing it and exploring alternatives) that W3C is technically 
only accountable to its members and this argument has not been disputed 
by W3C staff.


As you know, Google, Microsoft and Netflix are the editors of the EME 
spec so I think that is pretty significant. Mr. Jaffe has argued for the 
need of "content protection" while basically denying[4] that W3C is 
working on DRM and while technically, that may be true[5], the fact 
remains that EME is being developed to interact with DRM components.  It 
has been argued that the only way to beat this is to join it or in other 
words, propose another technical solution that will satisfy "premium 
content" distributors. But if discussions on the restricted media list 
are any indication, this is unlikely to happen if that solution involves 
accomodating open source systems.


At this point, I can not see anything that will change the situation 
despite overwhelming opposition. Personally, I doubt W3C will be 
deterred from "process" (because W3C is all about process) and we can 
probably expect more formal objections where process allows and 
meanwhile, EME is being implemented regardless that it is for the moment 
only a First Public Working Draft and a very controversial one at that.




Also, has the EFF's formal objection had any effect?


To my knowledge, no information has yet been made public regarding the 
outcome of this formal objection. There has been a second formal 
objection filed that is also awaiting resolution [6].



It's just all mind boggling to me because this draft is the only thing 
I've ever seen from WC3 with the sole purpose of restricting people's 
access to content.


While that may be true, I would add that regarding HTML5 accessibility 
for people with disabilities, it has been an uphill battle since the 
very start to ensure the inclusion of certain attributes and some losses 
have been incurred along the way. So I would say that in reality, this 
could well have the effect in terms of restricting access to content.


Best regards,


Catherine


[1] http://www.w3.org/Help/#funds
[2] http://www.w3.org/Consortium/fees.php?showall=1#results
[3] http://www.w3.org/Consortium/Member/List
[4] 
http://lists.w3.org/Archives/Public/public-restrictedmedia/2013Jun/0116.html

[5] http://lwn.net/Articles/550424/
[6] http://lists.w3.org/Archives/Public/public-html-admin/2013May/0138.html


--
Catherine Roy
http://www.catherine-roy.net

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] safe-mail.net

[A.Chukin]

Hi Libtech,
Some of my current partners use safe-mail.net for secure messaging.
Does any of you have any information about maintainers and what is you
opinion about security of this mail service ??

All the best,
Anton
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] WC3 and DRM

[Jonathan Wilkes]

On 07/16/2013 10:15 AM, Nick Daly wrote:

On Tue, Jul 16, 2013 at 1:04 AM, Jonathan Wilkes  wrote:

On 07/15/2013 11:45 PM, Catherine Roy wrote:

As a member of the HTML working group and the Restricted Media community
group, my experience is that discussions within these groups surrounding the
EME draft have been extremely frustrating.  The same scenario as with Jeff
Jaffe's blog post has happened there. The whole thing has been rather unreal
and this recent post[1] from a Restricted Media mailing list member sums up
my feelings about how futile the whole exercice has been.

[1]
http://lists.w3.org/Archives/Public/public-restrictedmedia/2013Jul/0190.html

It seems like there are two fronts-- one, which you address by jettisoning
EME in freedomhtml, and another which is to keep member organizations from
standardizing software/hardware on EME.  Is there any way for the current
members of all the working groups to put pressure on the WC3?

Is there any point to messaging the draft's editors directly?

http://www.w3.org/TR/encrypted-media/

If you delivered a thousand copies of the Hollyweb petition a day, you
could do it for nearly a month before running out of individual
signers [2].  That'd be nearly 75k letters between all 3 drafters.


Hm...
The three draft editors aren't elected officials; one of them works for
the W3C member organization that would probably reap the most benefits
from hooks for DRM standardized across the web.  I doubt any
amount of emails to an employee of that company is going to convince
the company to stop developing the cheapest way for them to sustain
their current business model.

Have all the invited experts and member organizations who do not have a
vested interest in EME organized their opposition in any way?  I'm talking
across all working groups.  The actual staff of W3C is quite small, so if
there actually is significant overall opposition by the people who do the
standardization work they would have quite a bit of leverage.

Best,
Jonathan



2: http://www.defectivebydesign.org/oscar-awarded-w3c-in-the-hollyweb
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] EFF's new lawsuit against the NSA

[James S. Tyre]

For those interested, we filed a new lawsuit against the NSA today.  We have 
another still
in litigation, but this one focuses on a specific aspect of the new revelations.

Intro, FAQ and a link to the Complaint at
https://www.eff.org/cases/first-unitarian-church-los-angeles-v-nsa

--
James S. Tyre
Law Offices of James S. Tyre
10736 Jefferson Blvd., #512
Culver City, CA 90230-4969
310-839-4114/310-839-4602(fax)
jst...@jstyre.com
Policy Fellow, Electronic Frontier Foundation
https://www.eff.org



--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Designing Fairness for DMCA

[Gregory Maxwell]

On Tue, Jul 16, 2013 at 1:00 PM, John Adams  wrote:
> http://www.mediabistro.com/appnewser/files/2012/02/infographic-dmca-process1.png

The process here is not correct— or at least it has some unstated
assumptions and a confusing presentation.

For example, if— as a safe harbor enjoying service provider— the
complaint is obviously bogus and as a result you don't care to lose
the safe harbor in this particular instance, you can skip the entire
process and deposit the DMCA notice into the trash.  (This is, for
example,  why the public can't simply manage to keep the whitehouse
website ~permanently disconnected from the internet with a stream of
endless bogus complaints anti-dmca activists engaging in civil
disobedience)

It seems to be intermixing the roles of the safe harbor enjoying
service provider and the non-protected posting party.  The initial
steps are all service provider roles, the but counter-notice is
provided end user.  The question posted there carries the wrong
implication too: a user who has violated copyright is not protected
from ending up in court just because they don't counter notice.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Designing Fairness for DMCA

[Gregory Maxwell]

On Tue, Jul 16, 2013 at 1:00 PM, John Adams  wrote:
> http://www.mediabistro.com/appnewser/files/2012/02/infographic-dmca-process1.png

The process here is not correct— or at least it has some unstated
assumptions and a confusing presentation.

For example, if— as a safe harbor enjoying service provider— the
complaint is obviously bogus and as a result you don't care to lose
the safe harbor in this particular instance, you can skip the entire
process and deposit the DMCA notice into the trash.  (This is, for
example,  why the public can't simply manage to keep the whitehouse
website ~permanently disconnected from the internet with a stream of
endless bogus complaints anti-dmca activists engaging in civil
disobedience)

It seems to be intermixing the roles of the safe harbor enjoying
service provider and the non-protected posting party.  The initial
steps are all service provider roles, the but counter-notice is
provided end user.  The question posted there carries the wrong
implication too: a user who has violated copyright is not protected
from ending up in court just because they don't counter notice.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Designing Fairness for DMCA

[Lucas Gonze]

On Tue, Jul 16, 2013 at 1:00 PM, John Adams  wrote:
> We call this "The trust and safety departments at most major companies."
>
> It already exists. You're getting wrapped up in a technical implementation
> which would normally be handled by large teams. The level of integration you
> describe is more than just a simplistic database table.


I spent much of last year working on a project similar to
@RiptideTempora's. What I found is that organizations which get enough
takedown requests to need administration tools are pretty big. For
them, Zendesk already does a good job. There is an abuse department
within the organization, which is part of customer support and which
implements policy set by an attorney.

For an organization smaller than this, executives typically handle
DMCA takedown requests manually. They usually comply with all
requests, because that is the essence of the safe harbor.

To help users, I believe the best approach is legal assistance. Users
need to know what their options are, how to file a counter notice, why
the shouldn't file counter notices when they really are infringing,
what infringement means, and so on.

> Additionally, your order of operations doesn't match the DMCA workflow that
> is required by law. Have a look at this helpful infographic and rethink the
> flow..
>
> http://www.mediabistro.com/appnewser/files/2012/02/infographic-dmca-process1.png

This infographic is to help third parties understand the notice and
takedown process. It is not a workflow for online service providers.

-Lucas Gonze
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Designing Fairness for DMCA

[Moritz Bartl]

On 16.07.2013 21:47, riptidetemp...@tormail.org wrote:
> Hello, I'm @RiptideTempora on Twitter. My background is in web
> development. The other day I postulated a system for handling DMCA
> takedown notices on an individual website level that would tip the
> scales in favor of the users (whom are, as far as I can tell,
> currently shafted by the current iterations of U.S. legislation).

You might like this project by Wendy Seltzer:

https://www.chillingeffects.org/about
https://www.chillingeffects.org/input.cgi

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Critically Examining "What Would Happen" if the U.N. (or another international body) Administered the Internet?

[Zack Brisson]

Bill,

Thank you for fast response. I may have framed my question incorrectly, so
I want to try and respond for clarifications in case others have
contributions.

>...at a greater degree of remove, whether any nationalistic form of
governance would, in the long run, preserve the end-to-end model.

Recognizing the U.N. or any multi-stakeholder international body has
nationalistic influences within it, can it be described as nationalistic
body itself? Moreso than ICANN? I might be missing something very obvious,
so thanks for clarifying.

>Most people believe that if governments were to gain control over Internet
governance, that they'd do what they do with everything else, and start
making national-scale divergences from the current global standards.


Again, I think this may reflect that I am starting from false assumptions,
but I'm suggesting to not give governments control, but instead vest a
multi-stakeholder body with administrative power. Governments would have
influence through some form of representation, but not outright control, or
at least control filtered through internal competition/checks and balances.

>It's very difficult to talk for very long about the abstract theory of all
this, before someone drags in the actual, more complicated, situation,
wherein the U.N. isn't just the U.N., but also the ITU, and the ITU isn't
just the ITU, but the ITU staff, and three camps of ITU member states that
are at odds with each other,..


Well understood, but isn't that internal 'at odds' part of the potential
positive benefits from a multi-stakeholder structure? Am I missing
something in my understanding of ICANN as only having one camp, the U.S.
government and commercial interests?

Thanks much for sharing Bill.

Cheers,
Zack

On Tuesday, July 16, 2013, Bill Woodcock wrote:

>
> On Jul 16, 2013, at 3:08 PM, Zack Brisson >
> wrote:
> > Have there been nuanced and balanced explorations of how the U.N. (or
> another international organ) could serve as reasonably equitable hub for a
> multi-stakeholder Internet from actors others than those with a clear
> position biasing their analysis? Having worked closely with the U.N., I am
> under no illusions as its infallibility or consistent effectiveness. But is
> this "End of the Internet/Internet Freedom" truly an inevitable outcome for
> either technical or political reasons?
>
> It's not a question of the "end of the Internet," it's a question of
> whether the U.N. has any way to facilitate the continuance of bottom-up
> multistakeholder governance (since that's not how they operate, and none of
> their structures natively support non-governmental decision-making), and at
> a greater degree of remove, whether any nationalistic form of governance
> would, in the long run, preserve the end-to-end model.
>
> Most people believe that if governments were to gain control over Internet
> governance, that they'd do what they do with everything else, and start
> making national-scale divergences from the current global standards.
> They're strongly incentivized to do so, at the expense of global markets,
> and the global public, the vast majority of whom are not their
> constituents.  It's a potential tragedy of the commons, which is held in
> check by the fact that it's currently communally governed, rather than
> individually governed, so it's governed in the common good, rather than to
> the maximization of individual goods at the expense of the whole.
>
> It's very difficult to talk for very long about the abstract theory of all
> this, before someone drags in the actual, more complicated, situation,
> wherein the U.N. isn't just the U.N., but also the ITU, and the ITU isn't
> just the ITU, but the ITU staff, and three camps of ITU member states that
> are at odds with each other, and that whole mess is just a pawn in the
> larger WTO chess-match, etc., etc., etc.
>
> -Bill
>
>
>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu  or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>


-- 
*ZACK BRISSON*
*Principal, Reboot*
45 E 20th St, 5th Floor, New York, NY 10003
o: +1 212 388 1010 | m: +1 704 281 5322
Nigeria:  +234 (0)703 655 0687
z...@thereboot.org
theReboot.org 
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Critically Examining "What Would Happen" if the U.N. (or another international body) Administered the Internet?

[Bill Woodcock]

On Jul 16, 2013, at 3:08 PM, Zack Brisson  wrote:
> Have there been nuanced and balanced explorations of how the U.N. (or another 
> international organ) could serve as reasonably equitable hub for a 
> multi-stakeholder Internet from actors others than those with a clear 
> position biasing their analysis? Having worked closely with the U.N., I am 
> under no illusions as its infallibility or consistent effectiveness. But is 
> this "End of the Internet/Internet Freedom" truly an inevitable outcome for 
> either technical or political reasons?

It's not a question of the "end of the Internet," it's a question of whether 
the U.N. has any way to facilitate the continuance of bottom-up 
multistakeholder governance (since that's not how they operate, and none of 
their structures natively support non-governmental decision-making), and at a 
greater degree of remove, whether any nationalistic form of governance would, 
in the long run, preserve the end-to-end model.

Most people believe that if governments were to gain control over Internet 
governance, that they'd do what they do with everything else, and start making 
national-scale divergences from the current global standards. They're strongly 
incentivized to do so, at the expense of global markets, and the global public, 
the vast majority of whom are not their constituents.  It's a potential tragedy 
of the commons, which is held in check by the fact that it's currently 
communally governed, rather than individually governed, so it's governed in the 
common good, rather than to the maximization of individual goods at the expense 
of the whole.

It's very difficult to talk for very long about the abstract theory of all 
this, before someone drags in the actual, more complicated, situation, wherein 
the U.N. isn't just the U.N., but also the ITU, and the ITU isn't just the ITU, 
but the ITU staff, and three camps of ITU member states that are at odds with 
each other, and that whole mess is just a pawn in the larger WTO chess-match, 
etc., etc., etc.

-Bill





--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Critically Examining "What Would Happen" if the U.N. (or another international body) Administered the Internet?

[Zack Brisson]

Informed minds of Lib-Tech,

During previous heated
discussionsof
a potential "UN Takeover" of Internet administration, I never
critically
challenged the claim that it would lead to a set of de-centralized
sub-Internets, allowing autocratic regimes to greatly increase their
ability to censor/shut-down/monitor Internet usage. But I've seen the claim
now re-made in the context of Snowden and
Russia,
which has raised new questions about the validity of the assertions.

Does anyone know of a critical examination of the set of related ideas?
Have there been nuanced and balanced explorations of how the U.N. (or
another international organ) could serve as reasonably equitable hub for a
multi-stakeholder Internet from actors others than those with a clear
position biasing their analysis? Having worked closely with the U.N., I am
under no illusions as its infallibility or consistent effectiveness. But is
this "End of the Internet/Internet Freedom" truly an inevitable outcome for
either technical or political reasons?

I would appreciate any resources or perspective that those on Liberation
Tech could share. I am not familiar enough with network engineering to
fully understand all the technical aspects of relevance, but know enough
that I should be able to interpret most well-written pieces of analysis.

Many thanks for your consideration.
Zack
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Designing Fairness for DMCA

[riptidetempora]

> We call this "The trust and safety departments at most major companies."
>
> It already exists. You're getting wrapped up in a technical implementation
which would normally be handled by large teams. The level of integration
you describe is more than just a simplistic database table.
>
> Additionally, your order of operations doesn't match the DMCA workflow that
is required by law. Have a look at this helpful infographic and rethink the
flow..
>
> http://www.mediabistro.com/appnewser/files/2012/02/infographic-dmca-process1.png
>
> -j
So there's no deviation from that workflow possible? Not even a short time
buffer before content is taken down?

The idea was two-fold: Give the rest of the world advance notice of a
pending takedown and make all communications about DMCA takedowns
(requests, counter-notices, etc.) public and transparent so if there are
abusive practices (e.g. automated requests), they're out in the open for
everyone to see.

There are no laws prohibiting the publication of DMCA takedown notice
emails and their full headers, are there?

Even if the idea as written is flawed, is there any way I can achieve
those two goals?

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] CfP: USENIX Workshop on Free and Open Communications on the Internet (DC!)

[jon penney]

Hi all,

Thought I'd send out a note to put this back on everyone's radar as the
program for the 2013 USENIX Workshop on Free and Open Communications on the
Internet-- taking place in Washington DC on August 13--- has now posted its
program:
https://www.usenix.org/conference/foci13/tech-schedule/workshop-program

Also, early bird/hotel registration deadline is fast approaching-- *July 22:
* https://www.usenix.org/conference/usenixsecurity13/registration-discounts

As Collin mentioned back in March, FOCI aims to be interdisciplinary,
mixing technical research (and researchers) with practitioners and
researchers from fields like law, technology, social science, and public
policy.

Figured there would at least be some DC based LibTech folks on this list
interested, particularly those involved with public policy in this space.

Best, jon

---
jon penney | @jon_penney | jpen...@cyber.law.harvard.edu


On Wed, Mar 13, 2013 at 12:01 PM, Collin Anderson  wrote:

> Colleagues,
>
> Libtech receives a fair number of call for papers on conferences and
> journals every month, however, I wanted to direct special attention to
> the Free and Open Communications on the Internet Workshop at USENIX, being
> held in Washington, D.C. on August 13 this year. Participating in the first
> FOCI was a pretty great opportunity personally and I am hopeful that the
> location this time will help better connect researchers and the policy
> process that takes place locally. Please, submit, participate and attend!
>
> https://www.usenix.org/conference/foci13/call-for-papers
>
> Cordially,
> Collin
>
> ---
>
> Overview
> The 3rd USENIX Workshop on Free and Open Communications on the Internet
> (FOCI '13) seeks to bring together researchers and practitioners from
> technology, law, and policy who are working on means to study, detect, or
> circumvent practices that inhibit free and open communications on the
> Internet.
>
> Internet communications drive political and social change around the
> world. Governments and other actors seek to control, monitor, and block
> Internet communications for a variety of reasons, ranging from extending
> copyright law to suppressing free speech and assembly. Methods for
> controlling what content people post and view online are also multifarious.
> Whether it's traffic throttling by ISPs or man-in-the-middle attacks by
> countries seeking to identify those who are organizing protests, threats to
> free and open communications on the Internet must be addressed by the
> research community in an interdisciplinary way that includes both policy
> and technology.
>
> Topics
> We encourage submission of new, interesting work on a wide variety of
> topics of interest, including but in no way limited to the following areas:
>
> Evaluation or analysis of existing anti-censorship systems
> Comparisons of existing tools that might be used to detect tampering,
> blocking, or violations of net neutrality
> Studies and findings on real-world censorship or tampering from field
> deployments or other methods, such as the topics or content censored by
> states or the extent to which ISPs are degrading certain types of content
> or service
> Metrics and benchmarks for content tampering or performance degradation
> Detection, measuring, and analysis of the censorship of search results
> Design of network protocols and topologies that resist tampering or
> censorship
> Techniques to counter mass surveillance or its effects
> The role of private corporations in spreading or enabling surveillance and
> censorship
> Capabilities of deep packet inspection (DPI) and robust mechanisms to
> circumvent DPI
> Capabilities and constraints of censorship technologies
> Legality of censorship-resistant systems or bypassing censorship
> Economic considerations in the design and deployment of censorship or
> censorship-resistant tools
> Analysis of the economic impact of censorship
> Usability in censorship-resistant systems
> Effects of censorship on individuals, society, business, or political
> processes
> We emphasize that this workshop seeks to draw submissions from a range of
> disciplines. As such, non-technical work that examines the wider
> implications of censorship and its effects will be considered favorably.
>
> What to Submit
> We invite two distinct tracks for papers: a technical track for
> technically-focused position papers or works-in-progress; and a social
> science track for papers focused on policy, law, regulation, economics or
> related fields of study.
>
> FOCI will favor interesting and new ideas and early results that lead to
> well-founded position papers. We envision that work presented at FOCI will
> ultimately be published at relevant, high-quality conferences. Papers will
> be selected primarily based on originality, with additional consideration
> given to their potential to generate discussion at the workshop. Papers in
> the technical track will also be evaluated based on technical merit.

Re: [liberationtech] Designing Fairness for DMCA

[John Adams]

We call this "The trust and safety departments at most major companies."

It already exists. You're getting wrapped up in a technical implementation
which would normally be handled by large teams. The level of integration
you describe is more than just a simplistic database table.

Additionally, your order of operations doesn't match the DMCA workflow that
is required by law. Have a look at this helpful infographic and rethink the
flow..

http://www.mediabistro.com/appnewser/files/2012/02/infographic-dmca-process1.png

-j



On Tue, Jul 16, 2013 at 12:47 PM,  wrote:

> Hello, I'm @RiptideTempora on Twitter. My background is in web
> development. The other day I postulated a system for handling DMCA
> takedown notices on an individual website level that would tip the scales
> in favor of the users (whom are, as far as I can tell, currently shafted
> by the current iterations of U.S. legislation).
>
> The full text can be found here: http://pastebin.com/0uG85vna
>
> The process would go something like this:
>
> 1. Someone sends a DMCA Takedown Notice
> 2. A new database entry in `dmca_takedowns` is created with the entire
> email
>(with full headers)
> 3. All infringing material are linked in the database to that takedown
> notice
>which adds a message saying "A DMCA Takedown notice has been filed
> for this
>[article/video/song/whatever]."
> 4. All "authors" of the content are notified of the DMCA request by
> internal
>message and by email of the DMCA Takedown Notice, which will
> include the
>phone numbers and email addresses for ACLU, NLG, et al. should they
> wish to
>file a counter-notice (which will also be public if sent to us, by
> adding
>an entry to `dmca_counternotice` which is linked to the notice ID)
> 5. A public index of pending (and resolved) DMCA Takedown Notices will
> be main-
>tained which include the full emails and all affected content
> 6. The maximum amount of time legally permitted (designated $lead)
> will elapse
>to allow the original authors ample time to organize a
> counter-notice
> 7. If no counter-notice is filed after $lead we will either amend or
> disable the
>public availability of the content. The `dmca_takedown` entry will
> be marked
>as "Taken Down"
> 8. If a counter-notice is filed, we will disable the content after
> $lead days
>and mark the `dmca_takedown` entry as "Counter-notice filed" to
> comply with
>[my understanding of the law], then wait 14 days for the filer to
> respond to
>file a lawsuit (during which time we will be in contact with the
> authors who
>filed counter-notice).
> 9. If after 14 days no lawsuit was filed, the takedown notice will be
> marked as
>"14 days expired without lawsuit" and the content will remain
> visible (but
>still be indexed on a separate page for "failed" DMCA Takedowns)
> 10. If we receive notification that a lawsuit has been filed, we
> disable access
> to the material and mark it as "Lawsuit Pending"
>
>   In total, I anticipate 3 pages consisting of 2 lists, 2 list, and 1
> list
>   respectively:
>  1. The front page will list:
> A. New DMCA Takedown Notices
> B. Counter-notice Filed
>  2. There will be a "taken down" page for the sake of transparency
> A. Successful takedowns
> B. Content disabled, pending the outcome of a lawsuit
>  3. There will be a "failed" page that lists unsuccessful takedown
> requests for the sake of transparency
>
> I'd like to know if such a system would be legally viable or if it would
> incur additional risks for a website that implemented such a system; and
> further, what adjustments could be made to make this design more robust
> under the current legal and political climates around copyright law?
>
> Thank you for your time,
> ~RT
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Designing Fairness for DMCA

[riptidetempora]

Hello, I'm @RiptideTempora on Twitter. My background is in web
development. The other day I postulated a system for handling DMCA
takedown notices on an individual website level that would tip the scales
in favor of the users (whom are, as far as I can tell, currently shafted
by the current iterations of U.S. legislation).

The full text can be found here: http://pastebin.com/0uG85vna

The process would go something like this:

1. Someone sends a DMCA Takedown Notice
2. A new database entry in `dmca_takedowns` is created with the entire
email
   (with full headers)
3. All infringing material are linked in the database to that takedown
notice
   which adds a message saying "A DMCA Takedown notice has been filed
for this
   [article/video/song/whatever]."
4. All "authors" of the content are notified of the DMCA request by
internal
   message and by email of the DMCA Takedown Notice, which will
include the
   phone numbers and email addresses for ACLU, NLG, et al. should they
wish to
   file a counter-notice (which will also be public if sent to us, by
adding
   an entry to `dmca_counternotice` which is linked to the notice ID)
5. A public index of pending (and resolved) DMCA Takedown Notices will
be main-
   tained which include the full emails and all affected content
6. The maximum amount of time legally permitted (designated $lead)
will elapse
   to allow the original authors ample time to organize a counter-notice
7. If no counter-notice is filed after $lead we will either amend or
disable the
   public availability of the content. The `dmca_takedown` entry will
be marked
   as "Taken Down"
8. If a counter-notice is filed, we will disable the content after
$lead days
   and mark the `dmca_takedown` entry as "Counter-notice filed" to
comply with
   [my understanding of the law], then wait 14 days for the filer to
respond to
   file a lawsuit (during which time we will be in contact with the
authors who
   filed counter-notice).
9. If after 14 days no lawsuit was filed, the takedown notice will be
marked as
   "14 days expired without lawsuit" and the content will remain
visible (but
   still be indexed on a separate page for "failed" DMCA Takedowns)
10. If we receive notification that a lawsuit has been filed, we
disable access
to the material and mark it as "Lawsuit Pending"

  In total, I anticipate 3 pages consisting of 2 lists, 2 list, and 1
list
  respectively:
 1. The front page will list:
A. New DMCA Takedown Notices
B. Counter-notice Filed
 2. There will be a "taken down" page for the sake of transparency
A. Successful takedowns
B. Content disabled, pending the outcome of a lawsuit
 3. There will be a "failed" page that lists unsuccessful takedown
requests for the sake of transparency

I'd like to know if such a system would be legally viable or if it would
incur additional risks for a website that implemented such a system; and
further, what adjustments could be made to make this design more robust
under the current legal and political climates around copyright law?

Thank you for your time,
~RT

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] September "Virtual" and Aug 1, 2 pm San Francisco - New Voices, Civic Engagement in the Digital Age Report Discussion

[Steven Clift]

Hey all, I've put up the official e-vite for two gatherings:

In-Person - San Francisco - Aug.1:
  http://digicivic.eventbrite.com

Virtual - Tech TBD - Tentatively Sept 18:
  http://newvoicesdigiengage.eventbrite.com

New blog post with additional context:
   http://blog.e-democracy.org/posts/1960

Thanks,
Steve

On Thu, Jul 4, 2013 at 8:22 AM, Steven Clift  wrote:
> I wanted to let folks know that based on the success of the small
> group discussion we had on the newer PewInternet.org report on Civic
> Engagement in the Digital Age in DC last month -
> http://bit.ly/digicivic - at the Sunlight Foundation, working with
> folks at Code for America we are staging a repeat event in San
> Francisco.
>
> A key focus is asking questions and looking at the data with from an
> "inclusion" perspective and digging into the numbers about new voices
> and less represented groups. Long story short, the Pew survey
> basically says those who show up civically offline are also dominating
> online and the participation gap may be a wee bit wider online (the
> opposite of what we need if the Net is to be a positive democratizing
> force). Equity in participation, by factors like race, are a bit
> better with social media but "taking action" (and being asked to take
> action) shows a number of huge divides.
>
> So on this Independence Day, I encourage us commit ourselves to
> efforts that use civic technology and open government to raise new
> voices and build power for less represented groups in society. We can
> build on "open to all" access to information, transparency,
> accountability, etc. and add "used by (a more representative) all" to
> our efforts. By digging into the numbers and looking for engagement
> opportunities, I sincerely believe we can use civic tech to build far
> great civic participation.
>
> If you would like an invite (space is limited) or know of people who
> be interested, drop me a note with "New Voices Aug 1" in the subject:
>
>  cl...@e-democracy.org
>  clift (at) e-democracy.org
>
> Crucially, we seek a mix of folks from civil rights, digital
> inclusion, civic tech, open gov, civic engagement circles. We had that
> in our DC meeting and it made for a very useful and dynamic exchange.
>
> The DRAFT invite, attendee list and links to the DC meeting notes:
> http://bit.ly/digicivic
>
> Steven Clift - http://stevenclift.com
>   Executive Director - http://E-Democracy.org
>   Twitter: http://twitter.com/democracy
>   Tel/Text: +1.612.234.7072
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] {Spam?} Re: Travellers' mobile phone data seized by police at border

[Michael Dahan]

Israeli GSS (shabak/shin bet, equivalent to FBI) regularly detain arriving
passengers at Ben Gurion airport and land crossings if they are suspected
of being affiliated with ISM groups, or notably pro Palestinian, or raise
suspicions. Whilst being questioned, cell phones and laptops are "borrowed"
by interrogators and detainees are forced to access their email and
facebook accounts (often via a computer provided to them where I assume
login and password are keylogged). While the cell phones/laptops are
"borrowed" contact and other relevant data are downloaded and the IMEI and
RFID (in cell phone) are noted. IMEI is then used to track activists while
in Israel/Palestine. RFID is used to track at checkpoints into Palestine.
Most of this is fairly common knowledge and has been reported in the press
and by activists. As a result, veteran pro Palestinian activists have taken
to opening "clean" email and facebook accounts with enough (innocent)
activity to appear valid. Failure to comply almost always results in the
individual being denied entry and held until the next available flight back
to their point of origin or sent back across the border if arriving by
land. Laptops have been known to be confiscated "for security reasons" and
"further inspection" when _leaving_ the country and are sent back to the
individual by parcel post. The laptops often arrive severely damaged.

Michael




On Tue, Jul 16, 2013 at 4:42 PM, Paul Bernal (LAW) wrote:

> Our police do it to 'suspects' inside the UK too…
>
> http://www.bbc.co.uk/news/technology-18102793
>
>
> "The Metropolitan Police has implemented a system to extract mobile phone
> data from suspects held in custody. The data includes call history, texts
> and contacts, and the BBC has learned that it will be retained regardless
> of whether any charges are brought. The technology is being used in 16
> London boroughs, and could potentially be used by police across the UK.
> Campaign group Privacy International described the move as a "possible
> breach of human rights law".
>
> Until now, officers had to send mobiles off for forensic examination in
> order to gather and store data, a process which took several weeks. Under
> the new system, content will be extracted using purpose built terminals in
> police stations. It will allow officers to connect a suspect's mobile and
> produce a print out of data from the device, as well as saving digital
> records of the content…."
>
> That's from May 2012 -  I'm told informally that it happens very regularly
> in practice.
>
> Paul
>
>
>
>
> Dr Paul Bernal
> Lecturer
> UEA Law School
> University of East Anglia
> Norwich Research Park
> Norwich NR4 7TJ
>
> email: paul.ber...@uea.ac.uk
> Web: http://www.paulbernal.co.uk/
> Blog: http://paulbernal.wordpress.com/
> Twitter: @paulbernalUK
>
> On 16 Jul 2013, at 14:31, LilBambi 
>  wrote:
>
> > I think this has been going on in the UK and USA for some time now.
> > And I am sure other countries are also doing it, although many might
> > not be considered 'free' nations as the UK and USA boast.
> >
> > On Mon, Jul 15, 2013 at 9:45 AM, Eugen Leitl  wrote:
> >>
> >> (leave your data at home in an encrypted cloud (you cannot
> >> be asked to decrypt data not in your possession), treat
> >> seized devices as sacrificable due to potential backdoors
> >> installed during examination so use cheap disposables when
> >> travelling and restock from a known good source)
> >>
> >>
> http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-police-at-border.html
> >>
> >> Travellers' mobile phone data seized by police at border
> >>
> >> Thousands of innocent holidaymakers and travellers are having their
> phones
> >> seized and personal data downloaded and stored by the police, The
> Telegraph
> >> can disclose.
> >>
> >> Tourist using mobile phone at an airport
> >>
> >> A police officer can stop any passenger at random, scour their phone and
> >> download and retain data, even of the individual is then immediately
> allowed
> >> to proceed Photo: ALAMY
> >>
> >> By Tom Whitehead, and David Barrett9:01PM BST 13 Jul 2013Comments206
> Comments
> >>
> >> Officers use counter-terrorism laws to remove a mobile phone from any
> >> passenger they wish coming through UK air, sea and international rail
> ports
> >> and then scour their data.
> >>
> >> The blanket power is so broad they do not even have to show reasonable
> >> suspicion for seizing the device and can retain the information for “as
> long
> >> as is necessary”.
> >>
> >> Data can include call history, contact books, photos and who the person
> is
> >> texting or emailing, although not the contents of messages.
> >>
> >> David Anderson QC, the independent reviewer of terrorism laws, is
> expected to
> >> raise concerns over the power in his annual report this week.
> >>
> >> He will call for proper checks and balances to ensure it is not being
> abused.
> >>
> >> It echoes concerns surrounding an almost identic

Re: [liberationtech] Travellers' mobile phone data seized by police at border

[The Doctor]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/16/2013 09:52 AM, David Edmondson wrote:

> How easy is it to replace a device in a new country?
> 
> In the UK I can easily walk into various stores and pay £20 for a 
> (possibly network locked) phone, no questions asked.
> 
> Is it that easy if I land in the US? France? Germany? China?

Pre-paid cellular (and smart-) phones are reasonably easy to get in
stores in the States.  Bare-bones candybar phones that can only make
and receive phone calls and sometimes send and receive text messages
can be purchased for $20-$40us (GSM, with SIM).  Pre-paid smartphones
cost correspondingly more (starting around $100us).  They must be
activated online with a valid e-mail address.  More and more stores
are starting to lock them up on the rack or display them behind the
counter, meaning some form of interaction with store personnel to buy
them (I do not know how you feel about that, your call).  It is
decreasingly possible to purchase them at self-checkout lines, they
will refuse to register and flip on the "call a clerk" light.

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

When I was a kid, I was an imaginary playmate.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHlYKEACgkQO9j/K4B7F8Hq9wCg3xXkOM2y0xUFhPY0zASqCLYa
P9wAoPd1b4CaZkY3SivQocX6gAvVfYxH
=7CFb
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Autocorrect metadata

[Ashkan Soltani]

oldie but goodie (p16):
http://seriot.ch/resources/talks_papers/iPhonePrivacy.pdf

-a

On Mon, Jul 15, 2013 at 5:23 PM, Mike H. Miller wrote:

> What kind of metadata is harvestable from common autocorrect functions of
> devices and applications?  Is there much literature on this?
>
> Miller
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] WC3 and DRM

[Nick Daly]

On Tue, Jul 16, 2013 at 1:04 AM, Jonathan Wilkes  wrote:
> On 07/15/2013 11:45 PM, Catherine Roy wrote:
>>
>> As a member of the HTML working group and the Restricted Media community
>> group, my experience is that discussions within these groups surrounding the
>> EME draft have been extremely frustrating.  The same scenario as with Jeff
>> Jaffe's blog post has happened there. The whole thing has been rather unreal
>> and this recent post[1] from a Restricted Media mailing list member sums up
>> my feelings about how futile the whole exercice has been.
>>
>> [1]
>> http://lists.w3.org/Archives/Public/public-restrictedmedia/2013Jul/0190.html
>
> It seems like there are two fronts-- one, which you address by jettisoning
> EME in freedomhtml, and another which is to keep member organizations from
> standardizing software/hardware on EME.  Is there any way for the current
> members of all the working groups to put pressure on the WC3?

Is there any point to messaging the draft's editors directly?

http://www.w3.org/TR/encrypted-media/

If you delivered a thousand copies of the Hollyweb petition a day, you
could do it for nearly a month before running out of individual
signers [2].  That'd be nearly 75k letters between all 3 drafters.

2: http://www.defectivebydesign.org/oscar-awarded-w3c-in-the-hollyweb
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Travellers' mobile phone data seized by police at border

[David Edmondson]

On Mon, Jul 15, 2013 at 9:45 AM, Eugen Leitl  wrote:
> (leave your data at home in an encrypted cloud (you cannot
> be asked to decrypt data not in your possession), treat
> seized devices as sacrificable due to potential backdoors
> installed during examination so use cheap disposables when
> travelling and restock from a known good source)

How easy is it to replace a device in a new country?

In the UK I can easily walk into various stores and pay £20 for a
(possibly network locked) phone, no questions asked.

Is it that easy if I land in the US? France? Germany? China?
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] {Spam?} Re: Travellers' mobile phone data seized by police at border

[Paul Bernal (LAW)]

Our police do it to 'suspects' inside the UK too…

http://www.bbc.co.uk/news/technology-18102793


"The Metropolitan Police has implemented a system to extract mobile phone data 
from suspects held in custody. The data includes call history, texts and 
contacts, and the BBC has learned that it will be retained regardless of 
whether any charges are brought. The technology is being used in 16 London 
boroughs, and could potentially be used by police across the UK. Campaign group 
Privacy International described the move as a "possible breach of human rights 
law".

Until now, officers had to send mobiles off for forensic examination in order 
to gather and store data, a process which took several weeks. Under the new 
system, content will be extracted using purpose built terminals in police 
stations. It will allow officers to connect a suspect's mobile and produce a 
print out of data from the device, as well as saving digital records of the 
content…."

That's from May 2012 -  I'm told informally that it happens very regularly in 
practice.

Paul




Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 16 Jul 2013, at 14:31, LilBambi 
 wrote:

> I think this has been going on in the UK and USA for some time now.
> And I am sure other countries are also doing it, although many might
> not be considered 'free' nations as the UK and USA boast.
> 
> On Mon, Jul 15, 2013 at 9:45 AM, Eugen Leitl  wrote:
>> 
>> (leave your data at home in an encrypted cloud (you cannot
>> be asked to decrypt data not in your possession), treat
>> seized devices as sacrificable due to potential backdoors
>> installed during examination so use cheap disposables when
>> travelling and restock from a known good source)
>> 
>> http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-police-at-border.html
>> 
>> Travellers' mobile phone data seized by police at border
>> 
>> Thousands of innocent holidaymakers and travellers are having their phones
>> seized and personal data downloaded and stored by the police, The Telegraph
>> can disclose.
>> 
>> Tourist using mobile phone at an airport
>> 
>> A police officer can stop any passenger at random, scour their phone and
>> download and retain data, even of the individual is then immediately allowed
>> to proceed Photo: ALAMY
>> 
>> By Tom Whitehead, and David Barrett9:01PM BST 13 Jul 2013Comments206 Comments
>> 
>> Officers use counter-terrorism laws to remove a mobile phone from any
>> passenger they wish coming through UK air, sea and international rail ports
>> and then scour their data.
>> 
>> The blanket power is so broad they do not even have to show reasonable
>> suspicion for seizing the device and can retain the information for “as long
>> as is necessary”.
>> 
>> Data can include call history, contact books, photos and who the person is
>> texting or emailing, although not the contents of messages.
>> 
>> David Anderson QC, the independent reviewer of terrorism laws, is expected to
>> raise concerns over the power in his annual report this week.
>> 
>> He will call for proper checks and balances to ensure it is not being abused.
>> 
>> It echoes concerns surrounding an almost identical power police can use on
>> the streets of the UK, which is being reviewed by the Information
>> Commissioner.
>> 
>> However, in those circumstances police must have grounds for suspicion and
>> the phone can only be seized if the individual is arrested.
>> 
>> Mr Anderson said: “Information downloaded from mobile phones seized at ports
>> has been very useful in disrupting terrorists and bringing them to justice.
>> 
>> “But ordinary travellers need to know that their private information will not
>> be taken without good reason, or retained by the police for any longer than
>> is necessary.”
>> 
>> Up to 60,000 people a year are “stopped and examined” as they enter or return
>> to the UK under powers contained in the Terrorism Act 2000.
>> 
>> It is not known how many of those have their phone data taken.
>> 
>> Dr Gus Hosein, of the campaign group Privacy International, said: “We are
>> extremely concerned by these intrusive tactics that have been highlighted by
>> the independent terrorism reviewer.
>> 
>> “These practices have been taking place under the radar for far too long and
>> if Mr Anderson calls for reform and new safeguards we would be very
>> supportive of that.”
>> 
>> He added: “Seizing and downloading your phone data is the modern equivalent
>> of searching your home and office, searching through family albums and
>> business records alike, and identifying all your friends and family, then
>> keeping this information for years.
>> 
>> “If you were on the other side of the border, the police would rightly have
>> to apply for warrants and follow strict guidelines. But nowhe

Re: [liberationtech] Travellers' mobile phone data seized by police at border

[LilBambi]

I think this has been going on in the UK and USA for some time now.
And I am sure other countries are also doing it, although many might
not be considered 'free' nations as the UK and USA boast.

On Mon, Jul 15, 2013 at 9:45 AM, Eugen Leitl  wrote:
>
> (leave your data at home in an encrypted cloud (you cannot
> be asked to decrypt data not in your possession), treat
> seized devices as sacrificable due to potential backdoors
> installed during examination so use cheap disposables when
> travelling and restock from a known good source)
>
> http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-police-at-border.html
>
> Travellers' mobile phone data seized by police at border
>
> Thousands of innocent holidaymakers and travellers are having their phones
> seized and personal data downloaded and stored by the police, The Telegraph
> can disclose.
>
> Tourist using mobile phone at an airport
>
> A police officer can stop any passenger at random, scour their phone and
> download and retain data, even of the individual is then immediately allowed
> to proceed Photo: ALAMY
>
> By Tom Whitehead, and David Barrett9:01PM BST 13 Jul 2013Comments206 Comments
>
> Officers use counter-terrorism laws to remove a mobile phone from any
> passenger they wish coming through UK air, sea and international rail ports
> and then scour their data.
>
> The blanket power is so broad they do not even have to show reasonable
> suspicion for seizing the device and can retain the information for “as long
> as is necessary”.
>
> Data can include call history, contact books, photos and who the person is
> texting or emailing, although not the contents of messages.
>
> David Anderson QC, the independent reviewer of terrorism laws, is expected to
> raise concerns over the power in his annual report this week.
>
> He will call for proper checks and balances to ensure it is not being abused.
>
> It echoes concerns surrounding an almost identical power police can use on
> the streets of the UK, which is being reviewed by the Information
> Commissioner.
>
> However, in those circumstances police must have grounds for suspicion and
> the phone can only be seized if the individual is arrested.
>
> Mr Anderson said: “Information downloaded from mobile phones seized at ports
> has been very useful in disrupting terrorists and bringing them to justice.
>
> “But ordinary travellers need to know that their private information will not
> be taken without good reason, or retained by the police for any longer than
> is necessary.”
>
> Up to 60,000 people a year are “stopped and examined” as they enter or return
> to the UK under powers contained in the Terrorism Act 2000.
>
> It is not known how many of those have their phone data taken.
>
> Dr Gus Hosein, of the campaign group Privacy International, said: “We are
> extremely concerned by these intrusive tactics that have been highlighted by
> the independent terrorism reviewer.
>
> “These practices have been taking place under the radar for far too long and
> if Mr Anderson calls for reform and new safeguards we would be very
> supportive of that.”
>
> He added: “Seizing and downloading your phone data is the modern equivalent
> of searching your home and office, searching through family albums and
> business records alike, and identifying all your friends and family, then
> keeping this information for years.
>
> “If you were on the other side of the border, the police would rightly have
> to apply for warrants and follow strict guidelines. But nowhere in Britain do
> you have less rights than at the border.
>
> “Under law, seizing a mobile phone should be only when the phone is essential
> to an investigation, and then even certain rules should apply. Without these
> rules, everyone should be worried.”
>
> Under the Act, police or border staff can question and even hold someone
> while they ascertain whether the individual poses a terrorism risk.
>
> But no prior authorization is needed for the person to be stopped and there
> does not have to be any suspicion.
>
> It means a police officer can stop any passenger at random, scour their phone
> and download and retain data, even of the individual is then immediately
> allowed to proceed.
>
> It has been a grey area as to whether the act specifically allowed for phone
> data to be downloaded and recorded.
>
> But last month, Damian Green, the policing minister, laid an amendment to the
> anti-social behaviour, crime and policing bill, which is currently going
> through Parliament.
>
> It makes the express provision for the copying and retention of information
> from a seized item.
>
> The ability to potentially retain the data indefinitely could also spark a
> fresh row over civil liberties similar to the controversy around DNA sample.
>
> Laws had to be changed to end the retention of the DNA of innocent people
> after the European Court of Human Rights ruled in 2008 that keeping them was
> unlawful.
>
> Mr Anderson is 

Re: [liberationtech] CJDNS hype

[Michael Rogers]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Caleb,

Thanks for your reply. I'm not trying to cause trouble for CJDNS, as
you put it - I'm just pointing out that robust routing without a
central authority is a problem with a long research history that
contains some widely applicable results. I think some of those results
probably apply to CJDNS, but I don't know much about how it works, so
I've responded inline asking for more detail on some of your responses.

More generally, could you explain how CJDNS detects and routes around
faults?

On 15/07/13 20:09, Caleb James DeLisle wrote:
>> The adversary can create imaginary networks of arbitrary size and
>> structure, composed entirely of Sybil identities, to absorb our
>> measurement resources. It's like playing whack-a-mole with an
>> infinite number of moles. ;-)
> 
> Which will all have a common route prefix.

Could you explain what a route prefix is and how you can be sure that
a set of Sybil identities will share a route prefix? How is the route
prefix used in detecting and routing around faults?

> Lazy cjdns will not route to your absurdly long path if it has
> short paths to the destinations it wants to reach. It will also not
> care much about your zillion nodes because it has fast nodes
> already in it's routing table and they're working just fine.

Could you explain why a set of Sybil identities will produce an
absurdly long path, and how you can be sure that the routing table has
already been populated with fast non-Sybil nodes?

It sounds like you're saying that a Sybil attack won't work because
the victims have already populated their routing tables prior to the
attack - but what about a new node joining the network after the
attack has started?

> You can feign existence of as many nodes as you want but you can't
> feign low latency and short labels, in fact the more nodes you
> generate, the longer your labels will become to accommodate them
> all, your (comparatively) high latency links with long switch
> labels look just like a terrible route which cjdns finds and
> rejects all of the time.

It's true that you can't feign low latency. But if low latency is the
way to get traffic routed through you, the adversary can add genuinely
fast nodes and links to the network, in order to attract lots of
traffic, in order to selectively drop certain traffic.

I don't see why you can't feign short labels. If short labels are
desirable, surely a node can store the label from each incoming packet
and replace it with an empty label, so the packet appears to originate
from the node itself? Then if a response is received, the node can
restore the old label (reversed) and send the packet on its way?

What's the basis for preferring one route over another in CJDNS?
Latency, hop count, label length, some mixture of those things?

>> the adversary can deliver measurement packets but drop data
>> packets. If the packets carry source or destination addresses,
> 
> They don't, only route labels which route to the next hop in the
> recursive routing which is usually but not necessarily the
> destination.

Nevertheless, a node could selectively drop traffic bound for certain
recursive routing hops, while forwarding other traffic, right?

The point I was trying to make in my previous email is that whatever
information the packets carry to distinguish one packet from another,
the adversary can use that information to target certain packets while
maintaining the appearance of high overall reliability.

>> the adversary can drop packets with certain sources or
>> destinations while keeping her overall reliability high. The
>> adversary may be able to manipulate the reliability measurements
>> without dropping packets, for example by spoofing addresses or
>> forging measurement packets.
> 
> Can't spoof a packet because the IPv6 address is the public key
> hash.

Is every packet signed with the corresponding private key? Seems like
that would be expensive.

> Can't spoof a switch frame source except to extend the length of
> the path beyond your node.

As I mentioned above, you can also truncate the path so it appears to
start at your node. That could be useful to the adversary if short
paths are used preferentially, for example.

Cheers,
Michael
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJR5RehAAoJEBEET9GfxSfM63wIAJwR9RPImmHk2SobGbvxgGFd
58OdNmZaq/8CbmdbIXN/CaiaewkmWTA+5iQlKGPoKVatbZOFzl0XFXxrYF77giYa
z0vFQf7cDGTspStGfpKHqvs87rahzN7MCs8nV3nBXItaOnkglu96of3RhMrni0Xw
2tNBpOzNile38etFdcgnrSZt3JhecJcAwbPEj09WcVjtXcow435XJxeqvg3oUve4
esbj2dYvAHWIBl/BFjhCJEO8q9Yl0XfyE88TRg40pUyQM5qrr0UabCTX4LBa9Vz7
mA1lTjXVp7Lrw+qzwgwg2sNVKwC7Q8GKVfvtJL5axTQGdwPq38/slVCGTt6rrGM=
=x+AG
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Surespot? Re: Feedback on Threema - Seriously secure mobile messaging.

[Petter Ericson]

On 15 July, 2013 - Nathan of Guardian wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 07/15/2013 05:55 PM, Pavol Luptak wrote:
> > Any idea how to have offline secure messaging (when Jabber+OTR is
> > not possible to use)?
> 
> Gibberbot already partially implements this, and we are working with
> ChatSecure and others to move forward with a standards-based solution
> to this. While we already have OpenPGP support on Android, we don't
> think PGP is the way to go for efficient mobile chat, and also are not
> ready to abandon forward secrecy as a feature.
> 
> And so, our OTR offline solution is comprised of the following pieces:
> 
> 1) Client/App supports XMPP extension for message delivery receipts
> and auto-retry:
> http://xmpp.org/extensions/xep-0184.html
> 
> While the person you are trying to send a message to may be offline at
> the very moment you want to message them, it is very likely that they
> will be online at some point in the near future. If your chat client
> is always running in the background on your device, it can sense when
> they come online, and deliver the message you wrote earlier. By
> supporting delivery receipts, you can confirm it did indeed get
> through to them, and if not, continue auto-retrying until it does.

The main problem I see with this is that this still requires both clients
to be online at the same time, something which Threema, Heml.is etc.
avoids. My phone internet access is seldom a constant thing, so this
is obviously not ideal.

> 
> 2) XMPP server that supports offline messages storage and delivery:
> http://xmpp.org/extensions/xep-0160.html
> http://xmpp.org/extensions/xep-0091.html
> ejabberd support: http://www.process-one.net/en/ejabberd/protocols/
> http://prosody.im/doc/modules/mod_offline
> 
> XMPP already has a well-established mechanism for this, and many
> open-source servers like ejabberd and prosody support it well.
> 
> 3) Client that supports long-lived OTR sessions. If a chat
> conversation is held open, then the same OTR session key should be
> used as long as possible, i.e. until one of the participants request a
> session restart.
> 

I assume that these two options go together, i.e. that an OTR session is
kept alive from both ends, and offline message delivery is used to send
messages over that session. Definitely a good idea - if you only work
with a single client per user. Alternatively, that you would attempt to
keep an OTR session going with each resource ever seen, and send multiple
messages (OTR v4 according to wikipedia).

Long-lived OTR session keys is also something of a relaxation of the 
forward secrecy requirement, is it not? (Playing a bit of devil's 
advocate here)

> 4) Optionally: use the OTR v3 shared "extra" symmetric key generation
> feature to encrypt offline messages and send those via a mobile push
> service.

Sidechannel message delivery definitely sounds interesting. Could you
expand on the guarantees made regarding this key? Is it the same as for 
regular OTR keys? (PFS, etc)

> Would love comments on this. Anything else we might have missed?
> 

To be quite frank, for offline message delivery to an unknown client,
the OTR model rarely holds up very well. As such, I would propose just
going for XEP-0027 (PGP-encrypted messages) if there is no OTR session 
available, and trust the offline message delivery services of the
server to get them to the destination. This drops forward secrecy,
but makes it actually possible to send messages in the first place.

Moving transparently onto OTR as soon as possible would still be
a priority of course.

Best

/P
> +n
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBAgAGBQJR5I2eAAoJEKgBGD5ps3qpXSsP/2Bd1R7fw4C2LeGM3RAZuFup
> Jhd/YIBt4I7Yh4tIGGs2Bn7B3gCGmDXRTnqWPtj8IpE/XINB0Pr4gME0kC/xV0Kf
> dFotFwps3WkihJXaR2IeK4FmDoLX4xVETqiFFwZSE4FM2zNJiVPsXIDzeIXKp//9
> HSU/Rhv4y/ycSPONqC0Wy6x+0TOM6arcTGmg9noDbnBWIGxbOEU9jKSpJhzDHSz7
> 79rMorer7KS1p88zJ+tMoprdwGqtf0wEZacwgIOKcZRUPxWveqUPcANOyGfi40u4
> 11vvbwVBj0hETTCWDtxFOO61JTLGWiqlVNd6bsPICr08cfe42s6hJEMnay00tWaJ
> ovcw4MCAHP/c9sWqy5KSufa04NIMlON5g83cQRGevqnEMJYDHHlrLyFTHO8M+ZY+
> CF6wmiGJIHQyet6xxjPZH97vk+tPC6eTnoLFiNxS2SlAJYmQxmcAtqvFO+HLDBNM
> wOosJ0TjA3gmDwU6udhpPbe/BBigemnFedRahta1PbRVgl/1oDwH8ecwoj9xTWtq
> O/LmJbiAkqCf4YnFq+1sbyTXvRw9MBdXXJUc3vClbxmGQ6xZjMAZKnOVpbKeSmSd
> v73UVvtNXsV4XfVOICbRS84dakxA3YG9P+T37un82r0tyDJUB7DXe2HZwiGHQ58T
> YJUO0epUFqDfidtrWyJf
> =7SnB
> -END PGP SIGNATURE-
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

-- 
Petter Ericson (pett...@acc.umu.se)
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanf

Re: [liberationtech] Mapping Sea Levels

[Jens Kubieziel]

* Yosem Companys schrieb am 2013-07-16 um 01:03 Uhr:
> Does anyone know of any maps that have been drawn up showing what the
> SF bay area coastline will look like as a result of global warming?
> Or do you know of anyone who might know the answer to this question?
> 
> I'm looking for a map that changes contingent on the selected number
> of feet of higher sea level anticipated.


Maybe OpenSeaMap can be helpful here: http://www.openseamap.org/>
I added Bernhard Fischer to Cc:. He held a talk at 27C3 and might know
more on this topic. See
https://events.ccc.de/congress/2010/Fahrplan/events/4183.en.html>.

Best regards
-- 
Jens Kubieziel   http://www.kubieziel.de
Der Weise ist selten klug. Marie von Ebner-Eschenbach
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech