[liberationtech] Calendaring Question

2014-03-21 Thread Ringo 
Hey Liberation Tech,

I have been working with some activist folks to get their data off the
cloud and into their own private hands. Some of these groups are using
Google calendar in an enterprise-like fashion where they import other
people's calendars to see when they are busy/free. Most of these groups
don't really have the resources to maintain their own calendar server
(like webcalendar, which works great). My question for libtech is:

1. Are there any hosting providers that offer or can be re-purposed for
host-proof/zero-knowledge/whatever calendar (ical/caldav) hosting? How
have you seen this problem solved?
2. Is there a way on android/iOS devices or through Thunderbird to take
one iCal's events and push them to another iCal as some generic event
like "busy"? That way, they can have their private calendar on their
phones and then push their busy/free schedules to something with more
enterprise support like Google Calendar.

Thanks for any help you can offer,

-- 
-- Ringo
PGP Key


BitMessage  Address:
BM-NBeAE8h4LQTvFfQyhsC13cBrDPphhkek
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Whitehouse.gov request for inputs on big data and privacy.

2014-03-21 Thread Richard Brooks 
The President's review of big data and privacy

In January, President Obama spoke about changes in the technology we use
for national security purposes, and what they mean for our privacy broadly.

He launched a 90-day review of big data and privacy: how they affect the
way we live, and the way we work -- and how data is being used by
universities, the private sector, and the government.

As part of that review, we've already heard from leading privacy
advocates and industry leaders, among others.

But this is a conversation that affects all Americans, and we want to
make sure you have a chance to be a part of it. We want your input.

Take a moment to tell us what you think about big data, privacy, and
what it means to you.

http://links.whitehouse.gov/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTQwMzIxLjMwNDA4MDUxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE0MDMyMS4zMDQwODA1MSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE2Nzg5ODE0JmVtYWlsaWQ9cnJiQGFjbS5vcmcmdXNlcmlkPXJyYkBhY20ub3JnJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&100&&&http://www.whitehouse.gov/issues/technology/big-data-review?utm_source=email&utm_medium=email&utm_content=email311-text1&utm_campaign=tech

Stay Connected

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] STRIKE FROM SPACE ..................or "When the MARTIANS arrive"...

2014-03-21 Thread Techno CAT 
STRIKE FROM SPACE
..or "When the MARTIANS arrive"...
...
Earth will be divided into ACRESprecise ACRESwithout regard to
mountains, valleys, rivers, or oceans...
...
a SPACESHIP will hover 1 mile directly above EACH ACRE...that
SPACESHIP will be able to supply INTERNET to/from that ACRE...
...
PRIVATE INDIVIDUALS (from MARS) will OWN each SPACESHIP...
...
those PRIVATE INDIVIDUALS will transmit to/from each otherwith
technology THEY DEVELOPED (and OWN)...
...
UNEDUCATED Humans on .EARTH will NOT have access to the .MARS
technology...there is NO NEED TO KNOW...
...
a SPACESHIP will hover 1 mile directly above EACH ACRE...
...
the MARTIANS could NOT CARE LESS who "THINKS" they "OWN" each ACRE on .EARTH...
...
the MARTIANS simply want to be PAID for the INTERNET services TO/FROM
each ACRE...
...
Humans on .EARTH have NO NEED TO KNOW...how those payments are distributed...
...
Each ACRE will be TAXED based on Internet usage...[PEOPLE on .EARTH
have travelled to .MARS to buy the SPACESHIPS]
...
Humans on .EARTH will be expected to supply the ELECTRICITY for each ACRE...
...
the MARTIANS will RECHARGE their Batteries FOR FREE from each
ACRE...using proximity charging devices...
...
a SPACESHIP will hover 1 mile directly above EACH ACRE...PRIVATE
INDIVIDUALS (from .MARS) will OWN each SPACESHIP...
...
the SPEED of transmission to/from each SPACESHIP and to/from each ACRE
will be so FAST Humans will CONSUME the bits...
...
Humans on .EARTH have NO NEED TO KNOW...how the BITS are transmitted
around the RINGS...and MESH...
...
Humans simply have to PAY their TOLL for EACH ACRE...only PREPAID
Accounts are considered FUNDED...there is NO CREDIT...
...
the MARTIANS simply want to be PAID for the INTERNET services TO/FROM
each ACRE...IN ADVANCE...in PREPAID ACCOUNTS...
...
ICANN IANA does not move a muscle without being PAID...IN
ADVANCE...they are LAWYERS...they are NOT from .MARS...they are .EVIL
imposters
...
MARTIANS do not move a muscle without being PAID...IN ADVANCE...a
SPACESHIP will hover 1 mile directly above EACH ACRE...
...
MARTIANS are paid in .GOLD...CODE is GOLD...LAWYERS do not write
CODE...LAWYERS are NOT from .MARS...they are .EVIL imposters

BEAM UP THE GOLD...$CODE$$CODECODE$our
dotC .C CODE COIN Accounts are READY...TC aka T.C
...
dotCOM .COM is not GOLD [CODE]dotCO .CO is not GOLD [CODE]...dotC
.C is CODE [GOLD]BEAM UP THE CODE...
...
dotC is a SingleSymbolRoot...0ABCDEFGHIJKLMNOPQRSTUVWXYZ12389...C is
3...A is 1...B is 2C is 00011...RGB00011 is COLOR.C...8 Colors of
.C
...
.CO just sold for $109,000,000...an opportunist from South
America...cultivated by the CIA was paid off...by the DARPA DOD NTIA
.US NSA ICANN IANA
...
.COM is old and long...dotC is just rightRGB00011 is COLOR.C...8
Colors of .CRedGreenBlue...1011...RED.C...used on .MARS the
RED.PLANET
...
.C
.CO
.COM
...
STRIKE FROM SPACE
..or "When the MARTIANS arrive"...
...
Steal this [CODE]...
...
ZOOM://REACTOS.COM
...
...
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.<<

[liberationtech] "NSA Surveillance and What To Do About It", Bruce Schneier @ Stanford, April 15

2014-03-21 Thread Steve Weis 
Bruce Schneier is speaking about NSA surveillance at the Stanford Law
School on April 14th:
http://www.law.stanford.edu/event/2014/04/15/cis-evening-event-with-bruce-schneier

Open to the public and free admission with RSVP.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] What ideas did you submit to the Knight News Challenge?

2014-03-21 Thread Steven Clift 
It is great to see all the applications, please ping me with a note if you
applied because you learned about this from my post to the mailing list.

cl...@e-democracy.org

I've heard a few people mention that, and I was curious if there were more.
I want to provide some feedback to Knight about outreach to existing online
communities of practice.

Steven Clift - cl...@e-democracy.org
+1 612 234 7072
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] What ideas did you submit to the Knight News Challenge?

2014-03-21 Thread Marc Juul 
We co-submitted a proposal with many of the community-run networks
around the world. One-sentence and link:

This yet-to-be-named coalition unites representatives from community
wireless networks and Internet freedom groups around the world to
create venues for cross-cultural collaboration and legal defense in
support of the humanitarian right to communicate free from
interference.

https://www.newschallenge.org/challenge/2014/submissions/toward-a-network-commons-building-an-internet-for-and-by-the-people

-- 
marc/juul

On Fri, Mar 21, 2014 at 3:21 AM, Joseph Lorenzo Hall  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
>
> On 3/18/14, 4:32 PM, Steven Clift wrote:
>>
>> Share your links here.
>
> CDT submitted four:
>
> Zero-rating: Development Darling or Net Neutrality Nemesis?
> https://www.newschallenge.org/challenge/2014/feedback-review/zero-rating-development-darling-or-net-neutrality-nemesis
>
> Frameworks for Innovation and Free Expression - FIFE
> https://www.newschallenge.org/challenge/2014/feedback-review/frameworks-for-innovation-and-free-expression-fife
>
> Usable Security Guides for Strengthening the Internet
> https://www.newschallenge.org/challenge/2014/feedback-review/usable-security-guides-for-strengthening-the-internet
>
> Exposing Privacy and Security Practices: An online resource for
> evaluation and advocacy
> https://www.newschallenge.org/challenge/2014/submissions/exposing-privacy-and-security-practices-an-online-resource-for-evaluation-and-advocacy
>
>
> - --
> Joseph Lorenzo Hall
> Chief Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> j...@cdt.org
> PGP: https://josephhall.org/gpg-key
> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.13 (Darwin)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTLBKqAAoJEF+GaYdAqahxGvUQAIBqLIHNDA1y0Nfwt9XZdEeR
> WTYOpCu1AdrtRTApo9Jecn6s6yf4DR3HEhTa+1DVJQvkjJ2y2AsInlJuM6YUKbDN
> WEQNZ9D2oz3EfYyGJaGLunfvixV7sl95t/6CJQhijI2/V0HzBl3oQPYsmQVU7Tdv
> gEGGgYJKzyHgAz7zCNDaStcp8DcY84+TBQ/UD6sFKO2GsF/kzlX6vH2tme7hj3+u
> RW/hbN6PA6KHOPY8C/DH8FNaljG4p/u5cd09kqs+eLlFbPTTxYNoKSOo9Vg3VWz7
> Ltm+NqikXHvvVZJKVxAc03R/zyA+E9Vm0z9Sq4dUWcrK3cLjxe/0fngKA/SrqAYM
> gGfuHgMKdICcBtUfMEEco3WohoKOYOwK+SE7kkdVsw4Y1pV7E8IEWbSvxoht351t
> xbOrP5EHevifZD4VqNa7VejwIpw2tTH7fv+nbmMgcYmAbRRzc3ZC5DupoNNvJ+Gp
> Zna0M0ADvt7QF/2ZbWSkmKc35DweljX0ZPrwmb3E+698Tx6fz2rATUoAopjsK1A8
> aGwghO20ncaecWhk2ZC0wF+fr5WeZ5zT89jj7HFZDzgaMDLEUvk0z+N3BneNZGVD
> cdMBUoilTM8FsIC58gbaH7fKXe3MgPPZQDPXarMsN/REQfQ6eN0PQ95jgw+xWxF0
> dPNB3SBtjdpSVHkG+7Hu
> =/fN3
> -END PGP SIGNATURE-
>
> --
> Liberationtech is public & archives are searchable on Google. Violations of 
> list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Microsoft in email privacy storm

2014-03-21 Thread Yishay Mor 
Microsoft in email privacy storm http://www.bbc.co.uk/news/business-26677607

 sent from my phone.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] CeDEM14 Programme Available: Join Us 21-23 May 2014

2014-03-21 Thread Noella Edelmann 
CeDEM14 Conference for E-Democracy and Open Government 21-23 May 2014,
Danube University Krems (Austria)
(apologies for cross-posting)

The CeDEM14 programme - 3 days packed with international keynotes,
workshops, presentations, a film viewing (*Blueberry Soup*) followed
by a discussion with the filmmaker Eileen Jerret, an Open Space for you,
opportunities for networking- is now available
(www.donau-uni.ac.at/cedem)

CeDEM14 Programme 21-23 May 2014
The conference will be organised as follows:
21-22 May: paper presentations, workshops, reflections and keynotes. 
The conference dinner is held on 21 May 2014.
23 May: Viewing of the Film *Blueberry Soup* and Podium Discussion
with Eileen Jerrett ( Filmmaker); CeDEM Open Space.

CeDEM14 Keynotes
*Scientific Citizenship* Alexander Gerber (innocomm Research Center
for Science & Innovation Communication, Germany);
*Open Data* Jeanne Holm (Evangelist, Data.gov, U.S. General Services
Administration, US);
*Statehood, the Deep Web, and Democracy* Philipp Müller (University
Salzburg, Austria);
*(E)ngaging communities through global thinking for local actions*
Mohamed El-Sioufi (United Nations Human Settlements Programme,
UN-HABITAT);

CeDEM14 Open Space 23 May 2014
The CeDEM Open Space is an opportunity for participants to organise
their own presentations, sessions, events, workshops, birds of a
feather, networking, etc. If you are interested in attending and/or
presenting at the Open Space, get in touch with Michael Sachs
(michael.sa...@donau-uni.ac.at).

CeDEM14 Further Details: www.donau-uni.ac.at/cedem 
Registration: http://bit.ly/1d2ZR1F 

I look forward to seeing you in Krems!
Noella



Noella Edelmann BA, MSc, MAS
Researcher
 
CeDEM14
Conference for E-Democracy and Open Government
 www.donau-uni.ac.at/cedem
 
JeDEM 
eJournal of eDemocracy and Open Government
www.jedem.org
 
Digital Government Blog
http://digitalgovernment.wordpress.com/
 
Centre for E-Government
Danube University Krems
Dr.-Karl-Dorrek-Strasse 30
3500 Krems 
Austria
www.donau-uni.ac.at/egov

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] How a seemingly simple message to students brought digital-age disaster for a Wisconsin professor

2014-03-21 Thread SAM ANDERSON 
March 10, 2014- chronicle.com

One Email, Much Outrage

How a seemingly simple message 
to students brought digital-age disaster for a 
Wisconsin professor


Courtney Perry for The Chronicle

Rachel Slocum, an assistant professor of geography at the U. of Wisconsin at La 
Crosse, 
found herself at the center of a firestorm after sending a brief email 
to students.

By Peter Schmidt

Rachel Slocum’s problems began with an email she sent at the end of long day.

It was Tuesday, October 1, and the federal government had partially shut down 
as a result of a budget impasse. The U.S. Census Bureau and Education 
Department websites were out of commission, leaving the students in her 
introductory geography class without access to data for an assignment.

"Hi everyone," she wrote to the 18 students in the online course. "Some of the 
data gathering assignment will be impossible to complete until the 
Republican/Tea Party controlled House of Representatives agrees to fund the 
government."

She urged her students to do whatever work they could. The rest, she wrote, 
"will have to wait until Congress decides we actually need a government."

 
Katie Johnson, 
a student 
in Ms. Slocum’s class and 
a political activist, 
helped spread her professor’s message via Facebook 
and Twitter.

At 10:23 p.m., she hit send.

Without knowing it, she had just put herself on a political battle’s front 
lines.

With the click of a button on her laptop, she became the focus of a national 
controversy that rattled her employer, the University of Wisconsin at La 
Crosse, and continues to threaten her career.

In an instant, the assistant professor of geography joined a growing list of 
college instructors whose lives have been thrown into turmoil when their words 
were relayed far beyond intended audiences via the Internet. Their ranks 
include professors whose provocative statements in the classroom were 
surreptitiously videotaped by students and posted online, professors who vented 
frustrations on Facebook or Twitter and then watched their posts go viral, and 
professors whose work-related websites were combed by advocacy groups for 
evidence of the political indoctrination of students.

All have had to face the uncomfortable truth that the digital age is testing 
many of the old rules governing what professors can and can’t say. The viral 
spread of controversies over college instructors’ speech has placed their 
employers under intense pressure to discipline faculty members, straining 
institutional commitments to academic freedom.

Ms. Slocum’s email popped up in the inbox of Katie Johnson, a senior who was 
taking the course while working as an intern at Americans for Tax Reform, an 
antitax advocacy group based in Washington.

Ms. Johnson had become politically active as a college freshman out of a sense 
that she needed to challenge the liberalism she found to be widespread among 
her professors and classmates at LaCrosse. To her, this email was exactly the 
kind of thing that crossed a line.

Thirty years ago a student bothered by something a professor said might have 
spoken directly to that professor or, at most, submitted a complaint to a dean. 
Ms. Johnson still had such options available, but she took a different route. 
She posted screen shots of Ms. Slocum’s message on Facebook and Twitter. "Can’t 
do my homework for class; govt. shutdown," she tweeted to her 3,000 followers. 
"So my prof blames Republicans in an email blast."

The posts, Ms. Johnson now says, were intended only "for my immediate network 
to see." If so, she, like her professor, would wake up the next day to a 
surprise.

On Wednesday, October 2, Ms. Slocum got out of bed, sat down to a breakfast of 
vanilla yogurt and coffee, and logged onto her laptop. Her inbox was being 
bombarded.

Vitriolic emails from strangers denounced the message she had sent to 18 
students the night before.

Some threatened to have her fired. Others described plans to lobby state 
lawmakers to stop giving tax money to her college.

"Clearly you have forgotten that the student is your customer," one person 
wrote. "They pay you for services rendered." Another told Ms. Slocum: "Quit 
your job because you are a worthless douchebag." By lunch, the professor would 
find herself up against an entire network of conservative organizations.

Those players—which include watchdog groups like Campus Reform, online 
publications, and local and national talk-radio shows—have sought to expose 
college professors for liberal bias and put colleges under pressure to rein 
them in. Activists on the left are similarly capable of protesting conservative 
speech they finds offensive, but they have not established organizations that 
monitor faculty speech, and campaigns demanding the firing of conservative 
academics are much less common than those directed at academics seen as liberal.

Early that day, Vicki McKenna, a conservative talk-radio host whose program 
airs in several Wisconsin cit

[liberationtech] Datarmine protects your privacy

2014-03-21 Thread Christophe Audiat 
Dear Everyone,

A day ago, I sent an email to encryptallthethings.net  to introduce them to
Datarmine's solution. In his answer, Michael Carbone told me some of you
could be interested in our idea.

In Datarmine, we are developing solutions for our users to protect their
privacy on the Internet. We have an app for Google Chrome (soon on Firefox
and Android) that allows the user to cipher their posts on social networks.
The user post a cipher message on his social network (using an asymetrical
system). With this system, you can protect your most private life from
social networks and viewers you do not grant access to. All the more, you
can do it and promote an association/NGO you like: when the post is
ciphered, you choose in a catalogue what will see people you don't want to
share your post with will see. In a nutshel, we offer simple security
parameters that protect the user also from social networks.

We would be really grateful if you could test our
addonand
give us feedback (to provide the best security possible, your friends
also have to use Datarmine if you want them to decipher your posts). And if
you know an NGO or association that would like to be in our catalogue you
can tell it too (our service is free for them).

I would also like to apologize for my English. This is not my first
language and I may have done mistakes... I just hope I was clear enough for
you to understand our concept.

Sincerly,

Christophe
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Data Breaches Put a Dent in Colleges’ Finances as Well as Reputations

2014-03-21 Thread SAM ANDERSON 
March 17, 2014- chronicle.com

Data Breaches Put a Dent in Colleges’ Finances as Well as Reputations


At Indiana U.’s data center, in Bloomington, staff members were aghast to learn 
that the university was 
among several in recent weeks to come upon security 
breaches in their information-technology operations.

By Megan O’Neil

The costs of a cyberattack on the University of Maryland that was made public 
last month will run into the millions of dollars, according to data-security 
professionals who work in higher education. Such a financial and reputational 
wallop threatens many colleges that are vulnerable to serious data breaches, 
experts say.

Crystal Brown, chief communications officer at Maryland, says an investigation 
into the theft of 309,079 student and personnel records, dating to 1998, is 
being led by the U.S. Secret Service. As part of its response, the university 
has contracted with outside forensics experts and is notifying all affected 
individuals. It is also providing five years’ worth of free credit-protection 
services to all those affected.

A tally of costs related to the breach is not yet available, Ms. Brown says. 
But several data-security professionals interviewed by The Chronicle say the 
total will reach seven figures.

"You are talking about 300,000 people spread across the continental U.S. and 
you offered them all credit monitoring, and you had a lawyer, and you had an IT 
forensics firm—my very conservative estimate would be a couple million 
dollars," says Paul G. Nikhinson, a manager of privacy-breach-response services 
with the Beazley Group, which sells cybersecurity insurance to colleges.

The Maryland case is one of several data-security breaches reported by colleges 
in recent weeks. On February 25, Indiana University said a staff error had left 
information on 146,000 students exposed for 11 months. A week later, the North 
Dakota University system reported that a server containing the information of 
291,465 former, current, and aspiring students and 784 employees had been 
hacked.

Few institutions budget in advance for data breaches, according to college 
officials and data-security professionals. Cybersecurity insurance in higher 
education remains a rarity, despite a consensus among those working in the 
field that the likelihood of such a breach involves "when," not "if."

The list of potential expenses is long. It includes forensics consultants, 
lawyers, call centers, websites, mailings, identity-protection and credit-check 
services, and litigation. Breaches can prompt major campus projects, such as 
risk-management reviews, campuswide encryption, and tests to determine how 
vulnerable networks are.

"For the organization itself, it is like a multiheaded hydra," Mr. Nikhinson 
says. "There are so many things going on at once. Depending on the 
characteristics of the event, there are usually five or six expensive things 
that are going to make up the response process."

Price tags vary depending on the nature of the incident—where and how the 
breach occurred and the number of records affected. The capacity of in-house 
information-technology and communications staffs also figures heavily in the 
final bill. Contracting for outside help typically means additional costs 
starting in the tens of thousands of dollars.

"The first thing you might think about is forensics," says Cathy Bates, chief 
information officer at Appalachian State University and a member of the Higher 
Education Information Security Council. "Do you have the capability to do it 
in-house, or will you need to call in forensics expertise? That might be your 
first outlay of cash. It can be expensive. But again, it really depends on the 
type of security breach that you are working with."

Timothy P. Ryan, managing director of the cyber-investigations practice at 
Kroll Inc. and a former FBI agent, says he has worked on some forensics 
investigations at colleges that were completed in two weeks and others that 
took months.

Hiring an outside forensics team to investigate a small breach can be done for 
"under $50,000," he says, with costs for larger incidents escalating from there.

Data breaches in higher education cost colleges an average of $111 per record—a 
figure that calculates in the damage to the institution’s reputation—according 
to a 2013 study published by the Ponemon Institute, which studies cybersecurity 
and data protection. The average per-record cost across industries including 
government, health care, and retail is $136, the study found. Titled "2013 Cost 
of Data Breach Study: Global Analysis," the report included 277 organizations 
in nine countries and focused on breaches involving 1,000 to 100,000 records.

"There are probably a lot of data breaches in higher education that go 
undetected, probably more so than in other industries," says Larry Ponemon, 
founder and chairman of the institute. "The universities are  not aware of data 
leakage and the harm that ca

Re: [liberationtech] Trsst Encryption

2014-03-21 Thread Michael Rogers 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 21/03/14 12:52, Michael Rogers wrote:
> Thanks for the pointer. The Javadoc doesn't say whether this is a 
> constant-time comparison. In OpenJDK 6 it isn't. In OpenJDK 7 it
> does something similar to my original suggestion. So unfortunately
> it seems like this might be a case where bicycle-invention is
> necessary.
> 

Sorry for the self-reply: wrong link. I resign from this thread. ;-)

http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/java/security/MessageDigest.java#MessageDigest.isEqual%28byte%5B%5D%2Cbyte%5B%5D%29

Cheers,
Michael

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJTLDdJAAoJEBEET9GfxSfMOCoH/j0g68J7m8zDAvFb6tZB7lUJ
QaCoU5mYf2uh64dW7j7e9rNZdV8P938gS5348V6Tb/UyQC8QXlF0dWbWALb3iQG8
ZU74LB+bMyhe2vtJKt86PnkwJR7MfrnZq2xIZowaxKWXtHqQS2BzsU2Q8sinu9By
78p9EYdiuxDOGK7BwtR4yqq93voBHKo0i/j8oOSWnj1OOmYOTgoPXVL08s7Iznvl
IIdt3ZoqM0UIuB/a8ZvhY+KCp1K/zXZIX9KmR2MOxKtFSLgz7LRBlv58i6lBAaXD
wA/4L2e4exNi0zUMfDihpjPpaj1Sp/yTbqlXH9SekrwHO1QNchEpS+H+qBtaXJk=
=55xn
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Trsst Encryption

2014-03-21 Thread Michael Rogers 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 20/03/14 19:30, Yuriy Kaminskiy wrote:
> Note that all above variants may be NOT actually branchless and
> thus NOT really constant-time (depending on architecture, jvm
> implementation and options, etc). Most likely, resulting time
> difference won't be sufficient to be useful for attacker, but... (I
> doubt very much you can write guaranteed-constant-time code in java
> (and most other high-level languages) at all.)

Yeah it would be really nice if Java had some way to mark a block of
code "do no optimise".

> PS If you don't want to invent bicycle, there are boolean 
> java.security.MessageDigest.isEqual(byte [], byte[]) method.

Thanks for the pointer. The Javadoc doesn't say whether this is a
constant-time comparison. In OpenJDK 6 it isn't. In OpenJDK 7 it does
something similar to my original suggestion. So unfortunately it seems
like this might be a case where bicycle-invention is necessary.

http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/security/MessageDigest.java#MessageDigest.isEqual%28byte%5B%5D%2Cbyte%5B%5D%29

http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/7u40-b43/java/security/MessageDigest.java#MessageDigest.isEqual%28byte%5B%5D%2Cbyte%5B%5D%29

Cheers,
Michael

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJTLDYDAAoJEBEET9GfxSfMGPkIAK5G1yzYH7G9lWCt+lTO6MGo
7/rsNWFil0k3dBlI9oVcXEV7+eo+n3DygLdYBv/XmquDjEiVHDQd8j8hpDkjUv77
dNbJzrINgvAJScVfczfPTRemMfm+nuUTePN4T/g4CLTxybBfqr+I+cumrPq9Ez0+
IpzvoUT93NfQM3Z7bPbwTWj0mdm7BQtFau9m2fnUBeh0P+Vor1i1MTW/4pb6w47+
NAAib30nTK21ja8f3vSh5uJ/NEH9jLVaEnwL3lXOpc0DU2u+Hme73zFcVSnwk3gY
u4mll9lKN1bZk/8kYgd+EU1HG2EB/z0863I1GuPE87rF1MJwSFZ4Nom4uOy7Ziw=
=1uie
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] What ideas did you submit to the Knight News Challenge?

2014-03-21 Thread Joseph Lorenzo Hall 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 3/18/14, 4:32 PM, Steven Clift wrote:
> 
> Share your links here.

CDT submitted four:

Zero-rating: Development Darling or Net Neutrality Nemesis?
https://www.newschallenge.org/challenge/2014/feedback-review/zero-rating-development-darling-or-net-neutrality-nemesis

Frameworks for Innovation and Free Expression - FIFE
https://www.newschallenge.org/challenge/2014/feedback-review/frameworks-for-innovation-and-free-expression-fife

Usable Security Guides for Strengthening the Internet
https://www.newschallenge.org/challenge/2014/feedback-review/usable-security-guides-for-strengthening-the-internet

Exposing Privacy and Security Practices: An online resource for
evaluation and advocacy
https://www.newschallenge.org/challenge/2014/submissions/exposing-privacy-and-security-practices-an-online-resource-for-evaluation-and-advocacy


- -- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
j...@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTLBKqAAoJEF+GaYdAqahxGvUQAIBqLIHNDA1y0Nfwt9XZdEeR
WTYOpCu1AdrtRTApo9Jecn6s6yf4DR3HEhTa+1DVJQvkjJ2y2AsInlJuM6YUKbDN
WEQNZ9D2oz3EfYyGJaGLunfvixV7sl95t/6CJQhijI2/V0HzBl3oQPYsmQVU7Tdv
gEGGgYJKzyHgAz7zCNDaStcp8DcY84+TBQ/UD6sFKO2GsF/kzlX6vH2tme7hj3+u
RW/hbN6PA6KHOPY8C/DH8FNaljG4p/u5cd09kqs+eLlFbPTTxYNoKSOo9Vg3VWz7
Ltm+NqikXHvvVZJKVxAc03R/zyA+E9Vm0z9Sq4dUWcrK3cLjxe/0fngKA/SrqAYM
gGfuHgMKdICcBtUfMEEco3WohoKOYOwK+SE7kkdVsw4Y1pV7E8IEWbSvxoht351t
xbOrP5EHevifZD4VqNa7VejwIpw2tTH7fv+nbmMgcYmAbRRzc3ZC5DupoNNvJ+Gp
Zna0M0ADvt7QF/2ZbWSkmKc35DweljX0ZPrwmb3E+698Tx6fz2rATUoAopjsK1A8
aGwghO20ncaecWhk2ZC0wF+fr5WeZ5zT89jj7HFZDzgaMDLEUvk0z+N3BneNZGVD
cdMBUoilTM8FsIC58gbaH7fKXe3MgPPZQDPXarMsN/REQfQ6eN0PQ95jgw+xWxF0
dPNB3SBtjdpSVHkG+7Hu
=/fN3
-END PGP SIGNATURE-

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.