from the “another security headache” department

Yes postings have been sparse lately – things getting busy so alas. Anyway, very short (but rather alarming) note from Wired about copiers. Though I knew most copiers now used digital technology of some sort, I had no idea they actually contained full-blown hard drives that store your copies. The exact reason why they need hard drives to copy documents, and why the data needs to remain on the drives, is a bit of a mystery to me, and something the article doesn’t go into. I’d had always just assumed that the image information was stored somewhere temporarily and disappeared when you finished copying. Apparently not. Anyway, here’s a brief excerpt:

most digital copiers manufactured in the past five years have disk drives – the same kind of data-storage mechanism found in computers – to reproduce documents. As a result, the seemingly innocuous machines that are commonly used to spit out copies of tax returns for millions of Americans can retain the data being scanned.

If the data on the copier’s disk aren’t protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands.

I guess someone, somewhere, will be selling add-on kits for copiers relatively shortly…

press neutrality and lawsuits

Techcrunch (Mr. Arrington) has put up an article suggesting Digg sue Wired (that’s also the headline – “Digg Should Sue Wired”). Because Wired posted some negative reviews of Digg. And because Wired’s parent, Condé Nast, owns a competitor of Digg (reddit). The nub:

Digg can’t treat Wired like any other user that’s engaged in fraud. Wired is the press, and the press has tremendous power. Wired is putting Digg in an impossible situation, and they should be called on it. Reporting news is one thing (although they should note the conflict of interest there as well), but actively creating negative news about a competitor and then using the massive reach of Wired to promote that “news” is way over the line.

Very strog words indeed. I’m quite surprised by this comment, as I understand Mr. Arrington has legal training and in fact practiced as a lawyer for some time. Why surprised? Because, apart from the possibility that the reporter who wrote the second article to which he refers (who basically tried to see if Digg’s system of user rankings could be “gamed”) breached Digg’s terms of use (of course – because rightly so their terms would prohibit such gaming…), its really, really tough for me to see exactly what Digg should sue Wired for? What exactly is the cause of action? Surely he’s not accusing Digg of actually committing fraud, is he? It difficult for me to see how fraud has been committed – what exactly is fraudulent about the articles?

Sure, there is a conflict of interest situation here, the usual cure for which is full disclosure, but hardly the basis for a lawsuit. And if he thinks that Wired suffers from conflict of interest, well, I invite him to check out the ownership of most major media in the US and Canada, and see how many times they are taking a stab at competitors of other companies that their ultimate owners control. If this is as big a deal as Mr. Arrington suggests, the Chomsky’s Manufacturing Consent should be considered a field manual to endless lawsuits against not only Condé Nast but also CBS, NBC, ABC, CanWest Global, etc. etc. etc.

But perhaps I took the words too seriously – perhaps he was just using the words “sue” and “fraud” figuratively or to illustrate his point. Or perhaps, given the more litigious nature of the US, and the somewhat kindler, gentler, less punitive (as in damages) environment in Canada, there is actually a basis for Digg suing the heck out of Wired.

Bit of a tempest in a teapot, I think…

And of course in the interest of full disclosure, I am a subscriber to Wired, and also hope someday to see one tiny link from their site to this little blog.

canadians – as bad as the chinese (almost)

Well, this story certainly has got a lot of coverage. I was quite surprised to read in Wired that quite of bit of IP is stolen in Canada. To wit:

But — surprise, surprise — IIPA also wants Canada added to the list of the most egregious violators. That’s right. Canada. According to the IIPA, Canada was responsible for $551 million in lost revenue in 2006, all of it in the business software sector (numbers from other industries were not available). That makes Canada the fourth-worst offender. See the chart here.

I was also at a very interesting speech that Graham Henderson of CRIA gave on the proliferation of counterfeit goods in Canada. Again, though I knew of some counterfeiting of goods going on here, I was a bit surprised at the numbers that were presented and also the types of counterfeiting – everything from extension cords to batteries to pharmaceuticals.

Of course that’s one side of it. And like everything else there are always two side to a story. Michael Geist is quoted in the story as asserting that the IIPA is out of touch with the rest of the world by criticizing countries who have less stringent measures in place than US legislation, which he asserts to be the world’s toughest.

Its interesting to compare this with the MPAA’s position on proposals in the use on fair use, which I mentioned a bit earlier. Perhaps best described like this:

Geist on IP infringement issues in Canada: “Problem? What problem?”

The MPAA on fair use issues in the US: “Problem? What problem?”

And so it goes. <sigh>

Fair Use and the DMCA

An article in Wired News with the dramatic title of “Lawmakers Tout DMCA Killer” describes the most recent attempt to: (a) water down the protections afforded to content owners by the DMCA; (b) ensure the preservation of fair use rights on the part of users. As is usual, each side has its own rhetoric to describe what is happening, so in fairness I took the liberty of offering to readers of this blog the two alternative descriptions above. The nub:

The Boucher and Doolittle bill (.pdf), called the Fair Use Act of 2007, would free consumers to circumvent digital locks on media under six special circumstances.

Librarians would be allowed to bypass DRM technology to update or preserve their collections. Journalists, researchers and educators could do the same in pursuit of their work. Everyday consumers would get to “transmit work over a home or personal network” so long as movies, music and other personal media didn’t find their way on to the internet for distribution.

And then of course on the other side:

“The suggestion that fair use and technological innovation is endangered is ignoring reality,” said MPAA spokeswoman Gayle Osterberg. “This is addressing a problem that doesn’t exist.”

Osterberg pointed to a study the U.S. Copyright Office conducts every three years to determine whether fair use is being adversely affected. “The balance that Congress built into the DMCA is working.” The danger, Osterberg said, is in attempting to “enshrine exemptions” to copyright law.

To suggest that content owners have the right to be paid for their work is, for me, a  no-brainer. That being said, I wonder whether the DMCA and increasingly more complex and invasive DRM schemes will ultimately backfire – sure they protect the content, but they sure as heck are a pain in the ass – just my personal take on it. For example, I’d love to buy digital music, but having experienced the controls that iTunes imposes and suddenly having all my tracks disappear, I just don’t bother with it now. Not to mention the incredible hoops one needs to go through to display, say, Blu-ray on a computer – at least in its original, non-downgraded resolution – why bother with all of that at all?

I wonder whether this is, in a way, history repeating itself in a way. I am old enough to remember the early days of software protection – virtually every high-end game or application used fairly sophisticated techniques (like writing non-standard tracks on floppies in between standard tracks) in attempting to prevent piracy. Granted, these have never gone away altogether, particularly for super high end software that needs dongles and and the like, and of course recently there has been a resurgence in the levels of protection that have been layered on in Windows, but after the initial, almost universal lockdown of software long ago, there came a period where it seemed many (if not most) software developers just stopped using such measures.  At least that’s what seemed to happen. I’m not quite sure why, but I wonder if this same pattern will repeat with content rather than software. I suspect not. But hey, you never know.

In the meantime, off I go, reluctantly, in the cold, cold winter, to the nearest record shop to buy music the old fashioned way…


Thoughts on Quantum Computing

Interesting article in Wired News where they interview David Deutsch who they refer to as the Father of Quantum Computing. He has a kind of low key but interesting take on the recent demonstration of a real, live 16 qubit quantum computer by D-Wave, a Canadian company based out of Vancouver.

Low key insofar as he doesn’t seem particularly enthused about the potential of quantum computers, other than perhaps their ability to be used to simulate quantum systems and of course encryption:

Deutsch: It’s not anywhere near as big a revolution as, say, the internet, or the introduction of computers in the first place. The practical application, from a ordinary consumer’s point of view, are just quantitative.

One field that will be revolutionized is cryptography. All, or nearly all, existing cryptographic systems will be rendered insecure, and even retrospectively insecure, in that messages sent today, if somebody keeps them, will be possible to decipher … with a quantum computer as soon as one is built.

Most fields won’t be revolutionized in that way.

Fortunately, the already existing technology of quantum cryptography is not only more secure than any existing classical system, but it’s invulnerable to attack by a quantum computer. Anyone who cares sufficiently much about security ought to be instituting quantum cryptography wherever it’s technically feasible.

Apart from that, as I said, mathematical operations will become easier. Algorithmic search is the most important one, I think. Computers will become a little bit faster, especially in certain applications. Simulating quantum systems will become important because quantum technology will become important generally, in the form of nanotechnology.

(my emphasis). Interesting thought about being retrospectively insecure. Particularly given spy agencies have, in the past, been sufficiently bold to transmit encoded messages on easily accessible shortwave frequencies.

I imagine the spook shops already have their purchase orders in for quantum crypto stuff (or have developed it already internally). Was a bit surprised by the statement above regarding existing technology for quantum computing. I had heard of some demos a while back, but didn’t realize that there are actually several companies offering quantum cryptography products.