Loss of Privacy

Last week, we learned that net filters were going into place in Australia.  Now, we learn that the filters don’t work as advertised, the government doesn’t seem to care, and no one, apparently, is going to do anything to fix them.

The Federal Government is attempting to silence critics of its controversial plan to censor the internet, which experts say will break the internet while doing little to stop people from accessing illegal material such as child pornography.

Since filtering child porn was the reason behind these filters to begin with, it should come as no surprise that it isn’t very effective at doing that job at all.  Instead, ISPs are having problems of severe latency, speed drops up to 86%, and up to 10% of legitimate sites being blocked.

The first tier, which internet users would not be able to opt out of, would block all “illegal material”. Senator Conroy has previously said Australians would be able to opt out of any filters to obtain “uncensored access to the internet”.

The second tier, which is optional, would filter out content deemed inappropriate for children, such as pornography.

But neither filter tier will be capable of censoring content obtained over peer-to-peer file sharing networks, which account for an estimated 60 per cent of internet traffic.

Brilliant planning from the Australian government has resulted in ignoring the main source of sharing online.  They completely ignored P2P traffic when creating these filters.  Either the Australian government is extremely stupid or they wanted it to appear as if they were actually trying to do something to stop child porn.

The third, scarier, option is that they just want to track everyone in their country and this is a pretty good way of doing it.  Proof of this can be seen in the filtering of banking systems.

There’s also the issue of filtering HTTPS web traffic – the protocol used for online banking transactions. Five of the filters tested for ACMA could intercept HTTPS traffic, a worrying prospect if the Government intends to use one for blocking secure websites that are inappropriate or illegal. A filter inspecting secure banking data and online purchases for unsavory content effectively opens the door to fraudsters and undermines the entire e-commerce process.

They claim it is to search for anything illegal, but shouldn’t they have a suspicion first before being allowed to intercept your bank details?

To provide a safer environment for children online we need to focus on areas posing a real threat to young Australians like cyber-bullying, identity theft and online predators. Filtering does nothing to reduce these risks. Just like we educate children about staying safe outside, we need to educate them about staying safe online. Walk them through it just like we’d walk them to the park. If that means educating parents unfamiliar with the Internet as well, then let’s do it.

And this is what we should be doing.  This isn’t to say that we should ignore child pornography, but cyber-bullying, identity theft, and online predators are a much greater, and possibly immediate, threat in the world.  We should be doing more to educate children and adults rather than just throwing catch-all filters in place and hoping the problems will go away.

Under the guise of anti-terrorism efforts, Home Secretary Jacqui Smith hints that the government should have access to sites such as reddit, digg, facebook, YouTube, eBay, and any other site that offers free accounts.

The plans to create a large database of emails and phone calls were controversial enough, but the new plan is to make any website offering free accounts fair game for the relevant authorities.

Smith says in a speech that websites that offers a free account “are a potential hotbed for terrorist activity”, as the activity on them is not tracked.

She wants the relevant authorities to be able to track potential terrorists’ actions, although only names and locations would be logged, not the content of the message.

So while there isn’t going to be a huge database where all your digital communications live, you might want to think twice about putting up an image of Osama Bin Laden as your profile picture for comedy effect.

So, these sites are hotbeds for terrorists?  I’m sure the terrorists on facebook make sure to post what they’re doing before going out and blowing up a building.

It’s equally stupid to keep a log of people’s names and locations, but not the content of the message.  That is, unless the government just wants you in a database with no record of what you did so that you cannot mount a defense against the government.

You also might want to put up as many photos of Osama bin Laden as you can, along with photos of the prophet Mohammed.  Flood the databases as much as you can.

If you want to prevent the creation of such a database, you need to lodge your protest now.

When Australians first heard of the new filters in 2007, they thought it would only be to protect the children.  Then, they found out that they would be subjected to the net filters, and there’s no opt out.  Despite public outcry, testing began in Tasmania and, soon, all ISPs will be forced to use the official government blacklist.

Australians may not be able to opt out of the government’s Internet filtering initiative like they were originally led to believe. Details have begun to come out about Australia’s Cyber-Safety Plan, which aims to block “illegal” content from being accessed within the country, as well as pornographic material inappropriate for children. Right now, the system is in the testing stages, but network engineers are now saying that there’s no way to opt out entirely from content filtering.

Internode network engineer Mark Newton told Computerworld that users are able to opt out of the “additional material” blacklist—which targets content inappropriate for children—but not the main blacklist that filters what the Australian government determines is illegal content.

This appears to be very similar to the great firewall of China.  If things like this keep happening, the Internet will, effectively, be much like it was in the past.  The Internet will become a series of computers connected to a few “legal” sites only within your own country.

Ben Hoskings has a brilliant open letter to Senator the Hon Stephen Conroy, Australian Minister for Broadband, Communications and the Digital Economy.  You should read it, use it, and send Mr. Conroy a letter yourself.

A mother in California wants to ban the best selling book, The Kite Runner, claiming that it’s inappropriate because it deals with a violent sex crime, namely male rape.

The book tells the story of an Afghan boy through the revolutions, wars and religious zealotry of modern-day Afghanistan, and includes a description of the protagonist being raped by a man. It is widely used in California classrooms for both English and history classes.

“When you have something that is explicitly referring to sexual violence, whether it be heterosexual or homosexual, it is not safe for children,” said school board president Carl Harris, in an interview with the newspaper. “I have a moral stance against it.”

This is a very well written book that deals with life, albeit a horrific version of it.  It’s reality as it is.  You cannot keep your child locked up forever in their idyllic world where everything is perfect, good and nice.  This book should have been an insight to other parts of human life and a realistic look at something that can happen anywhere, not just Afghanistan.  If your child does not know of these things by the time they are fourteen, then, possibly, you have sheltered them far too much.

The school gave the girl an appropriate alternative, yet the mother didn’t want it.  If the mother had bothered to read the book thoroughly, she would have seen that this book is far more about tolerance and acceptance than it is about rape.  Maybe the mother should keep her daughter at home and make her read about Lot and his daughters.

The Kite Runner is about hope and redemption.  To concentrate on the violent parts takes away from the message of the novel and does a disservice to what the author is trying to teach.  Let your kids read what they’re assigned, read it with them, then have an open and honest discussion with them about the subject matter.  Stop with the book burning crap and use it for as a life lesson with your child.

The Kite Runner:
limited preview at google books.
Author’s Site
Study Guide
Official Movie Site
Wikipedia
Buy From Amazon.com

A federal judge on Saturday granted the Massachusetts transit authority’s request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.

The undergraduate students had been scheduled to give a presentation Sunday afternoon at the Defcon hacker conference here that they had said would describe “several attacks to completely break the CharlieCard,” an RFID card that the Massachusetts Bay Transportation Authority uses on the Boston T subway line. They also planned to release card-hacking software they had created, but canceled both the presentation and the release of the software.

EFF staff attorney Kurt Opsahl said that the temporary restraining order is “violating their First Amendment rights”; another EFF attorney said a court order pre-emptively gagging security researchers was “unprecedented.”

While the state of Massachusetts may have gotten an injunction and the talk was canceled, the cat is out of the bag.  Everyone registered to the conference has already received their paper detailing the hack.

Every one of the thousands of people here who registered for Defcon received a CD with the students’ 87-page presentation titled “Anatomy of a Subway Hack.” It recounts, in detail, how they wrote code to generate fake magcards. Also, it describes how they were able to use software they developed and $990 worth of hardware to read and clone the RFID-based CharlieCards.

Those CDs were distributed to conference attendees starting Thursday evening, meaning the injunction arrived nearly two days late. (On the other hand, the source code to the utilities–not included on the CD–was removed from web.mit.edu/zacka/www/subway/ by Saturday morning.)

Since they are RFID-based, there is a good chance that the system is similar to the Oyster cards in London.  A paper about the vulnerabilities of that system, along with an 87-page presentation, might be all one needs to also discover exactly how the CharlieCard is vulnerable.  Several documents already show that MBTA have a lot of other problems as well.

Also released as part of the public record was a document marked “confidential” and written by the researchers that explains exactly how the Charlie cards can be cloned and forged. “Our research shows that one can write software that will generate cards of any value up to $655.36,” the document says.

The document also discusses the lack of physical security at the MBTA. “Doors were left unlocked allowing free entry in many subways,” the document says. “The turnstile control boxes were unlocked at most stations. Most shocking, however, were the FVM control rooms that were occasionally left open.”

“It has been known for years that magnetic stripe cards can easily be tampered with and MBTA should not have relied on the obscurity of their data-format as a security measure,” Nohl said. “MBTA made it clear that they are not interested in cooperating with researchers on identifying and fixing vulnerabilities, but their lawsuit will motivate more research into the security of Boston’s public transport system.”

The MIT student newspaper has now published the paper in question, and there are several mirrors [pdf warning].

MBTA seems happy to have security through obscurity instead of working with those that can exploit the system in order to fix it.  They threaten them with the FBI and get court orders to stop them from speaking.  This exploit is out there.  It will be used.  It would have been more prudent to actually sit down with these young men and find out what’s wrong and how to fix it.  Instead, they will receive more scrutiny and more exploits are bound to be found.  Next time, however, the hackers might not be so cooperative in giving out the details.