The Spontaneous Huddle

CNet News is  reporting that a District Court judge in Vermont has issued an order requiring a defendant to decrypt his computer for a grand jury.  The prosecution believes that his drive contains child pornography, but due to the PGP encryption they were unable to view the files.

The case raises a Fifth Amendment question: whether decrypting the computer would constitute being compelled to be a witness.  It has also been appealed to the Second Circuit for review of the decision.

My personal feeling is that the Second Circuit will find that providing the password is more like providing the key to a safe deposit box than like testifying in court or speaking to law enforcement officers.  The prosecution already had the computer, which was seized as the defendant entered the country from Canada.  All they need now is to be able to read it.  I can’t imagine the Second Circuit will want to issue a ruling that would teach criminals that all they have to do to keep their documents secret would be to encrypt them and refuse to disclose the decrypting passphrase.

On the other hand, the ACLU has come out against the decision.  However, they frame the question as one of discovery (“It’s not the same thing as asking him to turn over the Xeroxed copy of a document.”) and not of access.

Joshua L. Simmons Main Fifth Amendment, Privacy

Most of us were probably blissfully unaware that we came perilously close to disaster on Tuesday morning. At 4:30 am EST while many of us were still asleep, Google’s Gmail was shut down for two and a half hours. The Wall Street Journal is reporting that the outage was caused by the installation of new software, which triggered a bug in the Gmail code. The outage was near disaster for users and companies that needed access to their e-mail on Google’s servers. It also highlights the fact that centralization of formerly-desktop functions is fraught with perils.

Photo by manfrys (licensed under CC)

The companies that provide these services—such as Google and Salesforce—believe that they are providing something that companies would be unable to provide themselves, and scholars—such as Professor Randal C. Picker of Chicago Law School—believe that the shift to cloud computing (think Gmail, where the computer functions are centralized, as opposed to performed at your own computer) is natural because users are bad at performing their own tech support, computers are complicated, poorly run computers are used by hackers to harm everyone else, and users cannot buy additional computing power as it is needed.

This, however, ignores two looming threats. The first, which is highlighted by Google’s outage, is that when these services go down, it no longer just affects one company, it affects all companies, and there is no way that those companies can adequately secure themselves. One might argue that this is no different than when a utility company, like the electric company, loses service. However, companies that are concerned about losing electricity have backup generators; companies that are concerned about the phone lines have satellite phones. When you use Google for your e-mail and documents, there is no backup. If you are working on a document in Google Docs, you can’t also have a copy stored on your desktop. You could have an older version, but for companies that are making sales every day and tracking them in a Google Docs spreadsheet that isn’t a viable alternative.

The second threat posed by such centralization comes from malicious attacks. Obviously, there has always been a concern about computer viruses; and computer worms allow those viruses to be spread without the host having any idea that they are infected. Today, however, we are seeing the rise of cyber warfare. I won’t get into it too deeply here, but it is sufficient to point out that when the Russians invaded Georgia last year, they preceded their attack by launching attacks on the Internet infrastructure of the Georgian government. As computing becomes more centralized, it will be easier to cripple your foes by attacking their centralized communications systems.

I don’t have a great solution to this problem. Gmail is a great (except for the spying part) service and everyone uses it. This is just another one of those things where blind reliance causes complacency among those that will be most harmed when that relied upon no longer functions.

Joshua L. Simmons Main Cyber Warfare, Internet, Privacy

Unless you have been living under a rock that does not have Internet access, you probably have noticed the stories of the last week concerning Facebook’s Terms of Service. If you are one of these unfortunate souls, let me sum up: Facebook had terms of service that were unfair, Facebook made them more unfair, media firestorm, Facebook returns to the unfair terms of service. Seriously though, the terms of service have always been bad. Essentially they say that whenever you write or post something to Facebook, you are giving Facebook a license into perpetuity to do whatever they want, including to sell to other people. Up until recently, that license would end when you stopped using Facebook’s service. Facebook, however, realized that either (a) they want to keep using your content; or (b) if they don’t have a license, they have to delete your comments etc. on other people’s pages. So they fixed this problem by making the license into perpetuity without termination.

Now Facebook is trying to get its users to write a “Bill of Rights.” The idea that you have any rights on the Internet is ridiculous, but it is particularly absurd when you are talking about Facebook. The venture capitalists that “own” Facebook own another property; it’s called In-Q-Tel, and it is the private company that fronts for the CIA. If you don’t believe this little conspiracy theory, fear not. Even if Facebook is not just handing your information over to the intelligence community, the intelligence community can get that information at any time with little more than an administrative subpoena. Similarly, if you are less concerned about government monitoring than private companies, don’t you worry. Facebook is in the business of selling your information to others. Sure advertisers are usually sold a black box where they don’t actually know who you are personally, but it is highly unlikely that Facebook wouldn’t hand over your information for the right price. Furthermore, it is equally likely that when Facebook collapses (like a flan in a cupboard), which is inevitable since it has yet to monetize its service, its creditors will claim your information as an asset that the company can use to offset its debts.

Also, as a reminder, in case you have not realized the horror show yet, you and I are not the only ones on Facebook. There are a lot of artists that have been using Facebook to market their music, images, or words. Whenever those artists uploaded a video of their work—you guessed it—they were giving Facebook a license to use and sell that work to whomever they want at whatever rates they want.

The idea that you could put your information out on Facebook and maintain any privacy or control is ludicrous. Instead, you should just recognize that you have given up all of your rights to that behemoth in exchange for checking your friend’s status message, and be content with the idiotic state you have put yourself in.

And now your just dessert:

Photo by supergiball (licensed under CC)

Joshua L. Simmons Main Intellectual Property, Internet, Privacy