Next week, a panel of the Ninth Circuit Court of Appeals (Thomas, Reinhardt, and McKeown) will hear oral argument in the second round of United States v. Nosal. This time around, the main question in the case is whether and when accessing an account using a shared password is an unauthorized access under the Computer Fraud and Abuse Act. A second question is how to interpret Nosal I, the en banc decision from 2012, and in particular whether it required circumventing a technical access barrier.
Friday, October 16, 2015
For my Ethical Hacking students.
The Obama administration has apparently decided not to support exceptional access proposals that would provide law enforcement with the means to access data on iPhones and other personal devices.
As I argued previously on Just Security, instead of pursuing exceptional access, policymakers should seek to build a durable legal structure that would provide the FBI with the authority, under appropriate oversight, to exploit software vulnerabilities. Because these vulnerabilities already exist, lawful hacking, as this is sometimes called, can help get law enforcement what it needs without introducing the additional security risks associated with exceptional access. It is worth revisiting this issue now that the administration has seemingly reached a decision regarding its encryption policy.
The law scholars I have subsequently spoken with disagree about whether the legal structure exists today to support lawful hacking. Although there are a few excellent treatments of the subject (for example, here and here), the issue seems to me to be under-examined.
I keep thinking about all those eggs in one basket. Perhaps redundancy isn't such a bad thing? This also points to some high value targets in the coming CyberWar...
Dozens of Major Websites Crash All at Once
Dozens of major websites including Netflix, Uber and the BBC went down simultaneously on Thursday in some areas of the United States, but were soon up again in most cases.
The cause of the crashes remained unclear, but some appeared connected to trouble at a cloud service relied on by companies, although that did not stop the social media rumor and conspiracy mill from going into overdrive.
… Netflix spokesman Joris Evers told AFP that the outage was the result of "technical issues" at an UltraDNS cloud service provided by Neustar and affected mostly US subscribers.
… Cloud-based DNS services essentially route traffic to websites.
"It's kind of a road map," said Silicon Valley analyst Rob Enderle of Enderle Group.
"The roads are still in place, but if the map goes away nobody knows where to go."
What makes good Computer Security? How controlled (controllable?) is an “authorized” user?
Orin Kerr writes:
Read more on The Volokh Conspiracy.
[A draft worth reading:
My forthcoming article, Norms of Computer Trespass, offers some thoughts on how to deal with the shared password problem.
This could be useful!
Skype Goes Universal, Lets Anyone Join A Chat Even Without A Skype Account
… In a blog post, the Skype team has announced that users can now share links to their Skype chats with other people without requiring them to create or open a Skype account.
… The new feature works by letting users generate a unique link for a certain chat by clicking the +New button. This will create the link that can then be shared to other people through any means. On the receiving side, users who are invited to a chat can simply click on the link to go to the Skype for Web interface, enter their name and start chatting away.
I like WolframAlpha for Math. But it does other things too.
16 Searches You Can Run on Wolfram Alpha That Don’t Work on Google
“There are all kinds of different ways to use Wolfram Alpha, and it’s often a better idea to load up the computational knowledge engine rather than your search portal of choice. Here are 16 of the most useful queries that Wolfram Alpha can handle but leave Google stumped…”
Some “flipped” thinking: Is there a right to be remembered?
Commentary – the web is not a library, repository, a place
The Atlantic – If a Pulitzer-finalist 34-part series of investigative journalism can vanish from the web, anything can, by Adrienne LaFrance, October 14, 2015: “If a sprawling Pulitzer Prize-nominated feature in one of the nation’s oldest newspapers can disappear from the web, anything can. “There are now no passive means of preserving digital information,” said Abby Rumsey, a writer and digital historian. In other words if you want to save something online, you have to decide to save it. Ephemerality is built into the very architecture of the web, which was intended to be a messaging system, not a library. Culturally, though, the functionality of the web has changed. The Internet is now considered a great oracle, a place where information lives and knowledge is stitched together. And yet there are no robust mechanisms for libraries and museums to acquire, and thus preserve, digital collections. The world’s largest library, the Library of Congress, is in the midst of reinventing the way it catalogues resources in the first place—an attempt to bridge existing systems to a more dynamic data environment. But that process is only beginning… Yet today’s web is more at-risk than the iterations that preceded it. The serving environments are now more complex, and the volume of data involved is astonishing. In 1994, there were fewer than 3,000 websites online [nhttp://www.llrx.comote – my site LLRX went online in 1996 and continues today]. By 2014, there were more than 1 billion…”
I be two grate-full. It shell make my students gooder.
9 Websites That Solve Dumb English Grammar Mistakes Instantly
“Skills, competencies and mindsets?” Sounds like my students could benefit form this report.
Building Expertise to Support Digital Scholarship: A Global Perspective
Building Expertise to Support Digital Scholarship: A Global Perspective by Vivian Lewis, Lisa Spiro, Xuemao Wang, and Jon E. Cawthorne October 2015. 50 pp. ISBN 978-1-932326-51-2 CLIR pub 168
PDF Download of Full Report. This is a web-only report—it is not available in print. “This report sheds light on the expertise required to support a robust and sustainable digital scholarship (DS) program. It focuses first on defining and describing the key domain knowledge, skills, competencies, and mindsets at some of the world’s most prominent digital scholarship programs. It then identifies the main strategies used to build this expertise, both formally and informally. The work is set in a global context, examining leading digital scholarship organizations in China, India, Taiwan, the United Kingdom, Germany, Mexico, Canada, and the United States. The report provides recommendations to help those currently involved in or considering embarking on a digital scholarship program.”