follow me on Twitter

    Saturday, September 13, 2008

    The Need for Judicial and Legal Technical Training

    Thank you, Neon Samurai! Someone is reading my stuff or watched my presentation at The Last HOPE. Neon Samurai said, "Tiffany Strauchs Rad had it dead on when she said that legislators and judges need only ask the experts what implications making such laws blindly will lead too ("Hackers" in her words; she's a professor of law and proud Hacker)."

    The project on which I’m working related to this is a volunteer-based non-profit that will bring together professionals and students with backgrounds in computer science, engineering and information technology alongside those with backgrounds in law, public policy, and politics. Our objective will be to create a judicial and legal education program for cyber crimes, digital forensics, intellectual property and electronic discovery providing a basic technical background for judges deciding on these cases in hopes that technical misunderstandings will be reduced thus providing more fair judicial decisions.

    Here's another idea I recently considered: Why not work to recruit and fund more people with technical backgrounds to run for political office? If we work to educate the judges and lawyers on these subjects and EFF is working to change legislation through their grassroots efforts and through the court system, let's try to get more tech-savvy people in office! Then we can hit it from all angles.

    I don't think that the future of politics, wars, and the economy is going to be about equality of the sexes, racial equality, and currency-based economics as we know it today. It's going to be about technology and how it affects these concepts: Online anonymity will blur concepts of race and sex, wars are going to be electronic over the Internet, and economics is going to be about intellectual property (or lack thereof) and new energy generated and enhanced by technology (as opposed to crude oil).

    The future of politics is going to be about the technology. But politics, law and legislation is still typically far behind reality. I think a large part of that relates to the people who are our law makers. Let's get more people in those positions who understand the technology and who will make responsible choices while understanding the ramifications. No more "series of tubes" legislators or those pushing for stronger intellectual property protection to prop up weak companies who fear competition and innovation. Also, let's get someone in office who recognizes that our civil rights also apply online.

    Tuesday, September 9, 2008

    What went on at the September 2600 Meeting?

    Who was there: Nothingface, Infochown, Export, C@t6, 4774x312, Charlye, and Prof. Rad.

    What we discussed: Particle physics, plasma cutters, patents, recent DOJ cyber crime prosecutions, packet sniffing, downtown Portland warehouse real estate for Hacker Space, Defcon 16, and the 3 undergrads from MIT with their Mifare hack. Anything else? Comment about what I may have missed while at Starbucks.

    Friday, September 5, 2008

    2600 and Hacker Space Meeting tonight

    Hello to all of the Portland, Maine hackers! Tonight is the 2600 meeting at the Maine Mall. It starts at 5 PM on the benches outside of the food court. If you cannot make it until 6 PM, we'll still be around sitting at the tables closest to the outside doors. Bring some money for dinner (or your dinner) and we'll chat about the progress of Hacker Space. There are some interesting new cyber crimes prosecutions I'd like to share with you, too. Nothingface will discuss some ideas he has about designing home monitored security systems (I think that Charlye also has some expertise about this topic).

    This should be our last meeting at the 5 PM time. After this meeting, we will have met 2600's requirements to change venue and the time. So if you want a say in where and when we meet in the future, please attend. No one who works likes the 5 PM meeting time, but we'll discuss the Maine Mall venue, too.

    I hope to see some new people there, too. Everyone's welcome.

    Thursday, September 4, 2008

    RFID and Mythbusters

    Did Mythbusters scrap their RFID episode because of legal pressure from the large credit card companies and Texas Instruments or did co-host of the show, Adam Savage, “...get some of his facts wrong?” A spokesperson for TI said that things went differently than Adam described during a presentation at The Last HOPE (Hackers on Planet Earth).

    Adam has retracted his statement made at HOPE. However, how much of the statement was retracted? It seems to me that he admitted that he may have gotten the facts wrong regarding who was in on the phone call and the retractions applies to Discovery Channel—and their advertisers—being associated with the decision not to do an RFID security episode. All this means to me is that the parties involved in the call were corrected and Discovery was exonerated from being associated with the decisions, but what was discussed or the rationale behind the decision as Adam says, “If I went into the detail of exactly why this story didn't get filmed, it's so bizarre and convoluted that no one would believe me...” is left for us to speculate.

    How much can be or should be disclosed about security vulnerabilities? It's a topic that everyone is discussing now.

    Last Day of Defcon 16

    Brenno did it! He presented “Ticket to Trouble” in the place of the 3 MIT undergraduate students who, under a last-minute Massachusetts court injunction, were not able to present. Before his talk, nervous he might get arrested, the legal contingent at the conference told him not to worry. The scope of the injunction was properly narrow: it only referenced the “MIT undergrads'” and their research pertaining to the crack for the Mass. transit cards. However, Brenno gave his presentation exclusively about an extremely similar crack in the Netherlands's mass transit cards last year. The parallels to the US' Mifare card was clear, but he made no reference to the MIT guys' research.

    He began his presentation by presenting a quote from the Dutch Constitution which included a statement about freedom of speech. He was able to freely present on the topic of the Dutch system because of these rights; his government cannot prevent him from presenting academic research and, in fact, specifically said it would not. Then he followed up with the words from the U.S. Constitution thus showing why, if he wanted to, U.S. citizens SHOULD have the same freedoms under U.S. laws. Unfortunately, the US courts didn't have the same opinion as the Dutch courts.

    Brenno (wisely) made no particular reference to the MIT students, but their presentation was close to what Brenno presented but without any technical specifications, code, or photos of people breaking into places. Those three elements were included in the MIT guys' presentation, but a former Fed Agent told me on Friday that the FBI had asked the MIT guys that they cut some slides from their presentation. I suspect that those were the ones in contention, but what I find interesting is that, from what I understood from the former Feds' comment, the FBI wasn't going to preclude the MIT guys from presenting but only asked their presentation be edited due to an ongoing investigation. However, the Massachusetts District and Federal court went as far as to chill their speech completely. It's incredible to me because, not only is the stuff (minus the executable code) already distributed to the public on the Defcon CD that all conference attendees received at registration as early as Thursday, but these guys were talking about exploits that were already out there and well known.

    I think that Brenno's valiant presentation, albeit about the Dutch and British systems, may have weakened the case against the MIT guys. The MA judges who made the decisions will be hearing about this. It was even on Twitter coming up on Brenno's laptop's screen during his talk. Thank you, Brenno. It took you, from the Netherlands, to get up in front of a standing-room-only crowd of over 700 cheering people, present academic security research and uphold our U.S. 1st Amendment Constitutional rights. You will have effected precedent in US courts regarding this case and (hopefully) improve security for an insecure technology. And, as a member of academia, a special THANK YOU in the spirit of academic freedom.

    And then, during Brenno's Q&A, I made a mad dash to the Vegas airport and barely made my flight, but seeing Brenno's presentation was worth the risk. This time I breezed through TSA security—no dumb questions regarding whether my unpeeled orange on a domestic flight could have been injected with bomb-making poisons (I'm not joking—this has actually happened).