Cyberattacks on Georgian Web Sites Are Reigniting a Washington Debate (pdf)

U.S. officials have begun to consider the legal and policy problems that cyberwarfare presents, but cybersecurity experts said the government has been slow to resolve them in the face of an increasing likelihood that cyberattacks will be used to augment, or even supplant, typical military action.

“We are in a world where governments have not decided yet whether the tools of cyberattacks are weapons,” said Scott Borg, director of the U.S. Cyber Consequences Unit, a think tank that advises governments and companies. “We don’t have any really clear international understandings about these matters.”

“The Pentagon doesn’t have a policy on whether a cyberattack can be an act of war,” said Pentagon spokesman Lt. Col. Eric Butterbaugh, adding, “it’s ultimately the perception of the country under attack as to whether an act of war was committed.” The Pentagon has, however, assigned its Strategic Command to head up cyberprotection and cybercounter-attack operations.

Related: A Push to Increase Icebreakers in the Arctic

The perennial complaint by just about everyone in the business is brought up again: Record labels seek more action on Rock Band and Guitar Hero (pdf)

Many music industry executives facing a CD sales slump love the sound of Guitar Hero and Rock Band.

The video games have millions of followers who memorize every note of songs so they can jam along — and they often buy the original version of their favorites. In addition to the publicity, the record labels get licensing fees from the game publishers.

But not all music industry executives are singing “Hallelujah.”

Edgar Bronfman Jr., chairman and chief executive of Warner Music Group, recently grumbled that the record labels deserved a bigger piece of the spoils from the games’ success.

“The amount being paid to the industry, even though their games are entirely dependent on the content that we own and control, is far too small,” he said during an Aug. 7 earnings call.

Bronfman suggested that he wanted Warner to be less a supplier than a partner. “If that does not become the case, as far as Warner Music is concerned, we will not license to those games,” he said.

The recording industry has long complained that it doesn’t receive its fair share of the proceeds from successful businesses built on music, such as MTV, the iPod and the iTunes store.

Maybe Bronfman ought to learn some game programming to see just how important “his” content really is.

Free digital texts begin to challenge costly college textbooks in California (pdf)

[Caltech economics professor R. Preston] McAfee is one of a band of would-be reformers who are trying to beat the high cost — and, they say, the dumbing down — of college textbooks by writing or promoting open-source, no-cost digital texts.

Thus far, their quest has been largely quixotic, but that could be changing. Public colleges and universities in California this past year backed several initiatives to promote online course materials, and publishers and entrepreneurs are stepping up release of electronic textbooks, which typically sell at reduced prices.

McAfee is a leader in his academic field, a featured speaker at the Yahoo Big Thinkers India conference in March. Tall and genial, he dresses in khakis, a polo shirt and geeky river sandals. A coauthor of the best-selling book “Freakonomics,” Steven D. Levitt, has described him as brilliant. What McAfee is not is anti-capitalist.

“Im a right-wing economist, so they can’t call me a communist,” McAfee said.

Yet he turned down $100,000 to turn over his open-source textbook “Introduction to Economic Analysis” to a commercial publisher.

“What makes us rich as a society is what we know and what we can do,” he said. “Anything that stands in the way of the dissemination of knowledge is a real problem.”

McAfee said he wrote his open-source book because the traditional textbook market is broken. Textbook and college supply prices nearly tripled between 1986 and 2004, an audit by the federal Government Accountability Office found in 2005. With costs continuing to climb, it would be “reasonable to conclude that [individual student] expenditures can easily approach $700 to $1,000 today even after supplies are subtracted,” the congressional Advisory Committee on Student Financial Assistance said in a 2007 report.

“Publishers have broken an implicit contract with academics, in which we gave our time and they weren’t too greedy,” McAfee wrote on the web page for his book. McAfee said many publishers, going for the lowest common denominator, were making some books too simple.

Representatives of the textbook industry say they have invested in new products because instructors have demanded it.

Later: Break on Cost Of Textbooks Unlikely Before Last Bell, 2010 (pdf)

Who would have thought that YouTube would have voluntarily elected to become a part of the DC Circuit? Some Media Companies Choose to Profit From Pirated YouTube Clips

In the last few months, CBS, Universal Music, Lionsgate, Electronic Arts and other companies have stopped prodding YouTube to remove unauthorized clips of their movies, music videos and other content and started selling advertising against them.

[...] So far, the money is minimal — ads appear on only a fraction of YouTube’s millions of videos — but the move suggests a possible thaw in the chilly standoff between the online video giant and media companies. Getting into the good graces of media entities is seen as critical to the future of YouTube, which has struggled to show appreciable revenue for video ads.

“We don’t want to condone people taking our intellectual property and using it without our permission,” said Curt Marvis, the president of digital media at Lionsgate Entertainment, which owns films like “Dirty Dancing” and the “Saw” series of horror movies.

“But we also don’t like the idea of keeping fans of our products from being able to engage with our content.” he said. “For the most part, people who are uploading videos are fans of our movies. They’re not trying to be evil pirates, and they’re not trying to get revenue from it.”

Indeed, the YouTube users who post the content without permission will not share in the advertising revenue generated by their posts. Instead, it is split between the media companies and YouTube.

The infringing user receives an e-mail message with an ominous red banner saying “a YouTube partner made a copyright claim on one of your videos.” The e-mail message explains that the media company has “authorized the use of this content” and that viewers may see advertising on the video.

So, now the media companies have found a way, via YouTube copyright claims, to appropriate creative content that makes “fair use” of copyrighted works? I wonder what the first appeal of YouTube’s “decision” is going to look like….

I Was There. Just Ask Photoshop.

REMOVING her ex-husband from more than a decade of memories may take a lifetime for Laura Horn, a police emergency dispatcher in Rochester. But removing him from a dozen years of vacation photographs took only hours, with some deft mouse work from a willing friend who was proficient in Photoshop, the popular digital-image editing program.

[...] “In my own reality, I know that these things did happen,” Ms. Horn said. But “without him in them, I can display them. I can look at those pictures and think of the laughter we were sharing, the places we went to.”

“This new reality,” she added, “is a lot more pleasant.”

Man, the Times must have worked hard to get Ms. Horn to phrase things just right for them!

T hacking exposes a deeper clash (pdf)

Anderson, along with his freshman-year roommate, R. J. Ryan, 22, and another student in the class, Alessandro Chiesa, 20, claimed in their project to have developed a way to hack into the MBTA’s recently installed $180 million automated fare-collection system and provide fellow hackers with “free rides for life.”

Not surprisingly, the T was not pleased to learn of the development. The agency, which is strapped for cash and contemplating a fare increase in 2010, successfully sued the students to prevent them from presenting their findings at DEFCON, a hacker’s convention that recently drew more than 6,000 people to the Riviera Hotel and Casino in Las Vegas.

The trio face a hearing in Boston’s federal court tomorrow when a temporary restraining order keeping them from releasing their findings expires.

The T, which did not return calls for this story, has said the students’ findings could cause “significant damage to the transit system.” The agency has also sued MIT, saying the institute failed to teach its undergraduates “to responsibly disclose information concerning perceived security flaws.”

The students strongly disagree, and their case has electrified the cowboy community of hackers, where the line is often blurry between those who break into a system so the system’s flaws can be exposed and patched and those who crack into a network merely to create mischief.

Also, Judge awaits students’ research paper (pdf)

New magazine-sharing site may violate copyrights (pdf)

The magazine industry, already facing a decline in newsstand sales and falling ad revenue, is being besieged by a new foe: digital piracy.

A fledgling Web site called Mygazines.com encourages people to copy and upload popular magazines that are currently on newsstands. Visitors can read high-quality digital copies of dozens of current titles, including People, Mens Health and The Economist, in their entirety.

The site, with some 16,000 registered users as of Friday, is a “flagrant” violation of copyright laws, according to legal experts — but it is run by an offshore company of specious origin, making it difficult to shut down.

Jackson Browne sues McCain, RNC over song in ad (pdf)

Jackson Browne doesn’t want John McCain running on anything fueled by his lyrics.

The singer-songwriter sued McCain and the Ohio and national Republican committees in U.S. District Court in Los Angeles on Thursday, accusing them of using his song “Running on Empty” without his permission.

The lawsuit claims the song’s use was an infringement of his copyright and will lead people to conclude he endorses McCain. The suit says Browne is a lifelong liberal who is as well-known for his music as for being “an advocate for social and environmental justice.”

[...] Browne’s lawsuit contends the Ohio Republican party released the ad on behalf of McCain and the RNC. The RNC did not return a phone call seeking comment.

The suit notes that other musicians, including ABBA and John Cougar Mellencamp, have asked McCain to stop using their work.

In the end, all worthwhile weapons testing requires a war: Longtime Battle Lines Are Recast In Russia and Georgia’s Cyberwar (pdf)

Concerted online attacks have been a threat for years. But security experts say the “cyberwar” between Russia and Georgia underscores the havoc that can spread on a digital battlefield. It also highlights how vulnerable Web-reliant countries are to assaults that could cripple military communications or a national banking industry.

See also An Army of Ones and Zeroes: How I Became a Soldier in the Georgia-Russia Cyberwar

In particular, a case upholding the Artistic License:Ruling Is a Victory for Supporters of Free Software

In a ruling Wednesday, the federal appeals court in Washington said that just because a software programmer gave his work away did not mean it could not be protected.

The decision legitimizes the use of commercial contracts for the distribution of computer software and digital artistic works for the public good. The court ruling also bolsters the open-source movement by easing the concerns of large organizations about relying on free software from hobbyists and hackers who have freely contributed time and energy without pay.

It also has implications for the Creative Commons license, a framework for modifying and sharing creative works that was developed in 2002 by Larry Lessig, a law professor at Stanford.

The ruling: Robert Jacobsen v. Matthew Katzer and Kamind Associates

We consider here the ability of a copyright holder to dedicate certain work to free public use and yet enforce an “open source” copyright license to control the future distribution and modification of that work. Appellant Robert Jacobsen (”Jacobsen”) appeals from an order denying a motion for preliminary injunction. Jacobsen v. Katzer, No. 06-CV-01905 JSW, 2007 WL 2358628 (N.D. Cal. Aug. 17, 2007). Jacobsen holds a copyright to computer programming code. He makes that code available for public download from a website without a financial fee pursuant to the Artistic License, an “open source” or public license. Appellees Matthew Katzer and Kamind Associates, Inc. (collectively “Katzer/Kamind”) develop commercial software products for the model train industry and hobbyists. Jacobsen accused Katzer/Kamind of copying certain materials from Jacobsen’s website and incorporating them into one of Katzer/Kamind’s software packages without following the terms of the Artistic License. Jacobsen brought an action for copyright infringement and moved for a preliminary injunction.

The District Court held that the open source Artistic License created an “intentionally broad” nonexclusive license which was unlimited in scope and thus did not create liability for copyright infringement. The District Court reasoned:

The plaintiff claimed that by modifying the software the defendant had exceeded the scope of the license and therefore infringed the copyright. Here, however, the JMRI Project license provides that a user may copy the files verbatim or may otherwise modify the material in any way, including as part of a larger, possibly commercial software distribution. The license explicitly gives the users of the material, any member of the public, “the right to use and distribute the [material] in a more-or-less customary fashion, plus the right to make reasonable accommodations.” The scope of the nonexclusive license is, therefore, intentionally broad. The condition that the user insert a prominent notice of attribution does not limit the scope of the license. Rather, Defendants’ alleged violation of the conditions of the license may have constituted a breach of the nonexclusive license, but does not create liability for copyright infringement where it would not otherwise exist.

Jacobsen, 2007 WL 2358628 at *7 (internal citations omitted).

On this basis, the District Court denied the motion for a preliminary injunction. We vacate and remand.

[...] The clear language of the Artistic License creates conditions to protect the economic rights at issue in the granting of a public license. These conditions govern the rights to modify and distribute the computer programs and files included in the downloadable software package. The attribution and modification transparency requirements directly serve to drive traffic to the open source incubation page and to inform downstream users of the project, which is a significant economic goal of the copyright holder that the law will enforce. Through this controlled spread of information, the copyright holder gains creative collaborators to the open source project; by requiring that changes made by downstream users be visible to the copyright holder and others, the copyright holder learns about the uses for his software and gains others’ knowledge that can be used to advance future software releases.

[...] Having determined that the terms of the Artistic License are enforceable copyright conditions, we remand [...]

Police Turn to Secret Weapon: GPS Device (pdf)

Across the country, police are using GPS devices to snare thieves, drug dealers, sexual predators and killers, often without a warrant or court order. Privacy advocates said tracking suspects electronically constitutes illegal search and seizure, violating Fourth Amendment rights of protection against unreasonable searches and seizures, and is another step toward George Orwell’s Big Brother society. Law enforcement officials, when they discuss the issue at all, said GPS is essentially the same as having an officer trail someone, just cheaper and more accurate. Most of the time, as was done in the Foltz case, judges have sided with police.

With the courts’ blessing, and the ever-declining cost of the technology, many analysts believe that police will increasingly rely on GPS as an effective tool in investigations and that the public will hear little about it. [...]

Curiouser and curioser: MIT students ordered to release more information on T security flaws (pdf)

A federal judge today ordered three MIT students to release more information on what they know about security flaws in the MBTAs electronic toll collection system.

In a hearing in a lawsuit brought by the MBTA, Jennifer Granick, an attorney for the students, told US District Judge George OToole that the students had already provided the court with the “entire universe of information” the students had developed about the system.

But Ieuan G. Mahoney, an attorney for the MBTA, said, “Theres still a good deal of information out there.”

Now what? Some Web Firms Say They Track Behavior Without Explicit Consent (pdf)

Several Internet and broadband companies have acknowledged using targeted-advertising technology without explicitly informing customers, according to letters released yesterday by the House Energy and Commerce Committee.

And Google, the leading online advertiser, stated that it has begun using Internet tracking technology that enables it to more precisely follow Web-surfing behavior across affiliated sites.

The revelations came in response to a bipartisan inquiry of how more than 30 Internet companies might have gathered data to target customers. Some privacy advocates and lawmakers said the disclosures help build a case for an overarching online-privacy law.

“Increasingly, there are no limits technologically as to what a company can do in terms of collecting information . . . and then selling it as a commodity to other providers,” said committee member Edward J. Markey (D-Mass.), who created the Privacy Caucus 12 years ago. “Our responsibility is to make sure that we create a law that, regardless of the technology, includes a set of legal guarantees that consumers have with respect to their information.”

See Responses to August 1, 2008 Letters to Network Operators Regarding Data Collection Practices

You can play at home! Spying on other peoples computers

The good ol Internet: always coming up with new solutions to old problems. Modern man suspects wife is up to something. Modern man installs PC Pandora, a spyware application that records keystrokes, takes surreptitious screen shots, and monitors chat sessions—all for the low, low price of $49.95. Success Modern man writes a congratulatory note to the company, which it posts on its “testimonials” page:

My wife of 25 years came out of the blue after Christmas this past year and requested a divorce without much explanation. I was devastated, so I purchased your product. It only took two days to find out she has been living a dark secret life for several years as a submissive love slave to a dominant male partner in the BDSM world meeting him at least once a month. She was blown out of the water when I told her everything I knew about her lifestyle even down to the name and email address of the person she is involved with. Answered all my questions. She has no clue and thinks I spent $$$$$$ on a private investigator.

Despite modern mans feelings of triumph, its hard to see any winners there. Its easier than ever to spy on our spouses, co-workers, boyfriends, and roommates. But does this make us happier and wiser or just more neurotic and creepy? [...]

F.B.I.’s Use of Phone Records Shows Need to Protect the Press, Senators Say

Last week, the Federal Bureau of Investigation disclosed to the two newspapers that it had improperly obtained the phone records of reporters in their Indonesian bureaus in 2004 by using emergency records demands from telephone providers as part of an investigation. Robert S. Mueller III, the director of the bureau, made personal calls to Bill Keller, executive editor of The Times, and Leonard Downie Jr., executive editor of The Post, to apologize.

But the ranking senators on the Judiciary Committee, Patrick J. Leahy, Democrat of Vermont, and Arlen Specter, Republican of Pennsylvania, said that was not enough.

[...] The phone records were apparently obtained as part of a terrorism investigation, but the agency has not explained what it was investigating or why the reporters’ phone records were considered relevant.

Of course, the real question is why are they only worried about the First Amendment implications (and, thus, the protection of the Press) and forgetting about the Fourth?

Scientists and Magicians Describe How Tricks Exploit Glitches in Perception

In a paper published last week in the journal Nature Reviews Neuroscience, a team of brain scientists and prominent magicians described how magic tricks, both simple and spectacular, take advantage of glitches in how the brain constructs a model of the outside world from moment to moment, or what we think of as objective reality.

For the magicians, including The Great Tomsoni (John Thompson), Mac King, James Randi, and Teller of Penn and Teller, the collaboration provided scientific validation, as well as a few new ideas.

For the scientists, Susana Martinez-Conde and Stephen Macknik of the Barrow Neurological Institute in Phoenix, it raised hope that magic could accelerate research into perception. “Here’s this art form going back perhaps to ancient Egypt, and basically the neuroscience community had been unaware” of its direct application to the study of perception, Dr. Martinez-Conde said.

Attention and awareness in stage magic: turning tricks into research; Macknick, King, Randi, Robbins, Teller, Thompson and Martinez-Conde; Nature Reviews: Neuroscience; 30 July 2008; doi:10.1038/nrn2473

Handle With Care

Ethical and philosophical issues have long occupied biotechnology, where institutional review boards commonly rule on proposed experiments and advisory committees must approve the use of gene-splicing and related techniques. When the federal government initiated its effort to decipher the human genome, a percentage of the budget went to consideration of ethics issues like genetic discrimination.

But such questions are relatively new for scientists and engineers in other fields. Some are calling for the same kind of discussion that microbiologists organized in 1975 when the immense power of their emerging knowledge of gene-splicing or recombinant DNA began to dawn on them. The meeting, at the Asilomar conference center in California, gave rise to an ethical framework that still prevails in biotechnology.

“Something like Asilomar might be very important,” said Andrew Light, director of the Center for Global Ethics at George Mason University, one of the organizers of a conference in Charlotte, N.C., in April on the ethics of emerging technologies. “The question now is how best to begin that discussion among the scientists, to encourage them to do something like this, then figure out what would be the right mechanism, who would fund it, what form would recommendations take, all those details.”

But an engineering Asilomar might be hard to bring off. “So many people have their nose to the bench,” Dr. Arkin said, “historically a pitfall of many scientists.” Anyway, said Paul Thompson, a philosopher at Michigan State and former secretary of the International Society for Environmental Ethics, many scientists were trained to limit themselves to questions answerable in the real world, in the belief that “scientists and engineers should not be involved in these kinds of ethical questions.”

Global Trail of an Online Crime Ring

When prosecutors unveiled indictments last week, they made a stunning admission: the culprit was, they said, their very own informant.

Albert Gonzalez, 27, appeared to be a reformed hacker. To avoid prison time after being arrested in 2003, he had been helping federal agents identify his former cohorts in the online underworld where credit and debit card numbers are stolen, bought and sold.

But on the sly, federal officials now say, Mr. Gonzalez was connecting with those same cohorts and continuing to ply his trade, using online pseudonyms — including “soupnazi” — that would be his undoing. As they tell it, Mr. Gonzalez had a central role in a loosely organized online crime syndicate that obtained tens of millions of credit and debit card numbers from nine of the biggest retailers in the United States.

The indictments last week of 11 people involved in the group give a remarkably comprehensive picture of how the Internet is enabling new kinds of financial crimes on a vast international scale.

Tiffany Appeals eBay Counterfeiting Decision (pdf)

Tiffany & Co. challenged Monday a federal ruling that largely absolved eBay Inc. of policing its auction site for counterfeit items, saying the judge was wrong to leave the primary burden to the jewelry maker.

Monday’s appeal with the 2nd U.S. Circuit Court of Appeals in New York extends a case that Tiffany filed against eBay in 2004 arguing that most items listed for sale on eBay as genuine Tiffany products were fakes.

Last month, U.S. District Judge Richard J. Sullivan in New York ruled that trademark holders like the jewelry maker, rather than auction platforms like eBay, are responsible for policing their brands online.

It was hard to find any mainstream coverage of this: MIT students’ report makes security recommendations to T (pdf)

The MBTA sued after learning that MIT students Zack Anderson, R.J. Ryan, and Alessandro Chiesa planned to present their findings Sunday at the DEFCON hacker convention in Las Vegas. The temporary order is valid for 10 days. Then the T must prove that the students’ research poses such a risk that an extended injunction is necessary. The T is also seeking unspecified financial damages, according to court papers.

“It’s not a light step for a judge to grant this action, and it speaks to the strength of our arguments and the merits of our position,” Grabauskas said.

But Marcia Hofmann - staff lawyer for the Electronic Frontier Foundation, a nonprofit representing the students - called the decision a “dangerous precedent for security researchers,” which could potentially discourage the investigation and improvement of technology across the country.

“That certainly would discourage security researchers from discussing their work and sharing information that might ultimately make systems more secure,” Hofmann said.

[...] The students’ report says the CharlieTicket has four main problems: Value is stored on the card, not in a central MBTA database; anyone that has a card can read and write it with low-cost technology; a cryptographic signature algorithm is not used on the data to prevent forgeries; and MBTA networks do not have any centralized card verification system.

The CharlieCard has some level of security through encryption, according to the report, but it can be duplicated.

The EFF summary page: MBTA v Anderson