Podcast: How we'll kill all the DRM in the world, forever

I'm keynoting the O'Reilly Security Conference in New York in Oct/Nov, so I stopped by the O'Reilly Security Podcast (MP3) to explain EFF's Apollo 1201 project, which aims to kill all the DRM in the world within a decade. Read the rest

How a digital-only smartphone opens the door to DRM (and how to close the door)

Headphone_jack_3.5mm-1

Fast Company's Mark Sullivan asked me to explain what could happen if Apple went through with its rumored plans to ship a phone with no analog sound outputs, only digital ones -- what kind of DRM badness might we expect to emerge? Read the rest

American Bar Association votes to DRM the law, put it behind a EULA

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1158

Rogue archivist Carl Malamud writes, "I just got back from the big debate on is free law like free beer that has been brewing for months at the American Bar Association over the question of who gets to read public safety codes and on what terms." Read the rest

Your medical data: misappropriated by health-tech companies, off-limits to you

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1153

Backchannel's package on medical data and the health-tech industry profiles three people who were able to shake loose their own data and make real improvements in their lives with it: Marie Moe, who discovered that the reason she was having terrifying cardiac episodes was out-of-date firmware on her pacemaker; Steven Keating, who created a website with exquisitely detailed data on his brain tumor, including a gene-sequence that had to be run a second time because the first scan wasn't approved for "commercial" use, which included publishing it on his own site; and Annie Kuehl, whose advocacy eventually revealed the fact that doctors had suspected all along that her sick baby had a rare genetic disorder, which she only learned about after years of agonizing victim-blaming and terrifying seizures. Read the rest

Return of Dieselgate: 3 more hidden programs found in VW Audi/Porsche firmware

2008-2010_Porsche_Cayenne_S_--_03-21-2012

The German newspaper Bild am Sonntag says that US investigators have discovered three more hidden cheat apps in a Volkswagen product line: these ones were discovered in 3-liter Audi diesels. Read the rest

Proof-of-concept ransomware for smart thermostats demoed at Defcon

1470580434407450

Last week, Andrew Tierney and Ken Munro from Pen Test Partners demoed their proof-of-concept ransomware for smart thermostats, which relies on users being tricked into downloading malware that then roots the device and locks the user out while displaying a demand for one bitcoin. Read the rest

DRM: You have the right to know what you're buying!

drm-og-1

Today, the EFF and a coalition of organizations and individuals asked the US Federal Trade Commission (FTC) to explore fair labeling rules that would require retailers to warn you when the products you buy come locked down by DRM ("Digital Rights Management" or "Digital Restrictions Management"). Read the rest

Copyright Office to FCC: Hollywood should be able to killswitch your TV

TV-TPC-1.svg_

20 years ago, Congress ordered the FCC to begin the process of allowing Americans to buy their pay TV boxes on the open market (rather than every American household spending hundreds of dollars a year renting a trailing-edge, ugly, energy-inefficient, badly designed box that is increasingly the locus of networked attacks that expose both the home LAN and the cameras and mics that are more and more likely to be integrated into TVs and decoder boxes) -- now, at last, the FCC is doing something about it. Read the rest

Big rigs can be hijacked and driven with software-based attacks

animation

In a two-month-long class assignment, researchers from the University of Michigan found vulnerabilities in J1939, the standard for networking in big rigs and other large industrial vehicles, that allowed them to control the acceleration, braking, and instrument panels of their target vehicles. Read the rest

Australian media accessibility group raises red flag about DRM in web standards

maa_logo

Media Access Australia is the only Australian nonprofit that advocates for making media accessible to people with disabilities -- and they're also a member of the World Wide Web Consortium (W3C), an open standards body that disappointed its supporters when it bowed to the big entertainment and browser companies and agreed to make a DRM system for online video. Read the rest

Bruce Schneier on the coming IoT security dumpster-fire

Brain-Controlled_Prosthetic_Arm_2

Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen. Read the rest

EFF is suing the US government to invalidate the DMCA's DRM provisions

Bunnie_Huang

The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. Read the rest

Modern Farmer on how the DMCA takes away farmers' rights over their tractors

Untitled12

In spring, 2015, American farmers started to spread the word that John Deere claimed that a notorious copyright law gave the company exclusive dominion over repairs to Deere farm-equipment, making it a felony (punishable by 5 years in prison and a $500K fine for a first offense) to fix your own tractor. Read the rest

For 90 years, lightbulbs were designed to burn out. Now that's coming to LED bulbs.

E27_with_38_LCD

In 1924, representatives of the world's leading lightbulb manufacturers formed Phoebus, a cartel that fixed the average life of an incandescent bulb at 1,000 hours, ensuring that people would have to regularly buy bulbs and keep the manufacturers in business. Read the rest

Sign a book of congratulations for America's new Librarian of Congress

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x968

John from Everylibrary writes, "Please join EveryLibrary in sending congratulations to Dr. Carla Hayden, our new Librarian of Congress, by signing below with your personal comment or reflection of congratulations along with your name. We will take all the signatures and comments made by midnight on Tuesday, July 20th and create a commemorative book for Dr. Hayden. We'll send the book, along with a nice bouquet from all of us, to her this week." Read the rest

Security researchers: the W3C's DRM needs to be thoroughly audited

animation-17

Encrypted Media Extensions (EME), part of a DRM system that's being standardized at the World Wide Web Consortium (W3C), marks the first instance in which a W3C standard will fall under laws like the DMCA, which let companies threaten security researchers with criminal and civil liability just for disclosing the defects in these products. Read the rest

As browsers decline in relevance, they're becoming DRM timebombs

My op-ed in today's issue of The Tech, MIT's leading newspaper, describes how browser vendors and the W3C, a standards body that's housed at MIT, are collaborating to make DRM part of the core standards for future browsers, and how their unwillingness to take even the most minimal steps to protect academics and innovators from the DMCA will put the MIT community in the crosshairs of corporate lawyers and government prosecutors. Read the rest

More posts