Podcast: News from the future for Wired UK

Here's a reading (MP3) of a short story I wrote for the July, 2014 issue of Wired UK in the form of a news dispatch from the year 2024 -- specifically, a parliamentary sketch from a raucous Prime Minister's Question Time where a desperate issue of computer security rears its head:

Read the rest

How can you trust your browser?


Tim Bray's Trusting Browser Code explores the political and technical problems with trusting your browser, especially when you're using it to do sensitive things like encrypt and decrypt your email. In an ideal world, you wouldn't have to trust Google or any other "intermediary" service to resist warrants forcing it to turn over your sensitive communications, because it would be technically impossible for anyone to peek into the mail without your permission. But as Bray points out, the complexity and relative opacity of Javascript makes this kind of surety difficult to attain.

Bray misses a crucial political problem, though: the DMCA. Under US law (and similar laws all over the world), telling people about vulnerabilities in DRM is illegal, meaning that a bug in your browser that makes your email vulnerable to spying might be illegal to report, and will thus potentially never be fixed. Now that the World Wide Web Consortium and all the major browser vendors (even including Mozilla) have capitulated on adding DRM to the Web, this is the most significant political problem in the world of trusting your browser.

Read the rest

What the ban on unlocking phones means (worse than you think)

You will have heard that the US Copyright Office has lifted the temporary ruling under which you were allowed to unlock your phone. EFF explains in detail what this ruling means (it's not what you think -- and in some ways, it's worse):

First, the good news. The legal shield for jailbreaking and rooting your phone remains up - it'll protect us at least through 2015. The shield for unlocking your phone is down, but carriers probably aren't going to start suing customers en masse, RIAA-style. And the Copyright Office's decision, contrary to what some sensational headlines have said, doesn't necessarily make unlocking illegal.

Unlocking is in a legal grey area under the DMCA. The law was supposed to protect creative works, but it's often been misused by electronics makers to block competition and kill markets for used goods. The courts have pushed back, ruling that the DMCA doesn't protect digital locks that keep digital devices from talking to each other when creative work isn't involved. And no creative work is involved here: Wireless carriers aren't worried about "piracy" of the software on their phones, they're worried about people reselling subsidized phones at a profit. So if the matter ever reached a court, it might well decide that the DMCA does not forbid unlocking a phone.

Now, the bad news. While we don’t expect mass lawsuits anytime soon, the threat still looms. More likely, wireless carriers, or even federal prosecutors, will be emboldened to sue not individuals, but rather businesses that unlock and resell phones. If a court rules in favor of the carriers, penalties can be stiff - up to $2,500 per unlocked phone in a civil suit, and $500,000 or five years in prison in a criminal case where the unlocking is done for "commercial advantage." And this could happen even for phones that are no longer under contract. So we're really not free to do as we want with devices that we own.

All that said, if you were convicted, the maximum penalty under the law for unlocking your phone is now greater than the maximum penalty for turning it into an IED.

Is It Illegal To Unlock a Phone? The Situation is Better - and Worse - Than You Think