Microsoft has always reserved the right to read and disclose your Hotmail messages

Microsoft's "Scroogled" campaign (no relation) boastfully compared Hotmail's privacy framework to Gmail's, condemning Google for "reading your mail." Now, Microsoft has admitted that it scoured the Hotmail messages belonging the contacts of a suspected leaker in order to secure his arrest, and points out that Hotmail's terms of service have always given Microsoft the right to read your personal mail for any of a number nebulously defined, general reasons.

The company says that is had an undisclosed "rigorous process" to determine when it is allowed to read and publish your private email. In a statement, it sets out what the process will be from now on (though it doesn't say what the process has been until now) and vows to include the instances in which it reads its users' mail in its transparency reports, except when it is secretly reading the Hotmail accounts of people who also work for Microsoft.

Here's a PGP tool that claims to work with Hotmail, and would theoretically leave your Hotmail messages unreadable to Microsoft, though the company could still mine your metadata (subject lines, social graph, etc).

Read the rest

US Ninth Circuit says forensic laptop searches at the border without suspicion are unconstitional

An en banc (all the 11/20 judges together) decision from the 9th Circuit has affirmed that you have the right to expect that your laptop and other devices will not be forensically examined without suspicion at the US border. It's the first time that a US court has upheld electronic privacy rights at the border, and the court also said that using an encrypted device that can't be casually searched is not grounds for suspicion. The judges also note that the prevalence of cloud computing means that searching at the border gives cops access to servers located all over the world. At TechDirt, Mike Masnick has some great analysis of this welcome turn of events:

The ruling is pretty careful to strike the right balance on the issues. It notes that a cursory review at the border is reasonable:

Officer Alvarado turned on the devices and opened and viewed image files while the Cottermans waited to enter the country. It was, in principle, akin to the search in Seljan, where we concluded that a suspicionless cursory scan of a package in international transit was not unreasonable.

But going deeper raises more questions. Looking stuff over, no problem. Performing a forensic analysis? That goes too far and triggers the 4th Amendment. They note that the location of the search is meaningless to this analysis (the actual search happened 170 miles inside the country after the laptop was sent by border agents to somewhere else for analysis). So it's still a border search, but that border search requires a 4th Amendment analysis, according to the court.

It is the comprehensive and intrusive nature of a forensic examination—not the location of the examination—that is the key factor triggering the requirement of reasonable suspicion here....

Notwithstanding a traveler’s diminished expectation of privacy at the border, the search is still measured against the Fourth Amendment’s reasonableness requirement, which considers the nature and scope of the search. Significantly, the Supreme Court has recognized that the “dignity and privacy interests of the person being searched” at the border will on occasion demand “some level of suspicion in the case of highly intrusive searches of the person.” Flores-Montano, 541 U.S. at 152. Likewise, the Court has explained that “some searches of property are so destructive,” “particularly offensive,” or overly intrusive in the manner in which they are carried out as to require particularized suspicion. Id. at 152, 154 n.2, 155–56; Montoya de Hernandez, 473 U.S. at 541. The Court has never defined the precise dimensions of a reasonable border search, instead pointing to the necessity of a case-by-case analysis....

The court is led by Chief Judge Alex Kozinski, who is a fan of my book Little Brother (which features a scene where DHS officials force a suspect to decrypt his devices, on the grounds that his encryption itself is suspicious), and was kind enough to write me a blurb for the new edition of the book. I'm not saying that Little Brother inspired Kozinski to issue this decision, but I'm delighted to discover that something I've been pushing through fiction since 2008 has made it into law in 2013.

9th Circuit Appeals Court: 4th Amendment Applies At The Border; Also: Password Protected Files Shouldn't Arouse Suspicion

FedEx's file-transfer capacity versus the Internet

Today on XKCD's "What If...?", Randall Monroe runs the numbers of when and whether the Internet's throughput will ever exceed FedEx's sneakernet file-transfer capacity (one interesting note here: why not treat FedEx's trucks and planes full of hard-drives and SD cards as part of the Internet? After all, you book your FedEx pickup over TCP/IP, track it over TCP/IP, and pay for it over TCP/IP).

Cisco estimates that total internet traffic currently averages 167 terabits per second. FedEx has a fleet of 654 aircraft with a lift capacity of 26.5 million pounds daily. A solid-state laptop drive weighs about 78 grams and can hold up to a terabyte.

That means FedEx is capable of transferring 150 exabytes of data per day, or 14 petabits per second—almost a hundred times the current throughput of the internet.

If you don’t care about cost, this ten-kilogram shoebox can hold a lot of internet

We can improve the data density even further by using MicroSD cards:

Those thumbnail-sized flakes have a storage density of up to 160 terabytes per kilogram, which means a FedEx fleet loaded with MicroSD cards could transfer about 177 petabits per second, or two zettabytes per day—a thousand times the internet’s current traffic level. (The infrastructure would be interesting—Google would need to build huge warehouses to hold a massive card-processing operation.)

So the interesting thing here is the implicit critique of cloud computers. Leave aside the fact that a cloud computer is like a home computer, except that you're only allowed to use it if the phone company says so.

Instead, consider for a moment whether streaming -- especially wireless streaming -- of media that you're likely to play more than once makes economic or technological sense. Your hard drive brims with capacity. It costs nothing to use (after you've paid for it once, and leaving aside the electrical bill). It is vastly faster than any wide-area network link. Contrast with wireless bandwidth: there's only one RF spectrum, and you have to share it with everyone within range of your device.

Increasing the hard drive in your laptop does nothing to the storage capacity of my laptop, but increasing your demands on the wireless spectrum comes at the expense of my use of that same spectrum.

On the other hand, it's easy to see why telcos would love the idea that every play of "your" media involves another billable event. Media companies, too -- it's that prized, elusive urinary-tract-infection business model at work, where media flows in painful, expensive drips instead of healthy, powerful gushes.

The progeny of this hellish marriage is the non-neutral Internet connection where a telco offers to spy on, and slow down, its users' connections -- but selectively, so that the media from a "preferred partner" comes in more quickly, and doesn't count against a bandwidth cap. This is especially virulent where telcos are entertainment companies -- Comcast and Rogers and so on, all champing to freeze out services like Netflicks by metering its bandwidth, but freeflagging downloads from their in-house competing services.

FedEx Bandwidth

Google's cheaper Chromebook: enough of a computer

The cheaper Chromebooks that Google introduced last month don’t deserve credit for being a cheap way to read e-mail and surf the web: any smartphone meets that specification. But the $249 Samsung model I’ve been testing for the past two weeks also plausibly replaces a low-end laptop.

Read the rest

Pirate Bay moves to the cloud

The Pirate Bay has moved its servers into a network of cloud-based hosting services around the world, making it less vulnerable to police raids. I wonder how well this will work, though: cloud providers are very vulnerable to police threats, since the cops can always threaten to take down all the cloud's customers in order to seize a target's processes and data. More from TorrentFreak's Ernesto:

“Running on VMs cuts down operation costs and complexity. For example, we never need anyone to do hands-on work like earlier this month when we were down for two days because someone had to fix a broken power distribution unit,” The Pirate Bay says.

The setup also makes it possible for the BitTorrent site to take their business elsewhere without too much hassle.

“If one cloud-provider cuts us off, goes offline or goes bankrupt, we can just buy new virtual servers from the next provider. Then we only have to upload the VM-images and reconfigure the load-balancer to get the site up and running again.”

Pirate Bay Moves to The Cloud, Becomes Raid-Proof

Cisco locks customers out of their own routers, only lets them back in if they agree to being spied upon and monetized

Owners of Cisco/Linksys home routers got a nasty shock this week, when their devices automatically downloaded a new operating system, which locked out device owners. After the update, the only way to reconfigure your router was to create an account on Cisco's "cloud" service, signing up to a service agreement that gives Cisco the right to spy on your Internet use and sell its findings, and also gives them the right to disconnect you (and lock you out of your router) whenever they feel like it.

They say that "if you're not paying for the product, you are the product." But increasingly, even if you do pay for the product, you're still the product, and you aren't allowed to own anything. Ownership is a right reserved to synthetic corporate persons, and off-limits to us poor meat-humans.

Joel Hruska from ExtremeTech reports:

This is nothing but a shameless attempt to cash in on the popularity of cloud computing, and it comes at a price. The Terms and Conditions of using the Cisco Connect Cloud state that Cisco may unilaterally shut down your account if finds that you have used the service for “obscene, pornographic, or offensive purposes, to infringe another’s rights, including but not limited to any intellectual property rights, or… to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability.”

It then continues “we reserve the right to take such action as we (i) deem necessary or (ii) are otherwise required to take by a third party or court of competent jurisdiction, in each case in relation to your access or use or misuse of such content or data. Such action may include, without limitation, discontinuing your use of the Service immediately without prior notice to you, and without refund or compensation to you.”

Since the Service is the only way to access your router, killing one would effectively kill the other.

Oh, and Cisco reserves the right to continue to update your router, even if you set it not to allow automatic updates.

Cisco’s cloud vision: Mandatory, monetized, and killed at their discretion

Update: A Cisco rep comments below, pointing out that Cisco has since changed its privacy policy.

However, the current policy reserves the right to change it back.

The current policy also allows Cisco to discontinue your access to your router if you download pornography, or if someone complains about you, without a court order, evidence or a chance to state your case and face your accuser.

They have also provided users with a way to back out of the "cloud management" "feature."

But, as noted, Cisco still reserves the right to change how your router works, even if you set it not to accept automatic updates.

Grid computing turns your idle cycles into a charity-supporting supercomputer

Mark sez, "Charity Engine has a new twist on volunteer computing: using surplus, wasted PC resources to raise money for major charities including Oxfam, Amnesty, MSF and CARE - and also for huge prize draws for everyone running it. Based on UC Berkeley's famous BOINC software, the Charity Engine grid is hired to science and industry as a super-cheap supercomputer, then the profits given to the charities and volunteers. It's already paid out over $30,000. The app only uses a tiny bit of electricity and generates far more for the good causes - and the prize draws - than it costs to run. Free to download, Charity Engine is available now for PC and Mac." Cory

EFF wants to help you get your files back from MegaUpload's servers before they're erased


If you're one of the millions of MegaUpload customers whose data is endangered by the entertainment industry's legal action against the company, EFF wants to help you get your files back. They've teamed up with Carpathia Hosting, the company that hosts MegaUpload's servers, and created Megeretreival.com. The US DoJ's plan to destroy the files -- and the evidence! -- hosted on MegaUpload's servers has been delayed by two weeks, and the Electronic Frontier Foundation will use that gap to advocate on behalf of users whose financial data, personal files, movies, videos, writing, and creative work were hosted on MegaUpload.

EFF is troubled that so many lawful users of Megaupload.com had their property taken from them without warning and that the government has taken no steps to help them. We think it's important that these users have their voices heard as this process moves forward.

~ Julie Samuels
Staff Attorney at EFF

Carpathia does not have access to any data for Megaupload customers. We support the EFF and their efforts to help those users that stored legitimate, non-infringing files with Megaupload retrieve their data.

~ Brian Winter
CMO of Carpathia Hosting

Megaupload's hosting company teams up with EFF to identify legal files

Heat your home with data

Server farms generate so much heat that they have to run air conditioning year round. That requires energy, which costs money and tends to mean burning more fossil fuels. Meanwhile, in winter, a lot of houses are cold. The people who live there have to turn on the heat, which costs money and tends to mean burning more fossil fuels.

So here's an idea: Why not distribute the hardware from a server farm, putting heat-producing equipment in houses that actually need the heat?

If a home has a broadband Internet connection, it can serve as a micro data center. One, two or three cabinets filled with servers could be installed where the furnace sits and connected with the existing circulation fan and ductwork. Each cabinet could have slots for, say, 40 motherboards — each one counting as a server. In the coldest climate, about 110 motherboards could keep a home as toasty as a conventional furnace does.

The rest of the year, the servers would still run, but the heat generated would be vented to the outside, as harmless as a clothes dryer’s. The researchers suggest that only if the local temperature reached 95 degrees or above would the machines need to be shut down to avoid overheating. (Of course, adding a new outside vent on the side of the house could give some homeowners pause.)

According to the researchers’ calculations, a conventional data center must invest about $400 a year to run each server, or about $16,000 for a cabinet filled with 40 of them. (This includes the costs of building a bricks-and-mortar center and of cooling the machines.)

Having homes host the machines could reduce the need for a company to build new data centers. And the company’s cost to operate the same cabinet in a home would be less than $3,600 a year — and leave a smaller carbon footprint, too. The company’s data center could thus cover the homeowner’s electricity costs for the servers and still come out way ahead financially.

It could certainly produce some logistical problems with security, but it's an intriguing idea, and a great example of how we can get the energy services we want for much less energy use. The researchers who proposed it, from Microsoft and the University of Virginia, call it a "data furnace." It'll be interesting to see where the idea goes from here.

Read the white paper where the idea of data furnaces was introduced. White papers are not peer-reviewed, by the way.

Read the New York Times article quoted above.

Via Geekwire and Stephen Curry

Image:Image: Dawdle's new servers - front, a Creative Commons Attribution (2.0) image from dawdledotcom's photostream

Tor project asks supporters to set up virtual Tor bridges in Amazon's cloud

The Tor project, whose network tool helps people avoid online censorship, works by bouncing traffic around several different computers before it reaches its destination. The more computers there are in the Tor network, the better it works. Now, Tor's developers want its supporters to set up Tor "bridges" on Amazon's cloud computing platform, EC2. EC2 has a free introductory offer and there's an easy Tor image that is configured and ready to go -- but if you don't qualify for the free offer, you can donate a powerful Tor bridge for as little as $30 a month, and help people all over the world who want to be more anonymous and more private.

Setting up a Tor bridge on Amazon EC2 is simple and will only take you a couple of minutes. The images have been configured with automatic package updates and port forwarding, so you do not have to worry about Tor not working or the server not getting security updates.

You should not have to do anything once the instance is up and running. Tor will start up as a bridge, confirm that it is reachable from the outside, and then tell the bridge authority that it exists. After that, the address for your bridge will be given out to users.

Run Tor as a bridge in the Amazon Cloud

Cloud computing and labor disputes: University locks striking profs out of their coursework and email

Robert Spahr, an assistant professor at Southern Illinois University Department of Cinema & Photography, writes,

I wanted to let you know that we are not only in the middle of a labor strike, but most importantly, a public university has shown by their actions, the dangers of Cloud Computing.

The University has disabled faculty email, and locked them out of their personal work contained in Blackboard (a course management system) as well as censoring pro-union comments from the official University Facebook page.

Myself, and some fellow faculty and students quickly produced a blog and Twitter feed to combat this censorship.

Turns out the uni isn't just nuking pro-union statements, but any questions about the labor dispute posted by its students and other stakeholders.

Virtual monkeys recreate Shakespeare

Jesse Anderson set out to recreate every single work of Shakespeare at the same time by means of virtual monkeys that are simulated on Amazon's cloud computing platform. One million virtual monkeys create virtual text around the clock, and if any of that text matches any of Shakespeare, it is saved to the repository.

On September 23d, the monkeys recreated A Lover's Complaint.

For this project, I used Hadoop, Amazon EC2, and Ubuntu Linux. Since I don’t have real monkeys, I have to create fake Amazonian Map Monkeys. The Map Monkeys create random data in ASCII between a and z. It uses Sean Luke’s Mersenne Twister to make sure I have fast, random, well behaved monkeys. Once the monkey’s output is mapped, it is passed to the reducer which runs the characters through a Bloom Field membership test. If the monkey output passes the membership test, the Shakespearean works are checked using a string comparison. If that passes, a genius monkey has written 9 characters of Shakespeare. The source material is all of Shakespeare’s works as taken from Project Gutenberg.

(via /.)