Submit a link Features Reviews Podcasts Video Forums More ▾

Victorian Transport Department calls cops on 16 year old for reporting bug that exposed customers' personal data

Last month, around Christmas, a sixteen-year-old Australian named Joshua Rogers living in Victoria told the Transport Department that its Metlink website was exposing the sensitive details of over 600,000 transit users, including "full names, addresses, home and mobile phone numbers, email addresses, dates of birth, and a nine-digit extract of credit card numbers."

He waited two weeks, but after he had not heard from Metlink -- and as the data exposure was ongoing -- he went to the national newspaper The Age, who called the Transport Department for comment. Whereupon the Transport Department called the police, who arrested the teenager.

It may be that the mistake that exposed all this sensitive data was an "honest" one -- after all, there's no experimental methodology for verifying security apart from telling people what you're doing and asking them to poke holes in it. Security is a process, not a product.

But that means that anyone who keeps sensitive public information on hand has a duty to take bug reports about vulnerabilities seriously, and to act on them quickly. Killing (or arresting) the messenger is absolutely unforgivable, not merely because of the injustice to this one person, but because it creates a chilling effect on all future bug-reporters, and not just for your service, but for all of them.

The Transport Department hasn't only unjustly punished an innocent person; it hasn't only weakened its own security; it hasn't only failed in its duty to its customers -- it has struck a blow against the very idea of security itself, and harmed us all.

Read the rest

Feds spend more subsidizing undergrads than undergrads pay in tuition


Here's an analysis of the New America Foundation's Federal Education Budget Project, a wide-ranging and thorough look at the way the government spends on education. It shows that the total take from American universities in tuition for undergraduate programs is $62.6B, while the Federal government is spending $69 billion on grants, aid loans, tax breaks and other funding.

The implication is that it would be cheaper to give away university education than to charge for it, but that's not quite right (federal education funding pays for more than tuition -- it also includes housing, food and other expenses, and the feds are already subsidizing colleges out of their $69B spend). But it does suggest that the education system is really screwed up, an expensive boondoggle that is optimized for paying bondholders who own student debt, rather than turning out an educated, resilient and adaptable nation.

Read the rest

Meet Educational Credit Management Corporation, the arm-breakers of the student debt racket


An private contractor to student debt-holders has a special legal department that goes to bankruptcy court to argue that student loans shouldn't be discharged in bankruptcy, ever. The Educational Credit Management Corporation contracts to the Department of Education, on whose behalf it argues (for example) that debtors who go bankrupt fighting pancreatic cancer should still have to pay back their student loans in full, because "Survival rates for younger patients tend to be higher."

Student debt is the most pernicious kind of debt. It's debt that you take on when you're a teenager, and it's the only debt that can be taken out of your Social Security check. But as bad as the student debt racket is (and it's bad -- no, I mean really bad), I hadn't quite clocked how depraved its bagmen and enforcers could be.

They've been censured by courts for their strongarm tactics, bills have been introduced to make them behave, but they seem unstoppable. Why not? The precarious job-market has convinced Americans to go into $1 trillion worth of student debt, and when that collapses, it'll make subprime look like small change. So, realistically, who's ever going to stop thug bill-collectors from torturing people with terrible illness, or caring for severely disabled loved ones, or facing other unimaginable hardship, in order to bleed whatever they can for the debt-holders who're depending on that trillion bucks being repaid?

Read the rest

Lies of the Daily Mail

Yesterday's New Statesman published a long, nuanced profile of Paul Dacre, editor-in-chief of the despicable Daily Mail. Dacre's a remarkable and contradictory character, profiled with some sympathy but no white-washing by Peter Wilby, but the most striking moment of the piece comes in the first third, when Wilby lays out all the admitted falsehoods and libels published by the Daily Mail -- a list that is incomplete because it only consists of those where retractions, legal action, or other visible signals of falsehood were raised. There's a much longer list of smears and lies about people who couldn't afford to defend themselves from the paper (or couldn't bear to). Still, it's a hell of a list:

Read the rest

GOP declares war on itself

GOP power-brokers have raised a $50M war-chest to fight the nomination of "fools" to GOP seats in the upcoming mid-term elections. Effectively, the Republican big-business-friendly establishment has declared war on the Tea Party, in an effort to ensure donors that the slate will not be full of what Matt Taibbi calls "a bottomless pit of brainless Bachmanns and Cruzes and Santorums, all convinced our Harvard-educated president is a sleeper-cell Arab and that Satan is a literal being intent on conquering Nebraska with U.N. troops."

Taibbi is, as always, fucking incandescent on the subject. He points out the delicious irony of svengalis like Karl Rove and Dick Armey -- who put GW Bush in the White House by gleefully pandering to the ignorant and prejudiced with "faith-based initiatives" to bring in "the nuts" (as Rove calls evangelicals when he thinks he's in private) and Swift-Boating -- now having to keep those people from derailing the party and scaring off all the millionaires and billionaires.

If they're going to keep on donating to the GOP, they need to be assured that the party's elected reps understand that gay marriage and no-abortion-for-rape-victims are just distracting side-shows to win votes, and should be set aside once in office to pursue the serious business of looting the nation and spying on everyone to prevent any kind of popular uprising.

Read the rest

Happy Public Domain Day: works that would enter public domain today, but for copyright extension


Jennifer Jenkins from the Duke Center for the Public Domain writes, "What could have been entering the public domain in the US on January 1, 2014? Under the law that existed until 1978 -- Works from 1957. The books 'On The Road,' 'Atlas Shrugged,' and 'The Cat in the Hat,' the films 'The Bridge on the River Kwai,' '12 Angry Men,' and 'Funny Face,' the musical 'West Side Story' and the songs 'All Shook Up' and 'Great Balls of Fire,' and more -- What is entering the public domain this January 1? Not a single published work."

Read the rest

Replace bank chiefs with small dogs: Chinese top economist


China's former chief economist has excoriated the nation's banking system, which charges high fees and maintains a greedy-large gap between its deposit interest and lending interest rates.

Such a business provides no value, and is merely parasitic on the people: "With this kind of operational model, banks will continue making money even if all the bank presidents go home to sleep and you replaced them by putting a small dog in their seats."

Read the rest

Utility companies go to war against solar


Utility companies across America are fighting solar, imposing high fees on homeowners who install their own solar panels to feed back into the grid. This one was predictable from a long, long way out -- energy companies being that special horror-burrito made from a core of hot, chewy greed wrapped in a fluffy blanket of regulatory protection, fixed in their belief that they have the right to profit from all power used, whether or not their supply it.

Bruce Sterling once proposed that Americans should be encouraged to drive much larger trucks, big enough to house monster fuel-cells that are kept supplied with hydrogen by decentralized windmill and solar installations -- when they are receiving more power than is immediately needed, they use the surplus to electrolyze water and store the hydrogen in any handy nearby monster-trucks' cells. When the wind isn't blowing or the sun isn't shining, you just plug your house into your enormous American-Dream-mobile -- no need for a two-way grid.

This solution wasn't just great because it aligned the core American value of driving really large cars with environmental protection, but also because it was less vulnerable to sabotage from hydrocarbon-addicted energy companies.

Read the rest

Hanes's threat to Hanes Hummus: people might mistake chickpeas for underwear!

Canada's Hanes Hummus has received a legal threat from Hanesbrands, Inc, who make underwear and other textiles, demanding that the four-person company change its name lest the public begin to tragically confuse chickpea paste with undergarments. Hanes Hummus's lawyer wrote a spirited and funny letter explaining why Hanesbrands shouldn't be worried about a separate Hanes trademark over dips and spreads, but given the relative size of the two parties, it seems likely that Hanes Hummus will lose its fight if Hanesbrands continues to play the bully.

"Hanes" is short for Yohannes. Hanes Hummus's founder is named Yohannes Petros. He filed for a trademark on "Hanes Hummus" in Canada and the US.

Read the rest

Bletchley's cybersecurity exhibit will not mention Edward Snowden; McAfee's sponsorship blamed

Bletchley Park's historical exhibit on cybersecurity will not mention Edward Snowden -- possibly the most significant figure in the world of contemporary cybersecurity -- because its corporate sponsor, McAfee, has prohibited them from doing so. A collection of MPs and other government figures have written to Bletchley Park museum to urge them to reconsider. As the Tory MP Dominic Raab says, "Either it's a history exhibition or it's not."

The omission raises disturbing questions about the integrity of Bletchley Park as an independent historical institution, and of the quality of oversight it receives from its board. If the McAfee sponsorship came with the kind of strings attached that prohibited neutral exploration of relevant, even crucial, factual material, it's a sponsorship that never should have been accepted.

I have a letter from the Friends of Bletchley Park on my desk at the office, and I was planning on renewing my membership when I got back from the holidays. This has made me rethink my support of the institution, and now I'm not so sure. I certainly hope that Bletchley reconsiders this decision and upholds its reputation as an institution committed to integrity and education.

Read the rest

Crowdfunding legal challenge by a Texas family whose farm was stolen by Keystone XL

Alan sez, "So there's this woman who decided she wasn't going to give Keystone XL passage rights through her land in Texas. Not even for the few tens of thousands of dollars they offered. And then the story gets weird. In Texas, companies (like TransCanada) can use eminent domain. All they have to do is declare themselves a 'common carrier' which is apparently a one-page form you have to fill out. Keystone did that and then took Julia Crawford's land."

Read the rest

Music publishers claim to own "Silent Night" & ripoff indie Youtube singer; ContentID helps them do it

Adam the Alien has a Youtube channel that earns him some money through Youtube's "monetization" service, which inserts ads and gives him a cut of the money. It worked fine until Youtube's notorious "Content ID" system let some of the biggest music publishers in the world lay claim to the copyright in Adam's video, on the basis that his rendition of "Silent Night" belonged to them -- despite having been composed in 1818 and being firmly in the public domain. Once their claims had been laid, all the money his video generated was diverted to them.

The companies that laid claim to Adam's video are the publishing arms of the biggest record labels on the planet -- BMG, Warner/Chappell, and Universal Music Publishing Group -- and they use an automated system to identify videos and claim them. There is no penalty for automatically generated claims over things that the publishers have nothing to do with, and so, unsurprisingly, their copyright bots are fantastically sloppy and operate with little or no human oversight.

It's a perfect storm of stupidity and greed: Google has given the big publishers a platform that rewards fraudulent claims over indie creators' work; the publishers responded by making plenty of such claims, and all the while decrying "piracy" as the great evil of our day.

Read the rest

NSF study shows more than 90% of US businesses view copyright, patent and trademark as "not important"


In March 2012, the National Science Foundation released the results of its "Business Research and Development and Innovation Survey" study, a rigorous, careful, wide-ranging longitudinal study on the use of trademark, copyright, and patents in American business. The study concluded that, overall, most businesses don't rate these protections as a significant factor in their success (in 2010, 87.2% said trademarks were "not important"; 90.1% said the same of copyright, and 96.2% said the same of patents).

What's striking about the survey is that even fields that are traditionally viewed as valuing these protections were surprisingly indifferent to them -- for example, only 51.4% of software businesses rated copyright as "very important."

In a very good post, GWU Political Science PhD candidate Gabriel J. Michael contrasts the obscurity of this landmark study with the incredible prominence enjoyed by a farcical USPTO study released last year that purported to show that "the entire U.S. economy relies on some form of IP" and that "IP-intensive industries" created 40 million American jobs in 2010. The study's methodology was a so sloppy as to be unsalvageable -- for example, the study claimed that anyone who worked at a grocery store was a beneficiary of "strong IP protection."

The NSF study doesn't merely totally refute the USPTO's findings, it does so using a well-documented, statistically valid, neutral methodology that was calculated to find the truth, rather than scoring political points for the copyright lobby. It's a study in contrasts between evidence-based policy production and policy-based evidence production.

Read the rest

Oklahoma City cops charge Keystone XL protesters with "terrorism hoax" because their banner shed some glitter


Two protesters who held up an anti-Keystone-XL-pipeline banner at the Oklahoma City headquarters of Devon Energy have been charged with perpetrating a "terrorism hoax" because some of the glitter on their banner fell on the floor and was characterized by OKC cops as a "hazardous substance."

The arrest is an extreme example, but it's not an isolated one. Indeed, leaked documents show that TransCanada has an army of spies assembling dossiers on protesters, and has been briefing the FBI and local law on techniques for prosecuting anti-pipeline protesters as terrorists.

Read the rest

Chief cable lobbyist: data caps were never about network congestion, always about profit

Michael Powell used to be the head of the FCC. Now he's the cable operators' chief lobbyist. In a recent speech, he admitted that the cable operators' long-running push for caps on data-usage had nothing to do with congestion, which isn't really a problem for them. Instead, they pursued data-caps as a way of making more money from their customers.

Read the rest