My keynote from the O'Reilly Security Conference: "Security and feudalism: Own or be pwned"

hqdefault

Here's the 32 minute video of my presentation at last month's O'Reilly Security Conference in New York, "Security and feudalism: Own or be pwned." Read the rest

Car Wars: a dystopian science fiction story about the nightmare of self-driving cars

hero_car

Melbourne's Deakin University commissioned me to write a science fiction story about the design and regulation of self-driving cars, inspired by my essay about the misapplication of the "Trolley Problem" to autonomous vehicles. Read the rest

Barnes & Noble's releasing a $50 Android tablet that does all the things Amazon won't let Kindles do

screen_20shot_202016-10-28_20a

Chris Meadows writes, "Barnes & Noble is coming out with a $50 Nook Android tablet, with hardware specs similar to Amazon's $50 Fire. The kicker is, this new Nook tablet will run plain-vanilla Android 6.0 Marshmallow and include the full suite of Google Play apps--unlike the Fire, which only permits installation of those apps Amazon deems suitable. Will this be enough to rescue the ailing Nook brand?" Read the rest

A lightbulb worm could take over every smart light in a city in minutes

animation-2

Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected. Read the rest

Every Android device potentially vulnerable to "most serious" Linux escalation attack, ever

mud_cow_racing_-_pacu_jawi_-_w

The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges. Read the rest

Mercedes' weird "Trolley Problem" announcement continues dumb debate about self-driving cars

3064539-poster-p-1-self-drivin

In 1967, Philippa Foot posed the "Trolley Problem," an ethical conundrum about whether a bystander should be sacrificed to rescue the passengers of a speeding, out-of-control trolley; as self-driving cars have inched toward reality, this has been repurposed as a misleadingly chin-stroking question about autonomous vehicles: when faced with the choice of killing their owners or someone else, who should die? Read the rest

Game developers say no to DRM: "hurts our customers"

zpy6woaiznz8lq3tylq0

The developers behind the hotly anticipated Shadow Warrior 2 have gone on record explaining why they didn't add DRM to their new title: they themselves hate DRM, and understand that DRM disproportionately inconveniences legit customers, not pirates who play cracked versions without DRM. Read the rest

Youtube's new "offline first" product for India treats telcos as damage and routes around them

ytgo-app-screens-preview

Yesterday, Google announced "Youtube Go," an "offline first" version of the popular video service designed for the Indian market where internet coverage is intermittent, provided by monopolistic carriers that have a history of network discrimination, and where people have a wide variety of devices, including very low-powered ones. Read the rest

Demand that HP make amends for its self-destructing printers [SIGN AND SHARE!]

hp-drm-og_0-1

I've written an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation, asking him to make amends for his company's bizarre decision to hide a self-destruct sequence in a printer update that went off earlier this month, breaking them so that they would no longer use third-party ink cartridges. Read the rest

HTML standardization group calls on W3C to protect security researchers from DRM

drm-og-1

The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the manufacturer's permission. Read the rest

If DRM is so great, why won't anyone warn you when you're buying it?

Mr_Yuck_Sticker

Last month, I filed comments with the Federal Trade Commission on behalf of Electronic Frontier Foundation, 22 of EFF's supporters, and a diverse coalition of rightsholders, public interest groups, and retailers, documenting the ways that ordinary Americans come to harm when they buy products without realizing that these goods have been encumbered with DRM, and asking the FTC to investigate fair labeling for products that come with sneaky technological shackles. Read the rest

Help wanted: Director of Technology Policy for Consumer Reports

050056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1177

This is a pretty amazing vacancy: "You will lead Consumer Reports in our effort to realize a market where consumer safety is protected through strong encryption; consumers’ rights to test, repair, and modify their devices are supported by copyright, security, and consumer protection laws; and consumers are empowered to make informed choices about IoT products while being protected by privacy policies regulating the collection, use, and storage of their data. This is a chance to build something big, meaningful, and new." Read the rest

Podcast: How we'll kill all the DRM in the world, forever

I'm keynoting the O'Reilly Security Conference in New York in Oct/Nov, so I stopped by the O'Reilly Security Podcast (MP3) to explain EFF's Apollo 1201 project, which aims to kill all the DRM in the world within a decade. Read the rest

How a digital-only smartphone opens the door to DRM (and how to close the door)

Headphone_jack_3.5mm-1

Fast Company's Mark Sullivan asked me to explain what could happen if Apple went through with its rumored plans to ship a phone with no analog sound outputs, only digital ones -- what kind of DRM badness might we expect to emerge? Read the rest

American Bar Association votes to DRM the law, put it behind a EULA

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1158

Rogue archivist Carl Malamud writes, "I just got back from the big debate on is free law like free beer that has been brewing for months at the American Bar Association over the question of who gets to read public safety codes and on what terms." Read the rest

DRM: You have the right to know what you're buying!

drm-og-1

Today, the EFF and a coalition of organizations and individuals asked the US Federal Trade Commission (FTC) to explore fair labeling rules that would require retailers to warn you when the products you buy come locked down by DRM ("Digital Rights Management" or "Digital Restrictions Management"). Read the rest

Copyright Office to FCC: Hollywood should be able to killswitch your TV

TV-TPC-1.svg_

20 years ago, Congress ordered the FCC to begin the process of allowing Americans to buy their pay TV boxes on the open market (rather than every American household spending hundreds of dollars a year renting a trailing-edge, ugly, energy-inefficient, badly designed box that is increasingly the locus of networked attacks that expose both the home LAN and the cameras and mics that are more and more likely to be integrated into TVs and decoder boxes) -- now, at last, the FCC is doing something about it. Read the rest

More posts