After a week of blockbuster security revelations from Defcon it's important to take a step back and address the ongoing battle by companies to seize a veto over who can reveal defects in their products. Read the rest
It's been ten years since the first warnings about the security defects in pacemakers, which made them vulnerable to lethal attacks over their wireless links, and since then the news has only gotten worse: one researcher found a way to make wireless pacemaker viruses that spread from patient to patient in cardiac care centers, and the medical device makers responded to all this risk by doubling down on secrecy and the use of proprietary code. Read the rest
Last week, I linked to a critique of Google's new "confidential mode" for Gmail and Google Docs, which purports to allow you to send people documents without letting them print, copy or forward them. Read the rest
Before the W3C green-lit its DRM for web-video, we at EFF made a plea to allow bypassing the DRM to add accessibility features like shifting colors to accommodate color-blind people; the leadership dismissed the idea as a mere nice-to-have that companies could be relied on to fix themselves. Read the rest
Jonathan Zittrain (previously) writes, "There’s reason to worry about security for the ever-growing Internet of Things, and it’ll be tempting to encourage vendors to solely control their devices that much more, limiting interoperability or user tinkering. There are alternatives - models for maintaining firmware patches for orphaned devices, and a 'Faraday mode' so that iffy devices can still at least partially function even if they’re not able to remain safely online. Procrastination around security has played a key role in its success. But 'later' shouldn’t mean 'never' for the IoT." Read the rest
Every three years, the US Copyright Office lets the public beg for limited exemptions to Section 1201 of the Digital Millennium Copyright Act, which bans bypassing DRM, even in your own property, even for strictly legal reasons. Read the rest
Every three years, the US Copyright Office asks America about the problems with Section 1201 of the DMCA, which bans breaking DRM even for legal reasons, and America gets to answer with requests for exemptions to this rule. Read the rest
Every three years, the US Copyright Office asks America about the problems with Section 1201 of the DMCA, which bans breaking DRM even for legal reasons, and America gets to answer with requests for exemptions to this rule. Read the rest
EFF has just published an update to its Catalog of Missing Devices (a catalog of things that don’t exist thanks to the chilling effects of Section 1201 of the DMCA): a trio of ads for future artificial pancreas firmwares that illustrate the way that control over devices can magnify or correct power imbalances.
EFF supporter Benjamin McLean was kind enough to send along his "Mashup Maker" as a new entry to EFF Catalog of Missing Devices, a tour through some of the legitimate, useful and missing gadgets, tools and services that don't exist but should. They're technologies whose chance to exist was snuffed out by Section 1201 of the Digital Millennium Copyright Act of 1998, which makes tampering with "Digital Rights Management" into a legal no-go zone, scaring off toolsmiths, entrepreneurs, and tinkerers. Read the rest
Join me, EFF attorney Kit Walsh and iFixit's Kyle Wiens -- along with special guests! -- in a Reddit Ask Me Anything session tomorrow (Thursday) from 11AM-3PM Pacific; we'll be talking about the upcoming Copyright Office hearings on creating exceptions to the DMCA to make room for independent repair and security research. We'll be live here at 11AM tomorrow! Pass it on. Read the rest
When EFF launched its Catalog of Missing Devices, we invited EFF supporters to come up with their own ideas for gadgets that should exist, but don't, because the Digital Millennium Copyright Act bans breaking DRM, even for the most legitimate of purposes. Read the rest
University of Texas law professor Bobby Chesney has developed a detailed syllabus for a course in "Cybersecurity Foundations: Law, Policy, and Institutions" that is aimed at grad students from law, business, engineering, and computer science. Read the rest
Dropbox has published a set of guidelines for how companies can "encourage, support, and celebrate independent open security research" -- and they're actually pretty great, a set of reasonable commitments to take bug reports seriously and interact respectfully with researchers. Read the rest
Many people worry that 3D printers will usher in an epidemic of untraceable "ghost guns," particularly guns that might evade some notional future gun control regime that emerges out of the current movement to put sensible, minimal curbs on guns, particularly anti-personnel guns. Read the rest
"Precision agriculture" is to farmers as Facebook is to publishers: farmers who want to compete can't afford to boycott the precision ag platforms fielded by the likes of John Deere, but once they're locked into the platforms' walled gardens, they are prisoners, and the platforms start to squeeze them for a bigger and bigger share of their profits. Read the rest
The Security Innovation Center is a lobbying group backed by CompTIA, CTIA, TechNet and the Consumer Technology Association for the express purpose of fighting laws that would legalize repairing your own property, or choosing to have it repaired by third parties. Read the rest
