2013年1月29日 星期二

The Most Ridiculous Law of 2013 (So Far): It Is Now a Crime to Unlock Your Smartphone

www.theatlantic.com

ADVISORY
BY DECREE OF THE LIBRARIAN OF CONGRESS
IT SHALL HENCEFORCE BE ORDERED THAT AMERICANS SHALL NOT UNLOCK THEIR OWN SMARTPHONES. 

PENALTY: In some situations, first time offenders may be fined up to $500,000, imprisoned for five years, or both. For repeat offenders, the maximum penalty increases to a fine of $1,000,000, imprisonment for up to ten years, or both.* 

That's right, starting this weekend it is illegal to unlock new phones to make them available on other carriers.

I have deep sympathy for any individual who happens to get jail time for this offense. I am sure that other offenders would not take kindly to smartphone un-lockers.
But seriously: It's embarrassing and unacceptable that we are at the mercy of prosecutorial and judicial discretion** to avoid the implementation of draconian laws that could implicate average Americans in a crime subject to up to a $500,000 fine and up to five years in prison.

If people see this and respond, well no one is really going to get those types of penalties, my response is: Why is that acceptable? While people's worst fears may be a bit unfounded, why do we accept a system where we allow such discretionary authority? If you or your child were arrested for this, would it comfort you to know that the prosecutor and judge could technically throw the book at you? Would you relax assuming that they probably wouldn't make an example out of you or your kid? When as a society did we learn to accept the federal government having such Orwellian power? And is this the same country that used jury nullification against laws that it found to be unjust as an additional check upon excessive government power? [The only silver lining is that realistically it's more likely that violators would be subject to civil liability under Section 1203 of the DMCA, instead of the fine and jail penalties, but this is still unacceptable (but anyone who accepts payments to help others unlock their phones would clearly be subject to the fine of up to $500,000 and up to five years in jail).]

WHO REALLY OWNS YOUR PHONE?

When did we decide that we wanted a law that could make unlocking your smartphone a criminal offense?

The answer is that we never really decided. Instead, Congress passed the Digital Millennium Copyright Act (DMCA) in 1998 to outlaw technologies that bypass copyright protections. This sounds like a great idea, but in practice it has terrible, and widely acknowledged, negative consequences that affect consumers and new innovation. The DMCA leaves it up to the Librarian of Congress (LOC) to issue exemptions from the law, exceptions that were recognized to be necessary given the broad language of the statute that swept a number of ordinary acts and technologies as potential DMCA circumvention violations.

Every three years groups like the American Foundation for the Blind have to lobby Congress to protect an exception for the blind allowing for books to be read aloud. Can you imagine a more ridiculous regulation than one that requires a lobby group for the blind to come to Capitol Hill every three years to explain that the blind still can't read books on their own and therefore need this exception?

Until recently it was illegal to jailbreak your own iPhone, and after Saturday it will be illegal to unlock a new smartphone, thereby allowing it to switch carriers. This is a result of the exception to the DMCA lapsing. It was not a mistake, but rather an intentional choice by the Librarian of Congress, that this was no longer fair use and acceptable. The Electronic Frontier Foundation among other groups has detailed the many failings of the DMCA Triennial Rulemaking process, which in this case led to this exception lapsing.
Conservatives should be leading the discussion on fixing this problem. Conservatives are understandably skeptical of agencies and unelected bureaucrats wielding a large amount of power to regulate, and are proponents of solutions like the REINS Act (which has over 121 co-sponsors). However, if Congress truly wants to rein in the power of unelected bureaucrats, then they must first write laws in a narrow manner and avoid the need for intervention by the Librarian of Congress to avoid draconian consequences, such as making iPhone jail-breakers and smartphone un-lockers criminals, or taking away readable books for the blind.

If conservatives are concerned of unelected bureaucrats deciding upon regulations which could have financial consequences for businesses, then they should be more worried about unelected bureaucrats deciding upon what is or isn't a felony punishable by large fines and jail time for our citizens. And really, why should unelected bureaucrats decide what technological choices you can make with your smartphone? These laws serve to protect the interests of a few companies and create and maintain barriers to entry.
But there is another matter of critical importance: Laws that can place people in jail should be passed by Congress, not by the decree of the Librarian of Congress. We have no way to hold the Librarian of Congress accountable for wildly unfair laws. There are still plenty of crazy laws passed by elected officials, but at least we can then vote them out of office.

There are numerous other problems with the DMCA. As I explained in an essay for Cato Unbound:
"The DMCA bars developing, selling, providing, or even linking to technologies that play legal DVDs purchased in a different region, or to convert a DVD you own to a playable file on your computer. Because no licensed DVD playing software is currently available for the Linux operating system, if a Linux user wishes to play a DVD that they have legally bought, they cannot legally play it on their own computer.
In order to regulate this anti-circumvention market, the DCMA authorizes injunctions that seem to fly in the face of First Amendment jurisprudence on prior restraint. The DMCA also makes companies liable for copyright infringement if it doesn't remove content upon notification that someone believes the content infringes their copyright - this creates a very strong business interest in immediately taking down anything that anyone claims is infringing to not be liable. Christina Mulligan's essay for Copyright Unbalanced details how in mid-July 2012 a Mitt Romney campaign ad hosted on Youtube was forcibly removed from the site, and in 2008 Youtube blocked several John McCain ads for more than 10 days. As Mulligan details, the ads were legitimate under "fair use." Allowing individual people to veto political speech that they do not like stifles free expression and political dialogue and even if a rare occurrence under the DMCA should not be taken likely. There are also other examples of abuse, Mulligan details that one group had all Justin Bieber songs removed from Youtube as a prank."
And if you thought this was bad, provisions of the DMCA relating to anti-circumvention are part of the Trans-Pacific Partnership (TPP) Treaty -- and the United States is the party asking for it as part of the negotiations. Placing it in the treaty will enact our dysfunctional system on an international level in countries that don't want it, and it will "re-codify" the DMCA in an international treaty making it significantly more difficult to revise as necessary. Copyright laws are domestic laws and they need to be flexible enough to adjust accordingly to not inhibit new innovation.
I for one am pro-choice with regard to my smartphone. Our representatives ought to be, as well.
__________________________
* Specifically this refers to Section 1204 of Public Law 105-304, which provides that "any person who violates section 1201 or 1201 willfully and for purposes of commercial advantage or private financial gain. . .[shall be subject to the listed penalties]." However, given copyright laws broad interpretation by the courts, it could be argued that merely unlocking your own smartphone takes a device of one value and converts it into a device of double that value (the resale market for unlocked phones is significantly higher) and therefore unlocking is inherently providing a commercial advantage or a private financial gain - even if the gain hasn't been realized. In other words, unlocking doubles or triples the resale value of your own device and replaces the need to procure the unlocked device from the carrier at steep costs, which may be by definition a private financial gain. Alternatively, one can argue that a customer buying a cheaper version of a product, the locked version vs. the unlocked version, and then unlocking it themselves in violation of the DMCA, is denying the provider of revenue which also qualifies. There are several cases that have established similar precedents where stealing coaxial cable for personal use has been held to be for "purposes of commercial advantage or private financial gain." (See Cablevision Sys. New York City Corp. v. Lokshin, 980 F. Supp. 107, 109 (E.D.N.Y. 1997)); (Cablevision Sys. Dev. Co. v. Cherrywood Pizza, 133 Misc. 2d 879, 881, 508 N.Y.S.2d 382, 383 (Sup. Ct. 1986)).

** The Ninth Circuit recently explained in United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) that under a "broad interpretation of the [Computer Fraud and Abuse Act (CFAA) you could be prosecuted for personal use of work computers]." The court explained that under this approach "While it's unlikely that you'll be prosecuted for watching Reason.TV on your work computer, you could be [emphasis in original]. Employers wanting to rid themselves of troublesome employees. . . could threaten to report them to the FBI unless the quit. Ubiquitous, seldom-prosecuted crimes invite arbitrary and discriminatory enforcement." The Court rejected this interpretation which would have made regular activity by average citizens as a potential felony and ruled that running afoul of a corporate computer use restriction does not violate the CFAA. It's possible that here a court would use judicial discretion to narrowly interpret the DMCA and reject the broad definitions that are typically advanced by the government.

2013年1月16日 星期三

Open Source Workshop (Feb 2013) and Hacking Thursday HK (This Thurs 17/Jan)

Two open source events are coming in the town.
又有兩個開放源碼活動啦。

1. Hacking Thursday Hong Kong 2013-01 (***This Thursday***, 17-Jan-2013)
(Cantonese and English as well)
please RSVP at http://registrano.com/events/82b652 first for our advanced cafe booking.
Cafe: Miracle House at Flat 697, 3/F Winner Mansion, 691-697 Nathan Road, Mong Kok.

Minimum charge by cafe: a dinner set $70-110/head.
Organizer: Hong Kong Linux User Group. (Mr Wong)

2.
Open Source Workshop (Feb 2013) 

 
Date/Time: 2 Feb 2013, Sat 14:30-18:00
Venue: Classroom Y5-306, 5/F Academic 1, City University of Hong Kong, Kowloon Tong.

Agenda:
  • Talk: Past, Present and Future of IBus for Hong Kong users
  • Hackfest: Usability testing of ibus-cangjie
  • Hackfest: Raspberry Pi
Organizers:
  • Open Source Hong Kong.
  • Opensource Application Knowledge Association.
  • Hong Kong Linux User Group.

2013年1月14日 星期一

Java推補鑊程式

蘋果日報

【本報訊】美國國土安全部早前發警告指Java程式有嚴重保安漏洞,呼籲全球用戶停用和解除安裝Java。Java所屬的甲骨文公司(Oracle)發聲 明,表示短期內會發表修補程式堵塞保安漏洞,以免用戶電腦被黑客入侵。

僅最新版本軟件有漏洞

聲明指,僅應用於互聯網瀏覽器的Java最新版本軟件「JDK7」有保安漏洞,直接用在電腦、伺服器等裝置的Java應用程式不受影響。路透社引述防毒軟 件公司的報告指,去年逾半數網絡攻擊涉及Java,黑客循Java漏洞入侵用戶電腦,第二常用入侵途徑是透過Adobe Reader,佔28%。
本 港政府資訊科技總監辦公室早前建議市民,在軟件商提供修補程式前,停用瀏覽器的Java功能,只在政府或銀行等可信網站有需要使用Java時才暫時啟動。 香港保安事故協調中心指,黑客可在有Java漏洞的網站植入黑客程式,連網主也未必知道。當網民瀏覽網頁時,黑客程式會自動啟動盜取密碼控制網民電腦,或 將電腦內的資料加密,向機主勒索金錢。

2013年1月13日 星期日

Java 爆保安漏洞 港府籲停用

文匯報

美國國土安全部上周四發出警告,指甲骨文公司旗下的Java軟件發現嚴重保安漏洞,可能被黑客利用入侵電腦, 呼籲所有用戶應立即停用。由於全球主要作業系統及網上服務都有使用Java,估計可能有數以億計電腦受影響。甲骨文計劃於後日發表修補漏洞的更新檔,呼籲 用家盡快安裝以策安全。

 香港不少政府電子服務及商業機構都有使用Java,包括「稅務易」或「繳費靈」網站等,政府資訊科技總監辦公室及電腦保安專家建議,市民在軟件商提供修補程式前,應暫時停用Java。

 不少需要登入的港府網站規定使用Java,若瀏覽器沒開啟Java,用戶無法登入。港府資訊科技總監辦公室回應指,保安事故協調中心會密切注視事態進展。辦公室表示,在一些可信任網站,如政府網站有需要使用Java時,才暫時啟動,之後立即停用。

暫無解決辦法 美促移除 

 美國國土安全部旗下「電腦安全緊急應變小組」(CERT)指,Java的漏洞受到公開攻擊,黑客亦製成針對漏洞的網絡攻擊工具,料有更多漏洞曝光及遭攻擊。CERT表示,尚未發現可行解決方法,建議用戶解除安裝或停用。 

 Java是軟件編程語言之一,由於具有跨平台特色,能在微軟視窗、蘋果OS X及Linux等作業系統使用,故廣受電腦及網絡程式編寫員歡迎,香港除政府網站外,不少拍賣和遊戲網站都有使用Java。不過Java向來漏洞多多,加 上使用廣泛,故屢成黑客目標。俄羅斯防毒軟件生產商卡巴斯基數據顯示,去年全球網絡攻擊中,針對Java的攻擊佔了一半。

可盜密碼鎖機 防毒軟件難防 

 網絡安全專家指出,黑客有可能透過Java漏洞,在用戶電腦安裝惡意軟件,藉以操控電腦運作,盜取用戶密碼,或把電腦作為傀儡發動網絡攻擊。黑客亦可蓄意鎖定電腦,要求受害者付錢才解鎖,或是向用戶兜售偽冒的防毒軟件圖利,防毒軟件未必可以預防。
 蘋果周四晚上透過遙距操作修改Mac電腦運作守則,暫時禁止Java運作,等待修正檔。Firefox瀏覽器研發團隊Mozilla亦表示,已修改瀏覽器運作Java的準則,只有在用戶同意下才會啟用Java。

■綜合外電消息/路透社/CNET/《今日美國報》