Brexit Deal Copied And Pasted Recommendations For Netscape, Outdated Encryption

from the I'm-sure-this-will-all-go-great dept

You'd think a massive and controversial deal to sever the UK from the European Union, impacting the lives of millions of people over the better part of the next generation, would contain a certain amount of... precision.

Not so much.

After a long, contentious debate and some last minute haggling over fish, the final agreement governing the United Kingdom and European Union’s trade relations for decades was finalized last week. But when security researchers dug through the wording of the final agreement (which you can peruse here (pdf)), they found a bunch of indications of laziness.

Including, apparently, recommendations to protect yourself from cyberattacks by using a web browser (Netscape) that stopped being updated somewhere around 1997 or so:

As the BBC notes, the language appears to have been copied and pasted from a 2008 law, and the recommendations were already outdated then. While it's reflective of the rushed and sloppy nature of the effort, the Netscape recommendation isn't that big of a deal, given it's simply cited as an example of a "modern e-mail software package” and will likely be ignored. More troubling however is the document's recommendation of using 1024-bit RSA encryption and the SHA-1 hashing algorithm, both outdated and vulnerable to cyber-attacks:

" the SHA-1 hashing algorithm has been demonstrated to be vulnerable to collision attacks, and computing power has advanced such that 1024-bit RSA encryption can be broken in a sensible time frame by anyone with sufficient GPU power to give it a try. It’s clear that something is amiss in the drafting of this treaty, and we’d go so far as to venture the opinion that a tired civil servant simply cut-and-pasted from a late-1990s security document."

While you'd hope the recommendations won't be taken seriously, it still suggests a certain amount of... half-assedness that doesn't bode particularly well for the broader agreement, the finer details of which will impact the lives of real human beings for decades.

Filed Under: brexit, copy paste, encryption, eu, trade deals, uk
Companies: netscape

Notable: Harvard Didn't Try To Claim Ownership Of Facebook

from the hopefully-that's-policy,-not-luck dept

With the big Facebook IPO dominating the tech news, the folks over at the Boston Globe have highlighted a point that hasn't received much, if any, attention. Mark Zuckerberg created Facebook (with the vestigial "the" as a prefix) while he was a student at Harvard. Many universities these days claim ownership of any kind of company that students create while there. But, in this case, Harvard did absolutely nothing. The article contrasts that to Google (Stanford took a chunk) and Netscape (University of Illinois got into a nasty legal fight leading to a cash settlement).

A lot of this goes back to the ridiculous infatuation universities have had over the past few decades with trying to justify their failing tech transfer offices. Tons of universities set up "tech transfer" offices in the 80s (at the urging of the federal government, and driven by the disastrous Bayh-Dole Act). These universities had visions of massive profits flowing back when companies used the ideas of their brilliant researchers and commercialized them. The problem, of course, is that this is not how innovation actually works. Turning pure research into a product is not a simple process, and it doesn't happen very often. Great companies are usually driven by fulfilling consumer needs, not spotting some random bit of research. But the tech transfer offices overvalued their research, insisting that the idea was the key part, and thus they should be paid handsomely for it. For the vast majority of universities that has proven to be a huge failure. Tech transfer offices cost significant money to set up and staff, however, so universities have recognized that what was supposed to be a profit center has been a significant black hole for money. In response, there's been an increased focus on trying to claim ownership of any successful startup created by students, really as a weak attempt to justify the massive disaster of their tech transfer setup.

But Harvard -- whether it was wisely or due to ignorance -- chose not to go that path. And, as the article notes, this actually has reflected quite well on the school:

Fortunately, Harvard’s minor role in Facebook’s history has attracted a different reaction: a star-studded Hollywood blockbuster, a reinvigorated reputation as a dream school for entrepreneurial teens, and warm feelings among millionaire alumni who may become large donors. By contrast, few know that modern web browsing was born at the University of Illinois, and Netscape’s embittered founders vowed never to give another dime to their alma mater-turned-adversary.

The article covers a few other crazy cases, including one where a former student ended up in jail in a dispute with the University of South Florida. Similarly, the University of Missouri apparently tried to claim ownership of a popular iPhone app, because the student had entered it into a university business plan competition.

In an age where we see so much overclaiming and this ridiculous growth of "ownership society" where everyone tries to claim ownership over "ideas" they had little to do with, Harvard really does deserve kudos for not going down that path.

Filed Under: harvard, ipo, mark zuckerberg, stanford, university of illinois
Companies: facebook, google, netscape