There's all sorts of interesting security research being done out there, but sometimes you just sort of shake your head. A new report has come out that folks with fancy new smartphones that have large touchscreens may face a threat because the smudges left on the screen could indicate passwords. It certainly makes for a good headline... but... seriously? Has this ever happened? Doubtful. How likely is it to happen? It seems exceptionally unlikely. I recognize the importance of exploring different potential security vulnerabilities, but this one seems a bit far-fetched.
Of course, the more pertinent question may be how secure BlackBerry communications have ever been. One of the big complaints from the UAE and Saudi Arabia (and others) is that they believe RIM already lets certain governments access content flowing across their network. And, of course, no one seems willing to come out with a straight answer one way or the other on whether or not that's an accurate statement. However, as the NY Times article above makes clear, whether or not governments really do have access to RIM's network probably isn't as meaningful as some believe, since there are multiple different potential points of access for anyone wishing to monitor messages. About the only thing that is clear is that if you're communicating online, it's probably best to assume that, sooner or later, someone other than the intended recipients will probably see it.
theodp writes "Appearing Thursday on The View, President Obama lamented that his BlackBerry was no fun anymore, noting that only about 10 people had his BlackBerry personal e-mail address. 'I've got to admit it's no fun because they think it's going to be subject to the Presidential Records Act so nobody sends me the juicy stuff,' he ruefully added. Coincidentally, the USPTO disclosed on Thursday that IBM has a patent pending for a Cellular Telephone Using Multiple Accounts, which provides multiple SIM card slots to address the problems faced by 'an elected official [who] may be under legal restraints regarding the nature of calls which may be made from a particular telephone.' Without its invention, explains Big Blue, 'an official may use one telephone for calls in an official government capacity; another for calls to a re-election committee; and another for purely personal use.' IBM ran to the patent office with details of the new 'invention' (image) just days after Obama was told he could keep his BlackBerry for personal use, but would have to use an NSA-approved phone for anything government related."
Ash Crill alerts us to the news that the United Arab Emirates has announced plans to ban the use of Blackberries, and that Saudi Arabia has announced its intention to do the same. The issue is one we've seen before. The way the Blackberry works is all the data is encrypted and sent through RIM's servers. This pisses off governments who want to spy on the data. RIM, in the past, has noted that it has no way of spying on the email, even if some governments claim to have figured it out anyway (a claim that seems somewhat dubious as that same government later demanded RIM break the encrytpion again). It appears that a lot of folks in the UAE are quite upset about this -- especially as parts of the UAE (Dubai in particular) have spent the last decade plus trying to present themselves as an ideal place for foreign business activity.
In all of the fuss, hype and obsession over the iPhone/iPad app store, people seem to forget that when the iPhone first launched, it had no app store and no ability for third party developers to create native apps. Instead, Steve Jobs suggested the high quality Safari browser on the iPhone meant the end of native apps, as everything could and should just be done in HTML. And yet, a year later, Steve Jobs totally changed his tune, the iPhone app store was launched, and suddenly this obsession with everything "apps" began. Of course, the media industry fell in love, because they thought that they could regain an element of control, thanks in part to Apple's incredibly arbitrary iron fist over what got into the store.
And yet... in all of that, it seems that many people forgot that original promise of apps all just being created in HTML. Indeed, if you look beneath the surface, you would realize that many iPhone apps really are just made in HTML and then compiled into being native iPhone apps. Using HTML alone, you can access many of the phone's features and certainly create all sorts of apps. But still, there has been general anger over Apple's mercurial gatekeeper activities. Back in January, we noted that Google had remembered the ability to create apps via HTML and had simply routed around the App Store. It made us wonder why others weren't doing it too.
While there have been a few "independent" app stores for the iPhone, they've all required jailbreaking the phone. And while that's now officially legal as per the Library of Congress, it's still not something your everyday iPhone user wants to do. So I've been somewhat fascinated by a new offering that's launching today called OpenAppMkt, which effectively creates a brand new app market for iPhones all via HTML (both the openappmkt app itself, and all the apps in it are HTML based). The experience is very much like the regular app store, with the small exception of having to tap the "add to home" button:
While many of the initial offerings in the OpenAppMkt are free, it does let developers charge for their apps as well. Effectively, this is an entire "app market" for the iPhone that simply routes around Apple as a gatekeeper, and there's really not much that Apple can do to stop it. And, of course, since the apps in the OpenAppMkt are just HTML, it likely won't be difficult for OpenAppMkt to extend this to other platforms as well, such as Android (even though Android's much more open market means that there's less of a reason to developers to use OpenAppMkt for Android).
Overall, this fascinates me for two reasons. First, it's good to get more people realizing that HTML is already pretty damn good at creating app-style experiences, without having to create special compiled code and, second, it's a really clever way to totally route around Apple as a gatekeeper (without requiring a jailbreak), and is a reminder that even on "closed" systems, openness will often find a way.
It's been funny watching the usual anti-Google forces try to make something bigger out of Google's accidental WiFi sniffing via its Street View vehicles. As has been explained in detail, it's not hard to understand how the data was collected accidentally. Even though it is bad that Google didn't realize this, there is no indication that Google ever did anything with the data, or that any sensitive data was collected. After all, if you're doing something sensitive online, it's hopefully via an encrypted channel -- and most email and all banking sites would be.
But, of course, lots of governments are "investigating." I fully expect some less-technically savvy government groups to get confused about this and still condemn Google, but the UK's investigation has found that Google did not collect sensitive data:
The ICO said in a statement: "On the basis of the samples we saw, we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data."
It added: "There is also no evidence - as yet - that the data captured by Google has caused or could cause any individual detriment."
Well here's a surprise. The US Copyright Office finally used its obligated DMCA exemption rulemaking process to support exemptions that protect consumers. As you may recall, every few years the US Copyright Office is obligated, by law, to listen to requests for specific classes of work that should be exempted from the DMCA's anti-circumvention clause and then recommend that the Library of Congress adopt certain exemptions (if it so chooses). Usually the exemptions are extremely limited and do little to protect consumers. In fact, in the past, the EFF has argued it wasn't even worth requesting exemptions for consumer issues, saying the process was "simply too broken." This year, however, they did participate, and actually got some things through.
Included in the rulemaking were exemptions that say jailbreaking smartphones is legal, saying:
"When one jailbreaks a smartphone in order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone or the maker of its operating system, the modifications that are made purely for the purpose of such interoperability are fair uses."
Separately, it approved getting around DRM on DVDs for use in non-commercial or educational video works. This is a blow to Hollywood, which in the past has tried to suggest that if educational institution want to use a fair use clip from a video, they should just set up a video camera on a tripod pointed at a TV screen playing the DVD. That said, the Copyright Office made it clear that these uses are very limited, and must be for purposes of "criticism or comment," and the maker of the new work must show that the circumvention is "necessary" to make the video work, saying "where alternatives to circumvention can be used to achieve the noninfringing
purpose, such noncircumventing alternatives should be used." That seems extremely limiting, since you can almost always claim that some sort of alternative could be used.
The EFF also notes that the Copyright Office renewed one good exemption from a previous rulemaking, while clarifying what it covered, where it noted that unlocking a mobile phone to take it to another network is not violating the DMCA.
There were some additional classes approved, including video game DRM, in certain cases, where the DRM is being broken for the sake of security testing. They also approved getting around DRM in the form of computer dongles when those dongles are considered "obsolete," defined as "no longer manufactured or if a replacement or repair is no longer reasonably available in the commercial marketplace." This one is also basically an expansion of an earlier ruling. The final one is also more or less a repeat of earlier rulemakings, concerning allowing ebooks to be read aloud for the blind -- even though the Copyright Office recommended against it, the Librarian of Congress included it anyway.
Separately, it is notable what was requested and rejected, but we'll do a separate post on that later.
Regular Techdirt commenter Max Davis (who I believe may be involved in this lawsuit) passed along the news that all the big US mobile operators have been sued -- including AT&T, Verizon Wireless, Sprint and T-Mobile -- under the claim that their MMS platforms are really illegal file sharing networks, and that these operators are no different than Limewire or Gnuttella. Yes, seriously -- the email Max sent repeatedly refers to MMS and Limewire as if they were the same. Here's the complaint:
Honestly, the whole lawsuit seems ridiculous. Here's the crux of it:
Defendants, and each of them, enabled the transfer/transmission and publication of this copyright protected content via mobile devices by building and implementing a peer to peer file sharing network with the dedicated purpose of enabling end users to share multimedia files via this MMS network. Defendants, and each of them, profited from these activities by charging the transmitter and receivers of this content a fee or flat rate for the transfer/transmission that resulted in the publication of said content. Despite charging the transmitter and receiver a fee for the delivery of this copyrighted content, Defendants, and each of them, failed to compensate the holder of the copyrights for this content that was necessary in generating the MMS data revenue. Furthermore, Defendants, and each of them failed or refused to provide a system where an adequate accounting of the transfer/transmission and publication of this copyrighted content could be made.
Basically, this company, Luvdarts, made MMS content, and it got distributed via MMS. Since recipients of MMS can forward the MMS data they receive, such content got forwarded around. Since the mobile operators receive revenue for MMS data, Luvdarts is effectively claiming that they are profiting off the infringement of Luvdarts content. This makes no sense. It's like saying that any email provider is infringing on the copyrights of email writers by letting recipients forward emails. You know those chain emails that get passed around? Imagine if one of the authors of those then sued all the big email providers. It would get laughed out of court. Hopefully, this lawsuit gets laughed out of court too.
The one oddity is that the lawsuit claims that the mobile operators do not qualify for DMCA safe harbor protections, because they're "not service providers" as defined in the DMCA. Specifically:
The transmission of this MMS data is not covered by the exemption for Internet Service Providers as set forth in 17 U.S.C. §512 because the wireless carriers are not Internet Service Providers as defined by §512 while providing a dedicated MMS network for multimedia file sharing.
Really? If you haven't read your §512 lately, why not go take a look and explain how a mobile operator offering MMS is not covered. It certainly seems covered by the definition:
Definitions.--
(1) Service provider--
(A) As used in subsection (a), the term "service provider" means an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received.
(B) As used in this section, other than subsection (a), the term "service provider" means a provider of online services or network access, or the operator of facilities therefor, and includes an entity described in subparagraph (A).
Help me out. Where are mobile operators offering MMS features excluded? Looks like yet another frivolous lawsuit. But, of course, Luvdarts is demanding the statutory maximum of $150,000 per infringement, and claims "9,999 to 100,000 counts of
infringement" (broad enough range there?). Good luck, Max.
These days, lots of smartphones have apps for tracking the location of the phones, so stealing one of them is probably becoming increasingly risky for thieves. But, still, in a move that didn't bode well at all, Horatio Toure supposedly used his bicycle to ride up to a woman in San Francisco carrying an iPhone, and snatched it out of her hands. The only problem? The woman had it to demo a new "real-time GPS tracking program." It took all of about 10 minutes for the police to track down Toure, about a half a mile away. Nice work.
We've always found the concept of blank media "levies" to be strange. They're a kind of "you must be a criminal" tax, that aims to shoehorn in an unworkable business model in a way that highly distorts an actual market. But, of course, then people become reliant on that distorted market as well. So I find it somewhat amusing to see an article pointing out that content creators in Sweden are now "losing out" on revenue from blank CD levies, because people no longer buy blank CDs and DVDs (who needs 'em any more?). The article, of course, was pushed by the organization that collects and distributes the levy, Copyswede, as part of its effort to expand the levy to internet connections and hard drives and such:
We don't currently receive any revenue from hard drives or telephones despite legislation decreeing that fees should apply to any products that are particularly suitable for piracy. The pattern we think we're seeing is one of piracy moving to external hard drives and USB flash drives while telephones are being used for storage...
And what makes you think you should automatically get free money from people using these technologies when the content creators you represent fail to adjust or adapt at all? But rather than adapt, Copyswede is just taking the position that more technologies should be taxed and the market should be distorted further. The plan is to tax mobile phones 100 kronor (about $14), because having the government step in and force people to give you money is, you know, a lot easier than actually having to work for a living.
