Discere Dev Update
Discere is approaching a usable alpha release. I just need to add support for zip/jar/tar/etc archives, and incorporate my prior PST handler from black friar, then add rudimentary document tagging. Spreadsheets are still a bane – I don’t know what the point is really, they never come out in a readable format without human intervention; I’m wondering about rendering them from an HTML table extraction.
I thought I would just post the above dev log update since I have so little time to blog right now. As a quick explanation, Discere is a part of my dissertation work, and is a subset of my Blackfriar project. Discere is intended to be an eDiscovery / Document review system with robust index/search capabilities, while Black Friar is the overarching project linking digital forensic acquisition / preservation data into a reviewable / produce-able format. All of it relies on a substantial number of Open Source projects to leverage existing, robust projects into a tool usable by anyone. It is also cross-platform to address the increasing number of Mac and Linux systems found in the legal environment (trust me, half of my law school classmates are on macs right now, and I am noticing an increase in usage with clients I do expert work for).
Corporations have no personal privacy + SCOTUS Snark Watch
Extra, extra, read all about it – AT&T doesn’t have personal privacy [within the meaning of Exemption 7(C) to the Freedom of Information Act] (“[C]ould reasonably be expected to constitute an unwarranted invasion of personal privacy”).
The case is fairly straight forward
AT&T – Personal is an adjective form of Person, and congress said Corporations are Persons.
FCC – uh… no?
Third Circuit – Yeah, they totally have personal privacy
SCOTUS – uh… no, srsly?! lol what?!
Some stuff about nouns and adjectives.
But then there is some fun snark:
The noun “crab” refers variously to a crustacean and a type of apple, while the related adjective “crabbed” can refer to handwriting that is “difficult to read,” Webster’s Third New International Dictionary 527 (2002); “corny” can mean “using familiar and stereotyped formulas believed to appeal to the unsophisticated,” id., at 509, which has little to do with “corn,” id., at 507 (“the seeds of any of the cereal grasses used for food”); and while “crank” is “a part of an axis bent at right angles,” “cranky” can mean “given to fretful fussiness,” id., at 530.
The protection in FOIA against disclosure of law 12 FCC v. AT&T INC. Opinion of the Court enforcement information on the ground that it wouldconstitute an unwarranted invasion of personal privacy does not extend to corporations. We trust that AT&T will not take it personally.
I’m probably just reading into this too much, but there is at least some snark coming out of the unanimous SCOTUS smack down.
HBGary.* part II
More information, or at least a more coherent complete set of information, is available as of this morning from Ars Technica. They have done a really good job of putting the pieces into a clear picture. What I heard in passing seems to be correct, the initial compromise was a SQL injection and the rest of the time line goes from there. The hackers in question apparently compromised the mail server for a number of hours before moving further and monitored email communications for over 30 hours undetected.
The HB Gary, Inc. CEO tried to reason with anonymous to avoid the email disclosures (IRC Log while it remains up). This part was a little painful to read because it is easy to empathize with someone whose company’s value is essentially being destroyed because someone else stirred the hornet nest – but once data like that has made it into multiple hands, distributed technology is distributed technology, there really is no going back.
Aaron Barr – the individual from HB Gary Federal whose ‘research’ started this mess – was looking to do primitive data mining and correlation with social networking data to identify individuals from anonymous as well as geographic regions they were located in. According to the quotes and excepts on Ars, his hypothesis was (a) individuals friended by his targets would be less likely to secure or censor identifying information, (b) that someone’s location could be extrapolated by looking at the general geographic locations of their friends (I assume his idea was most friends would be local friends), and (c) by correlating activity times of posts to social networking sites with presence in IRC channels a connection could be drawn from IRC handle to real life identity. He appears to have had something similar to success as the chat logs indicate he had identified people connected to Anonymous members, but some of those individuals were innocent (e.g. false positives) – one of the individuals in the chat logs’ girlfriend was identified, for example. Continue reading
P2P lawsuits examined with graph theory
P2P infringement cases are fascinating for several reasons. They are the essence of my argument the intersection of law and technology is going to be a significant one in the future once courts become more widely cognizant of the difference between abstraction and implementation. A case I am keeping tabs on now ACHTE/NEUNTE v DOES 1-2,094 is interesting because of the argument advanced regarding the BitTorrent protocol.
To review, with BitTorrent and most modern P2P protocols an individual offers to share a file. Various users locate files of interest to them. Traditionally, in the BitTorrent model the users locate a torrent file from a search engine or some other source, the torrent file points to a tracker which delivers a list of contacts to the program who have portions of the desired file. The program requests parts of the file from a variety of sources and reassembles the file once all the parts are downloaded.
Social media, 3rd party data storage, and warrants
Just a quick post about this article which I came across this morning regarding warrants going after facebook data. This is a very interesting trend with both privacy as well as public policy implications for the continued advancement of technology. One of my colleagues, who I did some privacy and ethics writing with earlier this year, and I have been preparing a paper on the problems the border searches of laptops cause from a technology adoption perspective – essentially our argument in brief involves technology becoming more and more a form of external cognition, and such searches discourage the continued progress for fear of privacy violations.
The flip side of this argument, is technology is adaptive and the past has demonstrated a continued evolution of technical solutions to circumvent legal interference. The evolution of peer2peer networks from Napster to the Pirate Bay and beyond is particularly illustrative. Attempts by US corporations and ICE to shut down these systems have met with increasingly sophisticated adaptations – decentralization, distributed trackers, moves to DNS registrars and TLDs outside of US jurisdiction, encryption, private tracking and so forth.
The former, chilling effect on technology adoption, is more applicable to low technology users who are not competent to judge the measure of their privacy in an online ecosystem. The latter is more applicable to high technology users – early adopters with significant technical savvy and understanding of the implementation details these systems use. Low technology users are more apt to unwittingly void their privacy even if their expectations of it are objectively unreasonable or to not adopt the technology out of fear. High technology users are more likely to meet the legal challenges with technical solutions – like an immune system – to move the technical state of the art continuously ahead of the legal competence.
There is a paper in here somewhere, but that will have to wait until I return from my study abroad session and get back into work mode.