Saturday, 28 March 2009
Maybe to palliate this pronostic, the French Home Secretary announced a series of measures to fight cybercrime. Filtering for child porn, and linking the Complaint website of Internet-signalement.gouv.fr to a European website managed by Europol. The last is good news; not sure the first is feasible...
"Michèle Alliot-Marie durcit la lutte contre la cybercriminalité" (JDN 25 March 2009)
Wednesday, 25 March 2009
and the University of Troyes (France) being a partner to the project "L'Université de technologie de Troyes gonfle ses formations en cybercriminalité" (JDN, 12 March 2009)
"Tracking Sex Offenders With GPS Isn't A Bulletproof Solution" (TechDirt 12 March 2009)
"Lawyers Use Juror's Twitter Messages As Basis For Appeal" (TechDirt, 18 March 2009)
I can't help thinking about the question of whether President Obama should access his Blackberry (distraction or no distraction?...)
"La valeur probante de l’écrit numérique" (JDN, 18 February 2009) - Cour de Cassation le 4 décembre 2008 (pourvoi n°07-17622)
The first article relates a survey where 80% German 20yrs old people interviewed said they would prefer to keep their internet connection rather than their partner or car. If true (and again, questions of methodology of the survey), that says a lot about the value attached to bodied relationships: body people are not deemed important. Thus, is it that silly to argue that the next step is an effect of video games on bodied violence if the person is considered as an object rather than a subject? Whatever are the flaws of the surveys done in that respect, I would disagree with the conclusion: there is no strong evidence so far, but it does not mean the phenomenon does not exist. Should we not start good studies?
"I Love You, Honey, But Not As Much As The Internet (or Twitter)" (TechDirt, 24 March 2009)
"Evidence Lacking On Any Connection Between Video Game Violence And Real Violence" (TechDirt, 19 March 2009)
It is also a matter of education, and parents should be a bit more careful when letting their children access the web. It's not so much access to porn and violence that troubles me, but the lack of understanding about reliability of sources and the distinction between fantasy and reality because of images blurring the line.
"Shocker: Parents Don't Have A Good Idea Of What Their Kids Do Online" (TechDirt, 19 March 2009)
"School Shooting In Germany Immediately Leads To Calls To Ban Violent Video Games" (TechDirt, 12 March 2009)
- The following interview is extremely interesting in terms of technical aspects of surveillance and implied human rights/ethics breaches. First, F-secure as an anti-virus company never received information from Government when police forces use Trojan. In other words, F-secure blocks Trojans without discrimination on their origing. So the question is: can police forces overcome the barrier anti-virus softwares create? I wonder who will answer that one.
Secondly, hacking if used by police forces creates technical difficulties: how do you cypher through the mass of data? how do you comply with basic procedural rules if you do not want evidence to be later discarded? The answer is our third point: the interviewee suggests that the main reason for wanting to hack would be organised crime like drug-trafficking. For those, there are often specific rules about covert investigations.
"Privacy vs protection: Police and the right to hack" (ZDnet.co.uk, 17 March 2009)
- Overall, what is surprising is how the internet and its characteristics seem to be used to justify a level of surveillance that simply never existed and a breach of basic human rights that is unthinkable outside the world of cybercrime/ technology-based crime. Why that fear of crime?
"Gov't may track all UK Facebook traffic" (ZDnet.co.uk, 18 March 2009) and Facebook's response"Facebook attacks gov't web-monitoring plans" (ZDnet.co.uk, 24 March 2009)
"Does 'Cyber-Security' Mean More NSA Dragnet Surveillance?" (TechDirt, 17 March 2009)
"White House Says Feds Should Have Unfettered Access To Mobile Phone Location Info" (TechDirt, 18 March 2009)
3. Lastly, the study by Cl. Guerrier (in French - abstract in English) shows that in the US, Germany, and France, interception of communications is at the same time authorised and controled by the creation of an agency. The problem is the effectiveness of the control done.
"Aux USA, en Allemagne, en France, quelle protection de la vie
privée en matière d’interceptions de télécommunication ?" (Juriscom, 9 March 2009)
One would expect a clear difference because of the values the two countries attach or do not attach to democracy. The similarities are striking and worrying.
"Why Are Australia's Would-Be 'Net Censors So Opposed To Transparency?" (TechDirt, 19 March 2009)
"China Blocks YouTube, Again" (TechDirt, 24 March 2009). Yes, the interesting question is when did they allow YouTube again? Once YouTube has removed the problematic content? Or when they devise a tool to block access to the videos at stake?
- 19% steal information in order to sell it = profit
- 24% deface a website (i.e. change its homepage with a message)
- 5% is phishing
The attacks originate for 66% from North America, 16% from Europe, 6% Asia, which is probably a reflection of internet access and use.
and Government websites & co represent 32% of the victims. Two explanations here: Government got sensitive information (hence theft and fraud) and they represent the law (thus issue of politics or hactivism)
for a partial translation in French see Journal du Net (March 2009)
"Report: Fake antivirus scams pulling in profits" (ZDNet.co.uk, March 2009)
or cameras for that matter:
The article shows the difficult line between aggressive selling and just fraud. Probably more appropriate to use contract law to deal with the issue.
For another classic fraud, this time applied to the Stock Exchange, and dealt in the US by the SEC: fraud, manipulation of shares...
"Two Texas men settle charges in spam scam case" (Investment.News, 19 March 2009)
For the "Cost of online-banking fraud doubled in 2008" (ZDNet.co.uk, 23 March 2009)
Wednesday, 11 March 2009
"How Does Chinese Internet Censorship Affect Business?" (TechDirt, 25 February 2009)
"China Shuts Down 'Unregistered' Websites" (TechDirt, 25 February 2009)
"Piratage : les moteurs bientôt soumis au filtrage du Web ?" (JDN, 6 March 2009)
I'm not a copyrights' specialist but the story, like everything that I can read about piracy issues (thinking of the Swedish(?) case of Pirate Bay), brings to mind several comments:
1) I don't think copyrights should be violated per se and should necessarily disappear; however, I don't believe either that the system can work the way it was created and generalised a good century ago. The internet changed the background, the landscape in which copyrights operated. Works are now easily available - They are cheap but often of good quality because of the nature of digital technology - the immanent nature of the internet allows for permanent and vast diffusion of works whether illegal or legal
2) thus, criminal law cannot be the response to a problem which dimensions changed because of the internet. Piracy always existed. Not the internet.
In other words, reflexion on copyrights and availability of creative works should be primary rather than a push towards investigation, prosecution and sentencing.
"A la veille du vote des députés : retour sur la future loi ‘création et Internet’ " (Juris.com, 22 February 2009)
And filtering is not the answer.
the IWF story in the UK illustrates well the controversy "IWF chief: Why Wikipedia block went wrong " (ZDNet.co.uk, 20 February 2009)
The following article (in French) reveals a study made about ISPs and their perception of filtering for piracy if the French bill is enacted: most won't do it and if they do, they'll certainly not support the costs (= the Government has to do it!) "Ce que pensent les FAI du filtrage du Web" (JDN, 4 March 2009)
3) compared to other crimes, frankly, piracy is the least important. Especially when those benefiting copyrights are more often than not the big companies and not even the authors themselves. If the same amount of energy and money were put into fraud or child porn, cybercrime would be greatly reduced. Which say something about our society: better to protect property of big businesses than to protect the persons and their individual well-being. Problematic no?
Again, the issue of clearly an issue of security and transparency, criminal law being really of last resort.
"German Court Says E-Voting Was Unconstitutional" (TechDirt, 5 March 2009)
"Nasa hacker closer to extradition after CPS refusal " (ZDNet.co.uk, 26 February 2009)
"Parliamentary support builds for Nasa hacker " (ZDnet.co.uk, 25 February 2009)
My belief remains the same. Violence on screen does not make you a criminal per se; but combined with dysfunctional families or personal life, it can, in certain circumstances, just be the trigger to real physical violence. To be purely dismissive of their effect is as silly as to be (over)emphasing their effect.
Whether criminal law should intervene is an other matter. However criminal law never faced the issue because violence ritualised by society (think about the fights organised in the Middle Ages between the knights; or even hunting parties) was physical violence, not "virtual" violence displayed on a screen. I'm starting to reflect on those issues for which I'll present a paper at the next BILETA 2009 conference.
"Teens killed in cyber bullying 'epidemic' " (CCRC, 21 February 2009)
"Internet-Addicted Kids Are Aggressive, Study Says" (TechDirt, 25 February 2009)
"The Big Question: Are Violent Video Games Adequately Preparing Kids For The Apocalypse?" (the post refers to a video quite funny) (TechDirt, 27 February 2009)
On a similar theme, "And Now Facebook And Twitter Will Melt Your Mind" (TechDirt, 25 February 2009). I would not be as harsh as the author of the post. There is a point where using Twitter and even e-mails constantly create a frame of mind not suitable for very deep reflexion. I think those tools are good and extremely useful, but I certainly can't write a 15000 words article if I look at my e-mails more than twice a day while researching and writing. Filtering the outside world to create silence does make us stronger if well used. The reverse is also true: e-mails and other forms of new communications can be good stuff.
1) the French army plane Le Rafale was affected by a well-known virus that found its way to the computer system running it
"Le Rafale cloué au sol par un virus" (JDN, 10 February 2009)
2) the Presidential helicopter could be targeted as information was leaked via the filesharing software in the computer
"US Contractor Follows Japanese Example: Leaks Military Secrets Via P2P" (TechDirt, 2 March 2009)
See previous post today about human error: http://cybercrimeatessex.blogspot.com/2009/03/fraud-on-social-networks-security-or.html
Would non cyber data be safer? Well, it all depends on what security measures have been implemented! "Le papier plus exposé que les données informatiques" (JDN, 9 February 2009) - (Paper more exposed than electronic data)
Europa Press release 3 March 2009
In that sense, filtering looks like an inadequate tool. Given the immensity of the web, it is also an ineffective tool to avoid child porn. See "Group Reveals There Are Ways To Fight Child Porn Other Than Useless Web Filters" (TechDirt, 5 March 2009)
"Australian Law Enforcement Wants The Right To Hack Computers" (TechDirt, 10 March 2009)
"Cops Taking To Private Social Networks; Is There Enough Oversight?" (TechDirt, 10 March 2009)
"Illinois Sheriff Sues Craigslist For Prostitution; Apparently Unaware Of The Law" (TechDirt, 5 march 2009)
"More Dumb Criminals On YouTube: Man Faces 10 Years In Jail For Self-Incrimination By YouTube" (TechDirt, 6 March 2009)
"Sécurité IT : l'ingérence de l'Etat inquiète les internautes" (JDN, February 2009)
"Le patron de la cyber-sécurité américaine claque la porte" (JDN, 9 March 2009)
For a related article (this time in English), "Is FEMA The Best Group To Model A Cybersecurity Agency After?" (TechDirt, 20 February 2009)
and for the other aspect of the US policy on new technologies "Barack Obama nomme un CTO pour l'Amérique" (JDN 6 mars 2009)
Maybe people do need to be educated after all on this, notably in realising the snowball effect of having details exposed and linked to different sites.
"Why scammers find rich pickings on Facebook" (ZDnet.co.uk, 3 March 2009)
For the type of spam/scam, see "Do not falling victim of social networking spam" (CCRC, 27 February 2009)
The same issue seems to exist in the financial sector, which is pretty scary given the amount of financial data at stake and what it means for fraud. The study was provided by Cabinet Deloitte; it is in French, but still more or less readable because a lot is in tables. The most interesting thing for me was the last table: human error accounts for 86% in 2008 (79% in 2007) for breaches in security. In other words, people need to start taking responsibility for maintening security and stop blaming softwares developers and the like.
"Le secteur financier jugé trop peu sensible à la sécurité IT" (JDN, Feburary 2009)
"L'état de la menace informatique dans le monde (janvier 2009)" (JDN, March 2009)
According to the American Clic Forensics firm, fraud using clicking is on the increase for the last term of 2008, with 17% of the clicks fraudulent, and a rise to 28,2% on sites providing sponsored links such as Google Ad or Yahoo. Zombies PC are playing an important part in spreading the problem.
Recrudescence de la fraude au clic fin 2008 (JDN, 30 January 2009)
and insiders are also creating risks increasingly "Insider Security Attacks On The Rise, MS Says" (TechDirt, 19 February 2009)