Friday 24 July 2009

Twitter hacked

Twitter has been hacked again (previously it was Barack Obama's account). This time it seems that the hacker obtained the passwords from an employee (probably involuntarily given by the employee) allowing him/her to access many internal documents, some confidential. So probably a mixture of lack of security and lack of careful use of computer systems.

"Twitter hacké : 310 documents confidentiels volés" (JDN, 16 July 2009)

Cybercrime trends and security issues

Quite obvious: "US prosecutor: Cybercrime will follow the cloud" (ZDnet.co.uk, 13 july 2009)

More surprising: "Cisco reports rise in text-message scams" (ZDnet.co.uk, 15 July 2009)

And quite welcome: France now has its Agence nationale de la sécurité des systèmes d'information, or National Agency for security of information systems, with a budget of 90 millions euros and 120 people working and potentially 250 by 2012. Its role is to detect and prevent cyberattacks on information systems (=the net)

"La cybersécurité hissée au rang de priorité nationale" (JDN, 09 July 2009)

Spam and scam: trends confirmed

why spam continues to fill up our boxes? because some of us continue to fall for it, enough obviously to make spam a viable option.
12% of Americans do open spam messages and fall in the trap according to the Messaging Anti-Abuse Working Group (MAAWG)

Le spam séduit 12% des internautes nord-américains (JDN, 16 July 2009)

which seems in line with the following story: that the social networking firm Tagged.com spammed in order to get people to subscribe to its services. Le 3ème résau social US accusé de spammer l'Internet mondial (JDN, 10 July 2009). Obviously in breach of CAN-Spam Act and fined by the Federal Trade COmmission

Update on Mr. McKinnon's case

"Tories champion Nasa hacker in parliament" (ZDnet.co.uk, 15 July 2009): in this one, it is interesting to note that Home Secretary Johnson does not see the point of a reform or discussion of reform of the Extradition Act 2003

Nasa hacker 'more hopeful' (ZDnet.co.uk,

McKinnon judicial review application on Tuesday (ZDnet.co.uk, 13 July 2009)

Thursday 23 July 2009

Views on regulation on the net

Axel Pawlik, managing director of the Ripe NCC, writes about regulation on the net. He considers that ISPs should not take an active role in regulation, notably in relation to piracy. THey should be treated like telecom companies which list calls and that's all.
The article is definitely not a cybercrime perspective as such: there is piracy, but I think the issue of piracy is first of all an issue about what we want with copyrights; domain names attribution is looked at and again there is no incidence in criminal law for that.
However there is an interesting parallel with telephone companies when it comes to surveillance. We all know that surveillance of contents on phone conversation requires preliminary investigation: governments are not allowed to wiretap telephone conversations just to find out about illegal contents (or let's put it that way: in democracies, they are not supposed to do random wiretapping without warrant). Why should the net be treated different? Apart from the non feasibility of spying on all contents, it's nothing different and privacy is key.

Politicians should stay out of internet policing (ZDnet.co.uk, 22 July 2009)

which is obviously not what the UK Government does as it poured 10 millions pounds on monitoring.
"Gov't boosts spending on web monitoring" (ZDnet.co.uk, 13 July 2009)

whereas in France, Mr. Alain Bravo for the Assemblee Nationale (Parliament), published his report on security and digital economy to explain six scenarios, from no control apart from big firms' to too much control... http://www.assemblee-nationale.fr/13/rap-info/i1670.asp

Update on Hadopi 2

lots of daily changes on the bill related to piracy. The amendment about e-mail surveillance has been withdrawn and the whole discussion postpones to early september. It's true the bill 'raised' 800 amendments!

Will France's Three Strikes Law Also Allow Gov't Email Surveillance? (TechDirt, 21 july 2009)

Le vote de la loi Hadopi 2 reporté au mois de septembre (JDN, 21 July 2009)

Saturday 18 July 2009

Friday 10 July 2009

Boston Review — Evgeny Morozov: Cyber-Scare

Boston Review — Evgeny Morozov: Cyber-Scare

Does The US Government Really Need 'Wider Latitude' To Monitor Private Networks? | Techdirt

Does The US Government Really Need 'Wider Latitude' To Monitor Private Networks? | Techdirt

(9 July 2009)


Surprising that Prof Goldsmith would accept more monitoring of the net by Government, because education and information sharing are not proven methods to secure the internet.

Update on Hadopi 2 (Senate)

Juriscom.net - droit des technologies de l'information
Sandrine Rouja, Une deuxième loi "création et internet" pour juillet, versant pénal (25 June 2009)

Le Sénat adopte le projet de loi HADOPI 2
(Juriscom. 9 July 2009)
for the details (in French) on the French Senate website: http://www.senat.fr/dossierleg/pjl08-498.html

The bill has now been approved by Senate. Two main measures: one against the person pirating with the already existing 3 years prison and 300.000 euros fine, but with the additional sentence of forbidden access to the internet; the second measure is against the person who would not have secured her/his connexion once warned that his/her IP address was used for pirating, under the basis of "characterised negligence". The latter offence would be a misdemeanour.
The procedure remains that of the "ordonnance penale" thus an expeditive procedure used for mass offences (contentieux de masse) like driving offences. On that see Masnik's view from the US:

New French Three Strikes Law: Judges Will Get Five Minutes To Rule


On the general debate on intellectual property and whether the rules should be changed, a.k.a. created products should be available for free, Pierre-Yves Gautier, French Professor at Paris-Assas, was interviewed on 1st July 2009 in the (left-wing) newspaper Liberation. He notes the sociological phenomenom of illegal downloading and criticises the idea that intellectual property is not equivalent to property or is a sub-class of property not worthy of protection, and that their owners/inventors should beg to make a living out of it.

La propriété intellectuelle, un sous-droit (1st July 2009)


I feel it is a very simplified view of the matter, given that the people really opposing piracy are mostly linked with Hollywood and that artists like the Monthy Pythons chose a different route. For my own work, as an academic, I don't like the fact that my articles are not freely available once I published them. Frankly the publisher nowadays does not do much: I am the one typing the article, reviewing all references and proof-reading at least twice (publisher only once). The peer-review is done free of charge for the publisher who rarely pays the reviewers. And the cost of printing is becoming inexistent as most journals are available online or only online. yes there is all the coordination stuff; by experience, I know how time-consuming it can be. But worst of all if the argument of IP is that creators should get their share of the money, well: I am not paid a single bit of a penny to publish. Arguably, as an academic I am paid by the University which employs me, but I am certainly not paid per article, and publishing is just one out of three jobs I am supposed to fulfill. So why should my work not be freely available?

Thursday 2 July 2009

Privacy: the cost of protecting it

Avis d’expert : Données personnelles : une dictature de la transparence sans les moyens de l’assurer ? par Patrick Deleau – Tribune Solutions (08 June 2009)

An analysis of the CNIL's 2008 report on its work to protect privacy. There seems to be a shift in liability from Government to private firms which, in French law, are responsible to protect access to private data and to ultimately destroy it. The liability is actually of a criminal nature with heavy fines, up to 1.5 millions of euros and 5 years emprisonment. Considering that most firms do not know what the law is about and do not have the capacity to comply with the legislation, this is quite scary. The CNIL also notes that it does not have the means to continue its role in the field as the audits, which would help the firms to understand what they need to do, cannot be financed.

China Tries To Ban Virtual Gold Farmers | Techdirt

China Tries To Ban Virtual Gold Farmers | Techdirt (30 June 2009)

China Government announced it was cracking on the practice. As noted in the post, hard to see why such a stance. The practice does not have an immense impact on the country's economy. Social rights of workers? hardly so. Does the Government want to control the practice in order to do it itself?

Update on Hadopi 2

Hadopi 2 jugée inconstitutionnelle, le gouvernement s'enferre - Journal du Net > e-Business (30 June 2009)

Interesting impact assessment of the new proposal conducted by the newspaper La Tribune. If 50 000 cases per year are to be treated, 109 posts would have to be created of which 26 for judges. In 80% of cases, the judge will use the abbreviated procedure of "ordonnance penale". The remainder will go to the equivalent of the Crown Court (Tribunal correctionnel)

Thieves 'using Google Earth to steal koi carp' - Telegraph

Thieves 'using Google Earth to steal koi carp' - Telegraph (28 June 2009)

It is not an accusation against Google, just an acknowledgment of the powerful tool that is Google Earth. In other words, thieves of rare fishes are smart enough to look at gardens from the sky to detect ponds and unusual features indicating potential rare catches.

Update on China's filtering software

China puts brakes on internet-filter rollout - ZDNet.co.uk (01 July 2009)

After the uproar when people learnt that China ordered computers made in the US to incorporate a filtering software, there seems to be a back up. Obviously, the Minister of Industry and Information Technology refused to acknowledge attempts to curtail free speech. As in the West, the official line is that filtering is necessary because of child porn. But I wonder what it really means? Will they do it next time without bothering to say anything, 'hidding' the software in the hard drive?

PC makers lobby, but prepare for China censorware (ZDnet.co.uk 29 June 2009)

See also in French:

Logiciel de filtrage Web : la Chine fait marche arrière (JDN, 1 July 2009)


I don't think the EU Chamber of commerce's opinion had any influence, although one never knows how much concerns about money may have weighted in the balance.

EU Chamber urges China to rethink internet filter (ZDnet.co.uk, 30 June 2009)