Monthly Archives: January 2013

Anonymous: Operation Last Resort

This post will encompass a few things, primarily Anonymous and their Operation Last Resort, but also a distinction I would like to make between hacking and DDOS-ing.

First, what is the difference between hacking and DDOS-ing? Hacking is when a hacker, whether for good or bad intent, finds a vulnerability in a website’s code and then exploits it to do any number of things, including injecting malicious code into the site, stealing information (credit card numbers, phone numbers, email addresses), or taking control of the site to shut it down semi-permanently. A DDOS attack is where a large number of computers, usually making up a botnet, are all sent to the same site at the same time, and the site is overwhelmed by the web traffic that no one can get access to the site. This is currently considered illegal, but if you want more information on how Anonymous is challenging that illegality, read this article.

Now that this distinction has been made, Anonymous hacked the website of the US Sentencing Commission and used it to distribute encrypted government files that have been obtained over months of hacking.  However, the hacker collective stated that they wouldn’t release the encryption keys if the government made sweeping legislation on sentencing reform. This hack is symbolic because the US Sentencing Commission is the organization that sentenced Aaron Swartz to a possible 50 year prison term. Anonymous is blaming his suicide on the fact that he was facing such a long prison term, and is taking this blame out directly on the government. They are urging for a “return to proportionality of punishment with respect to actual harm caused” in addition to a change in minimum sentencing standards. If the Department of Justice is unable to comply with these demands, what kinds of files could Anonymous be leaking?

Obviously, the government says this action is illegal, but what about whether it is morally right or wrong? The utilitarian views are too difficult to calculate since there are so many unknowns about what kind of files have been hacked, and who they might apply to. Kantianism would say that this act is morally wrong because the maxim would be that it is good to hack everyone else, which is obviously not true.

I personally like their form of vigilante justice but that’s just me, what do you guys think?

 

Newegg defeats patent troll

A “patent troll” is a company that is set up just to make money off of patents it owns. Usually, such companies do not do any R&D themselves. Instead, they strategically purchase patents from other companies, especially companies that are going bankrupt or having other financial difficulties. Then they use these patents to make money from other larger companies. They say, “Hey, you use technology that we have patented. Either pay us some royalties or we will sue you.”

It is important to be aware that patents are different than copyrights. A copyright covers the creative work itself — that piece of data itself, as written or recorded. Examples include source code, an executable binary, some song lyrics, a book, a musical recording, a photograph, a video, etc. A patent covers an invention, in other words, an idea. So, for instance, you could have a certain kind of pulley system patented. And you could have the blueprints (or CAD drawings, etc.) copyrighted. Roughly, the patent covers the idea, while the copyright covers a data object.

According to Title 35 §101 of the US Code, the things you can patent are these: “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof”.

Well, what if someone had a patent on e-commerce? That is the issue in this Ars Technica article about the legal fight between Newegg and Soverain Software. (Read the article. It’s great.) Soverain Software is a patent troll, in the sense described above. And, at one point, they acquired a patent for the idea of an internet shopping cart. They didn’t actually do the “invention” or file for the patent. Apparently they got it from a software outfit that was going out of business in 2001. Well, who uses web shopping carts? Everyone. Soverain has sued the likes of J.C. Penney, TigerDirect, Avon, Victoria’s Secret, Best Buy, Office Max, Home Depot, IBM, and others. Not all the cases have been resolved, but Soverain was pulling in millions of dollars.

Newegg was also being sued by Soverain, and they said, “This is bullshit.” (That’s a quote from Newegg’s Chief Legal Officer.) Instead of settling with Soverain, they fought. Finally, they got Soverain’s patents declared invalid. This saves them and many other e-commerce businesses tons of money.

It seems extreme to be able to patent an idea as general as internet shopping cart. But are there other ideas that potentially should be covered by patent protection? What would be the justification for that? Would copyright be enough by itself?

My guess is that act utilitarianism would favor a policy of no software patents but some level of copyright protection for software and source code. However, I haven’t worked through the act utilitarian evaluation step-by-step. Furthermore, there are many ways copyrights can be structured, and that is another complication. We will be talking about this more in class in a couple of weeks. But please weigh in with your initial thoughts!

what I have found on Te’o and a connection to this class.

Ok, so this first paragraph will just be a summation of the Te’o story. For anyone who already knows the story go ahead and skip to the bottom paragraph to see how this pertains to our class. For those who don’t know, Manti Te’o was a linebacker for Notre Dame. He is from Samoan heritage, born in Hawaii, of Mormon faith and went to a catholic school for some reason. In the 2012 football season he lead Notre Dame to an undefeated regular season and a birth in the national title game where they got smacked around by Alabama. That game aside Te’o was the leader on the Notre Dame defense that was one of the best in the country. Te’o won almost every award a linebacker can win in college football and was second in the Hiesman trophy race. What made Te’o so compelling was his tragic story of loss. On September 12th, Te’o lost his grandmother to cancer. Then less than 24 hours later he lost his girlfriend Lenney Kekua to cancer as well. Everyone felt for Te’o back in September. The Notre Dame students cheered him for his strength at all Notre Dame pep rallies. ESPN and other news channels ate this story up. The media attention and Notre Dames winning season pushed Te’o into a national name and top choice for the Heisman. ESPN sports writer Skip Bayless passionatly pushed Te’o for the Hiesman in this article.  In the end, Notre Dame was outmatched in the title game and Te’o didnt get the Heisman, but the fame for his play and strength in the face of loss made it look like he would go in the top 10 in this years NFL draft.

On january 16th, Deadspin.com broke the story that Te’os girlfriend Lenney Kekua wasn’t a real person. That she never existed. Then Te’o came under attack from all across the nation. Had he made this women up just to get his Heisman chances up? Did he lie just for the attention of the country? Te’o said he was lied to. That he was tricked into thinking the girl he had an internet relationship with for months was real and he didnt have any reason to think she was fake. So the line was drawn. in most peoples eyes, Te’o was either a schmuck who fell for an awful internet prank and was humiliated in front of the nation. Or he was a sociopath who created this lie to serve himself and help his brand name.

Now more parties involved in this story have come out. the man behind the hoax, who ran Kekua’s facebook and twitter accounts, the man who called Te’o for months using a cypher to cover his voice, is Ronaiah Tuiasosopo. I have yet to find a reason for Tuiasosopo to do any of these things but it is evident by the way he has acted since the story broke that he is very involved. It is really interesting to look at the tweets outlined  the bleacherreport.com has kept a running article with live updates of the Te’o situation. In there article the outline the entire Te’o story from every angle.

Finally Wednesday January 23rd, Te’o had his first live interview with anyone since the story broke. Here is a video and article of Te’o with Katie Couric. In it he tells his side of the story, why he lied, what his truth is.

His story and whether he was duped or is a lying sociopath is up for you to decide but since i eclipsed the 500 word mark awhile ago, here is my connection for this class. Does Deadspin have the right to publish something that could be very harmful to a persons credibility, character, and future when they dont have every fact of the story? Deadspin article does great damage to all those things involving Te’o, and they didnt have to entire truth at there disposal. They took what they knew, that his girlfriend didnt exist, and ran with it. If Te’o lied, then the public should know the absolute truth, but if he was tricked and had no evil intent, then dead spin just threw out this story for the country to laugh at. So does deadspin have the right to do this without knowing the full truth? Is it ok to just throw out what they know even if it invades Te’os privacy and turns him into a laughing stock when he could be an innocent victim?

Fair Use: Do you “own” the media on storage mediums?

If you buy a CD or book do you “own” it and should you be free to use it as you wish?

First, can you even copy your own media from one form to another? With CDs you now can copy them to in a cloud storage site / music player (through companies like amazon with the roll out of Amazon AutoRip). But with DVD making backups on your computer  is illegal (because you have to break DRM).

Do you have to buy the same media in difference formats for every device you own which seems “wrong” to having to repurchase VHS then DVD then Blue ray then digital download of the same material when there is nothing (other then legally) stopping you  from copying it over from one format to the next.

Second, can you resale or lend CD you own with others (first sale doctrine). Physical lending a CD to a friend doesn’t seem to be wrong morally (legally is another matter) since you can’t have it at the same time. It would be like a lending/selling a microwave. Digital lending a song is another matter because it would be like cloning a microwave and both people can use it. Assuming you do not delete your the file when the friend has it. 

If you buy a microwave you can do anything you want with it from reselling, taking it apart. or putting tin foil in it. So when you buy music should it be any different? Are you buying a licence to listen to a song, a piece of plastic, or the song itself? 

U.S. Government Raises Penalties for Stealing Trade Secrets

An article came out today from a site called Mondaq that publishes news on laws – especially corporate ones. The article describes new, harsher, upgraded penalties for stealing trade secrets. The most notable of which are monetary. For an individual, fines were raised from $500,000 to $5,000,000, or fifteen years imprisonment! Corporate fines were raised from a $10,000,000 cap to up to three times the company-whose-trade-secrets-were-stolen’s worth. There was also an additional amendment that changes the former law from applying only to products a company sells, to now where even ideas and services are protected.

In my opinion, this law is another display of where the government’s real interests come from. I think that this is just another display of the fact that messing with people’s money is more heinous than violent crimes to our politicians. For instance, according to this site, the average sentence for a rape that went to trial (the higher side of the spectrum) was just under 25 years. The average of someone who plead out (the low side) was about 11 1/2 years. This is for rape – a traumatic, life altering experience that really doesn’t need a description from me to put it into perspective. But for stealing a trade secret, a person can sit in jail for 15 years and/or take a $5,000,000 fine. I find this beyond outrageous and utterly disgusting. How can someone, let alone the United States government, value money more than people’s lives? It is my unyielding position that violent crimes should face the harshest penalties possible because there is an actual victim who has to face years of life-altering consequences. Money is worthless and can always be replaced. I can see harsher penalties for companies that pull stuff like Enron did, or that cause another company to go completely bankrupt, but what that comes down to is that someone is going to have to go through the temporary displeasure of having to relocate and find a new job, or, the more miserable case of having to rebuild your life savings from scratch. I think that neither case is comparable to having to live the rest of your life without a parent because they were mugged and killed, or all the psychological issues that stem from being raped. Anyhow, maybe I’ve digressed a bit from the topic. Do you guys think that the punishments for stealing trade secrets should be raised? Any other thoughts on the issue?

UK Anonymous Hackers Get Jail Time

Even though I have just written a post, I came across this article and I am completely mind blown. Anonymous, probably the most popular and well known hacker group in the world, is basically an independent hacker organization that seems to run on their own morals. Basically, they want an open internet, and they stand for a lot of other things, but they are famous for hacking into websites and exposing people’s sensitive information. They are known for launching DoS (denial-of-service) attacks on websites to shut them down, most notable being the FBI’s website, Government websites in the UK, and GoDaddy domains, among others. They have threatened Governments around the world, criminal organizations, even religious groups. Recently they attacked the Westboro Baptist Church, a religious group that acts as a hate group that had plans to picket the memorial service for the Sandy Hook Elementary School, by launching a DoS attack on their website to shut it down, exposed sensitive information of the WBC members (addresses, full names), and even hacked a member’s Twitter page. Anonymous seems to live above the law, and is very successful at it too.

The reason for such a length summary of Anonymous is because of what this article means. Four members of Anonymous have been arrested in the UK for attacks on websites as part of actions carried our by Anonymous. Guess what the longest prison sentence received was? 18 months. Honestly I am confused. These members launched DoS attacks on websites owned by Paypal, Visa, Mastercard, and the British Recorded Music Industry, and are receiving pretty lenient sentences, considering what Anonymous has done in the past. Anonymous’ actions have put many people’s lives in danger, security at risk, and ruined people’s lives, as in the case of Michael Nodianos, who even though was in the wrong for saying what he said about a rape victim in the video, the video surely was not intended to be made public and has made it dangerous for Nodianos to even walk around in public in Ohio. Why is it that some members of the secret Anonymous organization have been found out and given such lenient prison terms, when they can get out sooner than 1.5 years and continue working for Anonymous?

Sony Fined For PlayStation Network Breach

Officials at Sony woke up today to a very interesting problem. According to this  article from Ars Technica, Sony is being fined $395,000 by a UK government body for the security breach that was suffered by users of PlayStation network back in 2011. At first, this doesn’t seem fair to Sony. People/Organizations should not have to be punished for being hacked. However, the UK argues that Sony, being such a huge corporation, should have been able to prevent this from happening. Back in 2011 when the network was breached, user’s dates of birth, names, email addresses, home addresses, passwords, and possibly credit card information were gleaned from Sony. The breach was so bad that Sony engineers had to shut down PlayStation network for three weeks in order to rebuild it. According to the Information Commissioner’s office (the body suing Sony), the network breach “could have been prevented if the software had been up-to-date, while technical developments also meant passwords were not secure.” They believe that Sony could have prevented all of this sensitive information from being leaked if their software had been current and secure. How have they deduced this? The IFO says a “data controller failed to take the action required [redacted] to address the vulnerability even though appropriate updates were available.”

Unsurprisingly, Sony disagrees with the ruling and plans to appeal, even though $395,000 is pocket change to the corporation. The most interesting thing about this situation is that nothing has been said about the 77 million users who were afflicted by the security breach. The IFO has not said anything about what their plans are for the money if they win the case in court, but would the users get some of that money? It does not sound like it. In 2011, Sony offered an incentive to all PlayStation network users for suffering the security breach, but that incentive is nothing compared to the bank cards and addresses that were leaked, possibly causing people to lose their hard-earned money.

Government pulls data from Google

Slash Gear released an article today about Government data requests to Google. This is an interesting piece especially on the discussion of privacy.  You sign a privacy agreement with online companies such as Google, but apparently it takes one government order to disregard those details.

The news starts by explaining that the data requests made by government entities has increased since last year.  The governing authorities are able to collect information by the ironically named Electronic Communications Privacy Act (EPCA).  The article shows charts of how it has increased over the years.  One other interesting piece is that Google did not make reporting data on compliance prior to 7/1/11.  I feel that it is unfortunate that any data the government requests they are able to receive, but when we want to request data from the government, it’s can be a very difficult inquiry.

Facebook’s Graph Search: You Are Its Product

This article highlights an announcement made by Facebook concerning a new type of search to be appended onto the current search function of Facebook: graph search. According to the article, “Graph Search promises to let us search through our friends’ likes, photos, locations, and any other info they’ve prior elected to share with us and/or the world.”

For most people who are in the least slightly familiar with the workings of mass-advertising on the internet (anyone’s whose ever searched for a book and *poof* an Amazon ad pops up with the ‘lowest’ price on that item), it’s no secret that companies have been tracking our web-browsing for quite some time. And it would seem – even if it’s only passively – that this practice has been generally accepted by everyone who uses the internet. It’s a tradeoff – the cost for having a million items at our fingertips has to be paid by someone – and if it going to be the advertising companies, it would only follow a natural technological trend for them to start actually utilizing the platform that they advertise on.

The article ends by asking, “Will we ever tire of being product-ized?” suggesting that human’s lives are now becoming viable form of information currency because of these new technologies. However, the question I would like to pose concerns the morality of the continuous advancement of this technology: as a society, are we slowly being shepherded by these continuous advancements into accepting our fate of being product-ized? Although it’s our choice to use these Facebook, is it morally right for Facebook to slowly morph this product we depend on and are familiar with into something that supersedes the purpose of the site that proposed to the user?

3-d printed high-capacity magazines

In class Monday we talked for a moment about whether and how news stories about new technology could be ethically significant. I said that if technology changes the ways we live and interact with each other, then a new piece of technology might be very ethically significant.

Here is a great example. Forbes has an interesting write-up about Defense Distributed, a group using 3-d printers to create high-capacity ammunition magazines. (See also this article at The Verge.) People are using 3-d printers to print high-capacity magazines to hold bullets for assault rifles. Magazines holding more than ten rounds used to be banned. Since the Newtown shooting, there is growing support for banning them again. Well, how effective would a ban be if people could just download the design and print one from home?

Of course this issue goes well-beyond just gun magazines or even firearms in general. 3-d printing promises to allow DIYers to manufacture things that, up to now, have had to come from large factories. In many ways, this should be great. But what about people who want to manufacture something illegal or dangerous?

Aaron Swartz suicide

Ars Technica has the best short summary of the controversial life and death of Aaron Swartz that I’ve seen. It is definitely worth reading, if you have not been following this story.

The article points out what all commentators have been saying — that Swartz was a brilliant programmer, hacker, and technological innovator (and that he was only 26 at the time of his death). The Ars article is especially good because it presents a fairly clear (but maybe over-simplified) picture of how the events of the last couple years may have led to Swartz’s unfortunate death.

Swartz was an outspoken activist for free and open access to information — especially government documents and scientific publications. In 2010, Swartz (allegedly) used the MIT computer network to download millions of academic articles from JSTOR. I am not sure what his exact motives were. The Ars article suggests that it was a kind of activism or protest. What seems clear is that Swartz did not do it for personal profit. Also, as far as I can tell, he never distributed the documents to anyone. Anyway, JSTOR did not press charges but the US federal government went after him pretty hard. Apparently, he was potentially facing more than 50 years in prison.

At this point, it does not look like people are sure about Swartz’s motive for suicide. People have been speculating, though, that it was because of despair over a long prison sentence.

Swartz’s life was complex, but a simple summary still seems accurate. He had strong moral views. He worked for those views, and, in the process, ran afoul of the law. Legal issues threatened to ruin his life. So he took his own life.

Who is at fault here? Is it the fault of Swartz himself — for going too far in pursuit of his ideals? Is it the fault of the government, for prosecuting Swartz too hard (as Lawrence Lessig contends it did)? Is it the fault of society somehow? A combination? No one’s fault, just a said turn of events?

Kickstarter-funded projects at CES

The Verge has a long write-up about the Kickstarter-funded projects exhibited at CES. The new prevalence of Kickstarter-funded tech ventures might show us a model of how the path of technological progress — especially for consumer products — might become more democratic.

If you don’t know about Kickstarter, here is the basic idea: Someone has a project in mind but not enough money to do it. For example, maybe the project would cost $50,000. The person starts a Kickstarter project and asks for support. People pledge monetary support, but they only have to pay if enough other people pledge so that the project reaches its threshold, in this case $50,000. A benefit of this system is that it is safer for donors. They are less likely to end up spedning money on a project that never even gets rolling.

In the article, some of the projects in question were high tech “smart” watches, mobile phone accessories, Bluetooth-enabled stickers (for locating easily lost items), and an electric skateboard.

It seems that these new Kickstarter-funded projects will result in a wider array of available products. This means there will be more possible paths along which technology can evolve. Furthermore, the paths will be more often chosen according to the actual needs of consumers, instead of just whatever the large tech companies think they can sell. A consequence of this will likely be happier consumers. This makes Kickstarter a positive development from a utilitarian perspective.

Also, Kickstarter gives innovative people an opportunity to make money by working creatively on their own projects. That means they are less dependent for their personal income on large companies, organizations, or governments that decide what projects developers and engineers are to work on. This seems positive from the perspective of Kantian ethics. Kickstarter allows gives people autonomy and allows them to have work where they are not treated as mere means to someone else’s ends.