New EU Internet Copyright Bill, Articles 11 and 13

The infosphere is aflame with a new battle in an old war: how copyright should be handled on the Internet.

The Guardian has background:

It is an argument that has drawn in the likes of Paul McCartney, Plácido Domingo and the Vienna Philharmonic, as well as pioneers of the internet from Tim Berners-Lee to the founder of Wikipedia, Jimmy Wales.

Fought with hashtags, mailshots, open letters and celebrity endorsements, the battle over the European Union’s draft directive on copyright heads for a showdown this week.

After two years of debate, members of the European parliament will vote on Wednesday on the legislation, which could change the balance of power between producers of music, news and film and the dominant websites that host their work.

[…]

Critics claim the proposal will destroy the internet, spelling the end of sharing holiday snaps or memes on Facebook. Proponents are exasperated by such claims, described by German Christian Democrat Axel Voss as “totally wrong” and “fake news”.

Two sections in particular are controversial: Articles 11 and 13. Both sides (both sides!) are being very hyperbolic about these. The gist is that groups like the Electronic Frontier Foundation and people like Cory Doctorow say these are “internet-destroying regulations,” and the proponents’ response (from what I’ve seen on Twitter) is to paint all opponents as paid industry shills who hate artists. I’ve attempted here to come up with what I hope is an even-handed summary. I Am Not A Lawyer, so please tell me what I’ve gotten wrong.

This is a bit long, so click through if you’re interested. Note of course that these are EU laws, but so is the GDPR, and we’ve all experienced the effects of that. Read more



Who Wrote the Op-Ed: Text-Mining Edition

When the cowardly “Resistance” op-ed came out, my first thought was, Gee, I bet we could get some insights on authorship by doing an automated textual analysis. Because of course that was my first thought. Well, somebody was kind enough to do one for us. Specifically, Michael W. Kearney, a journalism and informatics professor at the University of Missouri. Here is the result; I’ll do a layperson’s explanation below, and then some technical links for those so inclined.

https://twitter.com/kearneymw/status/1037700388617629696

Executive summary: This analysis suggests that it was somebody from the office of the Vice President, the State Department, or the Department of Commerce.

What is this?

  • The y-axis is various Twitter accounts, labeled on the left.
  • The x-axis is the textual correlation.
  • Kearney took up to 3,200 tweets from each of the accounts listed, and ran an analysis on those corpuses. He then compared the resulting numbers to the results of the same analysis run on the text of the op-ed.
  • The line at the top shows, of course, a 1.0 correlation with the op-ed itself. The next-highest are the Twitter accounts for the Vice President, Trump (who we can discount), Secretary Pompeo, Secretary Ross, and the State Department.
  • The analysis includes figures for things like comma usage, sentiment, politeness, word choice, first- and second-person preference, and so on.
  • It probably wasn’t somebody at the Department of Transportation.

Caveats

  • Update: I assumed this went without saying, but obviously tweets are not an ideal data source; just most-readily usable with what Kearney had laying around, and within a very short time period. 
  • We know from reporting on the Wolff book that anonymous sources sometimes intentionally steal other staffers’ phrasing when providing quotes.
    • This could explain the use of ‘lodestar,’ a strongly Pence-affiliated word.
    • However, it is harder to fake things like comma usage.
  • Higher-ranking officials are likely, in their Twitter communications, to try to sound more like Trump, or in general use more homogenous language.
    • This could explain the ~0.7 cluster of the most important officials and departments.
  • These are not huge volumes of text, and thus the figures are potentially not representative.

Technical Details

Read more



California Bans Cash Bail… But Did they Do It Correctly?

Governor Brown’s signature made it official today: beginning in October 2019, if you are arrested and charged with a crime in California, your pretrial level of freedom will not be determined by your level of wealth. …In theory.

California will become the first state in the nation to completely end cash bail after Gov. Jerry Brown signed a sweeping reform bill Tuesday. It will give judges far more power over who gets released from jail as they await trial.

“Today, California reforms its bail system so that rich and poor alike are treated fairly,” Brown said[…]

It’s certainly removing money as an official part of the equation.

Under Senate Bill 10, Californians arrested and charged with a crime won’t be given the option of putting up money or borrowing it from a bail bond agent. Instead, county courts will use risk assessment tools to help judges determine if a defendant can be safety released before trial.

[…]

It’s a huge shift, and one that gives judges far more power over pretrial release decisions.

While nearly everyone involved in the bail fight in California, save for the bail industry, agreed that the current system is unfair and often punishes poor defendants while releasing wealthy defendants even if they pose a public safety, not everyone who supported bail reform is on board with the bill. Some civil rights groups that had championed the issue of bail reform [including the California ACLU] oppose the bill, saying it now gives too much power to judges who may have their own biases.

And not just power to judges. The use of ‘risk assessment tools’ brings to mind ProPublica’s controversial 2016 report on apparent racial bias in COMPAS recidivism-risk software.* And just like the judges, these tools, whether software or some other standardized rubric, are being given a lot of power.

My own internal scorecard sees: a good cause, Republicans opposed, Democrats in favor, and law enforcement officially neutral. That’s something I would usually support. But then, I also usually like the ACLU’s opinions, and such scorecards aren’t always right. What do you folks think?

*Good article on that reporting and the ensuing dispute, plus the overall topic of algorithm bias, at the MIT Technology Review. tl;dr: Impartial systems are by their nature biased. One must take care to make sure the included biases are the intended ones, and that the intended ones are just.



Followup on Yesterday’s Post About the Ransomware Attacks, More Oceanography, Mobile Site

Folks,

Mea culpa. It looks more and more like the “ransomware” attacks were not after money, but destruction. That, coupled with the timing in Ukraine right before their Constitution Day, would tend to indicate it was Russian operatives that did this. At first, I assumed that a major attack in Ukraine was Russian-sourced, but as the day unfolded with reports from around the world, I surmised that it was actually NK hackers, making it look like an anti-Ukraine operation, and after even more Bitcoin like the previous wave of ransomware. The fact that there was a major dip in Bitcoin value right before the attack started seemed like an echo from a previous attack.

Well, it looks like I was wrong – the attacks had a poorly-designed ransom function that didn’t work, and in reality, the payload destroyed files of certain types without recording the encryption key used. In other words, it was irreversible – the payload was destructive and not ransomware, it was just built to resemble one. So in this case, paying or not paying had the same result – if you contracted it, your files were toast.

 

Still, the suggestions I made about updating current systems, using good security software, backups, not clicking on ANY link in email, etc. hold. And, should you be running a dead Windows operating system, do plan to upgrade soon – either get a newer pc, upgrade to Windows 10, or install something like Linux Mint or Ubuntu. Right now, you’re a sitting target with adversaries that are evolving while your old machine likely doesn’t have functional anti-virus software, much less modern defenses built into operating systems.

 


 

And now an overdue announcement – tomorrow at noon Eastern, we’ll have part 2 of Boussinesque’s Intro to Oceanography, this time on Ocean Acidification. As a huge fan of all forms of seafood, learning of the effects of this trend on plankton, the root source of all life in the sea, has me quite concerned.

It will be interesting, and he’ll be manning staffing in the comments to answer questions, etc.  – thanks to both for nudges

 


 

A brief note to mobile site users – expect some changes over the next day or three. I intend to bring a lot of the tweaks and tools from the desktop site to the mobile site, where appropriate. I’m sure some will complain, feel free to do so and I’ll adjust it like always! Should you have any mobile site complaints or suggestions, this is the thread for them; I’ll come back here a few times to see if any late readers have added their 2 cents.

 

 


 

Finally, about 3:30 today I will do some backend tweaking and that may make the site boogered for a few seconds. Should this happen, comments you just submitted might get eaten, so if it’s important, around that time, copy comments to notepad or something in case it doesn’t go through. I’ll comment right before and after the change.

Open thread!



Site Maintenance and Tech Suggestion: You Have Been Warned

Folks,

Item the first: small site changes

  1. The blogroll
    This was a classic case of “no good options”. Currently, and for months, the Blogroll opens in the same window. This causes some users to complain and ask that it open in a new page. I finally caved, knowing that in doing so, I would cause IOS users a headache as it blocks pop-ups by default. After making that change, I began to receive emails complaining that for them, Blogroll was no longer working. One report was from a FireFox user, so this is no longer just an IOS issue.
    That got me thinking – one choice means inconvenience, the other means it doesn’t work. So the choice became clear: the blogroll will open in the current page. I’m sorry for the hassle this causes some, but hassle for some is better than not working for some!
  2. Later this afternoon, I’ll be making a few small back-end tweaks related to security. This may make the site hiccup for a moment as the changes take hold. If you have an issue, count to 10 and reload the page and all should be well.  It is possible during this brief time that comments-being-submitted may disappear into the aether. If so, my apologies, and please re-submit it/them.

 

Now, a brief comment on the current wave of hacking going on:

I’m sure you’ve heard about the wave of ransomware/hacking that began yesterday morning in Ukraine and has now spread around the world.  In my opinion, this is another effort by North Korean-affiliated hackers to generate a huge amount of Bitcoin that will likely be used to purchase more tech and hacking exploits. I bet that a significant chunk of the proceeds from these hacks goes back to NK’s coffers, but these likely foreign-based operations need funding, and I think that they likely resort to these types of hacking to keep the electricity on, as it were. I don’t think it coincident that NK re-commenced their numerical code broadcasts about 2 weeks before the last big hack happened.

The issue of concern from my perspective is that this is the second wave of ransomware-hacking on a global scale. I suspect that many of you have read about how a bunch of NSA exploits and hacking tools were stolen, likely from a contractor, and are being released. If a nation state’s hackers were behind the theft, then perhaps they are using these exploits to generate money before systems are all patched.  If this is the case, then these first ransomware attacks are probably using the least-valuable exploits, ones that have already been patched in most systems. I fear that, in the coming weeks, we’ll see more and more of these attacks, and that they will be much more effective, when they begin to use 0-day exploits that no one except the NSA knows about. (On a side note, is the NSA/US Government financially liable for the effects of their stolen cyber weapons?)

So the question is, what can you do/not do?

These important things:

  1. Ensure that your computer(s) are fully up-to-date. This means Windows, Mac, Linux, phones/tablets. Automatic updates are a requirement in this era, embrace them. As soon as an update is released, bad guys analyze it to see what was fixed. Then they target that issue in hopes of catching machines that aren’t yet patched.
  2. Ensure you are running quality Anti-Malware/Anti-Virus software on all appropriate machines. I don’t like to recommend certain brands, but I’d stay away from Russian brands (bye-bye Kaspersky, I cannot trust your great products ever again) and avoid the cheap/free/no-name options.

    I buy an annual 5 computer license via Amazon, use the digital download option, and it’s like $25 a year. DO IT NOW if you do not have such software. Although I use Norton Security, McAfee is another trustworthy name. Neither product is ideal, and I know many of you hate them with a passion for their performance, but for many lay-users, they are sufficient. They are not better than other options, but I prefer them to any free or no-name solution.

    Please try to start your Amazon purchases using the link here or in the sidebar on the desktop site, or in the comment area or top of a post on the mobile site. Every purchase made using these links generates a bit of $ for the site!

  3. Ensure that all important files are backed up. I love cloud storage/backup because it means there’s a copy off-site, so if my local copy gets screwed up, I can get a good copy. I also like a local backup of my files, so I use a on old Raspberry PI with a hard drive as a Samba-powered backup server. It’s simple, effective, and silent.
    For my most important machine, I backup the entire hard drive (I use CloneZilla to copy the entire disk to an external USB drive) every week. That way, worst-case scenario, I can restore my Windows and programs, downloading my files from local or cloud backup.
  4. If you have an old PC or two on your home network, say for the kids to use or for guests, take them off the network if they are running the following operating systems: Windows 95/98/ME/2000/XP/Vista. All of these are no longer supported which means that any exploit that comes out that targets them will be successful. Email and website are the most likely vectors, and, especially with teens, website visits include some gnarly, crap-ridden sites. Ideally, update old computers to a modern version of Windows, or replace the operating system with a more-secure, free option. Linux Mint is a great operating system that works on almost any old machines. I’m quite partial to Ubuntu, both the GUI version and the “headless” server version that I use for my home media server.
    I love the idea of a Chrome Book and similar paradigms – they do seem to have a very good security model.
  5. If you are running an Android tablet or phone, ensure that you’ve got good security software installed. In IOS, we’re ok because of Apple’s walled-garden approach, but with Android, things are much more dangerous. Related to my suggestion of Norton or McAfee, both include options for installing on your devices.
  6. Never click on a link in any email about any account. Always use a new tab in your browser and type in the site’s address yourself and login as you normally do. Often, well-crafted emails purporting to be from a bank or other financial institution will contain links to sites that look and behave much like the real one, but record your username, password, secret questions/answers, etc. and then use that data to steal your money from the real site. Such emails are also often ways that trojans and other nasties get loaded onto your machine.
  7. NEVER put a found USB stick into a connected, important machine. Bad guys are clever – they know people love to find free stuff, and when they do, they hope that there’s something valuable or neat. So bad guys will drop a few poisoned USB sticks in areas where people will find them, then rush home/to the office to see what’s on it, how much room it has, etc. Such a technique will often infect a machine and perhaps other machines on the network faster than you can believe.
    I use a Linux machine to investigate such things, since I’m sure that Windows is the real target, though these days I just break them and dispose of them without even looking – better safe than sorry, and hopefully if it’s legit, I’ve saved someone’s important data from being found by someone not-so-benign.
  8. Don’t leave machines running all the time if you’re not using them daily – an unattended machine is a sitting target. Always check machines at least once a day or so to ensure all looks ok. Nothing like checking your machine after ignoring it for two weeks, only to realize that the deadline for paying ransom expired last week!

 

To conclude, let me explain briefly what a ransomware attack looks like.

The Basic Mechanism

Basically, these things get into your machine and then use high-grade encryption to encrypt all the files on your computer. This means that instead of your resume, that Word doc is a scramble of characters that makes the file unusable and unreadable. You are often given a short-term deadline (3 days) to pay $300 in Bitcoin to undo this, or can take up to 7 days to pay $600. During that period, if the payload on your machine receives a “they’ve paid” signal, it will unscramble your files. If the 7 day limit is passed, your files are re-scrambled with a random encryption key which is never saved, so your files are permanently scrambled. Or at least for the next few years until tech and decryption breakthroughs mean it will take days not decades to decrypt your files. By then, you’ll likely not care.

Signs of a Compromised System

Basically, you’re using your computer and it gets slower, and you might get errors running programs you use routinely, or messages about corrupted files. This is the infected stage – the payload is on your machine and is in the process of encrypting your files. Turning off the computer or shutting down won’t necessarily stop things, but it might. It also might result in your already-encrypted files being permanently scrambled as the tool didn’t get a chance to complete the process and present a ransom demand. If the files are important, it’s almost better to let the encryption process finish so that you can pay them off, confidant that your files are recoverable.

Once the payload has determined that its encrypting-files job is complete, it will present a screen that you cannot dismiss. It will contain instructions, links to tech help, often even live chat-based support, believe it or not. Once you see the screen, it’s time to go buy $300 of Bitcoin and send it to the file-nappers. There are no other options, sadly – the FBI, NSA, etc. cannot help.

So when you hear about a hospital or a company dealing with this, we’re talking about many-to-most-to-all computers being infected. Imagine how much a company has to pay to release all their computers! In a home user situation, having to pay for one machine is bad enough, but having to pay for multiples can quickly get very expensive. Hence the utility of having your files backed up – as long as you have them, you can pay to release the important computer or two, and for the rest, you can reformat, re-install the Operating System, and all your programs.

 

These truly are scary times – take precautions and be safe!

 



Something Strange is Happening on Twitter

Or as we call it around here it is a day ending in day!

More seriously Twitter seems to be deluged by bots signing up to follow the President’s personal and/or official accounts and, at least for now doing nothing. There are also widespread reports of people who are not following the President being signed up to follow the President’s personal and/or official accounts without their permission. They are also apparently following other elites and notables like Secretary Clinton, President Obama, even Ellen Degeneres.

From the white hat hacker known as the Jester.

No one is quite sure what it means or what is going on (after the jump). Read more



Update Your Linux Machines Folks

Researchers found a major bug in Samba, a core component of many Linux and Unix systems as it controls storage and interfaces with Windows and other non-Unix things.

The issue allows a bad guy to run unapproved code uploaded remotely as a root user. Your firewall has to have the right port open, but lots of folks do that to solve a temporary need and then forget to close the port to outsiders.

So, should you have home or work Linux machines, take a few minutes and update them. This also applies to many less-obvious Linux machines such as my personal favorite, the RaspberryPi.

Many use them as cheap controllers for home storage, media centers, home automation, etc.  So don’t neglect them folks – if they get compromised, that’s just a ticking time bomb waiting to get worse.

Unrelated to this news, we’ll be tightening the site up a bit more in anticipation of increased efforts by bad guys.

On the test server front, the good news is that it’s up and running. There are still a few more details to take care of, and I’m pretty much not doing any work from now until Tuesday as I have lots of IT duties and plan to take apart, re-organize and put back together my home office. Fun fun.

Finally, don’t forget that tomorrow at 12:30 Eastern, my guest post on Oceanography will launch, with the author in the comments ready to answer questions. I found his intro to be very interesting, and it led he and me into an in-depth discussion of the numerous crises in our oceans that are here, or will be soon.

 

Open Thread!