Jan 282012

Some items from the past week:

Jan 252012

Posting may be light this week as I attempt to further wrangle the WordPress installation.  You may have already noticed the look and feel change rather drastically; beware, it may change more drastically still (or not).  But hopefully after working out the kinks I’ll have a nice stable, scalable blog to post all about the many, many instances of criminal law running headlong into technology.  My only wish now is that the news slow down so I have a chance to get caught up…

Jan 232012

This article in the Korea Times reports that several large online presences in Korea have stopped asking for users’ resident registration numbers when subscribing to their sites. They began to ask in 2007 as a means of ensuring compliance with the government’s requirement that users provide their real names. However, the government had no means to enforce that rule on foreign websites, and it has led to instances of identity theft.

Nexon recently had the private data of 13 million users hacked. Nate and Cyworld, its sister social networking service, had 35 million users’ details compromised after being hacked. After a series of private information leaks at large businesses like Nate, Nexon, Auction, and Hyundai Capital, now virtually all the resident registration numbers of Koreans are available.

As they hold the key to entering Internet sites, criminals can collect almost anyone’s details by collecting information from two or three websites, acquiring names, phone numbers, email addresses, home addresses, office addresses, shopping records, bank account numbers and even blood types.

Some victims submitted a petition to the court last month, requesting they be allowed to change their registration number. “We are on the verge of suffering from more damage as we are forced to continuously use our leaked registration numbers with no countermeasures being taken so far,” the complainants said in their suit.

The Korea Communications Commission is now planning regulation preventing resident numbers from being held online.

Jan 232012

Agence-France Press is reporting that a Bangladeshi high court has ordered police to prosecute Jahangirnagar University teacher Ruhul Khandakar for sedition as a result of a comment made on Facebook. The comment, since deleted, was “[Famous Bangladeshi filmmaker] Tareq Masud died as a result of government giving licence to unqualified drivers. Many die, why does not [Prime Minister] Sheikh Hasina die?”

He was also sentenced to six months in jail for contempt of court after he failed to respond to repeated summonses to explain a Facebook posting. The article reports Khandakar has been studying in Australia and these proceedings happened without him.

It also cites a local lawyer saying that this is the first time a Bangladeshi has been ordered to be jailed and tried for sedition over comments made on a social networking site.

Jan 212012

Various recent news:

Jan 142012

Other recent items of interest…

First, catch-up:

Continue reading »

Jan 132012

Last month Kapil Sibal, acting telecommunications minister for India, floated the proposition that social networks actively filter all content appearing on their systems.  Now comes news that a judge in New Delhi also thinks web censorship appropriate.  From the New York Times:

The comments of the judge, Suresh Kait, came in response to a lawsuit, filed by a private citizen in the capital, New Delhi. The suit demands that Internet companies screen content before it is posted on sites like Facebook, Google or Yahoo, that might offend the religious sentiments of Indians. A related criminal case accuses the companies — 21 in all — of violating an Indian law that applies to books, pamphlets and other material that is deemed to “deprave or corrupt.”

A trial court in New Delhi on Friday ordered that summons be served in the criminal case to officials at all 21 companies at their foreign headquarters’ addresses.

Google and Facebook refused to comment on the case, except to say they had filed a motion in the New Delhi High Court to dismiss the criminal case.

Their motion will be considered on Monday. Continue reading »

Jan 112012

A word about “hacking.” Hacking is a word often colloquially misused to describe the unauthorized access of a computer system. Among self-described hackers, however, the correct term to describe such behavior is “cracking,” as in “safe cracking.” “Hacking” instead describes a far more neutral, or even beneficial activity: the creative problem solving involved in engineering a solution. (Links point to Eric Raymond’s Jargon File.)

It would greatly assist policy discussion to keep these terms clear, particularly given the interest in criminalizing the unauthorized access of computer systems. Associating the activities of hacking with the more pejorative definition loses nuance and tends to lead to the criminalization of more benign, even objectively good, technology uses.

Thus this site will endeavor to use the correct term as much as possible. But when citing other media it may necessarily parrot whatever word was used, however incorrectly.

Edit 2/20/13: I’ve realized I’m shouting into the wind on this issue. “Hacking” is too colloquially accepted to describe all sorts of innovative applications of technology, good and bad, to ever completely avoid. But I will remind others that the term does indeed describe both good uses and bad uses and should not be presumed to be a pejorative.

Jan 102012

Yes, I do have other relevant things to blog about than more TSA antics.  This isn’t supposed to be a TSA-only blog.  But (a) some recent news is too outrageous/tempting to skip, and (b) there are relevant lessons to be extrapolated.

First, the news.  Remember the cupcake the TSA seized because its frosting was too “gel-like”?  Well, the TSA claims it has been unfairly criticized.  It was not that the cupcake had “gel-like” frosting; it was that the cupcake was in a jar.  As it happens, the woman whose cupcake this was denies the TSA’s description of the cupcake seizure.  But, really, does it matter?  Because even if the cupcake was in a jar, it was still deemed a threat and seized.  The TSA is very, very good at deeming things threats and seizing them.  But actually assessing whether something is truly a threat is another story.

Which brings us to the applicable lessons relevant to this blog:

People in authority are very good at deeming things threats.  They are very good at using their police power to exert control over what they deem as threats.  They are less good at actually meting out their authority commensurate to the actual problem, and as a consequence it’s very easy for innocent people to have their rights unduly affected.

These observations hold for many contexts, and technology regulation is no exception.  Exercises of governmental power can easily be heavy-handed, imprecise, and ill-suited for the problems they pretend to solve.  The identification and definition of the underlying problems can also be equally ham-fisted and oftentimes ignorant of actual risk.  Which is not to say that all government regulation is illegitimate.  On the contrary, these examples illustrate why it’s important to question and discuss exactly when and how governments should be involved in technology use and development.  They may well have important roles to play.  But only if they are played with care.

Edit 1/11/2012: Updated to provide a direct link to Bruce Schneier’s commentary about the TSA’s admission of its own irrelevance.

Jan 072012

Other interesting items from this past week (or so):