December 9, 2022

Archives for March 2013

Security Lessons from the Big DDoS Attacks

Last week saw news of new Distributed Denial of Service (DDoS) attacks. These may be the largest DDoS attacks ever, peaking at about 300 Gbps (that is, 300 billion bits per second) of traffic aimed at the target but, notwithstanding some of the breathless news coverage, these attacks are not vastly larger than anything before. The attacks are news, but not big news.

The attacks were aimed at Spamhaus, which publishes lists of purported spammers. Unsurprisingly, the attackers appear to be associated with spamming—specifically, with Cyberbunker, which is accused of hosting spammers.

One interesting aspect of the attacks is the way they exploited externalities. “Externality” is an economics term. For our purposes, it describes a situation where a party could efficiently prevent harm to others—that is, a dollar’s worth of harm could be prevented by spending less than a dollar on prevention—but the harm is not prevented because the party has little or no incentive to prevent harm to strangers. Externalities are a common problem in security—they’re one of the reasons the market has trouble providing adequate security. The recent DDoS attacks exploited three separate externalities.
[Read more…]

How the DMCA Chills Research

I have a new piece in Slate, on how the DMCA chills security research. In the piece, I tell three stories of DMCA threats against Alex Halderman and me, and talk about how Congress can fix the problem.

The Chilling Effects of the DMCA: The outdated copyright law doesn’t just hurt consumers—it cripples researchers.

“These days almost everything we do in life is mediated by technology. Too often the systems we rely on are black boxes that we aren’t allowed to adjust, repair, or—too often—even to understand. A new generation of students wants to open them up, see how they work, and improve them. These students are the key to our future productivity—not to mention the security of our devices today. What we need is for the law to get out of their way.”

The New Freedom to Tinker Movement

When I started this blog back in 2002, I named it “Freedom to Tinker.” On the masthead, below the words Freedom to Tinker, was the subhead “… is your freedom to understand, discuss, repair, and modify the technological devices you own.” I believed at the time, as I still do, that this freedom is more than just an exercise of property rights but also helps to define our relationship with the world as more and more of our experience is mediated through these devices. I also believed that the legal tide was running against the freedom to tinker, as creative uses of technology were increasingly portrayed as illegal or deviant behavior. Now, at last, things may be starting to change.
[Read more…]

How the DMCA Serves as a Barrier to Accessibility

My op-ed on the DMCA’s barriers to accessibility just went live at Slate’s Future Tense. Here’s an excerpt:

[A]mong the DMCA’s many flaws is a significant one of which most people aren’t aware: For more than a decade, the act has imposed a barrier to access for people with disabilities. It hinders access to books, movies, and television shows by making the development, distribution, and use of cutting-edge accessibility technology illegal.

The full piece is here.

First Principles for Fostering Civic Engagement via Digital Technologies #2 and #3: Keep it Simple and Leverage Entrepreneurial Intermediaries

In my previous blog post, I set out the first of ten principles that local governments and communities should look to as they evaluate whether their community is using digital technology effectively to promote civic engagement and solve local problems. Today, I’m setting forth my second and third principles, “Simplicity – Bang for the Buck” and “Digital Intermediaries.” I have chosen to present these two principles together because they are linked thematically.

In almost every community, people are seeking information on public safety, jobs, education, transportation and healthcare. My second principle, “Simplicity – Bang for the Buck” suggests that governments, when determining which problems they can solve through an investment in digital technology, should look to improving government processes related to these core issues. My third principle acknowledges the reality that government itself cannot alone provide all of the information residents are seeking. Therefore, in a community which is engaged digitally, “Digital Intermediaries” – entrepreneurs, including journalists, who are a trusted source for providing local or hyper-local information to residents – will develop Internet and mobile broadband-based businesses providing people with information on these important topics.

Principle #2: “Simplicity – Bang for the Buck”
[Read more…]