April 23, 2014

avatar

Where Are the Legal Lossless Downloads?

I must have been very nice last year, because Santa brought me a Sonos Connect Wireless HiFi System and Network Attached Storage (NAS) with Wake-on-LAN for Christmas. This particular combination of hardware can mean only one thing: I will spend the waning days of 2012 and the beginning days of 2013 ripping my entire CD collection (which is not small) into lossless files. After poring over audiophile blogs and lurking on discussion forums, I chose FLAC (Free Lossless Audio Codec) as the format for my ripping binge. FLAC has the great virtue of combining openness with losslessness, and it seems to be the coin of the realm for the digital audiophile set. I’ve been using dbPoweramp as my ripper, and it’s all been going very well. Albeit not perfectly. There is the occasional track that for whatever reason—some physical defect in the disc or some blip in the ripping or the encoding—I cannot get FLAC-ed. Last night’s file, as it happens, was Fine Young Cannibals’ “Couldn’t Care More.”  No matter how much I tweaked the ripping and encoding settings, I couldn’t get a proper lossless copy. So I decided to do what any law-abiding music consumer would do in my situation: I searched the Internet far and wide for a paid (i.e., legal) lossless download of the song. I would have bought FLAC or ALAC or anything else lossless. Reader, I searched in vain. I don’t know why this surprised me, knowing what I do about the supply-side causes of digital piracy. But it did. I found more than one adware-bloated torrent for the FLAC version, but I couldn’t find the authorized article in anything but lossy format from Amazon or iTunes. I could, I suppose, just buy a new CD and try my luck again, but that seems a little perverse, given that the whole beauty of the digital download model is track-by-track purchasing. And I already bought the whole CD once.
[Read more...]

avatar

Technology & Nature – Perfect Together?

The ongoing recovery from Sandy’s devastating impact from the Caribbean to the East Coast of the U.S. – particularly New Jersey and New York – highlights for me the complex relationship between nature and technology. Satellite technology and meteorology were vital in predicting the storm and undoubtedly saved lives. No matter the accuracy of the predictions, however, Mother Nature still rendered many laptops and iPhones useless. On the day after the storm, electricity starved wireless device users, fortunate to not have other, critical needs, were lined up at libraries and other public places with open power outlets.

At this point, it is well known that mobile devices, texting, and Twitter play critical roles in linking citizens with government officials, including first responders. Mobile devices and social media allow families, friends, and neighbors to collaborate and comfort each other during emergencies. Particularly in times of weather-related adversity, wireless technology is vital to bringing communities together.

What about in quieter times? Does wireless technology enhance or detract from an individual’s relationship with nature when there is no crisis? When there is no urgency to tweet a photo? Great authors have grappled with this question recently. Princeton graduate Walter Kirn argued earlier this year in an excellent article in Outside magazine that “nature and technology need not be kept at a distance, as though they might spoil each other if they should touch.” I agree. Out on a bike ride, I enjoy stopping for a moment to capture with my iPhone camera the sun glistening off a pond or the fall flowers blooming at the edge of the road. Using my iPhone briefly does not jar me from appreciating the simplicity and beauty of my surroundings; it allows me to capture a moment and share the joy of that experience later with family and friends.
[Read more...]

avatar

End-to-End Encrypted GMail? Not So Easy

Last week Julian Sanchez urged Google to offer end-to-end encryption for GMail, so that your messages would be known to you and your browser (and your email correspondents) but not to Google itself. Julian explained why this would be a positive step for users and, arguably, for Google itself. Let’s talk about what would be required to make it happen.

We have had standards for end-to-end email encryption for a long time: PGP since at least 1996 and S/MIME since at least 2002. In these systems, each user has a private key that they use to encrypt and digitally sign their email. If two people know each other’s public keys, they can exchange email securely without the network, or even their email services, being able to read or tamper with the messages. This feature has long been supported in desktop email clients. What would we need to make it work for a cloud email service like GMail?
[Read more...]

avatar

You found a security hole. Now what?

The recent conviction of Andrew “Weev” Auernheimer for identity theft and conspiracy has renewed interest in the question of what researchers should do when they find security vulnerabilities in popular products. See, for example, Matt Blaze’s op-ed on how the research community views these matters, and Weev’s own response.

Weev and associates discovered a flaw in AT&T’s handling of consumer information, which allowed anyone to download personal information about users of AT&T’s iPad wireless data service. Weev wrote code that systematically downloaded information on more than 100,000 of those users. Was that enough to get him convicted? Reading between the lines in press accounts, it’s clear that that behavior, plus Weev’s long history of unsavory (though lawful) online speech and his personal eccentricities, were enough to get him convicted.

This will only make researchers more cautious about public discussion of vulnerabilities–which is a shame, because the research community is one of the main sources of public pressure on companies to follow better security practices. Though some companies seem to ignore or downplay security problems in their products–see Jeremy’s recent post for one example–the flow of information about the presence of vulnerabilities plays an important role in helping the market reward good security and punish laxity.
[Read more...]

avatar

What happens when responsible disclosure fails?

The topic of how to handle security vulnerabilities has been discussed for years. Wikipedia defines responsible disclosure as:

Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software often require time and resources to repair their mistakes. Hackers and computer security scientists have the opinion that it is their social responsibility to make the public aware of vulnerabilities with a high impact. Hiding these problems could cause a feeling of false security. To avoid this, the involved parties join forces and agree on a period of time for repairing the vulnerability and preventing any future damage. Depending on the potential impact of the vulnerability, this period may vary between a few weeks and several months.

[Read more...]

avatar

When Technology Sanctions Backfire: The Syria Blackout

American policymakers face an increasingly complex set of choices about whether to permit commerce with “repressive regimes” for core internet technologies. The more straightforward cases involve prohibitions on US import of critical network technology from states that we suspect may include surveillance backdoors. For example, fears of “cyber espionage” have fueled a push for import bans on routers and other equipment from China.

Things get more complicated when the United States chooses to place sanctions on technologies that it exports to “repressive regimes.” In October of last year, the Electronic Frontier Foundation revealed that routers made by US-based BlueCoat Systems had been used in Syria to filter dissent. EFF noted that this appeared to violate export controls established by the US Government, and chastised BlueCoat. At the time, this seemed like an odd stance for the EFF. On the one hand, there were clear harms to citizens on the ground. On the other hand, EFF has helped to lead the charge against the ill-fated attempt to criminalize exportation of digital tools. I am somewhat skeptical about the ability to draw a bright line between speech-enhancing tools and tools of oppression — especially when general purpose computers can easily be used for both.
[Read more...]

avatar

No Longer Bit Players: Internet Governance & Economic Growth in Developing Countries

The 200 sovereign state members of the United Nations International Telecommunications Union (ITU) will gather in Dubai this week for the World Conference of International Telecommunications (WCIT). The WCIT is a treaty developed to facilitate global interconnection and interoperability between telecommunications carriers.  The treaty was last reviewed in 1988, an era where the majority of telecommunications networks were state owned and controlled.
[Read more...]