If I publish a website with confidential information that only a select group of people should have access to, am I still obligated to allow others to link to my site? It would seem to me that content holders should be able to control who has access to their content. And although there is a distinction between the actual content of a page and it’s URL, I’m not sure the distinction is so great as to allow for “linking-as-a-right.”

Fascinating article about Wikipedia. In many instances, multinational corporations have had to censor or readjust their policies to conform to the local norms or rules. In the case of the Internet, much commerce (and especially Search Engines) have been largely dominated by American companies – with correspondingly libertarian and free-speech advocating policies (comparatively). So when those Internet companies have entered into other countries with less absolute adherence to free-speech, they have often had to shift the balance toward the rights of the community/culture instead of the individual.

However, the recent security breach at Google (which was traced back to Chinese hackers allegedly under the employ of the Chinese government) lead to the shocking announcement by Google that they will be withdrawing from their operations in China if the breach is not addressed by the Chinese government.

Them is fightin’ words.

The breach surrounded the accessing of email accounts with known affiliations to human rights organizations. It certainly highlights the tension that exists between the search giant’s generally free access to information and the censorship demands of the world’s most populous country – censorship policies often referred to as “The Great Firewall of China.”

Will these kinds of issues result in changes to the traditions, cultures, and policies of the less libertarian countries? Or will new companies within those countries (like Google’s Chinese competitor: Baidu) fill their places in the marketplace to offer services more in line with local customs and rules?

Certainly interesting questions to ponder.

Apple is notorious for its locked-down approach to the iPhone. Apps have to be approved before they can become available to iPhone users. And Apple hasn’t had the best track record with App developers. So I guess the situation was ripe for a work-around that ended up compromising the security of the iPhone. It’s certainly well-within Apple’s ability to alter the firmware of the iPhone to prevent jailbreaking. But it remains to be seen whether Apple takes the security issue seriously enough to prevent jailbreaking and thereby alleviate the screenshot worries.

In the legal world in the U.S. at least, policy is often based on case law. In this case, I’m betting that a major player like Google might be the one to set legal precedent – good or bad. I certainly have appreciated Gmail’s exemplary spam filtering abilities, but I also realize the potential issues with data confidentiality.

Another issue with IP addresses is that for unsecured home wireless networks, any user connected to the network will show as originating from the same IP address. Say your neighbor decides to download music illegally over your unsecured wireless network. When your ISP (Internet Service Provider) shuts down your internet connection, there’s little way to show that it was someone else other than you on your wireless network.

So, while an IP address can usually lead to the initiator of an illicit action, a significant burden of proof rests with those investigating. And in the case of the spyware used by the FBI, while it can certainly aid in collecting information on those whose are not tech-savvy, it might mislead an investigation based on an incorrect assumptions about the link between a user and their IP address.

I do agree with what you say we are going to have to do – assemble the best group of chefs we have and make the most of it. The DHS doesn’t seem to see the situation in a similar light, or at least their press release didn’t reflect that view.

Given that I encountered a case a few years ago that hinged upon the admissibility of information gleamed from a social networking site, I have a particular interest in this discussion. As Facebook and MySpace have become more and more popular, the number of cases involving the evidence have become more and more prevalent. There are numerous cases involving threats of school violence where the supposed attacker has posted his intentions online. See, for example, this article describing arrests made after students discussed a school shooting on a MySpace page http://www.oregonlive.com/news/index.ssf/2009/11/police_arrest_two_18-year-olds.html.

Not only is it true that law enforcement officials have been making use of social networking sites to catch criminals based on personal information on profile pages, they have also used the sites as a way of tracking users.

DISCLAIMER: For those of you who do not know me, I will be the first to admit that I am not tech-savvy. I do not know tech lingo and cannot even begin to describe how a computer really works. However, even with my limited technological ability, I find this next case particularly fascinating.

In 2007, the FBI began using a type of spyware that allowed it to trace bomb threats. During 2007, the FBI submitted an affidavit in support an application for a search warrant. I found a public copy of the affidavit at http://www.politechbot.com/docs/fbi.cipav.sanders.affidavit.071607.pdf that describes the technology. For those unfamiliar with the process of obtaining a search warrant, there is a written request submitted to the judge that is often accompanied by an affidavit written by an investigating officer.

Perhaps the most interesting part of the affidavit is contained in paragraph 7, which describes the types of information officials hoped to uncover if the judge granted the search warrant:

“As such, the property to be accessed by the CIPAV request is the portion of the activating computer that contains environmental variables and/or certain registry-type information; such as the computer’s true assigned IP address, MAC address, open communication ports, list of running programs, operating system (type, version, and serial number) internet browse and version, language encoding, registered computer name, registered company name, current logged-in user name, and Uniform Resource Locator (URL) that the target computer was previously connected to.”

For those of you with a better understanding of technology: Does spyware, such as that requested by the FBI in the affidavit, represent a real possibility for locating and catching those who make anonymous threats online? Furthermore, what are the implications of such warrants? (Given that the case for which the warrant was requested involved supposed terrorism I imagine the standard for granting the warrant would be different in cases not involving terrorism. Note: Threatened school shootings are considered terroristic threats.)

I leave you with one final and somewhat tangential thought. During the case I encountered a few years back there was a question as to whether the evidence would be admissible because it was difficult to ascertain whether the individual who created the account had actually posted the threat. Is there any way around the authentication issues? Sure, we can figure out the IP address of the computer used to make the posting, but can we ever really be sure that the post was made by the accused? Of course there were always difficulties in handwriting analysis (not exactly a sound science in case you have never encountered a handwriting expert), but aren’t the issues even greater here?

Not focusing on the legal aspects for the moment, I think one can even more strongly argue than you did that the US is underprepared on cybersecurity. Allow me to borrow from the Journal’s story:

The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.

(emphasis added)

So it’s not that we can’t encrypt the video feed. It seems more that our military (and, by proxy, our intelligence services) are operating on flawed assumptions. If our assumptions are inaccurate, won’t our responses spiral off the mark as well?