Monday, 15 January 2018

Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it | Ars Technica

CYBER: Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it | Ars Technica: "Meltdown, applicable to virtually every Intel chip made for many years, along with certain high-performance ARM designs, is the easier to exploit and enables any user program to read vast tracts of kernel data. The good news, such as it is, is that Meltdown also appears easier to robustly guard against. The flaw depends on the way that operating systems share memory between user programs and the kernel, and the solution—albeit a solution that carries some performance penalty—is to put an end to that sharing.

 Spectre, applicable to chips from Intel, AMD, and ARM, and probably every other processor on the market that offers speculative execution, too, is more subtle. It encompasses a trick testing array bounds to read memory within a single process, which can be used to attack the integrity of virtual machines and sandboxes, and cross-process attacks using the processor's branch predictors (the hardware that guesses which side of a branch is taken and hence controls the speculative execution). Systemic fixes for some aspects of Spectre appear to have been developed, but protecting against the whole range of fixes will require modification (or at least recompilation) of at-risk programs." 'via Blog this'

Friday, 12 January 2018

Inside DuckDuckGo, Google’s Tiniest, Fiercest Competitor

Inside DuckDuckGo, Google’s Tiniest, Fiercest Competitor:

"DUCKDUCKGO’S SECRET WEAPON: HARDCORE PRIVACY

When you do a search from DuckDuckGo’s website or one of its mobile apps, it doesn’t know who you are. There are no user accounts. Your IP address isn’t logged by default. The site doesn’t use search cookies to keep track of what you do over time or where else you go online. It doesn’t save your search history. When you click on a link in DuckDuckGo’s results, those websites won’t see which search terms you used. The company even has its own Tor exit relay, allowing Tor users to search DuckDuckGo with less of a performance lag.

Simply put, they’re hardcore about privacy.

But things didn’t start out that way. Weinberg, who says he has “always been a privacy-minded person,” wasn’t particularly concerned with search privacy issues when he first started building the service. In fact, he knew very little about the matter at all. Then early users started asking questions." 'via Blog this'

CYBER: Public Money, Public Code

Public Money, Public Code: "Free Software gives everybody the right to use, study, share and improve software. This right helps support other fundamental freedoms like freedom of speech, press and privacy.

Do you believe that Free Software should be the default option for publicly financed software?"



'via Blog this'

Thursday, 11 January 2018

CYBER More details emerge of Uber’s tactics for thwarting police raids – TechCrunch

More details emerge of Uber’s tactics for thwarting police raids – TechCrunch: "So what might be the legal implications for companies that put programs in place intended to deliberately destroy or otherwise render information inaccessible at the point it’s being sought by investigators or regulators?

“If they have knowledge of a specific investigation and a specific… search warrant… and they encrypt while that raid’s going on to stop the agents from accessing the computers that they have a court order to access that could be considered obstruction of justice,” says Josh Robbins, partner at litigation law firm Greenberg Gross LLP, discussing the risks of companies trying to thwart regulatory oversight.

 “If they were encrypting computers without knowledge of a specific investigation but encrypting computers as a security measure, just generally, I think it would be hard to make the allegation of obstruction of justice because they’d need to have knowledge of a specific investigation. It’s just a general security measure.

 “But it shouldn’t matter because if they receive a subpoena, say, or a court order to produce records then they have the obligation to use their decryption key and unlock the computers and access the information and provide it to the government — and if they refuse to do that then they would be subject to sanctions, contempt of court and so on.”

 In a civil case, a court could penalize a company for engaging in what’s known as “spoliation of evidence”, he notes" 'via Blog this'

CYBER e-Privacy proposal undermined by EU Member States - EDRi

e-Privacy proposal undermined by EU Member States - EDRi: "Although not every proposed amendment threatens fundamental rights, the Estonian Presidency proposed to broaden the scope of exceptions in significant ways. It suggested authorising some processing that goes beyond what is strictly necessary, not keeping consent as sole legal basis, and not putting up strong safeguards to limit the impact of this broadening on privacy.

This weakening of protections and predictability brings us closer to the kind of security and privacy chaos that the United States is experiencing. It would without doubt create the “chill on discourse and economic activity” that failure to implement privacy and security measures has caused in the US. But at least Facebook and Google will be happy." 'via Blog this'

CYBER: How Law and Computer Science Can Work Together to Improve the Information Society | January 2018 | Communications of the ACM

How Law and Computer Science Can Work Together to Improve the Information Society | January 2018 | Communications of the ACM: "What more can be done? Europe sets the global standards for regulation of content, notably in data protection and hate speech. The decisive power relationship in European law has swung to Germany and France. Regulation will increase, and Anglo-American companies increasingly recognize that and are embracing a French term: co-regulation. What that means is diluting government control of the Internet by ensuring a compromise based on industry self-regulation, but with oversight by users and by government regulators.

Examples include global Top Level domain name oversight. Governments have sponsored industry standards not only in Europe but globally via hosting and supporting the World Wide Web Consortium with industry.

 Co-regulation is the compromise computer scientists must live with. Totalitarian regimes want to use the threat of terrorism and cyber-crime to replace self-regulation with direct and often draconian control. Co-regulation is the best alternative.

Co-regulation is the compromise computer scientists must live with.

Areas for cooperation between law and computer science can flourish in co-regulatory institutions, because the best of them engineer a deliberative evidence-driven expert-friendly process. It can curb the worst excesses of both corporate and government control.

If lawyers and computer scientists cooperate to make these social regulation processes work, it is the best chance to prevent a much worse system of direct government control emerging."



'via Blog this'

CYBER: Res Robotica! Liability and Driverless Vehicles

SCL: Res Robotica! Liability and Driverless Vehicles: "The laws clearly assume a level of awareness of action that suggests the conscious machines sit somewhere between our traditional views of legal objects and persons. Professor Lilian Edwards and others have spoken extensively about the applicability of Asimov's laws and as part of a joint EPSRC and AHRC Robotics Retreat in 2010 proposed some 'principles for designers, builders and users of robots'[1] that are aimed at taking Asimov's rules and developing them for real world applications as well as setting out some overarching messages designed to encourage responsibility within the robotics research and industrial community.
Ten years on from the I, Robot film (and 70 from the book), robots are becoming mainstream.

This article concentrates on the development of robotic driverless road vehicles and specifically the issue of liability on the road." 'via Blog this'