Friday, November 28, 2003

As you may have noticed (from the bottom of this page), I'm concerned about my right to fairly use the copyrighted material I purchase. I don't see any problem with copying such material to a different medium, and possibly converting it to different format in the process, so long as it is for my personal use and convenience. (These concepts are captured in points #2 and #5 of the Consumer Technology Bill of Rights.)

Since Canadian copyright legislation has been in the media a lot lately, I took it upon myself, being the concerned citizen that I am, to learn more about it. Initially, I was surprised to discover that the Copyright Act defines the copying of a musical work embodied in a sound recording for private use in terms of the copier, not the owner. In other words, so long as you do the copying, copying music for your own use does not infringe the artist's copyright. It doesn't matter whether you own the CD, cassette tape or musical file.

However, what I couldn't figure out was whether I had fewer rights to use the copy than I did the original. Was a copy of a copy illegal? Well, the answer seems to be "Maybe." According to Neil Herber, even though the Copyright Act makes no mention of the source (i.e., whether you're copying the original sound recording or a copy of it), your original intent behind making the copy is important (i.e., you planned to loan your copy to your friends).

Tuesday, November 25, 2003

Well, Pete Lindstrom is at it again. This time, he's quoted in a Register article on some Diebold ATMs that were infected with the Nachi worm. While not as boneheaded as his comparing virus writing and sex, this quote is still a beaut:
I think of ATMs as a relative of SCADA systems, as those things not really being on the Internet, but being on some network, says Peter Lindstrom, an analyst with Spire Security. In some ways, it's kind of ironic, that I think standardization across the board has created some of the issues.

Merriam-Webster defines irony as 3 a (1) : incongruity between the actual result of a sequence of events and the normal or expected result (2) : an event or result marked by such incongruity.

So, what exactly is incongruent about standardization causing security problems? It may not be intuitive, but, as security professionals know, it's one of the disadvantages of homogenous systems, to be balanced against their many advantages. Defense-in-depth ring a bell, Pete? If your network design calls for layered firewalls, use different products at each layer. Exploits that work against one layer will likely fail against the other.

Man, this guy is really starting to bug me.
By the way, for a peek at the lighter side of my life, check out what I'm watching.

Monday, November 10, 2003

The London Free Press is running a story about Ontario's Internet and telephone voting options. I'm surprised by the amount of media coverage this is getting; it's a municipal election, after all. Heck, even the Slashdot community is throwing in their two cents.

Of course, boosting voter turnout is the focus of the London Free Press article. Security and privacy requirements get a paragraph:
Church [the president of CanVote Inc.] said the system uses security measures based on world standards for financial transactions like those used in online banking or credit card transactions.

Has anyone considered the possibility that the security and privacy requirements for financial transactions may differ from those for on-line and telephone voting? Limited liability plays a big role in the security of financial transactions (in North America, anyway; I understand the U.K. is a bit different). Would it play any role in on-line voting? It isn't like a voter can point to an unbalanced cheque book at the end of the month when something goes wrong. I read about Elections Canada's interest in this system, and I find myself doubting whether these questions have been asked, let alone answered.
Federal Government House Leader Don Boudria planned to observe the system in action tonight as ballots are tallied.

"As minister responsible for the Canada Elections Act, electronic voting is of particular interest to me," Boudria said.

"Voting electronically addresses issues such as time and distance that sometimes prevent people from voting."