security


Unfortunately, I haven’t been keeping this site up to date as I’ve been blogging on the Stanford Law School Center for Internet and Society site.  To that end, here are my most recent posts:

The Unintended Consequences of CISPA

New Cybersecurity Bill Available

Revised Cybersecurity Act Needs Amendments for Privacy, Security

Thanks for following along.

 

New Research Suggests That Governments May Fake SSL Certificates | Electronic Frontier Foundation.

I say “probably” in this article Enter Stage Right: The “Cyber Czar”.

My recent post on the EFF blog talks about the difficulty that web security researchers have doing their work, in light of the Computer Fraud and Abuse Act and similar state statutes. While pen testers and other hired security guns can get written authorization to do security audits, members of the public have little leeway to explore the ways a website works or breaks, even when that vulnerability means that customer data is exposed to fraudsters. Read the post –Computer Crime Laws Chill Discovery of Customer Privacy Threats | Electronic Frontier Foundation– for more about the issue.

Tomorrow is my due date. Its common for first time mothers to give birth anytime around the “due date”, plus or minus about two weeks. However, it is much less common for multiple gestation pregnancies, like my twins, to go all the way to term. Like many women, I’m now confronted with the question of whether or not to induce labor. Below I review some of the freely accessible medical literature on this question and conclude that there is no “Answer” to how an educated consumer of medical care would answer this question.

First, though, the added factor that I’m carrying twins complicates an already complicated issue in a couple of ways. There’s an increased chance of stillbirth with at-term twins, so getting them born is a higher priority. Twins are hard to carry, so hanging on to them longer has an deleterious impact on my fitness and health. And, I’m already at risk for an increased c-section rate, so I’m not sure whether to give additional risk greater or lesser rate (if its going to happen anyway, who cares vs. its already bad why make it worse).

Second, I should say that I would just schedule the c-section or induction if the babies would be healthier with it, even if the choice would compromise my ability to care for them right after their birth. The end result you are looking for is healthy babies, healthy mom. But these babies are perfectly fine, and the non-stress test they are submitted to every week shows health and liveliness. So we’re talking about health risks in the absence of evidence of any problems.

My natural childbirth teacher and the midwife community rejects induction. I respect this view, but I do think it tends to be based on a quasi-religious belief that “natural” is better than “medical”. Without getting too deeply into this opinion, I’ll just say that the metaphor they always use for birth is what a cat does when it goes into labor. But we are not cats. Human babies have disproportionately gigantic heads. This causes a different set of problems than a mama cat faces.

My doctor, like many doctors, recommends induction at 41 weeks. This is because a 1999 study shows that induction at 41 weeks (versus waiting for spontaneous labor at 42 weeks) has no effect on c-section rates and decreases the stillbirth rate. I respect my doctor, trust her, and think she’s very competent. But, I think she’s trained to believe that the application of her skills increases the chances that everything works out ok, as opposed to doing nothing. I don’t believe that this medical view takes into account all the relevant health and emotional factors for either mother or babies, it is intended to maximize survival regardless of other costs. Which is great if survival is at stake. But what if its not?

For example, induction and an unnecessary c-section has far less of an impact on her than on me. Induction means being connected to an IV and to fetal heartbeat monitoring devices. That means being pretty restricted in terms of movement, which means that a lot of the labor management techniques I learned in childbirth class will not be available to me. As a result of the more powerful contractions brought on by induction drugs and the limitations on my movements, I’d be more likely to need the epidural, which has its own risks and rewards.

More troublesome for my decision making, there are studies that reject my doctor’s conclusion:

Here’s a 2005 study saying that induction at 41 weeks means longer labor, more epidurals and no outcome benefits for babies or mother.

Plus, there are several other studies that show that elective induction increases the risk of C-section in first time mothers:

October 2000

February 2002

In short, you can basically find a study to support either view about the risks and benefits of induction. To determine which is right, or perhaps “righter”, you need to look at the methodology of each in a much more in-depth way that is appropriately the domain of professional scientists and medical professionals, and not the casual medical consumer like myself. I can look up critiques of each of the studies, but even there I’m just going by what someone else says, since there are criticisms on both sides. Do doctors and scientists have a consensus, because if so, its not clear to me, and consensus is often wrong.

In the end, I feel left with not much more than gut instinct. What do I follow, my doctor, or my anecdotally-based prejudice against induction? Whatever I decide, anything could happen. Take a simple game, like Blackjack. You play according to the odds, but sometimes you lose and sometimes you win. The same is true with medical decisions, and could be true for me. But I won’t have the mantra I recite to comfort myself when I lose at Blackjack, which is “at least I have the satisfaction of knowing that I played correctly”.

For the pregnant woman, there’s no odds cheat sheet to pull out of your wallet when you’re sitting at the green felt table.

In this week’s Circuit Court column, I write about the legislative battle over changing our communications eavesdropping laws and a related issue of giving telcos immunity for illegally helping the government surveil us. This issue is so important, now that the nominee for Attorney General, Judge Michael Mukasey, says that the President does not have to obey the law if he believes it contradicts his national security responsibilities. Of course, you could argue that the laws are actually less important if the President isn’t even going to follow them. However, if that’s true, lawsuits against telcos may be the only way for the public to find out what our government is actually doing. Read more about one possible future of freedom and privacy here: What’s at Stake in the Surveillance Debate in Congress

Nations Soul Is at Stake in NSA Surveillance Case

For those of you with whom I have not had the pleasure of speaking in the past five months, who do not read Valleywag, or my husband’s blog, Brad’s Sketchpad, I’m hereby formally announcing that Brad and I are expecting twins in early December.

For those of you who have known me for a long, long time, you are probably pissing yourselves with schadenfreudistic glee that not only did I get married and procreate like I said I never would but you always knew was bullshit, not only that, but also fate duped me into having two at one time.

Others may be thinking, and indeed, have said in not so many words to my very face, “fucking over-achiever, it figures.” Both responses are welcome insights into the vulnerabilities of my personality, more of which are sure to be revealed by the awesome task ahead.
My own feelings could first be described as “shock” and now as “awe”. The science of how your body changes to accomplish this feat of procreation is nothing short of miraculous. On the other hand, its also pretty uncomfortable, and doctors disagree on some of the most basic questions, the answers to which you would think we would know, given how long women have been doing this thing.

Now that I’ve come out as a pregnant lady, I’ll be blogging more about the stuff that occupies my mind these days. Its not much different from the stuff I usually think about, but just writ in a different context. For example, my interest in security means I think a lot about risk mitigation and the strengths and limitations of cost-benefit analysis. Now I’m translating that framework for policy making to the question of whether to eat sushi, what baby car seat to buy or whether to use plastic or glass bottles.

At the end of last year, I wrote a chapter on law and ethics for a new O’Reilly book on network security.  It was a bit of a challenge to say something useful, accurate and concise on the topic, which I’ve been studying for most of my legal career, but I think I managed to cover the bases in an interesting and enlightening way, without being either too shallow or too pedantic.  Now, the book is available for purchase and I’m thrilled.
OReilly Media — Bookstore: Security Power Tools

Let me know if you like the book, opinions about the chapter I wrote and whether you think that there’s a need for a longer examination of the issues, either for lawyers or for security researchers.  I want to thank Mike Lynn for thinking of me for the book, and Patrick Ames for making the process so smooth.

Michigan man dodges prison in theft of Wi-Fi | Tech news blog – CNET News.com

Arrgh! Why don’t these wi-fi users call me? I’d love to help fight a prosecution like this.  Apparently, Orin Kerr and I agree that there are a lot of solid defenses to this kind of charge.  I’ve even written a motion that is a broader corollary of the due process claim Orin describes.
The brief argues that Anglo-American jurisprudence usually requires that the criminal defendant have a guilty state of mind (mens rea) and that if a statute does not expressly state that the crime is one of strict liability, then courts must read mens rea into the statute.  What this means for users of open wireless access points is that the prosecution should have to prove that they knew their access was prohibited by the owner, and that lack of authorization can not be presumed, especially in the absence of security barriers or warnings.
Now I’m just waiting for an opportunity to use this argument.

Next Page »