IPhones Most Revolutionary Feature: Unauthorized Hacks

Nations Soul Is at Stake in NSA Surveillance Case

Courts Turn Against Abusive Clickwrap Contracts

Wednesday’s Wired News column is about the state of the law wrt EULAs, terms of service agreements and other mass market contracting.  Two new cases suggest that courts are going to get more deeply into the business of protecting consumers from oppressive terms in these “take-it-or-leave-it” contracts.  In the column, I discuss the cases and argue this is the right approach.

Courts Should Shield Web and E-Mail Data From Nosy Cops

In today’s column I explain two new cases that take different approaches to constitutional privacy protections for digital communications depending on whether the courts understand the communications to be “content” or “transactional information”.  Which of these are protected from warrantless seizure by the government:  your email messages or a list of the websites you visit?  Read the column and find out.

At the end of last year, I wrote a chapter on law and ethics for a new O’Reilly book on network security.  It was a bit of a challenge to say something useful, accurate and concise on the topic, which I’ve been studying for most of my legal career, but I think I managed to cover the bases in an interesting and enlightening way, without being either too shallow or too pedantic.  Now, the book is available for purchase and I’m thrilled.
OReilly Media — Bookstore: Security Power Tools

Let me know if you like the book, opinions about the chapter I wrote and whether you think that there’s a need for a longer examination of the issues, either for lawyers or for security researchers.  I want to thank Mike Lynn for thinking of me for the book, and Patrick Ames for making the process so smooth.

Yesterday’s Wired News column, filed from our pied a terre in Amsterdam, discusses the clash between the right to privacy and the right to free speech, as represented in a lawsuit by the local royal family against a tabloid it seeks to stop from publishing photographs of the young princesses playing on the beach with their mother and nanny. You can read the whole article here.

In yesterday’s Circuit Court column “Free the Spam King” I take on the question of whether criminal prosecutions will stop spam, or are even fair. This one has engendered a lot of hate mail. It seems the only thing people hate more than child porn is spam.

Today’s Wired News column is Hack My Son’s Computer, Please, a discussion of the Fourth Amendment opinion in U.S. v. Andrus (pdf), issued in April by the Tenth Circuit Court of Appeals. In the case, a three judge panel of the Court said that police reasonably believed that a 91-year-old father was an authorized user of his adult son’s password-protected computer, in part because the officers did not know the computer was password-protected because they used Encase to scan it. The defendant’s attorney will ask the full Court to rehear the case en banc and my colleague, Professor Paul Ohm at the University of Colorado Law School, and I are working on an amicus brief in support of the proposition that where the only thing authorizing a search of a private computer is the consent of a third party, the officers can not use a tool that is designed to disregard locks that keep that third party out, indicating that the person didn’t have the authority to consent to the search in the first place.  I’m studying EnCase for the brief. Any ideas are welcome.

For more discussion of the Andrus case, visit this threat on The Volokh Conspiracy.

Online Advertising: So Good, Yet So Bad for Us is my latest Wired News column.

The column discusses a debate at this year’s Computers Freedom and Privacy conference between Jeff Chester of the Center for Digital Democracy and Mike Zaneis from the Interactive Advertising Bureau. On one side, Chester argued that online advertising is privacy invasive and should be subject to consumer opt-in.  On the other side, Zaneis argued that advertising makes great content possible, gives people ads that are relevant to them, and doesn’t collect sensitive information.  I find something each man says to disagree with in the column, and don’t necessarily come up with a better answer.  Both Chester and Zaneis wrote me nice emails about the column, which I really appreciate.

The ABA is having a conference on Computing and the Law June 25th and 26th. Here’s the schedule (pdf). I’ll be speaking on the 26th about the future of law and the internet. Looks like it should be an interesting event.
Will Bioterror Fears Spawn Science Censorship?

My latest Wired News column revisits an issue I wrote about in a law review article a few years ago for the Yale International Journal of Communications Law and Policy, The Price of Restricting Vulnerability Publications. In that article I compared proposals to limit the publication of computer security holes with the best practices in the natural sciences, including microbiology. Acceptable restriction guidelines were very, very narrow, and totally voluntary. Recently, however, a new task force organized under the National Security Act is proposing more restrictive guidelines, and while the proposal speaks in voluntary terms, the board reports are clearly resigned to the inevitability of future federal regulation of scientific publications. This bodes ill for advancement in science, and by analogy, computer security. In the column, I point to some other ways we can mitigate the risk that scientific research will be misused by criminals and terrorists.

« Previous PageNext Page »