hasimir: (Default)
2011-09-05 02:38 pm

New Players in the Great Game

Last week the complete unredacted diplomatic cables obtained by WikiLeaks last year were revealed to the world following a series of events involving WikiLeaks, the Guardian and possibly others. There has been much finger pointing regarding who is to ultimately blame for this, which is essentially pointless. The deed is done and the information is out. A couple of days later WikiLeaks, under the direction of Julian Assange, elected to update their Cablegate site with the unredacted data and provide a full mirror archive [torrent] and PostgreSQL database copy [torrent].

Already there are interesting revelations being brought to international attention by the latest data releases. There are also very valid concerns regarding the safety of intelligence sources, victims of crime and political dissidents who are identified in the cables. Amongst these have been the revelation that one or more cables identify current Australian intelligence officers, as reported in The Age and The Sydney Morning Herald.

Last Friday a statement [PDF] was made by Robert McClelland, the Australian Attorney-General, regarding this fact and confirming that the Australian Security Intelligence Organisation (ASIO), along with other agencies, were reviewing the material. Mr. McLelland reiterated that Section 92 of the Australian Security Intelligence Organisation Act 1979 (ASIO Act) makes it a crime to “publish or cause to be published in a newspaper or other publication, or by radio broadcast or television, or otherwise make public, any matter stating, or from which it could reasonably be inferred, that a person having a particular name or otherwise identified, or a person residing at a particular address, is an officer (not including the Director-General), employee or agent of the Organisation or is in any way connected with such an officer, employee or agent or, subject to subsection (1B), is a former officer (not including a former Director-General), employee or agent of the Organisation or is in any way connected with such a former officer, employee or agent.” That second part is obviously aimed at protecting the families of ASIO employees, while subsection 1B deals with exceptions where former officers have consented to their previous employment being made public.

This has led to speculation that Julian Assange could face prosecution under Section 92 of the ASIO Act. There may be the possibility of additional charges relating to officers of other Australian agencies, such as the Office of National Assessments (ONA) or the Australian Secret Intelligence Service (ASIS). In adition to the cable referred to by The Age and The Sydney Morning Herald there is at least one cable which lists the names of a number of senior ONA analysts and there may be more buried amongst the quarter of a million cables.

One of the problems facing any Australian prosecution in this matter will be whether or not charges can be laid based on the sequence of events. The initial revelations of the complete data came from a GPG encrypted file which had been available online via BitTorrent for several months and which was decrypted using a passphrase published by the Guardian. Each on its own could not reveal the information, they had to be used together to obtain the data. If charges were to be laid related to that, who would be charged? Julian Assange for creating the encrypted file? Another WikiLeaks staffer for putting it on BitTorrent? David Leigh and Luke Harding at the Guardian for publishing the decryption passphrase in WikiLeaks: Inside Jullian Assange’s War on Secrecy? John Young at Cryptome for providing the decrypted CSV file? Raymond Hill at Cablegate Search for using that data in his online database? Others?

That’s just dealing with the initial release of the data. The next question is whether or not Julian Assange or others involved with WikiLeaks can be charged for effectively republishing the data after it has already been decrypted by others? No doubt this is something which Australian Commonwealth prosecuters will consider following the reviews of the diplomatic cables being conducted by ASIO and others.

On Sunday the Attorney-General followed the national security theme with a statement [PDF] announcing a new national security awareness campaign promoting the National Security Hotline (NSH). The NSH was introduced in 2002 by the Howard Government and the initial advertising campaign in 2003 featured much derided fridge magnets for every household.

What is unclear about the latest NSH advertising campaign is whether it was already planned, whether or not it is in response to or accelerated due to the release of the unredacted cables or whether it is part of a push to turn public opinion against WikiLeaks. When the cables were being dribbled out with effort taken to redact information that could identify people at risk of violence or retaliation it was difficult for many people to take the government’s objection too seriously. The complete release last week changes that scenario completely and the publication has been condemned by the traditional media organisations, which had previously worked with WikiLeaks to redact and publish the cables. It is possible that the Attorney-General’s department views an elevation of national security in the public consciousness will make it easier for people to draw the conclusion that the cable publication and, by extension, WikiLeaks is to be condemned.

Regardless of one’s opinions of Julian Assange and WikiLeaks, either for or against, the fact is that the facility to provide a platform for the global release of sensitive material has been a major change for both national and international politics. It has shifted the concentration of power in ways which governments are not used to. They are beginning to learn a similar lesson to that of the media: that the people formerly known as the audience are able to actively engage to a greater extent than previously possible. Not only are people able to do this, but they actually do it.

As I type this there are people around the globe pouring through the released cables looking for interesting information. Some of the results are published by traditional media outlets, some are blogged about and some are included in the running commentary on Twitter or other social media networks. Most people refer to the latter as crowd-sourcing, but governments and intelligence agencies refer to it as open source intelligence. It is another example of ordinary citizens being able to level a playing field which has previously been restricted to governments, intelligence agencies, law enforcement and corporations with the budgets necessary to obtain and mine vast amounts of data. This shift is, unsurprisingly, of real concern to those organisations which have traditionally maintained a monopoly on information.

As a consequence, moves by governments around the world to attempt to limit or discourage this power shift are to be expected. Where that coincides with existing national security legislation, such as that protecting intelligence officers here in Australia, a link is able to be drawn between the power shift and a subtext of potential sedition. It’s not quite accusing anyone engaged in any aspect of the shift in power and sharing (versus control) of information of treason, but it is a manner of presenting opposition to people doing so as in the interests of national security. It is a subtle and dangerous approach to the changing nature of politics and intelligence, which could backfire. Yet it is one which will be pursued by any government seeking to maintain a concentration of power; that being, all of them.

It also won’t work, not completely, that genie is well and truly out of the bottle. The governments, intelligence agencies, law enforcement and corporations already know this; their game is now to limit anything which they see as potentially damaging. The extent of their success or failure in this will only become apparent over time; not just in relation to the various releases from WikiLeaks, but also information which will be released by other sources and organisations in the future.

There are new players in the Great Game of international politics, players who were previously viewed almost entirely as pawns. It will be very interesting to see how it plays out as the power and the rules shift.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-08-20 06:53 am

Preventing Political Blunders With Digital Signatures

Yesterday’s news that Paul Freebody, a candidate for the Queensland seat of Cairns, has been expelled from the Liberal National Party (LNP) highlights the need for the greater adoption of email encryption and digital signatures.

As with the OzCar Affair of two years ago, the issue here relates more to the verification that an email has not been tampered with rather than protecting the content from prying eyes. Thus it is a digital signature which would have been of use to Freebody in this case. Had he already been using OpenPGP compliant software to sign his emails, such as PGP or GPG, Freebody could have proven that the change to his email after signing and sending it was made by someone else, without needing to identify or, in this case, embarass that person.

The reports regarding the case of Paul Freebody are a little unclear as to whether the modified email had been sent from his computer or whether a family member who had received the email modified it and then forwarded it on. Regardless of which of those two alternatives it was, the regular use of a digital signature would have helped.

If the email had been modified on Mr. Freebody’s computer before it was sent, the prompt to sign the message would have prevented message from being sent without the relevant passphrase. If the relative had removed the signing option then Mr. Freebody could have pointed to the lack of the signature as a certain level of proof that he did not send that email.

Had the email been signed and a recipient modified the content before forwarding it to others, the signature would not validate for that message and Mr. Freebody could then have pointed to that as proof that the message had been altered. In this case Mr. Freebody could have provided a copy of the original message with the valid signature for comparison.

This is the second time in as many years in which a forged or modified email has resulted in a scalp being claimed in Australian politics; yet the tools to prevent it have been available for two decades and standardised since the late 1990s. Since that time the ease of using email encryption and signatures, particularly with the combination of Thunderbird, GPG and Enigmail, has been improved considerably.

Until people in public life start using at least this aspect of cryptographic technology, even if they don’t actually encrypt their email, these kind of scandals will continue to occur.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-06-23 12:22 am

Access Ministries Resort to Scientology Tactics to Silence Critic

Australian blogger Mike Stuchbery, a vocal critic of ACCESS Ministries‘ school chaplaincy program, has been gagged by the evangelical religious group.

On the 15th of June Mr. Stuchbery posted an article about a graphic novel, Man Hunters published by ACCESS Publishing International, a division of ACCESS Ministries. The original article included several images from the graphic novel and a link to a PDF of the complete article.

On the 17th of June Mr. Stuchbery received a letter from Moores Legal stating that the post of the graphic novel and any part of it was a breach of copyright. The letter demanded the removal of the graphic novel PDF, the deletion of any copies of same, the removal of any images from the PDF and the deletion of the entire article which included this content. The letter, which Mr. Stuchbery posted, included a deadline of 5:00pm on June 22nd.

Mr. Stuchbery complied with the request to remove the PDF and all of the images, except for a single panel. The other panels were replaced with transcripts of the dialogue. He cited the “fair use” (actually it is “fair dealing”) provisions of the Copyright Act 1968 for the purpose of the critique which comprises the remainder of his article.

In spite of this compliance, Mr. Stuchbery’s posting access to his site was disabled by WordPress.com before the deadline set by Moores Legal. This indicates that the purpose of this action is not simply to protect the material published by ACCESS Ministries, but to silence one of their critics. If it were purely concerned with the copyright issue then the deadline would have been honoured, as would the fair dealing provisions of the Copyright Act 1968. Instead moves were made to report Mr. Stuchbery’s site for copyright infringement to his hosting provider before that, the result being suspension of updates well before the deadline. According to Mr. Stuchbery he discovered the suspension more than nine hours prior to the deadline.

This type of use of copyright law by organisations, especially religious organisations, to stifle dissent is nothing new. The Church of Scientology is well practiced at using precisely this tactic to silence their critics and have done so to great effect for many years. Now ACCESS Ministries are taking their turn at using copyright law to censor their opposition. This case is a little different from many of the Scientology ones in one crucial respect; the criticism of ACCESS Ministries and their teaching material does not relate purely to their internal policies and behaviour, as much of the Scientology criticism does, it relates to material used by ACCESS Ministries chaplains in a government funded program for secular schools. As such, criticism of the policy and of any content used in the delivery of that policy should be protected by the implied right to free political speech. This relates to both the High Court rulings regarding freedom of political speech inferred from the Australian Constitution and various international treaties which Australia has ratified, most notably the International Covenant on Civil and Political Rights.

With this action ACCESS Ministries have proven their complete disregard for the civil rights of those who do not agree with them. They have shown their willingness to resort to any means available to silence any and all opposition and criticism.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-06-03 07:56 am

Neo-Victoria: Evolution of the Nanny State

Six months ago Victoria went to the polls and elected a Liberal-National Coalition government, led by Ted Baillieu, with a (slim) majority in both houses of parliament. After more than a decade of Labor government, this was not entirely unexpected. Due to electoral reforms made by the previous Labor government, there will be another three and a half years before another election will be held.

The change in government has led to a drastic change in the tone of governance in Victoria. Three of the changes which particularly illustrate this are a review of the Charter of Human Rights and Responsibilities Act 2006 with a possible result of watering down or even repealing the Act, on the spot fines for “indecent” language and the controversial introduction of legalising discrimination for groups not wishing to employ, service or otherwise interact with individuals with life styles or traits they object to. That last one essentially translates to: some Christian organisations want support for prejudice against single mothers, non-believers, people of different faiths, divorced people and, of course, the entire LGBTI community.

Those aren’t the only things on the agenda, there are assorted other law-and-order policies currently being pushed by Baillieu and Attorney-General Robert Clark, including mandatory sentencing for sixteen and seventeen year-old violent offenders. Still, this is only six months into a four year term. It is clear that Baillieu and Clark are aiming for significant changes to Victoria’s legislative powers before the voters have a chance to oppose them. Perhaps this would be more understandable if the policies presented to the public by the Coalition had included this significant law-and-order focus; but, with the exception of the fairly standard comments about recruiting more police, this was not the case.

It is clear that the Baillieu-Clark agenda, beginning with the reduced emphasis on human rights, is to forge a far more conservative and controlled Victoria. The first step is to reduce the rights previously granted to Victorians. The second step is to introduce law-and-order policies which may appeal to some sections of the community without appearing too controlling to the general punter, but which actually undermine civil liberties significantly. The third step is to provide greater power to certain interest groups at the expense of minorities.

So what can we expect in the future? I expect there will be considerably more similar action in the future. Most likely this will include anti-association legislation, which is normally labelled as “anti-bikie” legislation and which has been adopted in South Australia and New South Wales. Whenever politicians and police discuss legislation like this they are careful to focus on one section of the community, in this case “criminal organisations” and motorcycle clubs, but the reality is that the legislation is never so specific and can be used against any organisation or group of people. Currently the Charter of Human Rights and Responsibilities Act prevents such anti-association legislation from being passed in Victoria, but a repeal of that Act or reduction in its scope may open this door.

No doubt there will be more than this in just the next year or two, given the changes pushed in just the last six months. By the time of the next election in November 2014, the changes in Victoria could be tremendous.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-05-28 11:49 pm

Why I support SlutWalk

Over the course of the better part of the last couple of decades I have developed certain skills which have helped (or tried to help) various friends through the trauma of sexual assault and rape. Most of these skills stem from little things like listening and not judging. Not to mention reigning in the temptation to go off half-cocked, as it were, and form a possé to go rapist hunting. After all, who would that really benefit?

I would like nothing more than to never have the need to use these skills again. That’s why I support SlutWalk, even though I was a little too ill to attend today’s one.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-04-17 12:39 am
Entry tags:

Outage Notice: adversary.org – 18/4/2011

There will be a scheduled outage for adversary.org from midnight of the morning of Monday the 18th of April. This is due to a change in IP address resulting from a change with the Internode ADSL link.

This change will affect all services including DNS, mail and web. I have made changes to minimise the length of this outage, but it could last from 2-24 hours. The outage will begin whenever the Internode change goes through, probably 12:30am AEST.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-04-03 04:09 am

BitCoin

I have started experimenting with BitCoin, which is a relatively new form of digital currency. It’s an interesting idea and design which cuts out all the usual middlemen in online payments through a peer-to-peer network, though the price of that is being unable to obtain a refund of a transaction (e.g. a chargeback).

It does, however, provide a method of performing transactions which are simultaneously transparent and anonymous. Users create BitCoin addresses, which are a hash of relevant data (and appear like this: 19E4GYgVJrpSZ4kDnNB7NxdEFed8U13Aq5). A user can create as many such addresses as they wish, even to the extent of creating a new address for each transaction. So even though an address and associated transactions can be viewed by anyone it is still very difficult to determine the parties involved, if not impossible.

So what’s the point? Well, aside from the currency being unable to be manipulated by the normal state based actors (e.g. the Reserve Bank of Australia or the US Federal Reserve), there are a small, but growing number of people and sites accepting BitCoin payments. There is also currency trading between BitCoin and state currencies, as well as sites like CoinCard which enables purchasing BitCoins through PayPal or converting BitCoins to PayPal funds.

This means that it provides a very real method of exchanging money with no real state based scrutiny. This would certainly appeal to people who may wish to disguise what a certain transaction actually involved or who the parties involved were. While many people may assume that only certain illegal transactions (e.g. drugs and arms trafficking) would benefit from this, there are actually plenty of others. One obvious example of often legal, but potentially embarassing, transactions is the sex industry. Really, though, any transaction in which one or both of the parties involved wants a degree of privacy can benefit from BitCoin.

Some governments might raise the spectre of tax evasion via BitCoin, but that is easily countered. When converting BitCoin currency to one’s local currency and bank account, it becomes income which would be declared like any other and the tax paid on that income. Even without converting the BitCoin currency to the local currency of a recipient it would still be possible using the BitCoin currency markets to calculate the tax owed on any given transaction. Other alternative currencies, like Barter Card, have already found methods of addressing tax related issues and they are not insurmountable.

Given the level of distrust with a number of currencies, particularly following the global financial crisis, BitCoin has the potential to gain more than just a handful of computer geek users. Especially since the software is simple to use and available for Windows, Mac and Linux. The source code is also available to guarantee transparency of the entire system.

I have, of course, installed it and obtained a tiny amount of BitCoin currency using the BitCoin Faucet to see just how easy it is to use. The answer is that it is very easy to use. The example BitCoin address I included in this post (19E4GYgVJrpSZ4kDnNB7NxdEFed8U13Aq5) is an active one I generated using the software. It did not take very long to generate and could be used by anyone to send BitCoin donations or payments to me, not that I really expect that to happen. That, however, is all it takes: providing an address hash to another party to send a payment through.

As with any other online payment method, BitCoin can be configured to accept payments via a web server. Alternatively the free MyBitCoin service can be used to accept online payments through BitCoin on a commerce site quickly and easily. The advantage there is not having to worry about maintaining one’s own BitCoin payment code to integrate with an existing shopping card. The disadvantage is that the BitCoin wallet is stored on the MyBitCoin servers instead of one’s own system, although this disadvantage can be minimised by automatically forwarding payments to a local BitCoin address.

All things considered, I think this particular implementation of a virtual currency has great potential, depending on the degree to which it is adopted.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-03-08 01:52 pm

Convention on Cybercrime

Yesterday’s Patch Monday podcast from Stilgherrian dealt with the plan for Australia to sign the Council of Europe’s Convention on Cybercrime.

This treaty deals with a number of matters, some of which are just designed to address issue which are already illegal, such as child pornography and pædophilia, just with a technological slant. Some of it relates to computer or network specific crimes, such as computer intrusion and denial of service attacks. Some of it, however, deals with expanding the powers of law enforcement agencies to intercept data traffic and to retain logs of all online activity for possible future use by law enforcement.

Colin Jacobs, from Electronic Frontiers Australia, attempts to address some of the many ways this treaty will adversely affect civil liberties and privacy issues in particular. While Nigel Phair, from the Surete Group, promoted the opinions of law enforcement for what they believe they need to investigate cases online.

There are details of the Australian review of this treaty are on the Attorney-General’s website and will be accepting submissions until the close of business on Monday the 14th this month.

It appears highly likely that moves to prepare Australia to sign the Convention on Cybercrime will be used to enact contentious issues like data retention policies in Australia. So anyone wishing to prevent that should strongly consider sending a submission to the Attorney-General’s Department review.

Should Australia sign this treaty and/or introduce data retention policies, then some people may wish to consider various methods of circumventing that policy. Fortunately some of the same methods which can be used to bypass Internet censorship, such as using a VPN and Tor, can also be used to circumvent the data retention policies.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-02-27 06:06 pm

Not In My Backyard … or Yours

The Australian government is now on track to possibly branding the national plant (this acacia contains less than 0.02% alkaloids and it is currently unknown whether or not it is possible to derive psychoactive compounds from it), along with thousands of other native plants, illegal. This is apparently part of a move to create uniform anti-drug legislation across the country. All the plants targetted by this new legislation contain or produce chemicals which are either drugs or drug precursors which are either illegal in Australia or which the government intends to make illegal.

The Garden Freedom website goes into greater detail regarding the legislation, who it will affect and which species of plants are to be classified as contraband. The list includes, but is not limited to; datura, cacti, wattle, salvia, ephedra (aka Mormon Tea) and assorted other species.

Personally I think this current move is ridiculous. As someone of a more libertarian bent, I think that people ought to be able to do whatever they like, including drugs, as long as the choice is freely made and does not impinge on the rights of others. Ideally that choice should be made only with a thorough understanding of the risks involved. I realise, of course, that most people in this world, especially politicians and law enforcement do not agree with me. So putting aside my views regarding personal freedom aside for the moment, this particular change in legislation is still ridiculous for the following reasons:

  1. Most of the chemicals listed which can be made from Australian plants are already illegal; the actions required to produce drugs like N,N-Dimethyltryptamine (DMT) are already covered by existing legislation. Legislating against plants such as acacias and cacti won’t make any real difference to the current illegality of DMT or mescaline.
  2. Most of the plants affected by this proposed legislation are incredibly common throughout the country, on both public and private land. It is quite likely that this will directly affect the gardens of a vast number of Australians, most of whom won’t even know (or care) the exact species of plants on their property. Likewise most of them won’t know (or care) that boiling the bark off several trees of these plants might produce a compound that will make someone vomit and then hallucinate (or vice-versa).
  3. Most, if not all, of the drugs being targetted by this legislation do not produce the same type of anti-social effects as alcohol or a number of synthetic drugs.
  4. The plants will not be able to be eradicated.
  5. Attempting to destroy the native plants proscribed by this legislation will have an adverse affect on the environment. Consider, for a moment, the number of acacias which produce flowers and how many bees visit those flowers to collect pollen to produce honey. That’s just one little link and there are many, many more.

Yet the Attorney-General wishes to make the growing and sale of thousands of Australian flora as illegal as marijuana.

As with most, if not all, government consultations and inquiries, submissions are accepted from the public. The closing date for this one is Friday the 11th of March.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-02-12 09:35 pm

Censorship: Reviewing the Reviews

Ross Fitzgerald has an interesting piece in The Australian today on the current state of censorship in Australia; in particular regarding the four inquiries into the classification system. It is definitely worth reading.

Australia’s current laws governing censorship and classification are archaic and byzantine; more often reflecting the views of conservative religious groups than the general populace. Reading some of the comprehensive material on Australian censorship on Irene Graham’s website, Libertus, provides an idea of the extent of this and the conflicts between the federal and state classification systems.

Senator Guy Barnett from Tasmania, the apparent spiritual successor to the notorious Brian Harridine when it comes to censorship, is the driving force behind the current Senate Inquiry into the Australian film and literature classification scheme. The terms of reference for this inquiry indicate a review which will lean towards a conservative finding. For example, one of the earliest points (c), refers to enforcement and reports to law enforcement. Another point (f), refers to “the impact of X18+ films, including their role in the sexual abuse of children;” rather than simply “the impact of X18+ films;” that is what is known as a leading statement. This inquiry wants submissions which cater to the assumptions of Senator Barnett and the pro-censorship lobby, instead of representing the views of all Australians. Still another point (e) is aimed at applying rigorous censorship legislation to all content, including art, presumably in response to the debacle following the suppression of Bill Henson’s exhibition at the Roslyn Oxley9 Gallery in 2008. The inquiry is aimed at applying censorship to outdoor advertising (h), music videos (i), song lyrics (j), television (l), the Internet (l) and mobile devices (m), amongst other areas not previously covered or covered by a specific inquiry (o).

The major classification review, though, is the Australian Law Reform Commission‘s National Classification Review, which was announced on the 21st of December last year by the Attorney-General and the Minister for Home Affairs. This one is unlikely to be completed before 2014 and seeks to be the most comprehensive review of Australia’s classification systems in decades.

Meanwhile, Senator Stephen Conroy called for a review of Measures to increase accountability and transparency for Refused Classification material, which he often disingenuously refers to as entirely “illegal material,” as a precursor to introducing mandatory Internet censorship legislation. There may be another review of Refused Classification called for by Senator Conroy this year, following the backlash against the proposed Internet filtering regime during last year’s federal election. This is in addition to his Department of Broadband, Communications and the Digital Economy’s Convergence Review.

The Senate Inquiry into the Australian film and literature classification scheme is due to report on the 30th of June and the deadline for submissions is the 4th of March. The Measures to increase accountability and transparency for Refused Classification material review closed its submission date last year. The close of submissions for the Convergence Review was the 28th of January. While dates for the ALRC’s National Classification Review and Senator Conroy’s second Refused Classification review are presently unavailable.

This is all, of course, in addition to the Attorney-General’s inquiries into An R18+ Classification for Computer Games, the Classification (Publications, Films and Computer Games) Amendment (Assessments and Advertising) Act 2008, the Classification (Authorised Television Series Assessor Scheme) Determination 2008, the Classification (Advertising of Unclassified Films and Computer Games Scheme) Determination 2009 and other aspects of Classification policy.

A citizen could be forgiven for thinking that the complexity and number of the reviews was aimed at stifling opposition to the agenda of censorship which currently runs rampant through Australian politics.

Most political parties in Australia have varying degrees of policy in favour of censorship, of which the most well known is the Australian Labor Party’s mandatory Internet filter. Of the currently registered parties opposing censorship, there is only the Australian Sex Party. The fledgling Pirate Party Australia is still seeking to join the fray. Like the Sex Party before it, the Pirate Party has encountered some difficulties with the registration process. Although not as anti-censorship on a policy level as the Sex Party or the Pirate Party, which both promote civil liberties in Australia, the Australian Greens have been vocal in their opposition to Internet censorship. The work of Senator Scott Ludlum has been considerable in this area.

One of the reasons why Australia has been able to maintain a thorough regime of censorship in comparison to most, if not all, other liberal democracies in the world is due to the lack of constitutionally guaranteed rights. There is no guarantee to freedom of speech, privacy or other rights which are frequently taken for granted in other countries. The only constitutional guarantee is that there not be a state sanctioned religion. There is privacy legislation and there have been High Court rulings on an implied right to political speech as necessary for a free and functioning democracy, but these things can be overturned by passing relevant legislation to do so.

Australia has signed and ratified the International Covenant on Civil and Political Rights, but made sure to include exceptions on Article 19. Even so, that and similar exceptions did not prevent the Australia’s treaty obligations from being used to overturn Tasmania’s anti-homosexuality legislation in the 1990s. It also hasn’t prevented the the United Nations Human Rights Council from publishing a draft review of Australia’s need for continued work to improve human rights for Australians, especially indigenous Australians and women. A number of countries have recommended constitutional reform, possibly including a Bill of Rights, in particular: Sweden, Hungary, Russia, Germany, Timor-Leste, Bosnia and Herzegovina. There were additional calls for other strengthening of human rights and civil liberties, including Australia signing and ratifying several treaties, which requires appropriate changes to legislation to meet the requirements of those treaties.

There’s clearly a long way to go in Australia on addressing issues of general human rights and civil liberties, let alone the more specific issue of censorship. One thing to remember, though, wide ranging censorship and a lack of freedom of expression makes the work on other human rights issues far more difficult.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-30 09:16 pm

Phone Hacking in the UK

Recent reports in The Guardian and The Independent, largely overshadowed by current events in Egypt, return to the phone hacking scandal and a renewal of the investigation into illegal activities performed by or on behalf of Rupert Murdoch’s News of the World. It is important to note that, with the exception of what apparently happened to Nick Brown’s landline, what we are talking about is not wiretapping, rather it is cracking the (poor) security of voicemail systems to access recorded messages without authorisation.

In spite of years of denials of involvement, Andy Coulson has resigned as Director of Communications for Prime Minister David Cameron. News International has fired assistant editor Ian Edmondson. While the London Metropolitan Police have finally been spurred into a new and hopefully more complete investigation. Celebrities and politicians seem intent on taking the News of the World to court for numerous breaches of their privacy.

My interest in this case is twofold.

Firstly I want to know if these activities are limited to News of the World or if they have been used by other News International or News Corporation organisations. In particular I want to know if these practices have been employed in the United States or here in Australia.

Secondly I am interested, as a professional geek, in methods of maintaining private communications. Upon the realisation that the so-called hacking was simply accessing a voicemail system, the solution to that problem was readily apparent: move the voicemail system from something under the telephone company’s control to something under one’s own control. It’s actually fairly straight forward to do with solutions available right now. Essentially it just involves forwarding missed or unanswered calls to a PABX (e.g. Asterisk) and then accessing that voicemail in a more secure manner, such as via HTTPS on any smartphone.

So I will continue to watch the case with interest and how far it does or doesn’t spread throughout the Murdoch empire. As well as seeing just how low the muckrakers will stoop for a scoop.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-29 12:23 pm

Talk Like An Egyptian

By now most people will have heard or read about the civil unrest in Egypt and the Egyptian government’s response of shutting down communications networks, including all Internet connectivity. This is, of course, one of the most complete forms of electronic censorship available to a totalitarian state.

Already there are people attempting to solve the technical aspects of routing around this kind of denial of service attack. In particular the OpenMesh project that has been reported on TechCrunch.

Personally I think that any solution in this area will have to involve a return to a real peer-to-peer networking model, rather than the client-server networking model that is so prevalent these days. I suspect that wireless networks will be the transmission path of choice for most such networks, at least as far as maintaining communications within a region affected by a government orchestrated black-out.

I am clearly not the only one who thinks this and fortunately a great deal of work has already been done on this by wireless community groups, like Wireless.org.au. The biggest implementation of such a network, of course, is the One Laptop Per Child program’s wireless mesh network.

The tricky part is getting connectivity out of such a censored region without having to rely on telecommunications carriers or government controlled networks. The level of difficulty in resolving this aspect will almost certainly depend on the physical distance between the censored region and the nearest location able to provide Internet connectivity. Some more obvious and long used methods would have to include satellite and radio transmissions, but a tolerance for data or packet loss would be beneficial.

I do not know whether a wireless mesh network or even some other solution could be deployed in Egypt before the current crisis is resolved, but I do think that making sure the information to rapidly deploy one in the future is essential for defending human rights.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-28 06:13 am

Not Quite So Anonymous

Five people have been arrested in England for their roles in the distributed denial of service (DDoS) attacks performed by the group calling itself Anonymous, claiming to be defending WikiLeaks and retaliating over the arrest of Julian Assange.

Initially this group formed to protest the activities of the Church of Scientology, both online and offline. They opposed the authoritarian protocols and abuses of Scientology. Seeing some success there, they have moved on to opposing what they view as tyrannical censorship in other realms. In 2009 the target of their ire was the Australian Federal Government over the proposal to introduce mandatory Internet censorship in Australia.

So where is the problem? The problem lies in the hypocrisy of their tactics. A DDoS is nothing if not a tool of censorship, it prevents the free flow of information. The simple fact is that Anonymous are pathetically trying to enforce their own authority on everyone else and are doing so by using the same tactics as those they profess to oppose.

When Anonymous launched a DDoS against Australian Government servers in September of 2009, they did not prevent the Parliament from continuing to work on legislation and policy, including continued work on the censorship proposal. They did, however, risk associating their childish tactics with the work of others seeking to oppose that censorship in a more reasonable and open manner. They also prevented some people seeking information about the censorship proposal in order to rebut it. I know this because I was one of the campaigners whose research efforts were hampered by those attacks. Fortunately enough anti-censorship campaigners, particularly from the EFA, condemned the attacks quickly enough that Senator Conroy was unable to use the attacks as ammunition against the campaign against censorship. Still, there was a risk that that could have happened.

Now Anonymous have turned their attention to acting in the name of WikiLeaks and launching similar attacks against any organisation which has opposed, harmed or withdrawn support (usually of a commercial nature) from WikiLeaks or Julian Assange. They have even gone so far as to say that “Julian Assange deifies everything we hold dear.” In their eyes Assange can never, under any circumstances do or be wrong and that this is their holy crusade. Now what could possibly go wrong there?

Unsurprisingly their targets in this crusade have chosen to fight back. When commercial juggernauts like Mastercard and Visa are attacked they will retaliate with the full force of the law and indeed they have. This is not something which Anonymous have seen before and as they have not really lived up to their name, their attacks being launched by an application run on the PCs of participants, rather than using remotely controlled botnets, they have been caught. Anonymous are not nearly as clever and as powerful as they have deluded themselves into believing and now their members are beginning to pay the price for this. They have been behaving like children throwing a tantrum in an adult world and now they are going to be spanked.

Meanwhile those of us who promote and work for civil liberties around the globe in a way which does not impinge upon the freedom of our opponents will continue as we have always done. We will not miss the distractions of brats like Anonymous. Except, of course, that they’re not just going to go away after a handful of arrests. No doubt the arrests will scare some of them off, but others will want to fight back more. They will view these arrests as tyrannical oppression, rather than seeing it as an obvious consequence of attempting their own censorship regime.

Now, I suppose, it is my turn to find out whether Anonymous are willing to accept criticism online or whether I will find my own server crippled by retaliation for writing this. Well, I believe we should all be free to express our opinions so I hope that will be reciprocated and that any criticism comes in the form of comments rather than a denial of service attack.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-27 05:31 am

Securing GMail

Recently I have noticed that a number of my friends and acquaintances have had their GMail accounts compromised. While my preferred email address is on my own server, I do have a GMail address too (actually I have a couple, but only one that is really used much) and it has not been compromised. I’ve been asked about it a little bit and I figured it best to add my thoughts here regarding best practices, along with some software recommendations.

The first and most obvious recommendation is to use a strong password, ideally with a minimum of 128 bits of entropy. The best way to achieve this is to generate a suitably strong password with KeePassX (Windows users should use KeePass). KeePassX can also be used to generate and securely store passwords for any other account or site. KeePass and KeePassX store all passwords in a database that is protected by a passphrase and 256-bit AES or Twofish encryption.

The second recommendation is to never under any circumstances use the same password for multiple accounts. Passwords for one service should not be used to link it to another service where it may be exploited by an application or plugin for the second service. This way even if one service is compromised, the potential damage is limited to that service only and won’t be able to affect other accounts on different sites.

The third recommendation is to always connect using SSL/TLS. I always recommend the Mozilla Firefox browser with the EFF’s HTTPS Everywhere plugin. The Google settings for always connecting via HTTPS and enabling either or both of IMAPS and POP3S.

The fourth recommendation is to configure a proper mail client, such as Mozilla Thunderbird, to connect with IMAP over SSL. Using a proper and robust mail client, like Thunderbird, is my preferred method of accessing email, but in the case of GMail and other primarily web based email hosting does not prevent access via the web.

The fifth recommendation is to use the Tor Browser Bundle when connecting to GMail through a public wireless point or public network (e.g. an Internet café). This software includes a modified version of Firefox that incorporates HTTPS Everywhere and will help prevent session hijacking, such as that used by the Firesheep exploit. The Tor Browser Bundle is designed to run from a USB stick and does not require any installation; simply click and run.

These fairly straight forward measures should be enough to protect any GMail account from compromise and may also be applied to other web email hosts such as Hotmail or Yahoo. Although I have not checked the extent of support for SSL/TLS connections to either of those services.

Finally, I still encourage the use of the GNU Privacy Guard for securing correspondence between parties, but that is a different matter to securing the accounts themselves.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-21 09:55 pm
Entry tags:

Polishing the Halo

So the “Dickileaks” saga is apparently resolved. How many heads rolled? None. Not one. Following a great deal of posturing by the St. Kilda Football Club, including taking a 17-year-old girl to court on Christmas Eve, they have apparently decided to settle. The football club will pay the girl’s rent for a few months in return for a public apology, deletion of the photos and a statement by her that the players who were involved with her met her socially following a match and not at her school.

This leaves a great many unanswered questions. It does not settle the issue over when Sam Gilbert and another player actually met the girl, not when the statement to the contrary is effectively being bought with the price of accomodation. Nor has there been a satisfactory explanation of the role of the Victorian Police, who allowed her initial statement to them to be influenced by calls from St. Kilda Football Club personnel. There has been no statement about how the Memorandum of Understanding between the Australian Football League and the Victoria Police, which was active at the time of the initial investigation, may have influenced that investigation.

The resolution of this case appears to be an enormous win for the St. Kilda Football Club and the AFL. For the club, buying their way out of further scandal has come very cheaply. Meanwhile, football players have seen that clubs and the league are still willing to buy them immunity for their transgressions.

Did we really expect it to go any other way? Not in this town.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-18 02:03 pm
Entry tags:

Double Cross-Posting

So today I tweaked this site to cross-post entries to both my LiveJournal and DreamWidth accounts. Until now I have only been cross-posting to LiveJournal using this plugin.

I figured that most people who want to cross-post to both LiveJournal and DreamWidth would configure the plugin to update DreamWidth and then configure DreamWidth to update LiveJournal. I decided against this because I did not want to provide DreamWidth with my LiveJournal authentication information, whereas the WordPress data is on my own server. So the answer was clearly to take care of both external sites from WordPress.

My solution was very easy to implement.

The first step was to go to the WordPress plugins directory. Then create a directory called dw-xp/ and copy the lj-xp.php file from the lj-xp directory, renaming it dw-xp.php. Then open it in a text editor (I used Emacs, of course) and do a search and replace for the following (case sensitive): LiveJournal becomes DreamWidth, livejournal.com becomes dreamwidth.org and ljxp becomes dwxp.

Once that is done a DreamWidth plugin will appear in the Dashboard which can be activated and configured as normal. The first search and replace is necessary to make this copy of the plugin appear as being for DreamWidth in the Dashboard. The second one is probably not necessary, but may as well be done. The third one is the most important because it sets the variables in the WordPress database and you don’t want it to conflict with the LiveJournal configuration.

The same process can be used to have a separate plugin for multiple LiveJournal based sites (e.g. DeadJournal).

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-18 09:44 am
Entry tags:

Thirty Odd Foot of Walking the Room

Last week I mentioned an American podcast called Walking the Room which had Wil Anderson as a guest.

Since these guys tend to record more than one podcast session in a day, we’re lucky enough to get a second installment.

Once again, it is worth a listen. The first part is here and the second is here.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-06 03:25 am

Saint Bully

In spite of my complete aversion to sport (with the possible exceptions of politics and chess, if they count), I’ve been watching the unfolding drama of the so-called “Dickileaks” scandal. Yet another case of sports professionals behaving like complete tools and then being shocked when that fact is revealed to the world.

Most of the focus in the media has been on the girl who revealed the photos and what other material is (or was) in her possession. Very little of it, with the notable exception of several articles by Derryn Hinch, has been on the underlying issues and those issues with wider implications.

In particular whether the St. Kilda players, who became involved with the girl in question when she was 16, really only met her after a game, or whether it was weeks earlier when they visited her school. They and their club have not commented further on that.

The other issue, which may be even more important in a wider context, is the relationship between the AFL and the Victoria Police. Last year, when the initial reports of a St. Kilda player getting the girl pregnant were revealed, the police investigated and cleared that player and others of any wrong doing. It would later be revealed that a Memorandum of Understanding (MOU) existed between the AFL and the Victorian Police, aimed at minimising trouble for the AFL. The MOU has since been dissolved, but it was certainly in effect when the investigation into the football players’ involvement with this young girl. As yet there have been no statements from the St. Kilda Football Club, the AFL or the Victorian Police as to how the MOU may have affected or even influenced that investigation. Derryn Hinch has reported that the police interview with the girl at the time was interrupted several times by her taking calls from people to advise her how to answer and that one or more of these calls may have been from Greg Hutchinson, the operations manager of the St. Kilda Football Club.

There’s a great big, ugly question mark over the entire affair. Not just the behaviour of the players, but also the actions of the AFL’s and St. Kilda Football Club’s management to resolve it.

Which, of course, brings us to the court case. From a PR perspective, I do not see how anyone thought that suing a (now) 17-year-old girl on Christmas Eve was a good idea, but that’s exactly what they did. Ross Levin, Vice President of the St. Kilda Football Club and the lawyer leading the charge, made numerous statements about suing the girl for numerous complaints, including defamation and breach of copyright (if she did not take the photos, then she does not hold the copyright, so that part was included to allege the photos weren’t hers to begin with). Mr. Levin went on to say that they would be seeking damages claims which could be obtained for up to fifteen years after a ruling in their favour. Not that that’s actually aimed at making money off the girl for the club, it’s just a legal tactic to enforce their will upon her.

Fortunately Justice Marshall was unconvinced and ordered all parties into mediation, which is scheduled for later this month. No doubt we’ll hear more in the news when that date rolls around, while people harp on Twitter about wanting to see the other photos.

Speaking of Twitter and various other sites, the sheer amount of vile, bilious crap directed at the child at the centre of this scandal by a great many people has well and truly passed disgusting proportions. Sure, she may have made some mistakes, but that’s what being a teenager is all about. Well, that and embarrassment upon later realisation of those mistakes. It’s difficult to tell if this is astro-turfing on behalf of the St. Kilda Football Club or just people being vile, apparently trying to push the girl towards some kind of breakdown. At the end of the day, I don’t think it really matters which of the two it is or if it is some of each, it’s the end result of all those messages and posts that matters.

One thing is certain, what we are witnessing is a large campaign of bullying, both from football officials like Mr. Levin and nameless denizens of the Internet, against a girl who isn’t even old enough to vote yet.

Originally published at Organised Adversary. Please leave any comments there.

hasimir: (Default)
2011-01-04 06:24 am

Cleaning A HTTPS Feed

For the last couple of years the Australian government has been strongly pushing a policy of Internet censorship; usually dubbed the Clean Feed, following the UK model. The first ACMA report from 2008 included some detail of attempts to filter more than just web traffic.

The ACMA report prompted me to analyse the methods by which the government might be able to achieve one of the options in the ACMA report: filtering HTTPS traffic. My report, Cleaning A HTTPS Feed: Report on the Filtering of the Hypertext Transfer Protocol over Transport Layer Security or Secure Socket Layer Connections, was first published last year by Atomic MPC Magazine and later by Civil Liberties Australia.

Since last year’s election and the precarious outcome, the government has announced a review of the classification system before making a final decision on how to proceed with an Internet censorship regime. In spite of the significant opposition to the scheme, both the Minister responsible, Senator Stephen Conroy, and Prime Minister Gillard have voiced continued support for censorship of the Internet.

As the government does not wish to drop this policy, I don’t wish my report into the implications of certain aspects of filtering to slip by. My full report on the methods of filtering traffic which is intended to be secure is available here (PDF).

Originally published at Organised Adversary. Please leave any comments there.