(Image is in the Public Domain)

In a smart move, the Phillipine government is asking hackers far and wide to break their system. In a move that's sure to provide a lot of free publicity and free security testing at worst, the Phillipines prove they can do the job much better then our guys.

People shouldn't be tagged like animals

(Image used under: Creative Commons 2.0 [SRC])

California is working on a bill to ban RFID chipping kids.

Legislation approved Monday would prohibit public schools from requiring the implementation of radio-wave devices that broadcast students' personal identification and monitor their movement around campus — information the mechanical horrors could theoretically use to turn our children into livestock.

…

More RFID bills led by Simitian are currently being sent through California committees. One bill places a similar temporary ban on RFID technology in California driver's licenses. Another will place privacy safeguards on any existing RFID-enabled government IDs. Simitian also has led a bill that would restrict forced RFID chip implants in people.

Yarr!

(Image is in the Public Domain)

From the "thank gosh the hackers are on our side" department, it appears that the encryption scheme used on HD DVDs has nearly been broken. The copy protection scheme is supposed to prevent pirates from making and distributing copies of movies, but it also prevents normal users from exercising their fair use rights.

(Image used under: Creative Commons 2.0 [SRC])

For those who weren't paying attention, fears of child abduction and abuse are fairly overblown.

Although statistics show that rates of child abduction and sexual abuse have marched steadily downward since the early 1990s, fear of these crimes is at an all-time high. Even the panic-inducing Megan's Law Web site says stranger abduction is rare and that 90 percent of child sexual-abuse cases are committed by someone known to the child. Yet we still suffer a crucial disconnect between perception of crime and its statistical reality. A child is almost as likely to be struck by lightning as kidnapped by a stranger, but it's not fear of lightning strikes that parents cite as the reason for keeping children indoors watching television instead of out on the sidewalk skipping rope.

Why is this important? Because companies that want humans to accept RFID implantation will try to use fears of child abduction to sell their products. The industry wants this badly (and possibly the government too), because once people begin implanting children, no one will get them removed as adults and eventually, every citizen will have them. Once we are all tagged, we can be tracked wherever we go and whatever we do.

(Image used under: Creative Commons 2.0 [SRC])

From the "don't forget we're people, not products" department, North Dakota is the second state to ban forced RFID implantation. However, even if this is a step in the right direction, does it do enough? It doesn't ban voluntary implantation and last I checked a lot of things that aren't really "voluntary" are treated such under law:

But Michael Shamos, a professor who specializes in security issues at Carnegie Mellon University in Pittsburgh, believes the law is too vague to do much good. For instance, it only addresses situations where a chip is injected, even though RFID tags can also be swallowed. And it doesn't clearly define what a forced implant really is; someone could make chipping a requirement for a financial reward.

"Suppose I offer to pay you $10,000 if you have an RFID [chip] implanted?" he asked. "Is that 'requiring' if it's totally voluntary on your part?"

It's a poor example, but the right idea. Instead, what if you are offered a high paying job and move your family to a new state, get settled and begin the orientation process for your new job. You find out that they require RFID implants for "security" (which has been proven to weaken security). How much free will do you have in this instance? Can you really afford not to take the job now?

Another example, perhaps not so drastic. Companies push and push and finally get most everyone to use RFID implants as identification and method of payment. Because you're smart enough to know what a bad thing this is, you refuse, but find yourself inconvenienced everywhere. You can only shop at certain stores that still have non-RFID checkout. You pay an extra "cash handling" fee for not using the new methods. You have to drive 20 miles away to the only gas station around that's equiped to take non-RFID transactions.

Is it still a choice?

Note that both Spychips.com and Privacy.org are carrying this story and that Spychips lists Ohio, Colorado, Oklahoma, and Florida as more states with anti-implantation bills in the works. The first state to pass such a bill was Wisconsin (note the same flaw as the ND bill).

(Image used under: Creative Commons 3.0 [SRC])

The article is here, but here's the basics:

Say your file is this string of letters:

aabbcc

And you try to download from the one guy in the world who has this file, but he goes offline before you finish it. With SET, they've developed a scheme where anyone with any kind of file that shares sections of bits with your file can be sources. Before you needed this one guy, but if you find people with these files:

bbgggeeeyyy and iiuucc

Because they have the code chunks you need, you can download it from them instead (and it doesn't matter what kinds of files are involved, only that the code chunks match.

(Image used under: Fair Use doctrine)

Good news: Here's an article on how to use Vista's compatibility mode to run older software.

Bad news: According to all the comments on the article, it doesn't work at all (which matches my experience with the XP compatibility mode).

(Image used under: Creative Commons 2.0 [SRC])

How very interesting. This project was designed to strip the DRM from iTunes music so you can play them on any player or in any program you wish (as you are entitled to under fair use laws).

(Image used under: Creative Commons 2.0 [SRC])

This is cool. Some people took an offhand comment from the world's leading RFID privacy expert, Katherine Albrecht, and is trying to make it a reality. Some Dutch researchers are working on a portable RFID shield. I wonder about their ability to actually block the RFID transmission of a target chip rather than just interfere with the transmission.

UPDATE:

I contacted the author of the RFID Guardian research to ask the following question:

Just one question. Does this actually prevent a tag from reporting to a reader or just give the reader fake data so that the reader can't tell which one actually came from the tag?

And her response:

The RFID Guardian actually jams tag responses from reaching the RFID reader.

Neato.

(Image is in the Public Domain)

So they're finally going to try and do something about the e-voting disaster.

HR 811 features several requirements that will warm the hearts of geek activists. It bans the use of computerized voting machines that lack a voter-verified paper trail. It mandates that the paper records be the authoritative source in any recounts, and requires prominent notices reminding voters to double-check the paper record before leaving the polling place. It mandates automatic audits of at least three percent of all votes cast to detect discrepancies between the paper and electronic records. It bans voting machines that contain wireless networking hardware and prohibits connecting voting machines to the Internet. Finally, it requires that the source code for e-voting machines be made publicly available.

There's not one thing in there that's wrong! If they actually implemented all those provisions, e-voting might actually work!

The proposal wasn't without its detractors, however. Several state election officials testified about the practical challenges of implementing the new requirements. Chris Nelson, South Dakota's secretary of state, warned that many of the requirements in the legislation would conflict with the states' own election procedures.

Cry me a river. "Oh it's too HARD to implement security! We need to have less restrictions so we can do this cheaper!"

The law allows flexibility in how some of the auditing is done as long as it's NIST approved and the states always have the option of keeping the optical current methods if they decide that the regulations for e-voting are too strict or too expensive to implement at this time.

Of course, this almost sounds too good to be true. I'll have to read the law later, but I'm betting it has some terrible hidden catch like it legalizes eating little puppies or provides millions of pork dollars for human RFID implantations.

Update: It looks like the guys over at Slashdot feel the same way I do.