26 February 2011

Fox & Friends

I was delighted by an ABC news item on the fox rescued from the top of the London 'Shard' (taller, sharper and to my mind much uglier than the Foster & Partners 'Gherkin', aka the 30 St Mary Axe building) -
A death-defying fox clambered up Britain's tallest skyscraper and lived the high life on the 72nd floor of the tower in central London for nearly two weeks.

The intrepid animal climbed to the top of the Shard, which is more than 288 metres high and still under construction, where it enjoyed panoramic views over the British capital and lived off builders' scraps.

It managed to outfox its captors for almost a fortnight until February 17 when it was finally put into a cage and brought down from the tower, which will be the tallest skyscraper in Europe when it is complete.

It is believed the fox climbed up the building's central stairwell.
I do wonder whether he climbed all the way rather than sneaking on board a pallet that was being hoisted aloft or hitching a lift in a builders' elevator.
After a medical check-up, he was found to be unhurt and was released back into the neighbourhood surrounding the tower, close to his den and family.

"We were delighted to find that [the fox] was in good health other than for the fact that he clearly hadn't found quite enough to live on," said Ted Burden, founder of the Riverside Animal Centre.

"We gave him a thorough medical, a few good meals and explained to him that if foxes were meant to be 72 storeys off the ground, they would have evolved wings."

Following his release, the fox simply "glanced at the Shard and then trotted off in the other direction"
As one would, of course, as one would.

In another report Southwark Councillor Barrie Hargrove is reported as commenting that the fox -
has certainly been on a bit of a jaunt, and proved rather elusive, but I'm glad our pest control officers were able to help out.

He's obviously a resourceful little chap, but I'm sure he's glad the adventure is over and hopefully he'll steer well clear of skyscrapers in the future.

Mobile Jamming

Last year I noted consultation by the Australian Communications & Media Authority (ACMA) regarding mobile phone jammers.

ACMA has now made a formal Declaration under the Radiocommunications Act 1992 (Cth) prohibiting the supply, possession and operation of jamming devices that "are likely to substantially interfere with public mobile telecommunication services (PMTS)", including 3G networks and equivalent services such as mobile WiMAX.

The Radiocommunications (Prohibition of PMTS Jamming Devices) Declaration 2011 under s190 of the Act replaces the mobile phone jamming prohibition made in 1999.

ACMA's 2010 review last year of the effectiveness of that prohibition found that although the prohibition of jamming devices remains necessary, updates to the prohibition were required to address technological change that has occurred since 1999.

ACMA chair Chris Chapman commented that -
In making the new prohibition, the ACMA notes the continued need for appropriate regulatory arrangements that protect PMTS from unwanted and potentially harmful interference. It is vital that people can access the emergency call service, as well as receive warning messages in times of emergency.
The new Declaration includes a definition of "PMTS jamming device" in order to clearly identify the types of prohibited devices. The exemption of on-board systems used to provide mobile communication services on aircraft has been retained.

24 February 2011

Amorous Zombies

Last year I noted the fuss about LA Zombie. The ABC now reports that Richard Wolstencroft "will not be convicted' over exhibiting the film at the Melbourne Underground Film Festival despite the OFLC refusal of a classification. Wolstencroft has however been ordered to give $750 to Melbourne's Royal Children's Hospital.

He has reportedly said that he will not defy the classification board again and has learned his lesson.
Obviously I really do like to push the envelope and play different material, but look, I submit a list of films and if they reject one of two, it's not going to play.

I'm not going to do that again, you know what I mean?" he said.

"It's been a bit of a nightmare to be honest; getting charged with anything. If I knew I would be charged I wouldn't have gone ahead and done it.
Wolstencroft faced a maximum penalty of a $28,000 fine or two years in jail for exhibiting the film.

Payment Systems

Reading 'Information Security Policy in the U.S. Retail Payments Industry' [PDF] by Mark MacCarthy in 3 Stanford Technology Law Review (2011) -
The United States retail payments industry is in the middle of a transition in regard to information security. A substantial number of data breaches have occurred over the last five years, despite substantial compliance with the industry standard, the Payment Card Industry Data Security Standard. There will need to be a move to a higher level of security, and the major challenge is institutional. How can the industry organize itself to move collectively toward this goal? Without recommending any particular technical solution, this paper proposes one way to meet this institutional challenge. Drawing on the experience of Europe and the United Kingdom in moving to a chip and PIN environment, I recommend a public-private partnership where industry, government and civil society jointly work through the technical, economic and public policy issues that need to be solved if we are to have improved information security in the industry.

This paper is organized as follows. In Part II, I look at the information externalities in the retail payment system. This section provides some industry and legal background. It discusses information security as a third-party indirect liability regime, and it assesses the system externalities and liability rules that create misaligned incentives for investments in information security. In Part III, I review the Payment Card Industry Data Security Standard, including examples of its data security rules. I discuss levels of compliance and validation, and review some of the data security breaches that have occurred despite the success in moving the industry toward compliance. In Part IV, I discuss some public policy issues including mandated cost recovery schemes, data notifications laws, specific security laws, action by the Federal Trade Commission to treat security lapses as unfair acts, and general security laws that require reasonable levels of security. In Part V, I discuss end-to-end encryption and chip and PIN as possible upgrades to the current system, and conclude with a recommendation for a public private partnership to explore ways to move the system forward to higher levels of information security. In Part VI, I conclude with a recommendation for a way forward involving government as an active convener of public-private coordinating groups seeking to guide industry upgrades in information security.

22 February 2011

I wanna wanna, be your dog

Today's NY Times (a welcome refuge from the 428 page report on misbehaviour onboard HMAS Success and from the demolition of Christchurch, one of my favourite cities) features an item by Colin Buckley on 'ghosting' Ted Kennedy's dog -
... when I moved to Washington five years ago to attend graduate school at Georgetown, I resolved to get a job with Senator Edward Kennedy. I hoped to become an assistant at least, or an adviser or perhaps even — dare to dream — a speechwriter.

Instead, I became Splash, the senator's Portuguese water dog.

Having begged my way into an internship with the senator, I spent most of my time making copies, keeping records and answering phones. But then on a quiet winter afternoon when there was not much else going on, my supervisor came to me with an apologetic look on her face.

The senator, she explained, had recently written a children's book called My Senator and Me. The book depicts a day in his life from Splash's perspective. Someone — I'm not sure who — suggested including an e-mail address where curious young readers could reach the supposedly computer-savvy Splash.

That's where I came in. Someone had to reply to Splash's e-mails, in his voice, lest the children think the dog had let the thrill of being a published author and Washington power broker go to his head.

I'd taken Splash on walks on more than one occasion. Once, near the Russell Senate Office Building, we happened upon a mysterious pile of pellets that appeared to be some kind of fertilizer. Splash lurched toward them and devoured a mouthful before I could stop him. As I ferociously tugged on his leash, a headline ran through my head: "Intern Returns Poisoned Dog to Living Legend".

But beyond Splash's indiscriminate eating habits and love of tennis balls, he was little more than a furry mystery to me. What would he say in response to the hundreds of e-mails that came to him from children across the country? School simply hadn't prepared me for this.

Most of his messages went something like this:
Dear Splash,

My teacher read us your book. You are so cute! Can you come over and play with my dog? What kind of dog food do you like? My mom says your senator is a great man. I hope he feels better.
After checking with the senator's assistants on Splash's preferred dog food brand, and then reading the book myself to better prepare for my role, I answered every single e-mail, ending each reply with the mandatory "WOOF WOOF!! Splash".

My feelings on this assignment were conflicted, to say the least. On the one hand, I was impersonating a dog. On the other, I was heartened by the warmth that people from so many other states felt for the senator from mine.

In time I found a strange satisfaction in writing back to these puppy-crazed children, one that I never got from answering the office phones. None of Splash's correspondents cared about or even knew Senator Kennedy's position on the estate tax, or whether he'd invoke cloture on a resolution to incrementally finance the defense budget. In fact, a simple "Woof!" seemed to be all the constituent outreach they needed to be assured that the senator was on their side. ...
I wonder what Weber would say about the rise of - and manufactured personality (blogs, memoirs, interviews, email) for - The Presidential Pet and its senatorial epigones.

'The Dog that Didn't Bark: The Role of Canines in the 2008 Campaign' by Diana Mutz in 43 PS: Political Science & Politics (2010) 707-712 comments that -
American presidents have always had pets, although their political significance is vastly understudied. White House occupants have long included many species, from John Quincy Adams' pet alligator to Jefferson's pet grizzly cubs to Madison's famed parrot who attended the inaugural ball. According to one authoritative source, around four hundred pets have lived in the White House to date. In fact, if one counts horses, Barack Obama is the very first elected president to be petless. Moreover, Obama's petlessness was widely publicized during the election through his public promise to his daughters of a post-election canine companion. While some pundits felt this promise only made him appear more charming to the pet-loving American public, it may have unintentionally highlighted a key point of difference between the candidate and the public. Republican John McCain, on the other hand, had a menagerie that included two dogs, a cat, two turtles, a ferret, three parakeets, and some saltwater fish. Moreover, given the attention that the campaign promise drew to pets (and Obama’s lack thereof), it is not surprising that the American public was well aware of this point of difference between the two candidates.

Presidential pets, and canines in particular, have been widely acknowledged to play a significant role in the political success of their masters. Many presidential pups have become celebrities in their own right, exceeding even their masters’ success in the White House. President Harding’s Airedale, Laddie Boy, became a national celebrity and was given a chair at cabinet meetings. Roosevelt’s black Scottie, Fala, traveled abroad and joined the president at international meetings promoting world peace. Pushinka, a fluffy little white dog given to Caroline Kennedy by Nikita Khrushchev, was long suspected of being infested with bugs. However, after an extensive Secret Service clearance process, she was allowed to have intimate relations with the Kennedy’s Welsh terrier, Charlie, and the two went on to produce four pupniks. Roosevelt’s dog, Fala, later gave Nixon the inspiration for his infamous “Checkers speech” about his own dog. In short, canines have clearly played an important role in presidential politics, affecting both a politician’s image and effectiveness.

Despite their high profiles once in office, there is little empirical evidence as to whether or why dogs matter either to electoral prospects or to a president’s success once in office.
Mutz goes on to explain that -
Using the most extensive dataset available on the 2008 election, I examine the impact of dog ownership on presidential vote preference. Canines were elevated to the status of a campaign issue when, during the 2008 campaign, Barack Obama publicly promised his daughters a dog after the election was over, a campaign promise that has since been fulfilled. However, this announcement appears to have unintentionally highlighted the absence of a key point of potential identification between this candidate and voters, and thus to have significantly undermined the likelihood that dog-owning voters would support Obama. I elaborate upon the implications of this finding for future presidential candidates. ...

In Obama’s case, the negative impact of his petlessness is clearly driven by the dog-owning public’s inability to identify with a president who didn’t know Frontline from a filibuster. I found no evidence that the votes of owners of other kinds of pets with more Obama-like personalities (e.g. cats) benefited his candidacy. In fact, the impact of owning other kinds of pets was either negative or negligible throughout, thus casting greater support for canine group identification theory. The dog-owning portion of the electorate appears to agree with Calvin Coolidge's admonition that "any man who does not like dogs and want them about, does not deserve to be in the White House".

In short, Democrats should be wagging their tails over the arrival of Bo Obama, who could play well to potential swing voters in 2012. It is probably no accident that a seasoned politician like Ted Kennedy gave the Obamas the dog as a gift when the public was just about to give up on this long-awaited campaign promise. On the one hand, Obama supporters may feel some relief at knowing that the White House now has a canine resident, particularly in advance of the 2010 midterm elections. But if he is to reap the benefits of this change in lifestyle, President Obama would be well advised to give the pooch a much higher public profile than he has to date.

Thus far, Bo Obama has spawned a lookalike Beanie Baby and two children’s books, but he has yet tomanifest a strong presence among the adult, voting public. The fact that he makes so few public appearances has prompted at least one blogger to speculate that this Portuguese water dog might be a Vietnamese water torture dog instead. Dog owners cannot be brought on board unless they are reminded of Bo’s presence. Assuming Bo does not bite (and perhaps even if he does), the president needs to parade him in front of theWashington press corps regularly to remind the American public that he, too, has a best friend.

20 February 2011

More on the Cybercrime Convention

A recent post noted the bland Australian government paper regarding accession to the Council of Europe Cybercrime Convention.

That Convention requires inclusion in domestic legislation of offences regarding the "confidentiality, integrity and availability of computer data and systems", including unlawful conduct involving -
• access to a computer system

• interception of communications

• damage, deletion, deterioration, alteration or suppression of computer data

• serious hindering of the functioning of a computer system, and

• misuse of devices designed for the purposes of committing such offences.
The Convention recognises that some activity that would otherwise be unlawful is permitted on an exception basis if conducted by the state, eg by law enforcement or national security agencies.

The Convention also requires signatories to establish computer related and content related offences aimed at addressing the specific use of technology to commit crimes such as -
• forgery

• fraud

• child pornography, and

• infringements of copyright and related rights
The Convention is wideranging.

Article 11 requires signatories to establish offences for ancillary liability, such as attempting to commit Convention offences and aiding and abetting the commission of such offences. Article 12 requires signatories to ensure that corporate liability applies to commission of the offences.

Article 13 requires signatories to ensure the offences are punishable by "effective, proportionate and dissuasive sanctions", including imprisonment.

Article 14 requires signatories to ensure law enforcement agencies have appropriate powers and procedures for criminal investigations and prosecutions of Convention offences, other criminal offences committed by means of a computer system and the collection of evidence in electronic form. That requirement is bounded by Article 15, with signatories to ensure that all powers and procedures are subject to conditions and safeguards providing for the adequate protection of human rights and liberties.

Articles 16 to 21 require signatories to establish powers enabling domestic agencies to -
• obtain the preservation of stored computer data (including traffic data) for up to 90 days

• enable the disclosure of traffic data to allow the identification of service providers involved in the path of the communication

• order the production of specified computer data

• search and seize a computer, or part of it, in which computer data is stored

• collect traffic data on a real-time basis, and

• intercept the content of communications.
The obligation to preserve information does not automatically require release of preserved information. One signatory's law enforcement agencies can request that another signatory preserve the information in anticipation of obtaining a lawful authority to access the information.

Article 22 requires signatories to establish jurisdiction over any offence established in accordance with the Convention when the offence is committed -
• in its territory

• on board a ship flying a flag of that signatory

• on board an aircraft registered under the laws of that signatory , or

• by one of its nationals, if the offence is punishable under criminal law
where it was committed or if the offence is committed outside the territorial jurisdiction of any State. The Article also requires signatories to consult where more than one Party claims such jurisdiction.

Articles 23 to 28 contain general obligations relating to international cooperation, including in relation to mutual assistance, extradition and the disclosure of unsolicited information.

Articles 29 to 34 detail the types of assistance that may be requested between signatories, which must be able to -
• preserve stored computer data at the request of another Party for a period of at least 60 days

• facilitate partial disclosure of traffic data to enable the identification of service providers in another State involved in the transmission of a communication and the path of the communication

• provide assistance in accessing, seizing or securing, and disclosing data stored by means of a computer system

• provide mutual assistance in obtaining the real-time collection of traffic data, and

• to the extent permissible under domestic law, provide mutual assistance in the interception of communications.
Article 34 provides that mutual assistance regarding the interception of content data is to be provided only to the extent permitted under applicable treaties and domestic law.

Article 35 requires signatories to establish a 24 hour, 7 day per week, point of contact to receive requests and provide assistance.

Article 39 provides that the purpose of the Convention is to supplement applicable multilateral or bilateral treaties or arrangements and therefore does not affect other rights, restrictions, obligations or responsibilities of a Party.

The Convention provides scope for Reservations and Declarations. Article 22(2) allows signatories to reserve the right not to extend the jurisdictional coverage of offences to any Convention offence committed on board a ship flying a flag of that Party, on board an aircraft registered under the laws of that Party, or by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State. Australia proposes to use this reservation in relation to the offences in articles 7, 8 and 9. (Although the jurisdictional coverage of Commonwealth offences extends to these circumstances, State and Territory offences do not.).

Article 29 (expedited preservation of stored computer data) provides for a right of reservation in circumstances where the condition of dual criminality cannot be fulfilled in respect of offences other than Convention offences. Further, a signatory may refuse to preserve data only if the offence that has resulted in the request is a political offence or is likely to prejudice the requested signatory’s sovereignty, security, public policy or other essential interests.

Articles 40 and 42 provide for the making of declarations and reservations in the implementation of the Convention requirements. Only reservations listed in Article 42 can be made in relation to the obligations placed on the signatories by the Convention. Reservations must be made in writing at the time of signing or when depositing an instrument of ratification or accession. Article 43 then provides that, where a reservation is made, a signatory may wholly or partially withdraw it by notification to the Secretary General of the Council of Europe. Australia intends to avail itself of the reservations relating to Article 14(3) and Article 22(2).

Article 45 provides that disputes between signatories regarding interpretation of the Convention shall be settled through negotiation or any other peaceful means, including submission of the dispute to the European Committee on Crime Problems, to an arbitral tribunal for a binding decision or to the International Court of Justice.