ZeroPaid.com » Technology

Clarifying the Possible Canadian Surveillance Legislation

Drew Wilson — Fri, 19 Aug 2011 18:22:05 +0000

A report has surfaced that has received a fair bit of attention. The report suggests that Canada is facing a piece of internet surveillance legislation that would pretty much eliminate all due process. Naturally, this is of concern to us because we are concerned about privacy related stories, so we took a look at the report. Now, we'd like to offer some clarification on the current situation in Canada on this matter.

We here at ZeroPaid read a lot of articles in any given day. We are always on the lookout for anything that might be of interest to our readers and we combine that with our own ability to write our own original content. Part of what can make a great journalist is the courage to step outside our own comfort zone and report on things we don't necessarily know every nuance and detail. For many, that's simply a matter of reporting on things that are going on outside our own country. In a sense, it's simply looking beyond what is going on in our own back yard to understand what the rest of the neighborhood is up to. That can go a long way in being able to take lessons learned from the neighbors and be able to bring it back home. That doesn't always mean that everyone is entirely successful. Sometimes, one can absorb every single detail on a story they can gather and try as much as possible to produce an accurate report only to find that there is the odd detail here and there that someone immersed in that countries culture would be able to pick out right away. That is always the difficulty of trying to report on issues happening in countries that are, simply, not the country you come from. I think that this leads to two ways a reporter can handle this, they can either focus exclusively on what is happening in their own country, or they can take the occasional intellectual thumping in order to gain a much more rounded exposure to issues happening "abroad" (in quotes due to nature of internet) That leads us to this report from Naked Security which says that Canada is considering a bill that would pretty much eliminate due process and bring in surveillance that would make US-style surveillance seem like a fair and open transparent process. As someone from Canada, you can predict what I thought when I first heard this. I thought, "Oh no. They are actually going ahead and tabling this again!" So I read the article and it pointed to Bill C-52. I wondered if they actually kept the naming scheme to the point where they used the same numbers to boot. Since the legislation was linked in the article, it didn't take long to discover that this was not current legislation, but rather, old legislation that died on the order paper after the last election. Just looking at the date of the first reading (November 1, 2010) kind of gave a good hint of that (and, if you're a Canadian political junky, the part that says "Fortieth Parliament" is also a giveaway as the government is currently in the 41st parliament). Of course, if you're not a Canadian and don't tend to follow Canadian politics as closely as some who do reside in Canada, that might not be that obvious. For the record, the surveillance legislation at the time (deceptively dubbed "Lawful Access") was actually three bills - bill C-50, bill C-51 and, of course, bill C-52. It was complex and dealt with a lot of issues. Reading bill C-52 would technically only give you a sense of one third of what was being proposed. As you might be able to guess, like bill C-52, bills C-50 and C-51 also died on the order paper when an election was called. As I've suggested in various articles over the years, Canadians were actually saved from very bad legislation that would undermine civil liberties in the country. The author of the article on Naked Security also defended himself by saying that this is what is being mulled in government right now. He didn't say that it was necessarily tabled. This is technically true, but it's also pushing it to say that the contents of Bill C-52 is precisely what is being mulled because that might suggest that it might be tabled separately. I, personally, wouldn't go so far as to assume that what was in Bill C-52 is exactly what the government is thinking of tabling next. This is partly because the speculation is that a lot of what was being considered in the Lawful Access legislation might be rolled in to an omnibus crime bill in the next session of parliament. The fear is that this crime bill will be pushed through quickly and in such a way that a lot of the inherent flaws of previous attempted legislation would wind up being muted. This kind of concern was raised by experts featured in our previous report. In the open letter, the government was generally urged not to do anything hasty and ram surveillance legislation through - after all, it is a heavily contested area to begin with that practically pits ordinary Canadians against their own government. We don't really know what the specifics are in the crime bill. That's what makes it difficult to argue on specifics. The best we can do is look at the previous legislation and beg the government not to destroy Canadian civil rights by reinserting the type of legislation found in the Lawful Access bills into the crime bill. Personally, I'm not holding my breath that Prime Minister Harper will respect basic civil rights and since Canada has a majority government, Harper pretty much rules with an iron fist for the next few years. It's actually quite hard to fault Naked Security because there's not a whole lot the author did wrong that I can see. He looked up the legislation directly, linked to it, quoted relevant sections and had decent commentary on what was wrong with the legislation. These are all really good things to do in an article. In fact, he even brought in other examples from around the world to support his arguments which I think is always a bonus. In addition, he did raise awareness of matters of importance (and I'm happy that it's on topics that are close to home in my neck of the woods). Of course, to draw from a science example, you could follow very solid methodology like the scientific method to the letter and wind up with results that are way out in left field. I think that the author of Naked Security should continue to monitor what goes on here in Canada and not get discouraged by the feedback he got from one particular article. Fine, you could say his article might not be totally accurate or maybe even a bit misleading, but I don't think it's necessarily his fault. Give the guy a chance, he's trying at least. Following international stuff isn't really easy - believe me, I know. [Via /.] Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at drew@zeropaid.com.

Will Prior Art Doom Apple’s Anti-Theft iPhone Patent?

Drew Wilson — Sat, 21 Aug 2010 04:10:28 +0000

There's a bit of commotion with a new patent request by Apple over on Slashdot today. The claim is that Apple is creating a new patent to stop jailbreaking.

About a month ago, we reported that a review of the DMCA put forth the possibility of jailbreaking ones phone without breaking anti-circumvention laws (though this is under a set of specific circumstances). A court also ruled that the act of circumvention in and of itself does not constitute infringement. It was a very interesting development and it's what made a recent report on Slashdot interesting as well. The posting suggested that Apple is trying to patent (through the "Systems And Methods for Identifying Unauthorized Users of An Electronic Device" patent) the ability to remotely disable jailbroken phones. Unfortunately, that wasn't really true going through both links in the report. First was the link to the patent application where the only mention of a jailbroken phone was way to tell if a phone was stolen. There doesn't appear to be anything about Apple disabling jailbroken iPhones, but it does discuss what Apple wants to do with phones that have been stolen and used by "unauthorized" users. We looked at the other article, the Arstechnica article, and nothing in the article says that Apple is trying to patent the ability to disable jailbroken phones. The patent was filed February 19, 2009. All this doesn't make the patent uninteresting though. Here's the first statement of claim:

1 . A method for identifying an unauthorized user of an electronic device, the method comprising: determining that a current user of the electronic device is an unauthorized user; gathering information related to the unauthorized user's operation of the electronic device in response to determining, wherein the unauthorized user's operation comprises operations not related to the authentication; and transmitting an alert notification to a responsible party in response to gathering.

This was an interesting claim and they had these claims associated with it:

5 . The method of claim 1, wherein gathering further comprises gathering one or more of screenshots, keylogs, communications packets served to the electronic device, and information related to a host device coupled to the electronic device. 6 . The method of claim 1, wherein the alert notification comprises a general message indicating that an unauthorized user has been detected. 7 . The method of claim 1, wherein the alert notification comprises at least a portion of the gathered information. 8 . The method of claim 1, further comprising: gathering information related to the identity of the unauthorized user in response to determining; and gathering information related to the location of the electronic device in response to determining.

Since the date it was filed on is important, February of 2009, anything we find prior to this date is critical to putting this patent into question. So with a little research, we've come across an article from 2005 on Forbes which appears to detail idea's, at least, similar to what is being described in the above claims. Remember, the critical point in the patent is that it's all about detecting an unauthorized user of an "electronic device". It's not specifically about protecting a phone as both Slashdot and Ars Technica suggests although, yes, it would include something like a cell phone. The Forbes article discusses LoJack for laptops. You don't have to finish reading the first paragraph to discover that this software was meant to stop laptop theft. A laptop is as much of a digital device as an iPhone in my books. Claim 5 of the patent mentions information packets - hinting towards the data stream going from device to device. What is included in that data stream? An IP address. You can read this paragraph from the review and play "Spot the Similarities":

Within seconds, Absolute can use one of three ways to determine where the wayward computer has gone. If it's a dial-up modem, it can tell what phone number the computer is using to get online, and trace the address. If it's broadband, it can track the IP address and then, with cooperation from the Internet Service Provider, locate the street address where the IP is installed. And then there's a third way that even John Livingston, Absolute's chairman and CEO won't tell us about.

Moving along to claim 6, the claim suggests that an alert is created when an unauthorized user has been detected on that device. For that, we go to the previous paragraph in the review:

It works like a charm, as soon as the bandits use your stolen laptop to go online. By the way, all the time your computer's been sitting in your office or den, it has been regularly checking in with its master in Vancouver. If the computer gets into the wrong hands and is reported stolen, Absolute's recovery team will see that status pop up on their screen.

Sounds like LoJack is creating a notification as well. Claim 7 says that parts of the information is used to track the device down. Claim 8 suggests that the information would also be used to identify the location of the stolen device and the unauthorized user. That sounds like something insinuated two paragraphs down in the review:

Once the computer's been located, the recovery team--all ex-cops, by the way, most of them from the Vancouver police--call local law enforcement and tell them where they can find the purloined device

We don't claim to be experts in the US patent system, but as far as we know, if there is prior art to a patent being filed, it puts the validity of the patent in jeopardy. With that bit of knowledge, it's not looking good for the patent. We'll skip ahead to claim 11 since there's some interesting claims related to it:

11 . An electronic device operable to detect an unauthorized user of an electronic device, the electronic device comprising: a processor operable to: receive an input from a current user of the electronic device; determine the input is not associated with an authorized user of the electronic device; and record usage information of the electronic device in response to determining; and communications circuitry operable to transmit the usage information to a remote device.

Then we have this claim:

15 . The electronic device of claim 11, further comprising: a camera operable to take a photograph of the vicinity of the electronic device; and positioning circuitry operable to determine current location information of the electronic device; and wherein the processor is further operable to: geotag the photograph by associating the photograph with the current location information.

That sounds very similar to, say, a webcam taking pictures remotely. So there's this article dated August 24, 2008. It describes a piece of anti-theft software - open source no less - called Adeona. In that article has the following paragraph:

To track your stolen property, you can do a number of things; you can track the IP addresses and/or the Wi-Fi network name and geo-coordinates to track the general area the device is in, or your laptop can even snap a photo using its webcam (if so equipped) to snap a photo every 30 seconds to show you exactly who’s using it. The overall idea is very similar to the competition, with the only real difference being that you’re the only one seeing any of your information.

This not only further compromises claim 8, but also compromises claim 15 of the patent. This particular paragraph is nice because further down the patent is another set of claims that appear to be compromised:

17 . A system comprising: an electronic device comprising; an input device operable to receive a password provided by a user; a camera operable to take a photograph of the user; a processor operable to: determine that a predetermined number of incorrect passwords have been successively received; direct the camera to take a photograph of the user; and generate an alert notification in response to the processor determining, wherein the alert notification comprises information related to the identity of the user and the photograph of the user; and communications circuitry operable to transmit the alert notification to a remote device. 18 . The system of claim 17, wherein: the camera is operable to take a plurality of photographs of the surroundings of the electronic device; and wherein the processor is further operable to: analyze each of the plurality of photographs to identify distinguishing landmarks in the photographs; and determine the location of each photograph based on the identified distinguishing landmarks.

So claim 17 and 18 is also compromised due to prior art. This patent has 21 claims and, with a little research, we've been able to shoot down 9 of those claims - most of them being core aspects of the patent. Without those 9 claims, there's not a whole heck of a lot left in the patent. Personally, I think this is another example of why there shouldn't be broad software patents. If all of these claims were to go through, how can other software and hardware developers protect their own customers legally? If other companies want to develop anti-theft technology for their devices, they should freely be able to do so as long as it is with the consent of a fully aware customer and user. The scary thing is that Techdirt notes that the US Patent Office is approving more and more patents in an effort to get through a backlog more than focusing on quality control of who should and shouldn't get patents. I'm not sure this is really going to end well, but in the mean time, maybe I should go breathing or something - you know, to get a slice of the insanity. Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at drew@zeropaid.com.

Canadian Copyright Bill Unlikely In This Government?

Jorge Gonzalez — Sat, 09 Feb 2008 21:46:50 +0000

Russell McOrmond yesterday pointed to the fact that the Canadian Copyright Bill has been put on the notice paper, but there appears to be no sign of a copyright bill today. With the latest political shake-up in Canada, it could cause the Jim Prentice copyright reform bill to never see the light of day.

There is no shortage of speculation on what the copyright reform bill would look like. Many suggest that with the throne speech as well as the Member of Parliament echoing the major foreign copyright stakeholder, it is likely that the worst fears of a Canadian Digital Millennium Copyright Act would be realized sooner or later.

Everyone has been waiting for a copyright reform bill, or a debate, or even a hint as to what is officially going to happen with the copyright issue. Even with the government promising in the last election that they would put international treaties into the House of Commons for debate before ratification, neither debate nor consultation nor a bill has even materialized.

Now with the current political climate, it seems that the chances that the copyright reform bill even seeing the light of day is growing slimmer by the day. The government is currently threatening to dissolve the parliament on a number of issues. One of the issues is the anti-crime bill being stalled in the senate. Another issue is the budget bill – a bill notorious for causing elections in minority government situations. The budget was something that one opposition political party saying that they would vote against it in the past. Added to this is the future of the Afghanistan mission – something that has caused deep political lines already. If it weren’t enough, there have been reports that the Conservative government is contemplating on simply tabling a bill of confidence which, like the other cases, could topple the government into an election. Is it all a game or is the government seriously going to be toppled within the next few weeks? If there is anything certain in this, it’s that the longevity of the current government has been unpredictable at best – which could possibly mean that the copyright bill that was to be tabled several times to not see the light of day.

The copyright bill is a sensitive issue among Canadians who are involved in technology in some form or another – let alone those who are involved in the arts. The grassroots movement of the Facebook group ‘Fair Copyright for Canada’ certainly gained momentum – unexpected momentum for some. With protesters seeking answers on the burning questions on everyones minds with the issue of copyright, the possible tabling of the copyright bill before the end of 2007 was simply put off for a later date. In other words, evidence points to the very likely possibility that the debate pressured the government to take the bill off the table before it was even on the table in the first place. Judging by the reaction, it would seem reasonable to speculate that the government knows that copyright is a rather touchy subject that could prevent votes in a potential election in the future.

With big issues causing election rumbles, whether Canadians are ready for one or not, it is quite likely that the tabling of the bill won’t occur for some time for fear of lost votes – particularly with other issues threatening to cause an election shortly. One thing is for sure, if speculation is right on the contents of the bill, it won’t earn the governing party very many votes anyway. So what are the odds that the Prentice Copyright reform bill will ever see the light of day? Unless the government survives the latest hurdles, it is very doubtful that a copyright reform bill will ever see the light of day.

Where would that leave Canadians on a frosty March or warming April? Heading to the polls with copyright related issues being of hardly any concern with the current political issues more front and center. With the last minority government and this minority government, under the potential circumstance, not passing any copyright reform bill, it may be easier to pass a kidney stone then a copyright reform bill. Even then, that raises the possibility of what is in store for the next government. Would the next one be a majority government or a minority one? There is little doubting that minority governments have stalled the copyright reform bill for this many years. With both Conservative and Liberal party at least showing signs of simply trying to enact restrictive copyright laws, perhaps the best thing Canadians could hope for is another minority government who is willing to set up a public consultation on the matter so as to at least clear the dust in the matter once and for all.

Pay By Credit Card With Your Cellphone

Thu, 11 Jan 2007 20:27:20 +0000

Visa, the well-known credit card company has come forth with a plan to globally mesh cellphone users with their customer base. Nokia is heavily involved with this idea and has partnered with Visa on it.

How would they do this? They take a gadget like a cellphone and make it possible for their customers to pay by using this instead of the slender card. Nobody goes anywhere these days without some form of communication. In most cases your cellphone is full of contacts, information and priceless conveniences.

Visa hopes that you will soon be able to swipe your cellphone over a special reader that electronically communicates with a microchip over your phone. Then, the phone owner has an opportunity to confirm the purchase amount using a buttom press…and you’re done!

Consumers can then have the capability to manage their accounts from the mobile phone and they hope to also have the ability to enable contact-free payments, remote payments, person to person payments and mobile coupons.

NFC technology was developed by former Philips chip unit NSP and Sony. This technology is already widely used in public transport (bus passes and subway passes) access cards. Visa claims its cards and payment systems generate over $4 trillion in sales volume and they are known to be the largest credit card payment system. Visa went public with their new operations named Visa, Inc, for those of you that watch the market.

The first version of the technology was released recently and includes contactless mobile payment, personalization over mobile telephony networks, coupons and direct marketing. Other versions are expected to show face later in the year and plans are to include remote payment options and person to person payment capability.

Other companies are getting involved. Over in Japan, JCB, their leading credit card company, started Europe’s first mobile phone credit payment trial with Nokia and Dutch telecom operator KPN back in October. It was a small trial with hopes that it will become a practice they can release to the public successfully. Germany and Finland have also tested some areas of this technology.

This really opens a new world up for those that travel often or do business but how will it affect personal users? Will it be convenient or another identity theft risk.

Nokia’s Wibree and the Wireless Zoo

Sun, 19 Nov 2006 10:15:43 +0000

Wibree, ZigBee, WUSB, Wimax, WIFI, RFID – So many wireless protocols so much confusion. Trying to sort the wireless mess TFOT explore some of the differences between the standards focusing on the recently announced Wibree currently under development by Nokia.

MRAM – The Birth of the Super Memory

Sun, 12 Nov 2006 02:07:36 +0000

With the continual release in recent years of new types of computer memory (RAM, ROM, DRAM, Flash, SRAM, PRAM…), the memory chip industry has become an ever more bewildering world. Freescale’s MRAM, one of the latest to be commercially unveiled, improves on and combines the advantages of two types of conventional memory.

The various types of computer memory can be classified in several different ways, the simplest of which is the division into volatile and non-volatile memory. Volatile memory requires constant power to maintain stored information. Most types of RAM (random access memory), the most common type of memory used by modern computers, are volatile. Thus, to store information, conventional RAM computer chips are dependent upon electricity flowing through them. When the power is switched off (i.e., when the system is “powered down”), unless the information has been copied to the hard drive, the information is lost.

Non-volatile memory, on the other hand, can retain stored information permanently, absolving the need for a constant power supply. ROM (read-only memory), which stores information that does not require frequent changing (i.e., doesn’t need rewriting), such as Firmware (a software embedded inside a hardware such as a BIOS [basic input-output system]), is typically non-volatile. So, even when the system is off, the data is stored.

The Opposite of RSS? ZNITCH.com

Fri, 20 Oct 2006 19:27:35 +0000

Most bloggers that lead the race have full time jobs elsewhere and try to fit the blogging lifestyle into their schedule after work. Many utilize RSS feeds to avoid the trouble of having to search keywords or special sites out…once you find a good site, why look at any others? This leaves small time bloggers in the dark, and this site is looking to change that.

ZNITCH.com claims to be the opposite of RSS and is naming their service idea SSR, which stands for “Super Simple Reminders”. How does it work? RSS pushes a site’s posts immediately to the users subscribed…every single post. ZNITCH selects specific posts from several pages only when it matches certain keywords entered by the subscriber.

Enter a few keywords on the site, choose a blog or site you want to monitor and let ZNITCH.com do all the work sorting and choosing which posts come through to you. Coming directly to your email makes things faster (I chose to use filters so that all my alerts went to one folder in my setup) and you can avoid any of the posts that don’t fit your chosen interest.

Keep yourself ahead of the game and use a keyword oriented site. This seems to really be a great idea for those that get tons of mail and feeds all day. I know I have to constantly sort through mine and this will help me to avoid those delays.

Xupiter author orders critics to cease and desist

Mon, 19 Jun 2006 02:24:06 +0000

“A culture is made – or destroyed – by its articulate voices” – Ayn Rand

“The society that separates its scholars from its warriors will have its thinking done by cowards and its fighting by fools.” – Thucydides

Some of you know by now that I run a blog with my best friend where we investigate various malware outbreaks. The blog (www.webdefenders.net) is in essence a research arm of Jay Loden’s AIMFix project. We try our best to publicly shame the people responsible for damage-inflicting scourges on the Interweb.

A few days ago we recieved a cease and desist order from a lawfirm retained by Dan Yomtobian, the man responsible for Xupiter. I wont get into a lengthy diatribe about what Xupiter is here. It’s been written about at length by the press since 2003. In simplest terms, Xupiter was a piece of software alleged by thousands of people to arrive on a PC without consent and unleash torrents of unwanted advertising. At one time, Xupiter was responsible for a then record-breaking help thread on SpywareInfo.com. It was even bundled with Grokster during Wayne Rosso’s tenure there, until the distribution suddenly came to a halt. Suprise?

After the fall of Xupiter, nobody heard much from Yomtobian until he published a series of business oriented websites promiting his services. None of these sites addressed his past endeavors, so my partner and I published a tell-all article about the depth of our findings over the past few years. The article draws its support from corporate documents, WHOIS records, even direct quotes from Microsoft’s Help Center and Wired.com articles.

Evidently, the fact that a Google query for “Dan Yomtobian” returns our article as the second result on the first page is damaging to its subject’s reputation. So on 09JUN06, we recieved a cease and desist order alleging that we’d made “false and defamatory statements” and demanding that we take it down immediately. No evidence was given that anything we said was provably false. Just a threat that Yomtobian had authorized the firm to pursue all legal remedies if we failed to compy with the order.

So why hasn’t Yomtobian targeted Wired or Microsoft? The answer is obvious. They have (besides the truth) enough money to deflect things like this. Organizations of their stature would laugh at a lawsuit alleging that Xupiter was innocuous. By contrast, Chris and I are full-time college students. It’s easier to make an example of us than Microsoft. So, after much thought I have decided to comply with the order.

Simply put, it is to my selfish benefit to comply right now. I’m working extremely hard in school to hopefully attend Quinnipiac’s law program once I graduate. I’m training to play a college sport. In our spare time, Chris and I are putting together a new Internet startup. So unlike the kid who abandons his ambition, stops cutting his hair, and goes on to live in his parents’ basement once he realizes that justice is evasive, I will pursue the absolute height of my productive capacity and mount a proper legal defense once I have the resources to do so.

I’m 19 years old. Like so many my age, I don’t have my life all mapped out yet. But if nothing else, I’m confident that at no point in my life will I need to send cease and desist letters to bloggers writing about how I spent my 20′s. That’s more than I can say for some people.

Water Powered Car

Jared Moya — Sat, 20 May 2006 18:43:12 +0000

Came across this cool article about a guy who invented the technology enabling a car to be powered by simple tap water. Looks to be the real deal, his site even has a video endorsement from Arthur C. Clarke, who no doubt knows fiction when he sees it. Here’s his diagram below.

(click on picture to check out his site)

Researchers deliver drugs using Wi – Fi implant

Jared Moya — Thu, 16 Mar 2006 12:26:16 +0000

Medicines can’t work effectively if patients don’t follow their dosing schedule — a problem researchers hope to overcome by delivering drugs using an implanted microchip linked to a wireless control outside the body.