Author Archives: wunderbarb

Fair use and video online

Posted on by
Reply

The US Center for Social Mediarecently published a report entitled Code of Best Practices in Fair Use for Online Video. Its aim is to help creators to interpret the copyright doctrine of fair use. Fair use is a set of exceptions defined by the DMCA. The document does not define the limits of fair use. When reading it, you quickly understand that these limits are extremely fuzzy. Everything is about balance and judgment.

The paper gives a good overview of fair use doctrine. It clearly states the two questions which are at the heart of fair use:

  • Did the unlicensed use “transform” the material taken from the copyrighted work by using it for a different purpose than that of the original, or did it just repeat the work for the same intent and value as the original?
  • Was the material taken appropriate in kind and amount, considering the nature of the copyrighted work and of the use?
  • Then, it provides some guidelines for 6 typical cases:
      • Commenting on or critiquing of copyrighted material
      • Using copyrighted material for illustration or example
      • Capturing copyrighted material incidentally or accidentally
      • Reproducing, reposting, or quoting in order to memorialize, preserve, or rescue an experience, an event, or a cultural phenomenon
      • Copying reposting, and recirculating a work or part of a work for purposes of launching a discussion
      • And quoting in order to recombine in elements to make a new work that depends for its meaning on (often unlikely) relationships between the elements

The funniest part of the document is the section about myths and truths of fair use. Some supposedly questions:

  •  If I’m not making any money off it, it’s fair use.
  • If I’m making any money off it (or trying to), it’s not fair use.
  • Fair use can’t be entertaining
  • If I try to license material, I’ve given up my chance to use fair use.
  •  I really need a lawyer to make the call on fair use.

If you ask yourself some questions about fair use, read it. Although its target is video, I am sure that it is easily extrapolated to other type of copyrighted materials.

Malware in mails

Posted on by
Reply

We are used to the typical malware hosted in mails. They are often based on basic human instincts such as lust or greed. How often are we proposed pictures of nude artists? By the way, this could be an excellent way to decide who is believed to be the sexiest woman in the world: Measure their occurrence in the malware mails. Normally, you should only use the most attractive ones.In view of my junk mails, it seems that Angelina Jolie is leading these last weeks.

Often these mails are so rudimentary that they may be spotted even by unaware people. Often wrong spelling and weak grammar are a good signature. Nevertheless, I received an interesting one, that was better elaborated than the usual ones. It is why I looked at it rather than deleting it immediately. It was titled customs, please read. Here is the text

Good day,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,
Frederick Shepard
Your Customs Service

Of course, the attached file was containing a Trojan named BKDR_AGENT.SHH. This Trojan is known for more than one year and detected
by anti viruses. Nevertheless, from the social engineering point of view, it was a nice piece:

  • It presents itself as coming from customs. Customs are official entities, thus in theory trusted. You are always careful with customs.
  • The address and the fax were supposed to be in the attached declaration form. Thus, you would have to open it, and trigger the malware.
  • The email address was customs_service@bluejeanc.com.tr. Looks very official. Blue jean mail lead to believe that it is a selling site (this is not the case).

There is still one error. I am located in France. So why should a parcel sent from France need any custom clearance. Still some effort to do for the malware writers. But they progress.

YouTube will not have to provide private data

Posted on by
Reply

Next sequel in YouTube-Viacom litigation. You tube was requested by a judge to handover Viacom the IP address and list of viewed clips of each viewer. (See Blog of 10th July) Fortunately, YouTube and Viacom reached an agreement. The data will be anonymized before to be passed to Viacom.

This is at least true for normal users. Viacom maintains the requests of these identified data for YouTube’s employees. The objective is to prove that YouTube was aware of these infringements. In retaliation, YouTube will ask the same data for Viacom’s employees who browsed YouTube. The objective is to detect eventual Viacom’s people posting copyrighted clips.

Let’s wait next movement. Nevertheless, we can applause two companies that found an agreement on a legal decision that preserves privacy.

Some notes about Broadband World Forum Asia 2008

Posted on by
Reply

I chaired the Hot Session at this conference. The topic was “Peer To Peer: opportunity or threat?” The two panelists were rather in favor of P2P although they highlighted some threats. The best quote from Shashi: “P2P means also People To People” I love this one.

Two sessions were interesting from the security point of view. The first one was “VoIP security: Myths and Realities”. The papers were not technically detailed. The most interesting part was the discussions and Q&A. Final conclusion: “Encryption for VoIP is probably useless from the security point of view, nevertheless it makes people feel more comfortable.”
The risk of eavesdropping in a cafe the unsecure wireless transmission is probably not serious. There are easiest ways to listen the speakers such as being near or high quality microphones. The risk of a eavesdropping by government wiretapping is balanced by the legal requirement asking for such feature. In other words, if you want it to be secure, either use an independent scrambling codec, or use a VPN.

The second session was “Monetizing Content: 360 degree view of the customer”. Two speakers were extremely interesting. Daniel Brody VP of Tudou (The Chinese YouTube), and Ringo Chan VP of Tuner International. Some interesting comments/facts. According to Mr CHAN, the release window of VOD will soon coincide with the release window of home rental, i.e., the DVD sales. Currently, VOD occurs one to 3 months after DVD release. The future of VOD will be difficult in China when you find high quality DVD for 1$ at each corner street months before the official DVD release. Tudou succeeded to have a commercial agreements with Chinese content providers. It was far easier than with Western content providers. Chinese content providers do not have complex business models such as windows release. An interesting revelation from Dan. User Generated Content (UGC) is about buzz. And it is extremely easy for UGC sites to create the buzz on the clips they want to promote. He revealed that they are very good at this game.

iPhone 3G hacked

Posted on by
Reply

It was even faster than expected. One week ago, Apple launched its iPhone 3G. Apple claimed that this time, unlocking would be unbreakable. Remember that it took one month last summer to first hackers to unlock the iPhone (see newsletter n°7). As always, our law 1 proved to be true: Attackers will always find their way. Already two attacks are available. A team of Brazilian hackers has unlocked it using a SIM card emulator. We are now waiting for the software-based unlock. iDev Team has jailbroken the iPhone 3G allowing access to its system. First step in that direction. Jailbreaking allows to add homebrew applications to the phone.
See site iPhone hacks

Watermark and privacy

Posted on by
Reply

The Center for Democracy & Technology (CDT) issued an interesting paper titled “Privacy principles for digital watermarking“. CDT published similar principles of other technologies such as RFID or DRM.

The document proposes eight principles:
1. Privacy by design; Interestingly in this principle, CDT recommends that the digital watermark technology providers imposes, by contract binding, to the application designer to respect privacy issues. This is highly ethical but is it realistic in business environment?
2. Avoid embedding independently useful identifying information directly in watermark; in other words the payload should look random without access to relevant information
3. Provide notice to end-users; CDT provides an interesting rationale to inform end users if the watermark is used against copyright infringement. End user should secure his/her content to avoid theft by third parties; else they may suffer from legal actions.
4. Control access to reading capability
5. Respond appropriately when algorithms are compromised; Their recommendations is not to renew the algorithms as technologists would recommend. Rather, CDT recommends to publish a notice if the hack allows watermark forging. I am not sure that this will be loved by technology provider
6. Provide security and access control for back-end databases
7. Limit uses for secondary purposes
8. Provide reasonable access and correction procedures for personally identifiable information

The principles are sound and many of them apply to other security related techniques. Of course, in view of the goal of its editor, some recommendations are Utopian. This document is worth reading.

Are modchips illegal?

Posted on by
Reply

Modchips are components that are added to a game console in order to gain new features, often possibility to play replicated games. Modchips require the opening of the console and soldering of a chip on the board. Of course, the addition of a modchip to a console means the loss of the warranty.

In the US, modchips fall under the realm of DMCA. Often the games are encrypted, and thus fell in the scope of DMCA. But, is it the case in all countries? Last month, it seems that English judge Jacobs ruled in favor of legality. Mr Neil HIGGS was released from the 26 counts. He sells modchips imported from Honk Kong.

Modchips are an important factor in game piracy. There are modchips for most game consoles. It is rather easy to find modchips on the Web, but it requires some skills to solder the chip. Some shops offer this service, and even sell already modchiped consoles. Ironically, one large modchip supplier uses holograms to authenticate its modchips. Other suppliers are selling counterfeited modchips!