Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Lawyers disappointed (Score 1) 225

by grot (#43734595) Attached to: Federal Judge Dismisses Movie Piracy Complaint

IAAL (but IANYL). I represented several people in this case. We put up a strong defense, and I'm disappointed that Judge Aiken simply dismissed everyone except Doe #1. Voltage should not have been in court in the first place, and they should have been held to account for their false statements. To the extent that this makes Oregon a bad place for trolls to run their scam, it's a tolerable result, but Voltage still skips out with tens, perhaps hundreds, of thousands of dollars. (They're running the same scam in Washington now, btw. Donate to the EFF or provide tech help to your local defense lawyers. It's the only way to shut this shit down.)

Comment: Stonewall or Fight! (Score 5, Informative) 197

by grot (#40864049) Attached to: Patent and Copyright Wars Gone Wild

IAAL, and I've worked on a bunch of these cases. The real problem is, it's almost always cheaper to settle than to fight. This is what we call a "cost of defense" shakedown: if it would cost $5k to fight, then it makes sense to pay $3k to make it go away. However, there are a few things to keep in mind:

* The trolls are very unlikely to go after any individual, no matter how much they huff and puff. The reason is, if they have 1000 Does in a complaint, and they start going against one of them, that Doe will (eventually) get copies of the evidence against him. If it's sh!t (and I believe it will probably turn out to be) then the other 999 Does will see that, and no longer be willing to pay.

* The insurance industry had a problem with cost-of-defense complaints: crappy auto accidents that weren't worth more than a few grand in damages. But they banded together and fought every single one of them (paying just the actual damages & medical, and fighting almost every "pain & suffering" claim). And now, you can hardly find a PI lawyer to take a small case -- they know there's no money in it. So the insurance companies don't have to fight any more, and they don't even consider paying anything you can't produce a receipt for.

The only way to clean up these trolls is if some Does sack up and fight, or if the courts stop going along with the shakedown.

Comment: Digital Asset Estate Planning (Score 1) 257

I'm the CTO for Yet Another Cloud Service, but this one may be of interest to the tin-foil-hat crowd (of which I consider myself a member). The service is Cloudfeet (www.cloudfeet.com) and one of its genesis use cases is exactly this. I'm a patent attorney, and my business partner is an estate planning lawyer.

There are a few services out there (www.mywebwill.com, www.legacylocker.com) that purport to be suitable for this application, but there are several problems with them. Principally, they're not hooked into the legal estate/probate mechanisms of any particular state, so you have little assurance that what you want to happen after you die, actually will happen.

Another problem is the tin-foil-hat part: if you don't have the encryption keys to your data, then you don't have any control over the data, or any reason for confidence in its security.

Cloudfeet uses client-side encryption, but with a (patent-pending) twist: you keep your RSA key, but the private key is encrypted using a key that Cloudfeet holds. Cloudfeet will send that key to you if you're able to complete the two-factor authentication process. Thereafter, it's a fairly straightforward implementation: you decrypt your private RSA key, then use that to decrypt individual document keys, then use those to decrypt documents.

Since Cloudfeet doesn't have your (encrypted) RSA key, we can't snoop on your documents or deliver them to the FBI in response to a National Security Letter. However, since your private key is encrypted using a key that Cloudfeet has, you don't have to be especially careful with it (although, of course, you should treat any encryption key carefully). For an attacker (or LEO) to read your documents, they have to get both your encrypted private key (over which you have exclusive control) and the key-encryption key (which Cloudfeet maintains).

Getting back to the main topic, digital asset estate planning, our system is designed to fit into ordinary probate proceedings. The canonical case for that is:

* Your estate planning lawyer sets up an account for you, with two-factor authentication & all.
* Your encrypted RSA key is printed as a QR code, which is affixed to your will and other important docs.
* You can store whatever digital information you want to preserve (e.g., passwords) in your Cloudfeet account.
* When you die, your executor can obtain your encrypted RSA key from your will, and Cloudfeet will provide the encryption key in response to your executor's request, supported by the court order appointing him to administer your estate.
* With the encrypted RSA key and the encryption key, he can access your saved passwords and carry out the instructions in your will.

More info at www.cloudfeet.com, or contact info@cloudfeet.com.

"Your stupidity, Allen, is simply not up to par." -- Dave Mack (mack@inco.UUCP) "Yours is." -- Allen Gwinn (allen@sulaco.sigma.com), in alt.flame

Working...