Forgot your password?
typodupeerror

Comment: Lawyers disappointed (Score 1) 225

by grot (#43734595) Attached to: Federal Judge Dismisses Movie Piracy Complaint

IAAL (but IANYL). I represented several people in this case. We put up a strong defense, and I'm disappointed that Judge Aiken simply dismissed everyone except Doe #1. Voltage should not have been in court in the first place, and they should have been held to account for their false statements. To the extent that this makes Oregon a bad place for trolls to run their scam, it's a tolerable result, but Voltage still skips out with tens, perhaps hundreds, of thousands of dollars. (They're running the same scam in Washington now, btw. Donate to the EFF or provide tech help to your local defense lawyers. It's the only way to shut this shit down.)

Comment: Stonewall or Fight! (Score 5, Informative) 197

by grot (#40864049) Attached to: Patent and Copyright Wars Gone Wild

IAAL, and I've worked on a bunch of these cases. The real problem is, it's almost always cheaper to settle than to fight. This is what we call a "cost of defense" shakedown: if it would cost $5k to fight, then it makes sense to pay $3k to make it go away. However, there are a few things to keep in mind:

* The trolls are very unlikely to go after any individual, no matter how much they huff and puff. The reason is, if they have 1000 Does in a complaint, and they start going against one of them, that Doe will (eventually) get copies of the evidence against him. If it's sh!t (and I believe it will probably turn out to be) then the other 999 Does will see that, and no longer be willing to pay.

* The insurance industry had a problem with cost-of-defense complaints: crappy auto accidents that weren't worth more than a few grand in damages. But they banded together and fought every single one of them (paying just the actual damages & medical, and fighting almost every "pain & suffering" claim). And now, you can hardly find a PI lawyer to take a small case -- they know there's no money in it. So the insurance companies don't have to fight any more, and they don't even consider paying anything you can't produce a receipt for.

The only way to clean up these trolls is if some Does sack up and fight, or if the courts stop going along with the shakedown.

Comment: Digital Asset Estate Planning (Score 1) 257

I'm the CTO for Yet Another Cloud Service, but this one may be of interest to the tin-foil-hat crowd (of which I consider myself a member). The service is Cloudfeet (www.cloudfeet.com) and one of its genesis use cases is exactly this. I'm a patent attorney, and my business partner is an estate planning lawyer.

There are a few services out there (www.mywebwill.com, www.legacylocker.com) that purport to be suitable for this application, but there are several problems with them. Principally, they're not hooked into the legal estate/probate mechanisms of any particular state, so you have little assurance that what you want to happen after you die, actually will happen.

Another problem is the tin-foil-hat part: if you don't have the encryption keys to your data, then you don't have any control over the data, or any reason for confidence in its security.

Cloudfeet uses client-side encryption, but with a (patent-pending) twist: you keep your RSA key, but the private key is encrypted using a key that Cloudfeet holds. Cloudfeet will send that key to you if you're able to complete the two-factor authentication process. Thereafter, it's a fairly straightforward implementation: you decrypt your private RSA key, then use that to decrypt individual document keys, then use those to decrypt documents.

Since Cloudfeet doesn't have your (encrypted) RSA key, we can't snoop on your documents or deliver them to the FBI in response to a National Security Letter. However, since your private key is encrypted using a key that Cloudfeet has, you don't have to be especially careful with it (although, of course, you should treat any encryption key carefully). For an attacker (or LEO) to read your documents, they have to get both your encrypted private key (over which you have exclusive control) and the key-encryption key (which Cloudfeet maintains).

Getting back to the main topic, digital asset estate planning, our system is designed to fit into ordinary probate proceedings. The canonical case for that is:

* Your estate planning lawyer sets up an account for you, with two-factor authentication & all.
* Your encrypted RSA key is printed as a QR code, which is affixed to your will and other important docs.
* You can store whatever digital information you want to preserve (e.g., passwords) in your Cloudfeet account.
* When you die, your executor can obtain your encrypted RSA key from your will, and Cloudfeet will provide the encryption key in response to your executor's request, supported by the court order appointing him to administer your estate.
* With the encrypted RSA key and the encryption key, he can access your saved passwords and carry out the instructions in your will.

More info at www.cloudfeet.com, or contact info@cloudfeet.com.

Security

Open-Source DRM Ready To Take On Big Guns 520

Posted by CmdrTaco
from the when-good-code-goes-bad dept.
Barence writes "An open-source digital rights management (DRM) scheme says it's ready to supplant Apple and Microsoft as the world's leading copy protection solution. Marlin, which is backed by companies such as Sony and Samsung, has just announced a new partner program that aims to drive the DRM system into more consumer devices. 'It works in a way that doesn't hold consumers hostage,' Talal Shamoon told PC Pro. 'It allows you to protect and share content in the home, in a way that people own the content, not the devices.' When asked about the biggest problem of DRM — that customers hate it — he argued that 'the biggest problem with DRM is people have implemented it badly. Make DRM invisible and people will use it.'"

Comment: copy & send to the EDD... (Score 1) 112

by grot (#1866944) Attached to: California to sell wage data to companies
From: your name [you@big-company.com]
Subject: wage data sales
To: eddcomm@edd.ca.gov

Hello.

I understand (from an L.A. Times article, reported on www.cnnfn.com)
that you plan to begin selling wage data to banks and other
businesses in the near future. As reported, you will require my
written authorization to sell information about me, but I am concerned
that I have already inadvertently given that permission.

Please let me know whether your department has any information about
me in its files, and whether you have explicit or implicit permission
to sell that information (whether or not you currently have it).
Also, please tell me how to withhold, in perpetuity, my authorization
for release to any non-government entity.

Thank you,

Your Name
Your Address
Your Phone

The universe seems neither benign nor hostile, merely indifferent. -- Sagan

Working...