emarketer.com - US Gov't Websites Concentrate on Security, Privacy.

The number of US state and federal government websites with security policies posted rose from 5% in 2000 to 34% this year, reports Brown University's Taubman Center.

USENIX - Security '02 - Technical Sessions.

USENIX - Security '02 - 11th USENIX Security Symposium.

Security '02 Technical Program - Abstract - Infranet: Circumventing Web Censorship and Surveillance. Proceedings of the 11th USENIX Security Symposium, San Francisco, California, August 5-9, 2002

An increasing number of countries and companies routinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a system that enables clients to surreptitiously retrieve sensitive content via cooperating Web servers distributed across the global Internet. These Infranet servers provide clients access to censored sites while continuing to host normal uncensored content. Infranet uses a tunnel protocol that provides a covert communication channel between its clients and servers, modulated over standard HTTP transactions that resemble innocuous Web browsing. In the upstream direction, Infranet clients send covert messages to Infranet servers by associating meaning to the sequence of HTTP requests being made. In the downstream direction, Infranet servers return content by hiding censored data in uncensored images using steganographic techniques. We describe the design, a prototype implementation, security properties, and performance of Infranet. Our security analysis shows that Infranet can successfully circumvent several sophisticated censoring techniques.

View the full text of this paper in HTML, PDF, and PostScript.

Technology Research News - Scheme hides Web access.

The ringing declaration that information wants to be free often bounces off a hard reality -- the free flow of information can attract interference. The reality online is that censorship and surveillance are widespread and growing.

The everyday flow of ordinary Internet traffic, however, could provide cover for political dissidents, whistleblowers, or anyone else who wants to access censored information online without the activity being recorded or blocked by others.

Researchers from the Massachusetts Institute of Technology have come up with a scheme that could guarantee users access to data in such a way that their actions could not be monitored.

[ ... ]

The MIT researchers' scheme, dubbed Infranet, allows Internet users to navigate using standard hypertext transfer protocol without being noticed.

The key to the scheme's ability to allow users to avoid monitoring is that it handles covert communications without adding a conspicuous amount of traffic. To be useful, a covert Internet communications system needs to cloak transmissions well enough to foil most would-be detectors, but must also be efficient enough to permit reasonably speedy browsing.

Infranet consists of software for Web servers and browsers. The scheme's responder software runs on public Web servers that store or are able to access data that is blocked or banned for some parts of the Web. Its requester software runs on systems seeking secure access to that data.

The software employs a transmission cloaking method, tried-and-true public-private key and shared session key encryption mechanisms, and existing data-hiding schemes.

[ ... ]

The responder uses the shared session key to encrypt the requested information, uses separate data-hiding techniques to embed the encrypted information in non-censored material, and sends that material to the requester as ordinary hypertext transfer protocol traffic.

The scheme currently calls for hiding the data served to the requester in JPEG's, one of several types of image files that can be transferred using the hypertext transfer protocol. In theory, responders can hide data in many types of files served up by Web computers, including MPEG video streams, said Feamster. "Our basic philosophy is to leverage existing steganography and data hiding techniques for the downstream communication," he said. In downstream communication served to the requester, "we're dealing with a pretty traditional data hiding problem," he said.

Although the researchers chose to conceal the requested information in JPEGs, and embed requests in the order and timing of hypertext transfer protocol requests, the method could work with any number of bi-directional communications, said Feamster. "Many possibilities exist: instant messaging, news feeds, stock tickers, satellite radio, online games, just to name a few," said Feamster.

[ ... ]

One potential drawback of with this type of scheme is that users might suspect that the scheme itself is a surveillance tool. This can probably be addressed by including existing mechanisms that ensure that users can trust downloaded software, Feamster said.

Another issue is how to conceal the initial download of the Infranet software, a problem the researchers are currently addressing, said Feamster. Physically distributing the software via disks is one way to minimize the risk of disclosure.

PCWorld.com - DVD Copying Software Sparks New Legal Battle.

321 Studios is heading to court to find out why you can legally make copies of video tapes and CDs, but not DVDs.

[ ... ]

The software maker plans to release on October 31 a product called DVD X Copy, which allows users to create "bit-for-bit" copies of their DVDs using a standard recordable DVD drive, says company president Robert Moore.

While the software promises to give consumers the same privileges they have for copying VHS movies, it is potentially against the law, according to industry experts. A U.S. legislation called the 1998 Digital Millennium Copyright Act deems it illegal to distribute tools that circumvent copy prevention technologies used to protect DVD content. That is just what 321 Studios' software does.

[ ... ]

"We believe those provisions in the DMCA are unconstitutional because they basically trump the fair use rights," says Michael Page, an attorney with Kecker and Van Nest in San Francisco, who is part of the legal team representing 321 Studios in its lawsuit. "If you make it illegal to make a backup copy of a work that you lawfully own, you have overstepped the legitimate bounds of the Copyright Act."

The DMCA ties the hands of software makers, says von Lohmann, who has helped fight similar cases against the DMCA. It is not against the law for users to own copies of their DVD movies, but the DMCA prohibits the distribution of any tools that make such copying possible.

"If someone wants to make fair use of a DVD they bought, they need to circumvent the copy protection technology to do that," von Lohmann says. "The DMCA would arguably make that illegal.

"If nobody can build the tools, then essentially we've all been denied our fair use rights," he says.

Slashdot | Your Rights Online - Open Debate Between RIAA VP And DMCA Critic.

A GW student writes "The George Washington University's School of Engineering and Applied Science along with the Cyberspace Policy Institute are sponsoring some kind (hasn't really been decided yet) of debate between Stanley Pierre-Louis, Vice President Legal Affairs for the Recording Industry Association of America and Professor James Boyle of Duke Law School. Remember, Prof. Boyle just received an anonymous $1 million to fight the DMCA. The event is open to the public. It will take place on Tuesday October 8 in Washington, DC on GW's campus. The abstract and other details are here. Stick around, and the next day you can go to the Supreme Court to see Lawrence Lessig argue Eldred v. Ashcroft."

BBC NEWS | Business | Judge brands song swap laws 'unclear'.

A US judge has said that the law governing the trading of music files over the internet is unclear.

District Judge John D Bates was hearing a test case brought by the Recording Industry Association of America (RIAA) which aims to help put an end to the online swapping of copyright music.

The music companies want to force internet service provider Verizon to reveal the identity of a subscriber who allegedly used its services to trade copyrighted songs.

If they can obtain the names and addresses of song-swappers - without going to court first - they can bombard them with written warnings ordering them to stop.

[ ... ]

Verizon argued that it should not be required to monitor its users' activities.

It said that a ruling in favour of the music industry would breach its subscribers' privacy, and set a precedent which could force other internet companies to provide their customers' names.

[ ... ]

Verizon says it would be unfair to cancel users accounts unless the music companies concerned filed formal legal proceedings that would give the users a chance to fight back.

But the music industry says that would take too long.

Slashdot | Your Rights Online - Judge In RIAA Test Case Calls DMCA Unclear.

otisaardvark writes "BBC News has an interesting article about how the judge has chided Congress for being inept and unclear. There are repercussions for both sides; primarily that the initial verdict will take far, far longer."