Can the DMCA Kill the Cloud?

The DMCA (Digital Millennium Copyright Act) is a powerful tool for copyright holders. Take down notices get served to many websites daily to remove infringing items, yet many are false positives. Will the DMCA harm cloud computing? I think its a good possibility.

I recently read an interesting article on SC Magazine about a security researcher who had her MediaFire account suspended for 36 hours because of a DCMA notification. The infringing files she had on the account for years, and were malware files that had been or were being researched by her and others. There is also the case of speeches from the recent political conventions been taken down off You Tube because of automated filters to prevent DMCA take down notices. The amount of false positives reported to the news outlets it a small portion of what actually is out there, but they tend to make big news.

So what does this all have to do with killing the cloud? The answer is quite a lot. If the filters and DMCA searches are conducted in a way that can breed a lot of false positives, such as just going by file names and sizes, then what is to prevent a DMCA notice and fight over a companies private files that have the same name as some other companies files? Better yet, what if something is named too similar to something from the entertainment industry? a presentation that uses music, hey there can be a DMCA takedown notice right there if a file scanner digs into it, or if you leave the name of the song in the filename.

The idea being that all these notices can help make people gun shy about moving or even using the cloud. Copyright is needed, yet has been blown way out of proportion in its longevity. Life of the artist plus 75 years is way to long, considering that copyrights were meant to foster innovation, not to allow someone to sit back on their laurels. Now we see that it can affect researchers which are reaching to the cloud to help analyze items in a file. This can affect not only the infosec area but other areas such as medicinal or other science research. All this because one is guilty until proven innocent. This can and will affect the future in more ways than we can see at this time.


The Sky is Falling

Years ago I use to think McAfee was a good Anti-Virus program. Then they got bloated. Now McAfee is becoming chicken little.

You can see the reports regularly. New exploit in this, new trojan here, new zero-day exploit, and on. The world of securing your information and your identity, either individual or corporate, is a complex and never ending battle. Nothing is going to be 100% secure. you know it, I know it and the bad guys know it. Its a matter of mitigation. The smaller area of attack we give the bad guys, the more chance that they will pass us up for an easier target.

It becomes more complex every year. New devices come out, connectivity becomes better, people become more greedy. In fact the more complex things get, the easier it is to break into them with simplicity. You may ask how is that the case. Simply put you just showed how. We tend to gloss over the simple items for the more complex ones, including bugs and holes. That is a discussion to have another time though.

Right now, in the security field, McAfee has been making a lot of headlines lately. From a RAT Report that other companies are calling “shady” to the latest report from them about cars becoming the next hacking target, McAfee keeps getting their name out there. The problems with these reports is their are either obvious or disputed. That McAfee look more like an attention hound than anything else.

This grab for attention comes on the heels of a decade of McAfee putting out worse and worse products. Suites that are so bloated that you machine drags to a crawl during start up. Anti-Malware products that let too much Malware through. Software that is difficult to remove from a system should you prefer to go with one of their competitors. How the mighty have fallen.

Most companies in the consumer security field, especially those that make Anti-Malware software, can run into these same pitfalls as the become more popular. Norton has, although they are slowly turning things around, they still have a long way to go. Kaspersky is doing its best not to fall down that path, but it does seem to be getting more resource intensive. AVG, well they put out a decent product but we are about due for another bad patch that messes machines up. None of them are perfect, but some are better than others, and McAfee has been considered part of the bottom of the heap for a while now.

So McAfee throws up a smokescreen. Instead of improving their product, they try to show that they know more. Sorry but knowledge of what is happening, and the ability to translate that into a decent working product do not have to be equal. In fact, McAfee has shown me that you can have the knowledge without the product. Then again, McAfee lately has been more like Chicken Little. Just remember, the sky isn’t falling, things are just progressing. We as the ones in the field need to keep our wits about us and it will all be fine.

Facbook Video Chat

Last week Facebook announced a new video chat powered by Skype. The question is, what does this mean for privacy?

Facebooks announcement last week of now having the ability to have video chats with friends was a big announcement. It meant that Facebook was doing something other chat systems have had for years. The partnership with Microsoft/Skype (that deal is still pending approval), is logical. The problems that Facebook can face though, have me wary of it.

First off, Facebook doesn’t enforce its own TOS, which has an age limit. We already have heard about cyber bullying cases. The video chat can take this to a new level. What about people pretending to be your children’s age, but really being pedophiles? This now takes on a different issue. There are 2 other things though that bother me about this.

First, encryption of calls. I haven’t had a full chance to play with the system, but nowhere have I seen any mention that the calls will be encrypted. Skype itself uses encryption on the client end, but Skype also is a P2P system, so the encryption happens at a person’s machine. Facebook looks to be a server solution, so are these call being encrypted, or can someone easily look in on them? I know some people are looking into this aspect.

The other troublesome part to me is a patent that Microsoft has from 2009 to silently record calls over a network. With the pending acquisition of Skype, it can be very easy for Microsoft to toss this technology in Skype, and the Facebook chat. think of it, your calls, your video, your “private” conversations, recorded without your consent, without your knowledge, and possibly without a warrant. This is not to say that they will, but the opportunity is there. Not only that, but think of Facebook’s stance on privacy. They have already said that they don’t care about it. People will get used to not having privacy. Imagine the information they can get from your phone calls.

I am not saying that these scenarios will happen, but they are possibilities. Some more likely than others, but they all must be taken into consideration.