The Indian government says it’s reached an agreement that will allow government agencies in that Asian nation to eavesdrop on traffic emanating from the BlackBerry Messenger Service. It’s a temporary solution, but India’s government says a permanent deal should be in place by Jan. 31, 2011.
India first threatened to shutter the service a few months ago. So BlackBerry’s parent company, Research In Motion, found itself in quite a pickle – either risk losing access to a market of more than 1 billion people, or agree to subvert its own customers’ privacy. Obviously, the threat of taking a big financial hit won out.
India and several other nations in Asia and the Middle East have expressed concern that terrorists can use texting services like BBM to carry out their activities, and without government monitoring, they might be able to do so unchecked. The United Arab Emirates came to a similar agreement with RIM a couple of weeks ago, although BBM wasn’t specifically mentioned.
Despite the convenience, free public Wi-Fi networks like those found in hotels, Starbucks, and McDonald’s are also a serious risk when it comes to your data and personal information. A new Firefox plug-in makes it even easier for tech novices to snoop wireless traffic, making it even more crucial than ever that users understand the risks and take precautions when using Wi-fi hotspots.
The Firesheep plug-in was developed by security researchers to highlight how insecure public Wi-Fi networks can be. Mission accomplished. Unfortunately, the tool works quite well, and its public availability now places a relatively powerful snooping tool that requires virtually no hacking skills or exceptional tech knowledge in the hands of anyone.
Another Firefox plug-in called Blacksheep was developed as a Firesheep alarm. It won’t secure your wireless data, and it won’t prevent your information from being snooped by Firesheep per se, but it will alert you when Firesheep is in use on the network you’re connected to so that you’re aware.
Bottom line, wireless networks are not as secure as their wired counterparts, and Wi-Fi hotspots open to the general public are even less secure. If your laptop can connect to a wireless router 100 feet away, then so can any other device in a 100-foot radius of that wireless router–which is why the router should have encryption enabled and require a password of some sort to gain access.
The issue is mainly a function of public Wi-Fi hotspots which generally have a completely open, and unencrypted wireless network available for patrons to join. In some cases, such as hotels, the Wi-Fi may actually use a password to prevent abuse by users who aren’t actually staying at the hotel, but those are only slightly more secure because the password is shared with everyone who stays there, and is rarely changed so acquiring it is a trivial matter.
Chet Wisniewski, a senior security advisor with Sophos, implored establishments such as Starbucks and McDonald’s to improve security by adopting an encrypted network with a default shared password. The sentiment is admirable, and the solution offered would provide better protection than no encryption at all–and prevent snooping by the current version of Firesheep–but, in the grand scheme it’s not much better.
A comment on the Sophos blog explains, “I’m not really sure “free” as password is a great idea, since a password in WPA2 is nothing but a pre-shared secret, which in turn is then used to create a unique key. The problem is, when everyone uses the same password, everyone will end up with the same key, which will be in intended use client and access point, but if someone else knows the password he will be able to come up with the same key,”
The commenter concludes with, “You might say now it’s better to have some encryption instead of none, but I think that’s even more dangerous, because people now will actually think they are secure, and will therefore feel at ease to do more dangerous stuff, while a black hat will actually have just little more inconvenience to decrypt it first based on the password he knows. In fact, a black hat might even be more attracted to such hot spots because he knows people feel more at ease to do dangerous things there.”
Public hotspots are convenient. It is nice to be able to kick back and surf the Web while sipping a pumpkin spice latte at Starbucks. Just realize that the Wi-Fi is insecure and limit your activities. Go ahead and read the headlines at CNN.com, but don’t check your bank balance, or do anything else that requires entering a username, password, or account number.
If you want or need to do more sensitive tasks over the public Wi-Fi, use a VPN connection of some sort so that there is an encrypted tunnel between your laptop or tablet and the destination you are connecting to.
Lawyers from across the government are investigating whether it can prosecute WikiLeaks founder Julian Assange for espionage, a senior defense official said Tuesday.
The official, not authorized to comment publicly, spoke only on condition of anonymity.
The decision is complicated by the very newness of Assange’s Internet- based outfit: Is it journalism or espionage or something in between?
Other charges also might be possible, including theft of government property or receipt of stolen government property.
By Pete Yost
The government’s decisions about whether or how to bring criminal charges against participants in the WikiLeaks disclosures are complicated by the very newness of Julian Assange’s Internet-based outfit: Is it journalism or espionage or something in between?
Justice, State and Defense Department lawyers are discussing whether it might be possible to prosecute the WikiLeaks founder and others under the Espionage Act, a senior defense official said Tuesday.
They are debating whether the Espionage Act applies, and to whom, according to this official, who spoke anonymously to discuss an ongoing criminal investigation. Other charges also might be possible, including theft of government property or receipt of stolen government property.
Rep. Peter King of New York called for Assange to be charged under the Espionage Act and asked whether WikiLeaks can be designated a terrorist organisation.
But Assange has portrayed himself as a crusading journalist: He told ABC News by e-mail that his latest batch of State Department documents would expose “lying, corrupt and murderous leadership from Bahrain to Brazil.” He told Time magazine he targets only “organisations that use secrecy to conceal unjust behavior.”
Longtime Washington lawyer Plato Cacheris, who represented CIA official Aldrich Ames and other espionage defendants, said Tuesday that Assange could argue he is protected by the First Amendment, a freedom of the press defense. “That would be one, certainly,” Cacheris said.
Constrained by the First Amendment’s free press guarantees, the Justice Department has steered clear of prosecuting journalists for publishing leaked secrets. Leakers have occasionally been prosecuted, usually government workers charged under easier-to-prove statutes criminalising the mishandling of classified documents.
But two leakers faced Espionage Act charges, with mixed results.
The last leak that approached the size of the WikiLeaks releases was the Pentagon Papers during the Nixon administration.
The Supreme Court slapped down President Richard Nixon’s effort to stop newspapers from publishing those papers. But the leaker, ex-Pentagon analyst Daniel Ellsberg, was charged under the Espionage Act with unauthorised possession and theft of the papers.
A federal judge threw out the charges because of government misconduct including burglary of Ellsberg’s psychiatrist’s files by the White House “plumbers” unit.
The Reagan administration had more success against Samuel Loring Morison, a civilian intelligence analyst for the Navy and grandson of a famous US historian. Morison was convicted under the Espionage Act and of theft of government property for supplying a British publication, Jane’s Defence Weekly, with a US satellite photo of a Russian aircraft carrier under construction in a Black Sea port. Dozens of news organisations filed friend-of-the-court briefs supporting Morison because he was a $5,000-a-year part-time editor with Jane’s sister publication and thus arguably a journalist.
But WikiLeaks has entered a space where no journalist has gone before. News organisations have often sought information, including government secrets, for specific stories and printed secrets that government workers delivered to them, but none has matched Assange’s open worldwide invitation to send him any secret or confidential information a source can lay hands on.
Is WikiLeaks the leaker or merely the publisher?
“The courts have been somewhat reluctant to draw a line of demarcation between what we call mainstream media and everyone else,” said Washington attorney Stan Brand. “If these people are publishing and exercising First Amendment rights, I don’t know why they’re less entitled to their First Amendment rights to publish.”
But at a news conference Monday, Attorney General Eric Holder contrasted WikiLeaks with traditional news organisations, which he said acted responsibly in the matter even though several posted some classified material. Some news organisations consulted with the government in advance to avoid printing harmful material; Assange has claimed his efforts to do likewise were rebuffed.
“One can compare the way in which the various news organisations that have been involved in this have acted as opposed to the way in which WikiLeaks has,” said Holder.
Some see openings for the government.
Assange “has gone a long way down the road of talking himself into a possible violation of the Espionage Act,” First Amendment lawyer Floyd Abrams said on National Public Radio, noting that Assange has said leaks could bring down a US administration.
Washington lawyer Bob Bittman expressed surprise the Justice Department has not already charged Assange under the Espionage Act and with theft of government property over his earlier release of classified documents about US military operations in Iraq and Afghanistan. Bittman said it was widely believed those disclosures harmed US national security, in particular US intelligence sources and methods, meeting the requirement in several sections of the act that there be either intent or reason to believe disclosure could injure the United States.
“These are not easy questions,” said Washington lawyer Stephen Ryan, a former assistant US attorney and former Senate Government Affairs Committee general counsel. Ryan said it would be legally respectable to argue Assange is a journalist protected by the First Amendment and never had a duty to protect US secrets.
But Ryan added, “The flip side is whether he could be charged with aiding and abetting or conspiracy with an individual who did have a duty to protect those secrets.”
On the question of conspiracy there’s a legal difference between being a passive recipient of leaked material and being a prime mover egging on a prospective leaker, legal experts say.
Much could depend on what the investigation uncovers.
Army Pfc. Bradley Manning is being held in a maximum-security military brig at Quantico, Va., charged with leaking video of a 2007 US Apache helicopter attack in Baghdad that killed a Reuters news photographer and his driver. WikiLeaks posted the video on its website in April.
Military investigators say Manning is a person of interest in the leak of nearly 77,000 Afghan war records WikiLeaks published online in July. Though Manning has not been charged in the latest release of internal US government documents, WikiLeaks has hailed him as a hero.
Another obstacle would be getting Assange to the United States. His whereabouts are not publicly known.
In France, Interpol placed Assange on its most-wanted list Tuesday after Sweden issued an arrest warrant against him as part of a drawn-out rape probe – involving allegations he has denied. The Interpol “red notice” is likely to make international travel more difficult for him.
But even if Assange were charged and arrested in a country that has an extradition treaty with the United States, there could be problems getting him here. The Espionage Act carries a maximum penalty of death, and nations with no death penalty often refuse to send defendants here if they face possible execution.
One renowned First Amendment and national security lawyer, Duke law professor emeritus Michael Tigar urged caution.
“The US reaction to all of this is rather overblown,” Tigar said. “One should hesitate a long time before bringing a prosecution in a case like this. The First Amendment means that sometimes public expression makes the government squirm. … That diplomats collect information, and are sometimes brutally candid, comes as no surprise to anybody.”
(This version corrects grammar in 1st paragraph, changing “is” to “are.”)
AP
The criminal case of the alleged Goldman spy is off and running, and it’s shaping up to be a good one. The case seems likely to open a window into the mysterious world of high-frequency trading and to shed some light inside Wall Street’s most notorious powerhouse, Goldman Sachs. But the lawsuit might do something else, too: It could test legal limits related to trade secrets — and cause angst far from the trading world.
The man of the hour is the defendant, Sergey Aleynikov. Aleynikov was a programmer in Goldman’s high-frequency trading group and is accused of taking code in order to help a new employer compete with Goldman. He disputes this and has said he intended to take some code, but not anything secret – just open-source code. The open-source part of that is crucial.
When open-source code is involved, what can be defended as a trade secret? His argument is “going to make it harder for government to prove that what was taken was in fact proprietary to Goldman,” says Brent Cossrow of the Employee Defection and Trade Secrets Practice Group of law firm Fisher Phillips. That could roil the high-frequency trading world, a competitive and controversial business that is transforming the financial markets. Beyond that, any company that has open-source software sitting on its networks, integrated into its digital intellectual property, might have to circle the wagons and figure out what to do.
High-frequency trading relies on algorithms that exploit tiny price differences in the markets. Do that enough, fast enough, and it can lead to big profits. Algorithms that do best have essentially found a niche in the market, and their owners are secretive because they don’t want anyone else muscling in on their niche. The algorithm is the secret sauce.
Goldman purchased its original code in 1999 from Hull Trading, founded by Chicago trader Blair Hull, for $531 million. After that, Goldman presumably had the right to do what it wanted with the code. It could add to it, take away from it, and tinker with it at will. It brought on programmers to do that, including Aleynikov. Programmers are vital in this space, and they’re demanding high pay. After UBS reportedly came calling for Aleynikov, Goldman paid Aleynikov $400,000 a year.
But when programmers write new code to insert into existing code, that can take hours. So sometimes, instead, they use open-source alternatives available for free on the internet. Open-source software is meant to be shared. It’s used in many industries, but Wall Street’s programmers find it particularly useful. In trading, time is money, so speed is prized.
In this case, proprietary and open-source code come head to head. Around the time Aleynikov planned to take a new job, he uploaded some code. Goldman says he stole proprietary code that it and the government claims is a trade secret. But Aleynikov says that he only meant to take open source code, which by definition isn’t secret.
Cossrow says this argument raises several questions. How much of what Aleynikov downloaded was open source? How much of it was proprietary? Those questions are possible to answer — it requires looking at the code and at the metadata (data about data) underlying it. That could mean laying bare Goldman’s code, which would be something between a headache and nightmare for Goldman. The government wants the courtroom closed if that happens.
But there are more questions: as there are hundreds of open-source licenses, what were the terms of the open-source license or licenses associated with the code Aleynikov is accused of taking? And how did Aleynikov use the code in the broader software?
All that leads to the ultimate question: how much open source code, and of what quality, does it take to dilute a trade secret? As Cossrow explains, “if you bake the world’s best brownie, and the recipe is secret, the mere fact that you used water as an ingredient doesn’t mean the whole recipe is diluted.” However the courts haven’t gotten much more specific than that.
For lawyers like Cossrow, this case is turning into a big deal. There’s no telling where this argument could take Aleynikov, but if it works, it could turn out that Goldman’s alleged trade secrets aren’t really secret at all. That could blow up Goldman’s trading profits. It’s all very interesting stuff — and that was just the first day of trial.
