After that, if there’s any time, we’ll have a brief look at a new theory of physics that may integrate gravity and quantum theory. Gosh. And, of course, steam cars.

I’ll be on air after the 11am news. If you don;t want to listen live, shortly after the programme, you’ll be able to get it as a podcast or just download the audio as ogg or mp3.

There are various measures available to Internet censors. China, for instance, runs the so-called “Great Firewall” – a single point of access for all Internet traffic entering and leaving the country. Centralized national firewalls offer a high level of control, but they find it hard to deal with traffic which is encrypted (as a lot of Internet traffic is, routinely). Almost invariably, they have to block a lot of material which is wider than their intended purpose, just to be sure. You can’t allow free access to Google if you don’t your population to even be able to search for specific concepts. Another issue is that the engineering for the great firewall gets quite problematic. It needs to be able to pass a great deal of traffic very quickly while filtering out the “bad” stuff. Finally, there needs to be a staff who are dedicated to controlling the filter, adding new sites to it, perhaps removing old ones, and generally dealing with issues it throws up.

A more limited technical measure is to control the Domain Name System (DNS) in the country. This means that people typing the address of a “bad” site into their browser would instead get a page saying “naughty naughty” or some such. In fact, if they knew the IP number to go to – and it wouldn’t be hard for a determined person to find this – they will evade this form of censorship altogether. This technique would involve its own engineering challenges as well as the problem of managing the list of bad sites.

And deciding what gets blocked is the core of the problem with automated, technical measures like the two described above. There’s no way for the general public to inspect the list of what gets blocked – if you publish the list, you are just publishing a list of sites that you don’t want people to go to. If you don’t publish the list, there is no accountability that governments will only block CAI (or whatever they have said they will). The list can and will expand for several reasons: incompetence, in the case of the Queensland dentist’s site blocked by the Australian filter; a desire to protect the filter itself (Wikileaks); and an extension or what we regard as repugnant or harmful, but don’t necessarily want a public debate about.

There is another technique that governments use to control what people do on the Internet. That is, simply, to watch what is going on within their country and apply real-world sanctions to people breaking the law. All countries do this to a greater or lesser extent. In New Zealand, for instance, the Department of Internal Affairs looks for images of child abuse (i.e. child pornography) and prosecutes people involved in making or trading them. The recent charges brought against a blogger for allegedly breaking a suppression order are another example. This approach seems the natural one for an open society like New Zealand to take. It relies on humans to detect and discern illegal activity rather than machines. That’s how our court system works. It’s also how law enforcement works. We don’t require people to have licences for cameras; of course not, cameras are widely used for a variety of entirely legal purposes. We prosecute people who use cameras to break the law. It should be the same for computers and the Internet.

To summarise: filtering the Internet is problematic technically, but most of all it is incompatible with a democratic open society. Prosecute the wrongdoers but leave the Internet alone.

I’ll talk about his case today on Radio New Zealand National after the 11am news, as well as handing out a brickbat and a couple of bouquets. After the broadcast you’ll be able to download the audio as ogg or mp3.

Gary McKinnon – British computer programmer – the facts

• Early 40s, originally from Glasgow although grew up in London
• Accessed 97 US government and military computers in 2001/2, from Britain
• Why: Claims it was to uncover evidence of UFOs – his activities in the computers seem to back this up
• McKinnon doesn’t dispute that he accessed the computers. He says that they were open (i.e. default passwords) and that he just left messages saying how bad their security was.
• US claims that he deleted some critical operating system files on some and caused $700,000 of damage
• Tracked down to Britain, arrested in 2002
• US announced it wanted to try him in the US “biggest military computer hack of all time”
• In 2006 the Brits decided to allow extradition to the US
• In the US could face 70 years, perhaps even in Gitmo
• Since then a series of legal appeals including to the House of Lords and the European Court, and the UK Home Secretary
• Wants to be tried in the UK. In the UK, still illegal but a far lesser penalty.
• Has been diagnosed with Aspergers by none other than Simon Baron-Cohen or Cambridge
• Still appealing but his chances look slim.
• A lot of public support – 80MPs calling for prison to be served in UK. List of luminaries, Sting, Boris Johnson, Bob Geldof, Terry Waite, the LibDems. Daily Mail running a campaign. Some people believe he was entrapped.

Opinion

• Do not tweak the military’s nose. Even if you think they are stupid. They have a lot to lose by being made to look stupid.
• The guy is clearly not on the same planet as the rest of us – UFOs, “Free energy”
• That’s what this is about and the UK government shouldn’t be letting the US military get away with it. Let’s have a bit of humanity
• Compare with Knox / Kercher case – 26 yrs for murder.
• Change law if necessary
• By all means try the man but do it in his home jurisdiction

Links

Gary McKinnon – evil hacker or confused Asperger’s sufferer?

But that’s not what I want to write about today. Like everyone else, I’m horrified by the way an airliner has disappeared over the open ocean, with apparently nothing more than a storm to blame. None of us who fly will feel safe until we understand how that happened, and how we can stop it happening again. The information about what happened to the aircraft is contained in two so-called “black boxes” (although they are actually orange) which are held on board the aircraft, presumably now in some 4,000 metres of water. They are going to be pretty difficult to find and recover. And it’s not clear that they would survive a fall from 10,000m cruising altitude in the first place.

What I’m proposing here is that the flight information that the boxes record in civilian airliners be continuously transmitted back to land. The black box becomes a server at, maybe, Boeing or Airbus Industries. Information in transit would be encrypted and subject to the same controls as the black boxes are. When the worst happens, and an airliner crashes, we will always be able to reconstruct the flight information and cockpit voice.

Reports in the papers suggest that some telemetry was taking place, mentioning a “burst of automatic messages”. That’s some clue, perhaps, to what befell the aircraft and those aboard, but it’s nothing like as complete a record as the black boxes should hold.

Let’s hope that aircraft manufacturers, airlines, and safety regulators can make this happen.

Last weekend this all broke wide open. Video rental shops in the larger chains tried to get their customers to sign a petition demanding that S92A be retained. In one of the United Video shops around Hamilton, at least, video shop staff were telling customers that this petition was all about stopping child pornography. They were told to say that, they said, by their manager.

Of course, everyone now denies telling the store staff to say this. The head of NZFACT, an organisation that fights the infringement of video copyrights, said that the petition had nothing to with child pornography and that he had sent out an email to correct this. United Video’s general manager Lindsay Hall said on Radio New Zealand on Monday “at no stage has anyone in head office told to them to use the child porn angle”.

Let’s just get this clear. There is NO child porn angle. I don’t think for one moment that the copyright holders are claiming copyright in child pornography. That’s what S92A is about – whether copyright holders have the right to kill your Internet connection on the basis of an accusation that you have infringed their copyright. So for Mr Hall even to refer to ‘the child porn’ angle is, at best, misinformed. Linking S92A to child porn is a despicable lie. It’s a smear, plain and simple.

The Internet poses a threat to the rental video business. It’s going to be interesting to see how it responds. There are legal ways to download movies or watch them online, such as Apple’s iTunes. And there are DVD rental services that use a website to choose and order films. Unfortunately the brick and mortar stores seem determined to try to do their bit to kill the Net rather than embrace it. I’d be surprised of many of their customers agreed with them.

I wonder how many of those who have signed the video rental stores’ petition did so because they were told the lie about child porn? The petition is not going to be particularly credible as a result, if it ever sees the light of day.

I’d like to finish with a quote from Hollywood’s main lobbyist of the late 20th century, Jack Valenti. He got very worked up about the availability of home video equipment which, he said, would threaten the viability of the movie industry. He told Congress that ”the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.”

If he’d been right, United Video wouldn’t exist.

Today on Radio New Zealand National I talked about this and how it works. Read on for my speaking notes or download the audio as ogg or mp3.
Today what I really want to talk about is the technology around airline check-ins.

Q: Air New Zealand has just changed to a fancy new system.

A: Yes, it has, and I came through Auckland domestic on the first morning of the new system the Sunday before last.

Q: How did that go?

A: A few teething problems, I’m afraid, but lots of staff on hand to sort them out.

You’ve been able to check in online at Air New Zealand and lots of airlines for some time. You go onto their website, you choose a seat, and you print a boarding pass. Of course, this relies on you having a printer, which I generally don’t when I’m away, and the check in only works a few days before the flight so for the return leg it’s not much help.

But why do you need a paper boarding pass at all? What Air New Zealand has done is to provide a mobile phone application, so that a suitably equipped phone can download a boarding pass and display the pass on its screen. Then you just need to show the phone to the pass reader at the aircraft gate.

Q: Does this actually work?

A: It’s supposed to. I wasn’t able to check it because – wait for it – doesn’t work on the iPhone, which is easily the fastest selling smart phone in New Zealand. I think it may be the fastest selling phone of any kind in this country. Air New Zealand assure me that it will be available on an iPhone, but probably not until early next year.

Q: If you’ve got the right kind of phone, what happens?

A: If you don’t have bags, you are supposed to be able to just go to the gate at the airport and get straight on the plane. That’s one new way of getting on the plane – by using your mobile phone.

But wait, there’s more: Air New Zealand have also sent a lot of their customers a small electronic pass – called an RFID, or Radio Frequency Identifier, that they are encouraging us to glue to our mobile phones.

Q: So they can track you around the airport?

A: Air NZ is at pains to say no, that’s not what it’s for. They say it can only be read at short range, and it doesn’t contain any personal information – although it presumably contains some kind of unique identifier, probably your air points number, otherwise there’s no point in it.

Q: Are you going to stick one to your mobile?

A: No. I like my phone too much. But if I carry it, it will make all the check-in stuff much easier – just go to the gate and wave the RFID at the reader there.

Q: What if you have bags?

A: You have to go to the check in area and there’s a machine which prints your bag tags. I don’t know whether you have stick your bag tags on your self or whether there are staff to help you.

Q: This all sounds like a lot more self service.

A: That’s not necessarily a bad thing, though. This way, you get what seats you want. Before, all we did was queue for a check-in clerk to key our details into a computer system and give us a boarding pass. Now we deal with the computer system ourselves. That’s part of an overall trend, not just in airlines. Think banking, for instance.

So, I think it’s overall a positive move. But there are still some fishhooks to come out of it. I believe that security regulations still require you to have a paper copy of your airline ticket on you. That’s an Aviation Security requirement, not an airline one. That partly defeats the point of the system because you still need the paper. Even so, though, I think the Are New Zealand changes sound like a great idea and congratulations to them for having the guts to do it.

Links

.

Air New Zealand on its electronic boarding passes, and a technology blogger’s take on it. Read the comments if you are interested in how the technology works.

A good article in the New Zealand Herald about the changes.

Kim Davies of IANA has written a very readable account of the problem in DNS security. It makes for scary reading. The bad guys will get control of the Internet unless we deal to this problem.

I have bitten the bullet and agreed to have a new roof on my house. Just patching the old one won’t keep the water out any more – it just comes through another place every time it rains. The DNS needs a new roof as well, and it’s called DNSSEC. It will involve lots of Internet folk in real work, but we need to get on with it.

This is highly likely to be illegal, both on telecommunications intercept grounds, and on the “anti-hacking” parts of the Crimes Act. The article doesn’t mention that, or any downside at all.

I’m amazed that anyone would think this is a reasonable thing to do. If you are reduced to spying on someone, why are you in a relationship with them? And, if someone spied on you like that, would you want anything more to do with them?

Update: Apparently the person concerned isn’t even a proper private investigator – check the second comment below. Looks like the Sunday Star Times was more than a little credulous.

Hat tip to Bruce Schneier’s excellent blog about security for the link.

Q: Electronic voting – you mean voting machines?

A: That’s one way of doing it. Another would be to vote online, although that’s even harder.

Q: How would electronic voting machines work?

A: Simple in principle – you just wire up a general-purpose computer to a simple touch screen, or maybe a panel with a set of buttons in it. And these things exist – they are widely used in the US. After the hanging chads debacle – remember 2000, everyone – Congress passed something called the Help America Vote Act which essentially pushed electronic voting machines across the country.

Q: That’s got to better than what they were using before!

A: It’s still controversial.

Q: Why?

A: Because it’s unauditable – or at least, that’s the way its been implemented in many parts of the US. The most common type of machine is made by a company called Diebold – you might have seen that name on an ATM, by the way, ATMs and voting machines are basically just PCs in a box with a special kind of screen and keyboard. The Diebold machines make it very easy for you to select the candidate you want to vote for, they can work well even if you don’t speak English well, by offering multi-lingual support just like ATMs. And then the machines automatically upload their totals to a central computer and you have an answer immediately, all untouched by human hand. But the big problem is that the machines don’t give you a paper trail. So there’s no way to go back and verify that 356 people really did vote for party A, and there’s no way for you to be certain that your vote for party A really was entered as that.

Q: How do scrutineers from the parties check the system is working?

A: They can’t – it’s a big “trust me”, basically. They can check that people go into the booths with the machines, but that’s where it stops. There’s no guarantee that whatever they do with the machine leads to the outcome they think it will.

Q: Can’t the machines themselves be audited?

A: Not really. The programs they run are treated as intellectual property – a trade secret, basically.

Q: So how can the voters know they work!

A: They can’t. This is the crux of the whole thing. I can’t help thinking that there would be enough profit in simply building the machine, but, no, Diebold want to monopolise the software as well, and the effect is that no-one can be sure if the election is fair.

Q: Is there any evidence that they have actually tried to change the result of an election?

A: Depends what you mean by evidence. Their CEO was on record as saying just before the last election that he was committed to helping his home state to delivering its electoral votes to the president, to Bush. Now, that has been spun since as an unfortunate gaffe – albeit one that the CEO committed to paper, signed and sent to a large number of people. Now, in New Zealand I’m picking that would have been a resigning mistake at the very least, if not one that lost you all your voting machine business, but apparently that’s not what happened in this case.

Q: What did happen?

A: Eight million Americans voted with Diebold machines at the last election. I don’t know how many will this time round.

Q: They don’t get a choice, right?

A: No, the voting system is run by the county they live in. You vote with what the county supplies or you don’t vote.

Q: Who makes the decision what voting systems to use?

A: In the US, that would be elected officials, I guess. It does get a bit circular, doesn’t it?

Q: You don’t think we’ll be seeing voting machines here anytime soon?

A: I’d be very surprised. New Zealand is justifiably proud of its democracy. And we have one of the highest turnouts of any country.

Q: Australia has more than we do.

A: Yes, but they fine you if you don’t. We have a huge turnout considering that we don’t force people. I think that’s partly because our system is so transparent, so people can see what impact their individual vote is having.

Q: Why can’t we vote on the Internet?

A: It would be quite cool, wouldn’t it? I don’t see it happening for while, though. It’s hard to enforce a secret ballot when the voting is done over the Internet.

Q: Because you can’t make the Internet secure?

A: No, that’s a solved problem. We had the census run quite effectively on the Internet last time. And we all do online banking; that’s pretty secure so long as you have more than just a password to get on. The problem is more about vote selling and stand-over tactics. As the voting works at the moment the scrutineers check that you go into a booth alone and that you vote alone. Then you fold your ballot to conceal your choice and put it into the ballot box. Only you know what you voted.

Q: You could tell someone

A: Of course you could, but you can’t prove to someone what you voted. That’s really important because it destroys the opportunity for someone to buy your vote – they have no way of proving that you actually voted the way they told you to. Stand-over tactics are the same problem – imagine you were intimidated by armed thugs standing in the booth with you and making it clear who they thought you should vote for.

Q: Sounds like Zimbabwe…

A: Quite. But if you allow people to vote online you break that secrecy, because someone who is trying to buy votes could literally stand over you and watch you vote, all without a scrutineer there to observe it. Or, better still, they could just buy your voting papers and vote on your behalf. No-one would be any the wiser, you’d have a few dollars in your pocket and someone would have bought an election.

Q: Voting with machines makes it easier to count.

A: It certainly does. That’s pretty much the intention of all the voting machinery out there, even the infamous punch cards that Florida was using in the 2000 presidential election. You can push the cards into a counting machine and it tallies up the vote. Just as with the Diebold machines and other similar ones, they upload their results to a central computer which counts. You can get a result immediately.

And with some modern voting systems, a computer is just about essential to get the result. I’m really talking about STV – single transferable vote here. It’s staggeringly labour intensive to run an STV election with lots of candidates and lots of votes. Even a computer takes a while.

Q: The local government election in 2004 had problems.

A: Yes, and that was held up as the voting system – but the problem wasn’t the voting system, it was getting the votes from paper ballots into a computer in the first place. I think there was an underestimate of how hard that was. And the most recent local government election went well, so someone must have learned.

Links

A page about electronic voting security by Avi Rubin.

Story about Diebold voting machines.

Hilarious satirical video about electronic voting.