Thursday, September 18, 2014

Zero Days

Zero day hacks are software bugs the software vendor is not aware of, and which therefore have no patch available. The "valuable" (for a particular definition of valuable...) ones are bugs that can be leveraged to give the exploiter privileged access on a computer, which can be used to install keyloggers, etc. Zero day exploits the exploits are often sold and there is debate about whether the government does or can use them in counterterrorism surveillance. If we ignore the "does the government use them?" question and focus on the "can they?" aspect, one statute that might offer the answer is the Computer Fraud and Abuse Act, 18 USC §1030(f). This section offers the government immunity from hacking when used to go after criminals. It states, "This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States." That's pretty wide ranging- "any lawfully authorized" covers a lot of ground. Is exploiting zero days lawfully authorized? I think that no matter what steps the actual exploit takes, the government might argue that it should be covered under "lawfully authorized activity" if it's part of an ongoing investigation. Is keeping knowledge of a zero day from the software vendor, so that a government agency can continue exploiting it, allowed? Is there a duty to disclose the issue so that others don't also exploit it? And is the purchase of zero day exploits covered under "lawfully authorized activity"? There's a law review article, 50 A.F. L. Rev. 135, Defensive Information Operations and Domestic Law: Limitations on Government Investigative Techniques, from 2001, which addresses 1030(f) in the context of government operations.

Monday, April 14, 2014

Creative Commons Goodness

My Instagram feed has for a long time featured occasional shots of coffee cups and my kindle. My favorite way to spend a weekend morning, after all, is so get a good cup of coffee and read, and in the vein of "shoot what you know" I've shot quite a few coffee cups + kindle still lifes. My friends have kidded me about it a few times over the years, but apparently some of them associated "coffee cup" and "kindle" with my photos enough that I was notified by a few folks when this article was published a few months ago:


THE BOOK THAT MADE ME QUIT MY JOB


- yup, that's my photo illustrating it! The awesomeness of tagging your pictures with a creative commons license on flickr and releasing them into the wild is that once in a blue moon one gets used. So cool. Looking at the last post I put up here, with the coffee cup & kindle reminded me that I wanted to save a link up here so I could find it again! So here are a few more coffee cups with Kindles. As you might guess from the name of my blog, my drink of choice is an americano, with pourovers being my fallback drink.



More Sherlock Holmes over breakfast


Weekend reading.


Pourover and more reading.



Tuesday, April 01, 2014

famous last words

April 2008, on my blog:
"I don't think that there has ever been a foray into legal territory on my blog, if I think about it. Which is a bit odd, because I'm not a lawyer, but my dad is, and I love talking about trials and legal things with him."
-- on Contracts
Spring break cappuccino

March 2014: dear blog, time for the once-every-few-years sorry-I've-neglected-you post (see exhibit 1, the most recent iteration and exhibit 2, the oldest iteration). What's my excuse this time? I'm in law school, so no free time. Also, maybe in a few years that post linked above is going to be factually incorrect. Who knows, I'm currently a clueless 1L so anything could happen. However, I went hunting through my blog today for some substantive writing from my past lives, having had some weird idea that I must have written a few posts that were more than a paragraph long. I was 98% incorrect, but I did dig up a few examples where I managed to ramble on at length.

Why am I in school again? According to my law school application essay, it's because of a conversation about open source software at OSCON 2012. I've thought a fair amount about programming vs legal issues over the last few months, and how diametrically opposed they are in so many ways. Tech industry: we are suspicious of you if you wear a suit to an interview or if you stay at a company for too long. Law: we are suspicious of you if you don't wear a suit to an interview or if you job hop. Software: I'm not sure what this program does, let's compile it and put in a break point to see exactly what's happening. Law: "'Chicken' may mean one thing or it may mean something else entirely. Who knows?" Software: you prove an algorithm is n log n by these steps that every one agrees on. Law: You might be able to prove a prima facie case of negligence with these facts, but maybe not.

In any event, I've had a few pushes from different parties to take up blogging again, so hopefully I will find time to write here more. I also hope I might find time to write about music again- the first few years of this blog were almost entirely music blogging, and it's something I miss.

So on that note, my latest favorite song is by Air Review, and you should check it out in this fabulous video of a border collie enjoying life while his owner does some mountain biking. This made me miss the Northwest so much; I need to find a weekend to get out there again soon!