Family Holloway

TorrentFreak reports that “the controversial French HADOPI anti-piracy law was passed by the National Assembly today, one step closer to being signed into action. [...] The law goes much further than disconnecting alleged file-sharers though. In addition it is now possible to take “any action” in order to put a halt to copyright infringement. For example, websites can be blocked without having to provide hard evidence that they are engaging in illegal activities.” This is sad news for french citizens but the fight isn’t over yet. 296 votes were in favor and 233 were against and reports say that there are still fierce debates and politicking. With an average of 37% of copyright claims being false and 57% of claims being by businesses against competitors if France chooses to punish people based on accusations then we know what to expect.

disclaimer: I’m not in government so if you’re going to consider encryption first talk to someone authoritative like the GSCB about NZ government practices around encryption.

ComputerWorld reports that the Privacy Commissioner Marie Shroff says that government agencies have inadequate USB stick security. The problem is that sensitive data is being taken out of government agencies and occasionally the sticks are lost. As they say in the article “only last week someone told her that he had given a presentation to staff of a large government department and a memory stick containing departmental information had been handed to him in mistake for the one containing his presentation”

Mistakes happen, but with digital files we have the opportunity of encryption so that we lose nothing of value when misplacing a USB drive. Without a decryption password the stick is useless (well, unless an unscrupulous person wants to spend millions of dollars and years trying to break the password).

The GCSB set standards for government agencies and encryption in section 2.9.18 of their NZ ICT Security Manual [1MB, PDF]. For “IN CONFIDENCE, SENSITIVE and RESTRICTED” data they say to use an AES such as AES-256. Naturally the best security software is open to allow analysis and peer review and the free and open source software True Crypt supports AES-256.

A common excuse for not using encryption is that people want to plug the USB stick into any computer… any computer won’t have the decryption software necessary and it’s inconvenient to download the decryption software to access the encrypted files. A way around this is to format the whole drive as FAT32, copy the decryption software installer to it, and then fill up the rest of the drive with a ‘virtual partition’ file. That way when you want to access your files on a machine without decryption software you can install it and access your encrypted virtual partition file.

Of course plugging a USB stick into just any computer has it’s own problems (keylogging, file caches, etc.) so you should always ensure that you trust the machine used for decryption.

Update: earlier versions of this blog post said that future encryption standards would be set by the DIA but as Mark points out in the comments this is wrong.

(crossposted from CreativeFreedom.org.nz)

The Sydney Morning Herald reports that some significant charges against the ISP iiNet have been dropped. iiNet were taken to court for passing on notices of copyright infringement to the police, and not just disconnecting their customers based on unsubstantiated accusations of copyright infringement. “AFACT lawyers failed to convince Federal Court judge, Justice Dennis Cowdroy, of its merit. The judge has ordered the studios pay iiNet’s court costs relating to that claim.” The remaining claims are still being argued in court (thanks Brenda)

ODF files, like HTML files, can have proprietary extensions such as Flash or WMF that hamper interoperability. It’s quite possible to have compliance with a standard but reduced interoperability, and those seeking interoperability must apply further constraints to ODF or HTML.

We constrain unnecessary variation in HTML through profiles and things like the E-govt Web Standards. To a large degree testing these constraints can be automated in software like OpenWolf and Docvert (Docvert has unit tests to assert things about document structure).

The obvious question raised during the ISO OOXML process is around an equivalent to Egovt Web Standards for Office Documents. The existing scheme of regulating nothing and allowing any ole’ file is harming access to information, interoperability, and competition (geddit? OLE file… oh never mind). There’s a lot of unnecessary variation in file formats that needs to be controlled.

Enter, Microsoft Office SP2. As NZOSS say OpenDocument support in Microsoft Office is broken. Rob Weir (ODF Chair) has written two articles exploring the problems with their spreadsheet implementation titled Update on ODF Spreadsheet Interoperability and A follow-up on Excel 2007 SP2′s ODF support. He says that this means that Microsoft Office 2007 SP2 doesn’t actually comply with ODF 1.1.

Microsoft’s response has been that they couldn’t possible implement spreadsheet formulas because it’s a draft specification, and that they’ll revisit OpenFormula when it is done. Is this a reasonable explanation?

Microsoft have released two ODF implementations, a ‘CleverAge plugin’ and Microsoft Office 2007 SP2 so let’s see what the previous attempt did. As shown the Microsoft CleverAge stored formulas like =[.A1]+[.B2]+[.C3]. Note the square brackets, presumably because ODF 1.1 says of spreadsheet formulas “Addresses in formulas start with a “[“ and end with a “]”. The approach in Microsoft’s CleverAge was aligned with that of IBM Symphony, KSpread, Google Spreadsheets, and OpenOffice who also use the format =[.A1]+[.B2]+[.C3].

Microsoft Excel 2007 SP2 uses =A1+B2+C3.

This isn’t an insurmountable problem… programmers could identify Microsoft Office files and modify their software to avoid [square brackets] and then hopefully millions of people will download and upgrade. This will take years to recover from. The error is enough to break interoperability amongst ODF software, to fracture ODF formulas, and it’s so obvious an error that even basic interoperability testing would have revealed it.

Many standards, such as HTML5, are being implemented in draft form. The majority of OpenFormula is stable enough to be implemented and every other ODF application did a better job at formulas including Microsoft’s previous CleverAge plugin. That Microsoft Office 2007 SP2 has less interoperability is inexcusable.

Currently the New Zealand Government G2009 agreement with Microsoft is being negotiatied. I hope that the government negotiators involved remember whether Microsoft talked about ODF and interoperability because SP2 is still causing vendor lock-in.

In other news OpenOffice 3.1 was released today.

Update (later that day): a quote:

SP2 has reduced the level of interoperability among ODF spreadsheets, by failing to produce conforming ODF documents, and failing to take note of the spreadsheet formula conventions that had been adopted by all of the other vendors and which are working their way through OASIS as a standard.

If we note the arguments used by Microsoft in the recent past, they have argued that OOXML must be exactly what it is — flaws and all — in order to be compatible with legacy binary Office documents. Then they argued that OOXML can not be changed in ISO, because that would create incompatibility with the “new legacy” documents in Office 2007 XML format. But when it comes to ODF, they have disregarded all legacy ODF documents created by all other ODF vendors and take an aloof stance that looks with disdain on interoperability with other vendor’s documents, or even documents produced by their own ODF Add-in. The sacrosanctness of legacy compatibility appears to be reserved, for strategic reasons, for some formats but not others.

(crossposted from CreativeFreedom.org.nz)

BoingBoing.net reports that after 5 votes in the European Parliament “A formidable campaign from the citizens put the issues of freedoms on the Internet at the center of the debates of the Telecoms Package [...] It started with the declaration of commissioner Viviane Reding considering access to Internet as a fundamental right”. The vote was 407 in support of internet access, and only 57 against. Although this was the final vote it will now go through a reconciliation process and Jérémie Zimmermann, co-founder of La Quadrature.net, warns that “Citizens must remain mobilized on these crucial questions” (thanks NZheretic)

(crossposted from CreativeFreedom.org.nz)

ACTA is the treaty that may allow private companies to tap internet connections based on allegations of copyright infringement. The EFF reports on ACTA “What we’ve seen tends to confirm that the substance of ACTA remains a grave concern,” said Public Knowledge Staff Attorney Sherwin Siy. “The agreement increasingly looks like an attempt by Hollywood and the content industries to perform an end-run around national legislatures and public international forums to advance an aggressive, radical change in the way that copyright and trademark laws are enforced.” Initially due for christmas last year the negotiations were delayed with the US change in administration.