Posts Tagged ‘Pitfalls’
Mobile Security Research Rife With Legal Pitfalls
Last Updated on Monday, 12 March 2012 01:20 Written by Celframe Security Team Thursday, 2 August 2012 01:19
VANCOUVER–The shift to mobile computing platforms in recent years has made life much easier for many users, but it’s also made life a lot more difficult for security researchers. Working on any software or hardware product carries with it a number of potential legal challenges, but mobile and embedded devices have their own special set of pitfalls that are beginning to present problems for researchers.
One of the main issues is that research on mobile devices such as smartphones doesn’t just concern one vendor. An Android device might have been manufactured by one company, run software from another and then have service provided by a third entity. That presents some rather unique problems for researchers.
“There are a lot of players involved in mobile,” Marica Hoffman, a senior staff attorney at the EFF, said in a talk on mobile security research legal challenges at CanSecWest here Thursday. “Anytime you’re doing research that potentially invades someone’s privacy, that can be a problem. It makes it more likely you could get into legal trouble. You need to think hard about how to design your research so as not to create those legal problems.”
Many researchers who have worked on mobile or embedded devices have run into legal challenges over various aspects of their work. Those problems often arise from copyright issues or potential violations of the DMCA (Digital Millennium Copyright Act), and
Marcia HoffmanHoffman said that those can be some of the more difficult areas of the law to navigate.
“Copyright is one of the most important things to pay attention to,” she said. “And the DMCA has some pretty harsh statutory penalties. The reverse engineering exception is a lot narrower than most people think. It’s not a broad exception. It has to be for interoperability purposes between programs and it can’t be for purposes that are infringing.”
The exception to the DMCA that allows users to jailbreak their phones has been widely cited and celebrated in the mobile community, but Hoffman warned researchers not to get too excited. The exception only applies to phones, not other mobile devices, she said. The EFF is asking Congress for a broader exception that would cover tablets and other devices.
“The exception doesn’t extend to the distribution of jailbreaking tools, either,” Hoffman said.
There are some things that researchers can do to help protect themselves against potential legal problems. Hoffman said that researchers who are professionals in the field tend to have an advantage in legal disputes.
“When people get in trouble, there’s this perception that it’s some punk kid who meant to make trouble for someone and didn’t have altruistic goals,” she said. “The more you can show you have that altruism, the better.”
She also recommends that researchers assume that the EULAs attached to software are binding, until proven otherwise. The courts have tended to support EULAs in the past, and Hoffman said it’s prudent to assume that will continue.
“I personally have been really disappointed with where the courts have gone on these decisions. But you have to assume as a researcher that the agreement is binding,” she said. “You can’t operate on the assumption that it’s not a real contract.”
Facebook Places: Privacy Pitfalls and How to Control It
Last Updated on Monday, 12 March 2012 01:18 Written by Celframe Security Team Tuesday, 5 June 2012 10:34
Since its inception, this feature has caused much hype in IT magazines and online forums. Many ardently claim that this feature compromises privacy and endangers safety, while also presenting opportunities for stalking and other malicious activities. Also, friends can check into a certain location and broadcast who they are with, thus sacrificing the privacy of others. In contrast, other blogs state that while some may view it as privacy infringement, Facebook allows one to alter his or her privacy settings so that Places does not apply to them. It is a service for only those who wish to use it and Facebook works perfectly fine without it.
It is critical to explore this feature and make an informed decision before using it. To its credit, Facebook has implemented certain in built privacy settings for those who choose to avoid Places. First, this is an opt-in instead of an opt-out option. This means that Facebook users must manually choose to enable it; it is not a default setting. Secondly, even if friends have tagged you while “checking in,” you can choose to reject the tag. This allows your friends to remain checked in and you to remain incognito simultaneously. The simplest way to disable this feature altogether is to uncheck a box in the privacy settings, under “Applications and Websites.” This way, users don’t have to worry about instantly untagging themselves.
Although Facebook Places does provide added entertainment and some convenience, it is a feature that must be used with complete awareness and prudence. As with all social networking websites, it is extremely important to steer clear of unsafe online behavior.