Whenever political pundits get together, they all start the competition for “our politicians are more corrupt/venal/just plain weird than yours.”  Whenever anyone from BC enters the fray, everyone else concedes.

Herewith our latest saga.

The ruling “Today’s BC Liberal Party” is finding itself polling behind the NDP.  (Do not let the word “liberal” in the party name fool you.  Whereas pretty much every other liberal party would be centre-left, the BC Liberals are, politically, somewhat to the right of Attila the Hun.)  The liberals are runing attack ads stating that, twelve years ago, the leader of the NDP backdated a memo.

(No, I’m not making this up.)

The Liberals have just released another version of the same attack ad, this time using a snippet of footage from the recent leaders debate.  Trouble is, the media consortium that ran the debate has copyright on the video of the debate, and all parties agreed that none of the material would be used for political purposes.

The Liberals, called on their use of the video, have refused to take it down.

(How old do you have to be to understand the meaning of “copyright infringement?”)

(I am eagerly awaiting the next installment of this story.  I assume the lawyers paid for by Today’s BC Liberals [or possibly by public money: that's happened before] will argue the provisions of “fair use,” and claim that the attack ads are commentary, or even educational …)

South Korea suffered a major cyber attack yesterday. The origin of the attack seems to be China at the moment, but that is far from being definite.

I happened to be in one of the (several) cyber security operation centers, by pure coincidence. I had a chance to see events unravel in real time. Several banks have been hit (including the very large shinhan bank) and a few broadcasting channels.

The damage is hard to assess, since it’s now in everyone’s advantage to blame the cyber attack on anything from a system crash to the coffee machine running out of capsules. Budget and political moves will dominate most of the data that will be released in the next few days.
It’s clear, however, that the damage substantial. I reached out to a few friends in technical positions at various MSPs and most had a sleepless night. They’ve been hit hard.

The most interesting part of this incident, in my opinion, was a report on car GPS crashing while the attack was taking place. I haven’t seen a news report about that yet, and I couldn’t personally verify it (as I mentioned, I was stationary at the time, watching the frantic cyber-security team getting a handle on a difficult situation) but this is making rounds in security forums and a couple of friends confirmed to me that their car navigation system crashed and had to be restarted, at the exact time the attack was taking place.

The most likely explanation is that the broadcasting companies, who send TPEG data to the GPS devices (almost every car in Korea has a GPS device, almost all get real-time updates via TPEG), had sent malformed data which caused the devices to crash. This data could have been just a result of a domino effect from the networks crashing, or it could have been a very sophisticated proof-of-concept by the attacker to see if they can create a distruption. Traffic in Seoul is bad even on a normal day; without GPS devices it can be a nightmare.

Which brings up an interesting point about fuzzing network devices. TPEG fuzzers have been available for a while now (beSTORM has a TPEG module, and you can easily write your own TPEG fuzzer). The difficult part is getting the GPS device to communicate with the fuzzing generator; this is something the GPS developer can do (but probably won’t) but it is also possible for a government entity to do the necessary configuration to make that happen, given the proper resources or simply by forcing the vendors to cooperate.

The choice of the attacker to bring down the broadcasting networks might be deliberate: other than knocking TV and radio off the air (an obvious advantage in a pre-attack strike) the broadcasting networks control many devices who rely on their data. Forcing them to send malformed data to crash a variety of devices can have interesting implications. If I was a little more naive, I would predict that this will push governments around the world to focus more on fuzzing to discover these kind of vulnerabilities before they see their adversaries exploit them. But in the world we live in, they will instead throw around the phrase “APT” and buy more “APT detection products” (an oximoron if I’ve ever heard one). Thank god for APT, the greatest job saving invention since bloodletting.

An detailed analysis of the attack here:

http://training.nshc.net/KOR/Document/virus/20130321_320CyberTerrorIncidentResponseReportbyRedAlert(EN).pdf

A blog posting at the New York Times:

“Yes, that’s right. Apple now owns the page turn. You know, as when you
turn a page with your hand. An “interface” that has been around for
hundreds of years in physical form. I swear I’ve seen similar
animation in Disney or Warner Brothers cartoons.  (This is where
readers are probably checking the URL of this article to make sure
it’s The New York Times and not The Onion.)”

Yet more proof that the US patent system, and possibly the whole concept of intellectual property law, is well and truly insane.

What’s even funnier is that, when I read the New York Times blog page that carries this story, I noticed that NYT may be in grave danger of having their pants sued off by Apple (which is, after all, a much larger and more litigious corporation).  At least two of the animated graphical ads on the page feature a little character that rolls down a corner of the ad, inviting you to “Click to see more.”  If you click or even mouseover the ad, then the little figure “turns a page” to let you see the rest of the ad.

(This interface appears to be a standard for either the NYT or Google Ads, since refreshing the page a few times gave me the same display for two different auto manufacturers and, somewhat ironically, for Microsoft.)

(In discussing this with Gloria, she mentioned an online magazine based in Australia which uses a graphical page turning interface for the electronic version of the magazine.  Prior art?  Or are they in danger of getting sued by Apple as well?)

I have experienced all kinds of difficulties travelling down to the US to teach.

It used to be a lot easier, in the old days.
Border agent: “Business or pleasure?”
Me: “Business.”
BA: “What are you doing?”
Me: “Teaching.”
BA: “OK.”
Then The-Conservative-Government-Before-The-New-Harperite-Government-Of-Canada decided, in it’s infinite wisdom, to bring in something called the North American Free Trade Agreement, which had provisions to make it “easier” to trade and travel.  Now it’s a royal pain.

(I’ve travelled and taught elsewhere, of course.  Some places I’ve had to get visas.  Nigeria was a nusiance.  Australia was a $20 charge, online, no problem at all.  Last time I taught in Ireland it was “Business or pleasure?”  “Business.”  “Welcome to Ireland!”  Last time I taught in Norway there wasn’t even anyone at the immigration desk.)

Occasionally Americans have complained that they have had troubles coming to work in Canada.  So far I have never heard anything like what I’ve had to go
through.

At the moment I’ve been dealing with American lawyers again.  This has generally been OK, since I usually don’t have to travel for that.  However, this time the other side wants to depose me.  (I suspect they are just doing this for the nusiance value.  As usuall, I’m not doing this as an “expert” witness, just as the only guy who still has the materials.)  So, the origianl plan was for me to fly down to California, spend a day with the lawyers on one side “prepping” me, and spend an hour or two with the other side for the deposition.  They’d have to pay for my fare and travel expenses, as well as my time during prep.

During the call I mentioned that, since he was a lawyer, and presumably had access to other lawyers in their firm who knew something about immigration, they should check on that point, and see if they wanted/needed to do anything about a visa for me.  He didn’t think it was an issue.  I said that, according to the official rules he was right, but that I had seen plenty of cases where the border agents interpretted the rules in idiosyncratic ways, and maybe he should just check.

Today the plan has entirely changed.  At least three lawyers (possibly more), from at least two firms (and possibly more) are flying up from California, renting a boardroom here in Vancouver, renting a court reporter, and staying at least two days (more likely three) to do the prep and deposition.  With all the extra associated costs.  (And all this on behalf of a company that has very stringent travel cost policies: I had to sign off on them for the original contract.)

I think I’ve proved the point: it’s *way* harder to go to the US than to Canada.

Go Public, a consumer advocacy show on CBC, has produced a show on Budget Rent-A-Car overcharging customers for minor repairs.

This rang a bell with me.

In May of 2009, I rented a car from Budget, in order to travel to give a seminar.  Having had troubles with various car rental companies before, I did my own “walk around” and made sure I got a copy of the damage report before I left.  There were two marks on the driver’s door (a small dent, and a scratch), but the Budget employee refused to make two marks in that spot of the form: he said that the one tick covered both.

When I turned in the car, I was told that the tick was only good for the one scratch, and that I would be charged $400 for the dent.  I was also told that, since I had rented the car using my American Express card, I was automatically covered, by American Express, for minor damage, so I should get them to pay for it.

Since I was neither interested in paying myself, nor in assisting in defrauding Amex, I referred to the earlier statement by the employee who had checked the car.  (I had a witness to his statement, as well.)

Thus started a months-long series of phone calls from Budget.  They kept trying to get me to agree to pay the extra $400, and get Amex to reimburse me.  I wasn’t interested.

The phone calls finally stopped when, on one call, I informed the caller (by now identifying himself as someone in the provincial head office for Budget) that I had kept the copy of the original damage report form.  The caller told me that it clearly stated that there was a scratch on the door.  When I asked him how he interpreted the tick mark as a scratch, rather than a dent, he said that the word “scratch” was written on the form.

Well, of course, it hadn’t been written on the form originally.  I guess the caller must have been reasonable high up in the corporate food chain, because he knew what that meant.  I had the original, and it proved that they had messed with their copy.  That breaks the chain of evidence: they had no case at all.

(I still have a scan of that form.  Just in case …)

This goes back a bit, but I was reminded of it this morning:

Amazing where you can get inspiration.  I went to an electronics manufacturing trade show, just to keep up with what’s happening over in that sector.  Nothing particularly new that anyone was selling particularly relevant to security.

However, I sat in on a seminar on the new EU “Restriction of (certain) Hazardous Substances” directive.  (This comes into effect in nine days, and there is all kinds of concern over the fact that the specific regulations for compliance haven’t been promulgated yet.  Remember HIPAA, you lot? 

RoHS (variously pronounced “rows,” “row-hoss,” or “rosh”) is intended to reduce or eliminate the use of various toxic materials, notably lead and mercury, from the manufacture of electronic equipment.  This would reduce the toxic waste involved in manufacturing of said equipment, and particularly the toxic materials involved in recycling (or not) old digital junk.  EU countries all have to produce legislation matching the standard, and it affects imports as well.  In addition, other countries are producing similar legislation.  (Somewhat the same as the EU privacy directive, although without the “equivalent protection” clause.)  Korea is getting something very close to RoHS, California somewhat less.  Japan is going after informational labelling only.  China, interestingly, is producing more restrictive laws, but only for items and devices for sale within China.  If you want to manufacture lead, mercury, and hexavalent chromium computers in China for sale to other countries, that is just fine with them.

There are points relevant to various domains.  In terms of Physical security, and particularly life safety, there are issues of the environmental hazards of toxic materials in the electronic devices that we use.  (This is especially true in regard to BCP: lead, for example, vaporizes at temperatures seem in building fires.)

There is a certification process for ensuring compliance with the regulations.  Unfortunately, a number of manufacturers are carefully considering whether it is worth complying with the regulations.  Even if the products are compliant in terms of hazardous materials, the documentation required for compliance certificates requires details of materials used that could, to educated engineers and others in competing businesses, give away trade secrets involved in manufacturing processes.

The certification and due diligence processes are, like SOX, recursive.  In order to prove that your products are compliant, you also have to demonstrate that your suppliers, and their products, are also compliant.

There is also an interesting possibility of unintended consequences.  Outside of the glass for CRTs, the major use of lead is in solder.  Increasing the proportion of tin in the solder increases the temperature at which it melts, which is one factor.  However, another is that tin-only solder has a tendency to grow “whiskers.”  (The conditions and time for growing whiskers is not fully understood.)  Therefore, in an attempt to reduce the health risk of toxic materials, RoHS may be forcing manufacturers to produce electronic goods with shorter lifetimes, since the whiskers may become long enough to produce short circuits within electronic devices.  Indeed, these devices may have an additional risk of fire …

“Media artist” creates a form of spyware using Macbook webcams.  Runs it on computers in Apple Stores.  Apple calls Secret Service about the artist.  Lots more.  Some interesting and provocative concepts in the article, covering privacy, legality, search and seizure, and the fact that people show little affect when working with/on computers:

http://www.wired.com/threatlevel/2012/07/people-staring-at-computers/all/

Or: One Of The Reasons Why I’ve Never Actually Bought Any Kindle Books from Amazon, And Only Install Free Books:

Amazon closes account and wipes Kindle. Without notice. Without explanation.

There are always two sides (and maybe more) to every story, but:

Police called to a scene where children were reportedly abandoned.  Police arrive to find children on a suburban street, and the mother watching from the porch.

So the police take the mother to jail.

Rogers Communications Inc. is a company providing cable, cellular, and other services in Canada.

Rogers has a discount brand, Chatr, which they advertise as being “more reliable and less prone to dropped calls.”  Canada’s Competition Bureau, after what it called “an extensive review of technical data,” found no discernible difference in dropped-call rates between Rogers/Chatr and new entrants.

Apparently, Rogers will argue that the court should strike down a section in Canada’s Competition Act that requires companies to undergo “adequate and proper” tests of a product’s performance before making advertising claims about it.  In other words, Rogers is saying that forcing the company to find out if claims are true is unfair, because that means they can’t lie with a straight face.

Q: What is the difference between a computer salesman and a used-car salesman?

A: The used-car salesman knows when he’s lying to you …

‘Lying eyes’ are a myth – looking to the right DOESN’T mean you are fibbing.

“Many psychologists believe that when a person looks up to their right they are
likely to be telling a lie.  Glancing up to the left, on the other hand, is said to
indicate honesty.

“Co-author Dr Caroline Watt, from the University of Edinburgh, said: ‘A large
percentage of the public believes that certain eye movements are a sign of lying,
and this idea is even taught in organisational training courses. … The claimed link
between lying and eye movements is a key element of neuro-linguistic
programming.

“According to the theory, when right-handed people look up to their right they
are likely to be visualising a ‘constructed’ or imagined event.  In contrast when
they look to their left they are likely to be visualising a ‘remembered’ memory.
For this reason, when liars are constructing their own version of the truth, they
tend to look to the right.”

“Psychologist Prof Wiseman, from the University of Hertfordshire, said: ‘The
results of the first study revealed no relationship between lying and eye
movements, and the second showed that telling people about the claims made by
NLP practitioners did not improve their lie detection skills.’

However, this study raises a much more serious question.  These types of “skills” are being extensively taught (and sought) by law enforcement and other agencies.  How many investigations are being misdirected and delayed by false suppositions based on NLP “techniques”?  More disturbingly, how many people are being falsely accused, dismissed, or charged due to the same questionable “information”?  (As I keep telling my seminars, when you get sidetracked into pursuing the wrong suspect, the real culprit is getting away free.)

(I guess we’ll have to stop watching “The Mentalist” now …)

For some years I have been peripherally involved (hired to research prior art, etc.) in some of the submarine patent/patent troll cases in the AV world.

I’ve got plenty of prior art.  Programs demonstrating and using technologies that were granted patents years after those programs were available.  Email discussions showing that concepts were obvious and well-known years before patent applications were filed.

Of course, as the “expert” I’m not privy to the legal strategy.  Bt I can figure it out.  US patent office issues patent that never should have been granted.  Troll sues Big Firm for $100M.  BF’s lawyers go to IP law firm.  IP lawyers find me.  IP lawyers ask me for the weirdest (and generally weakest) evidence.  IP lawyers go back to BF’s lawyers.  BF’s lawyers go back to BF.  (At this point I’m not privy to the discussions, so I’m guessing.  But I suspect that …)  IP and BF lawyers advise that evidence available, but patent fight expensive.  BF offers troll $100K to go away.  Troll happy with $100K, which is all he wanted anyway.  BF lawyers happy with large (and now more secure) salaries.  IP lawyers happy with $1M fees.  BF happy to have “saved” $99M.  The only person not happy is me.

Well, Kaspersky got sued.  Kaspersky fought.  Kaspersky won.

So, today I’m happy.  (I just wish I’d been part of *this* fight …)

(By the way, patent trolls cost money …)

I have been using Skype ever since it came out, so I know my stuff.

I know how to write strong passwords, how to use smart security questions and how to – most importantly – avoid Phishing attempts on my Skype account.

But all that didn’t help me avoid a Skype mishap (or more bluntly as a friend said – Skype f*ckup).

It all started Saturday late at night (about 2am GMT), when I started receiving emails in Mandarin from Skype, my immediate thought was fraud, a phishing attempt, so I ignored it. But then I noticed I got also emails from Paypal with charges from Skype for 100$ 200$ 300$, and I was worried, was my account hacked?

I immediately went to PayPal and disconnected my authorization to Skype, called in Transaction Dispute on PayPal and then went on to look at my Skype account.

I looked into the recent logons to my account – nothing.

I looked into email changes, or passwords – nothing.

I couldn’t figure out how the thing got to where it was, and then I noticed, I have become a Skype Manager – wow I was promoted and I didn’t even send in my CV.

Yeah, joke aside, Skype Manager, is a service Skype gives to businesses to allow one person to buy Skype Credit and other people to use that Credit to make calls. A great idea, but the execution is poor.

The service appears to have been launched in 2012, and a few weeks after that, fraud started popping up. The how is very simple and so stupid it shameful for Skype to not have fixed this, since it was first reported (which I found) on the 21st of Jan 2012 on the Skype forum.

Apparently having this very common combinations of:
1) Auto-charge PayPal
2) Never used Skype Manager
3) Never setup a Work email for Skype

Makes it possible for someone to:
1) Setup you as a Skype Manager
2) Setup a new work email on some obscure service (mailinator was used in my case), and have all Skype emails for confirmations sent there

Yes, they don’t need to know anything BESIDE the Skype Call name of your account – which is easy to get using Skype Search.

Once you have become a Skype Manager, “you” can add users to the group you are managing – they don’t need to logon as all they need to do is use the (email) link you get to the newly assigned Work Email, yes, it doesn’t confirm the password – smart ha?

The users added to your Skype Manager can now take the Credit (its not money, it just call credits) and call anywhere they want.

Why this bug / feature not been fixed/addressed since the first time it was made public on the Skype Forum (probably was exploited before then), is anyone’s guess, talking to the Fraud department of Skype – he mainly stated that I should:
1) Change my password for Skype – yes, that would have helped nothing in this case
2) Make sure I authorize Skype only on trustworthy devices

The bottom line, Skype users, make sure:
1) You have configured your Skype Manager – if you are using Auto-Charge feature – I have disabled my Auto-Charge and PayPal authorization since then, and don’t plan on enabling it anytime (ever)
2) You have configured your Skype Work email – yes, if its unset, anyone can change it – without needing to know your current password – is this company a PCI authorized company?

If you have more insight on the matter, let me know

- Noam

The Department of Homeland Security has been forced to release a list of keywords and phrases it uses to monitor social networking sites and online media.  (Like this one?)

BKDRKMKT.RVW 20120201

“Dark Market: CyberThieves, CyberCops, and You”, Misha Glenny, 2011,
978-0-88784-239-9, C$29.95
%A   Misha Glenny
%C   Suite 801, 110 Spadina Ave, Toronto, ON Canada  M5V 2K4
%D   2011
%G   978-0-88784-239-9 0-88784-239-9
%I   House of Anansi Press Ltd.
%O   C$29.95 416-363-4343 fax 416-363-1017 www.anansi.ca
%O  http://www.amazon.com/exec/obidos/ASIN/0887842399/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0887842399/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0887842399/robsladesin03-20
%O   Audience n Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   296 p.
%T   “Dark Market: CyberThieves, CyberCops, and You”

There is no particular purpose stated for this book, other than the vague promise of the subtitle that this has something to do with bad guys and good guys in cyberspace.  In the prologue, Glenny admits that his “attempts to assess when an interviewee was lying, embellishing or fantasising and when an interviewee was earnestly telling the truth were only partially successful.”  Bear in mind that all good little blackhats know that, if you really want to get in, the easiest thing to attack is the person.  Social engineering (which is simply a fancy way of saying “lying”) is always the most effective tactic.

It’s hard to have confidence in the author’s assessment of security on the Internet when he knows so little of the technology.  A VPN (Virtual Private Network) is said to be a system whereby a group of computers share a single address.  That’s not a VPN (which is a system of network management, and possibly encryption): it’s a description of NAT (Network Address Translation).  True, a VPN can, and fairly often does, use NAT in its operations, but the carelessness is concerning.

This may seem to be pedantic, but it leads to other errors.  For example, Glenny asserts that running a VPN is very difficult, but that encryption is easy, since encryption software is available on the Internet.  While it is true that the software is available, that availability is only part of the battle.  As I keep pointing out to my students, for effective protection with encryption you need to agree on what key to use, and doing that negotiation is a non-trivial task.  Yes, there is asymmetric encryption, but that requires a public key infrastructure (PKI) which is an enormously difficult proposition to get right.  Of the two, I’d rather run a VPN any day.

It is, therefore, not particularly surprising that the author finds that the best way to describe the capabilities of one group of carders was to compare them to the fictional “hacking” crew from “The Girl with the Dragon Tattoo.”  The activities in the novel are not impossible, but the ability to perform them on demand is highly
unlikely.

This lack of background colours his ability to ascertain what is possible or not (in the technical areas), and what is likely (out of what he has been told).  Sticking strictly with media reports and indictment documents, Glenny does a good job, and those parts of the book are interesting and enjoyable.  The author does let his taste for mystery get the better of him: even the straight reportage parts of the book are often confusing in terms of who did what, and who actually is what.

Like Dan Verton (cf BKHCKDRY.RVW) and Suelette Dreyfus (cf. BKNDRGND.RVW) before him, Glenny is trying to give us the “inside story” of the blackhat community.  He should have read Taylor’s “Hackers” (cf BKHAKERS.RVW) first, to get a better idea of the territory.  He does a somewhat better job than Dreyfus and Verton did, since he is wise enough to seek out law enforcement accounts (possibly after reading Stiennon’s “Surviving Cyberwar,” cf. BKSRCYWR.RVW).

Overall, this work is a fairly reasonable updating of Levy’s “Hackers” (cf. BKHACKRS.RVW) of almost three decades ago.  The rise of the financial motivation and the specialization of modern fraudulent blackhat activity are well presented.  There is something of a holdover in still portraying these crooks as evil genii, but, in the main, it is a decent picture of reality, although it provides nothing new.

copyright, Robert M. Slade   2012    BKDRKMKT.RVW 20120201

C. S. Lewis wrote some pretty good sci-fi, some excellent kids books (which Disney managed to ruin), and my favourite satire on the commercialization of Christmas.  Most people, though, would know him as a writer on Christianity.  So I wonder if Stephen Harper and Vic Toews have ever read him.  One of the things he wrote was, “It would be better to live under robber barons than under omnipotent moral busybodies.”

Bill C-30 (sometimes known as the Investigating and Preventing Criminal Electronic Communications Act, sometimes known as the Protecting Children from Internet Predators Act, and sometimes just known as “the online spy bill”) is heading for Committee of the Whole.  This means that some aspects of it may change.  But it’ll have to change an awful lot before it becomes even remotely acceptable.

It’s got interesting provisions.  Apparently, as it stands, it doesn’t allow law enforcement to actually demand access to information without a warrant.  But it allows the to request a “voluntary” disclosure of information.  Up until, law enforcement could request voluntary disclosure, of course.  But then the ISP would refuse pretty much automatically, since to provide that information would breach PIPEDA.  So now that automatic protection seems to be lost.

(Speaking of PIPEDA, there is this guy who is being tracked by who-knows-who.  The tracking is being done by an American company, so they can’t be forced by Canadian authorities to say who planted the bug.  But the data is being passed by a Canadian company, Kore Wireless.  And, one would think, they are in breach of PIPEDA, since they are passing personal information to a jurisdiction [the United States] which basically has no legal privacy protection at all.)

It doesn’t have to be law enforcement, either.  The Minister would have the right to authorize anyone his (or her) little heart desires to request the information.

Then there is good old Section 14, which allows the government to make ISPs install any kind of surveillance equipment the government wants, impose confidentiality on anything (like telling people they are being surveilled), or impose any other operational requirements they want.

Now, our Minister of Public Safety (doesn’t that name just make you feel all warm and 1984ish?), Vic Toews, has been promoting the heck out of the bill, even though he actually doesn’t know what it says or what’s in it.  He does know that if you oppose C-30 you are on the side of child pornographers.  This has led a large number of Canadians to cry out #DontToewsMeBro and to suggest that it might be best to #TellVicEverything.  Rick Mercer, Canada’s answer to Jon Stewart and famous for his “rants,” has weighed in on the matter.

As far as Toews and friends are concerned, the information that they are after, your IP address and connections, are just like a phone book.  Right.  Well, a few years back Google made their “phone book” available.  Given the huge volume of information, even though it was anonymized, researchers were able to aggregate information, and determine locations, names, interests, political views, you name it.  Hey, Google themselves admit that they can tell how you’re feeling.

But, hey, maybe I’m biased.  Ask a lawyer.  Michael Geist knows about these things, and he’s concerned.  (Check out his notes on the new copyright bill, too.

The thing is, it’s not going to do what the government says it’s going to do.  This will not automatically stop child pornography, or terrorism, or online fraudsters.  Hard working, diligent law enforcement officers are going to do that.  There are a lot of those diligent law enforcement officers out there, and they are doing a sometimes amazing job.  And I’d like to help.  But providing this sort of unfiltered data dump for them isn’t going to help.  It’s going to hurt.  The really diligent ones are going to be crowded out by lazy yahoos who will want to waltz into ISP offices and demand data.  And then won’t be able to understand it.

How do I know this?  It’s simple.  Anyone who knows about the technology can tell you that this kind of access is 1) an invasion of privacy, and 2) not going to help.  But this government is going after it anyway.  In spite of the fact that the Minister responsible doesn’t know what is in the bill.  (Or so he says.)  Why is that?  Is it because they are wilfully evil?  (Oh, the temptation.)  Well, no.  These situations tend to be governed by Hanlon’s Rzor which, somewhat modified, states that you should never attribute to malicious intent, that which can adequately explained by assuming pure, blind, pig-ignorant stupidity.

QED.