The Register Columnists

Mark Rasch

Contact Mail Follow RSS feed
For Sale sign detail

German hacker-tool law

On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense. In the wake of the statute, numerous …
Mark Rasch, 07 Jun 2009
The Register breaking news

The Boston Trio and the MBTA

The annual DEFCON conference in Las Vegas in early August got a bit more interesting than usual when three graduate students from the Massachusetts Institute of Technology were enjoined from giving a presentation by a court in Boston. The three - Zach Anderson, RJ Ryan and Alessandro Chiesa - intended to present both a paper and …
Mark Rasch, 26 Sep 2008
The Register breaking news

Cloud computing lets Feds read your email

When the new iPhone 3G went on sale last week, I was sorely tempted to wait in line for one. (I didn't - no patience.) One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at," according to Apple. More …
Mark Rasch, 20 Aug 2008
The Register breaking news

Of laptops and US border searches

Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed …
Mark Rasch, 24 Mar 2008
The Register breaking news

Recording industry puts stake in ground with Jammie Thomas case

On 1 October, 2007, Jammie Thomas - a single mother living in Brainerd, Minnesota - was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000. …
Mark Rasch, 12 Dec 2007
email symbol

No email privacy rights under Constitution, US gov claims

On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored …
Mark Rasch, 04 Nov 2007
The Register breaking news

Websites could be required to retain visitor info

A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery. Companies routinely create, maintain and store electronic records. Some records are consciously created – like memoranda, …
Mark Rasch, 08 Aug 2007

Don't be evil

A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators (pdf). I have been playing around recently with Google's Documents and Spreadsheets. What Google documents and spreadsheets allows you to do …
Mark Rasch, 25 Jun 2007
The Register breaking news

Your space, MySpace, everybody's space

It has recently been reported that Attorneys General from about a dozen US States, including Connecticut, Georgia, Hawaii, Idaho, Mississippi, Maryland, New Hampshire, North Carolina, Ohio and Pennsylvania have demanded that News Corporation's social networking site MySpace voluntarily deliver a list of all sex offenders who …
Mark Rasch, 25 May 2007
The Register breaking news

The politics of email in the workplace

It's springtime in Washington, D.C. The cherry blossoms have bloomed, the tourists descended, and on both sides of Pennsylvania Avenue a new "scandal" is erupting. In the Watergate era, there was the controversy about Rosemary Woods and the 18 ½ minute "gap" - a missing portion of a taped conversation of June 20, 1972. Now in …
Mark Rasch, 19 Apr 2007
The Register breaking news

How to find stolen laptops

Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world. Bad things happen online. Trade secrets are lost or stolen. Personal information is compromised. Copyrights and …
Mark Rasch, 14 Mar 2007
The Register breaking news

Blanket discovery for stolen laptops

Comment Bad things happen online. Trade secrets are lost or stolen. Personal information is compromised. Copyrights and trademarks are infringed. Bloggers post confidential information, defamatory information, or just annoying information. Websites host stolen credit cards, hacking tools and techniques, or other things that you might …
Mark Rasch, 13 Mar 2007
The Register breaking news

Was Julie Amero wrongly convicted?

Comment Substitute teacher Julie Amero faces up to 40 years in prison for exposing kids to porn using a classroom computer, but the facts strongly suggest that she was wrongfully convicted. Many issues remain, from the need for an independent computer forensics investigation and the presence of spyware and adware on the machine, to bad …
Mark Rasch, 14 Feb 2007
The Register breaking news

iPhone trademarks: the real issues

Analysis Apple's iPhone announcement and Cisco's iPhone trademark lawsuit has brought the iPhone moniker into the spotlight. But other companies also own and use iPhone trademarks, and market and sell their iPhone products. Mark Rasch explains how US trademark law works and the real issues at play in this highly publicised trademark …
Mark Rasch, 24 Jan 2007

All I want for Christmas...

Mark Rasch takes a step back and offers his holiday and New Year's wish list of all things security - items that should exist, be made available and be easy to use for everyone over the coming year. It is traditional this time of year for people to make lists of what they want for the holidays. You know, a Nintendo Wii, a PS3, …
Mark Rasch, 20 Dec 2006

Vista's EULA product activation worries

The terms of Microsoft's End User License Agreement (EULA) for its upcoming Vista operating system raises the conflict between two fundamental principles of contract law. The first, and more familiar, is that parties to a contract can generally agree to just about anything, as long as what they agree to doesn't violate the law …
Mark Rasch, 22 Nov 2006
The Register breaking news

Employee privacy versus employer policy

Your organisation has a computer and internet use policy. Fine. It's been reviewed by corporate counsel, approved by senior management, and implemented over the years. The policy is comprehensive - it includes policies on expectations of privacy, employee monitoring, and the ownership of corporate electronic assets. Now, during …
Mark Rasch, 03 Nov 2006
The Register breaking news

Guidelines needed to protect anonymity

In early August, officials at America Online released information about searches being conducted by AOL members and users of the AOL search tool. This historical data was released onto the internet by several AOL officials to demonstrate how useful such data could be for tracking patterns, uses and interest of AOL members. The …
Mark Rasch, 30 Aug 2006
The Register breaking news

Email privacy in the workplace

Comment Even with a well-heeled corporate privacy policy stating that all employee communications may be monitored in the workplace, the legality of email monitoring is not as clear cut as one might think. Let's suppose you are an employer. You have a well-written and well distributed policy on privacy in the workplace. You expressly …
Mark Rasch, 02 Aug 2006
The Register breaking news

Windows genuine disadvantage

Comment A recent lawsuit filed against Microsoft should have all companies reexamining their privacy policies to determine what information they are actually collecting about customers and what they can possibly do with it. What would you call a computer program that surreptitiously installed itself onto your computer, collected …
Mark Rasch, 07 Jul 2006
The Register breaking news

Retain or restrain access logs?

Comment A recent proposal by the US Department of Justice that would mandate Internet Service Providers to retain certain records represents a dangerous trend of turning private companies into proxies for law enforcement or intelligence agencies against the interests of their clients or customers. When you use the internet, a certain …
Mark Rasch, 14 Jun 2006
The Register breaking news

Protection from prying NSA eyes

Comment From the US Fourth Amendment, the Stored Communications Act and US wiretap laws to the Pen-register statute, Mark Rasch looks at legal protections available to the telecommunications companies and individual Americans in the wake of the NSA's massive spying program. Imagine being the head of a major telecommunications company …
Mark Rasch, 17 May 2006
The Register breaking news

Forensic felonies

A new law in Georgia on private investigators now extends to computer forensics and computer incident response, meaning that forensics experts who testify in court without a PI license may be committing a felony. In the US television show "Medium," Patricia Arquette's character uses her "special psychic skills" to help solve …
Mark Rasch, 26 Apr 2006
The Register breaking news

This means Warcraft!

Comment A recent World of Warcraft case involved a WoW book by Brian Knopp that was being sold on eBay. It resulted in automated takedown notices by "lawyerbots" and shows how the legal process today can end up silencing legitimate uses of trademarks and copyrights. One staple idea of 1950s science fiction movies was of robots that …
Mark Rasch, 06 Apr 2006
The Register breaking news

Human rights and wrongs online

A government's position on censorship used to protect its citizenry is dictated by who they are. The well-popularised censorship of internet content in China by Google and other big players, and criticism of this by the US government, is really just the tip of the iceberg. On 15 Febrary, the United States Congress held hearings …
Mark Rasch, 15 Mar 2006

Strict liability for data breaches?

Comment A recent case involving a stolen laptop containing 550,000 people's full credit information sheds new night on what "reasonable" protections a company must make to secure its customer data - and what customers need to prove in order to sue for damages. Let's say you open your mailbox, and there is a letter from the financial …
Mark Rasch, 22 Feb 2006
The Register breaking news

Google's data minefield

The US Government's broad subpoena to search engines effectively seeks to mine the data of the internet. While Google has resisted the subpoena, there may be little they can do to protect our privacy from many prying eyes. Moreover, the Government subpoena makes Google and other search engines or ISPs the source of first resort …
Mark Rasch, 31 Jan 2006
The Register breaking news

Wiretapping, FISA, and the NSA

US wiretapping laws, FISA and Presidential powers given to the NSA to intercept communications make for interesting times when coupled with technology. What are the issues surrounding privacy, search, seizure and surveillance? Whenever a new technology is developed, or a new threat that causes us to deploy these technologies, …
Mark Rasch, 12 Jan 2006
The Register breaking news

Tracked by cellphone

Comment We know that technology can be used to track people's location via a cellphone, but how difficult is it for law enforcement to get a court order and do this legally? An old physics joke recounts that Werner Heisenberg (of the uncertainty principle) is pulled over by the police for speeding one night. The police officer asks the …
Mark Rasch, 22 Dec 2005
hands waving dollar bills in the air

Can writing software be a crime?

Can writing software be a crime? A recent indictment in San Diego, California indicates that the answer to that question may be yes. We all know that launching certain types of malicious code - viruses, worms, Trojans, even spyware or sending out spam - may violate the law. But on July 21, 2005 a federal grand jury in the …
Mark Rasch, 04 Oct 2005
graph up

Katrina: a tough lesson in security

In the waning days of August, a massive category four hurricane devastated the gulf coast of the United States, particularly devastating the city of New Orleans. In addition to the estimated $50bn in property damage, clean-up and reconstruction costs, and the hundreds of likely dead, and tens of thousands displaced, the …
Mark Rasch, 13 Sep 2005
The Register breaking news

Legal disassembly

When security researcher and ISS employee Michael Lynn went to give a presentation at the Black Hat conference in Las Vegas, little did he know he would ignite a legal firestorm questioning whether even the act of looking for security vulnerabilities violates the law. A brief history Lynn, in his position with ISS, apparently …
Mark Rasch, 23 Aug 2005

The CardSystems blame game

Comment On July 21, 2005, the United States House of Representatives Committee on Financial Services, Subcommittee on Oversight held a hearing on Credit Card Data Processing: How Secure Is It?" Of course, just by asking the question,you already know what the answer is going to be: not a disaster, but about as secure as you might imagine …
Mark Rasch, 08 Aug 2005
The Register breaking news

How much does a security breach actually cost?

Comment How much does a security breach actually "cost," and who pays for it? When the breach involves personal information, like credit card data, the answer is, a lot more than you may think. The problem is that the people who "pay" for the cost of the breach are rarely the ones responsible for preventing the breach. A recent lawsuit …
Mark Rasch, 15 Jul 2005
The Register breaking news

Shred It!

Analysis The second worst thing you can do in the face of a government investigation is to destroy the documents relevant to that investigation. The worst thing you can do, of course, is to almost destroy these documents. There is an axiom in the world of electronic documents and records - "delete doesn't and restore won't." Indeed, …
Mark Rasch, 14 Jun 2005
The Register breaking news

Deleting spyware: a criminal act?

Analysis On my computer right now I have three anti-spyware programs, three anti-virus programs, and three anti-spam programs, together with a hardware and software firewall, an IPsec VPN, and data level encryption on certain files (and no, this is not intended to be an invitation for you to try to test my security.) The anti-spyware, …
Mark Rasch, 25 May 2005

Sarbanes Oxley for IT security?

Comment Sarbanes Oxley seems wholly focused on the accuracy of a company's financial records and controls around these records, so where does IT security come into the picture, ask SecurityFocus columnist Mark Rasch. At a recent computer security conference in Las Vegas, I was struck by the fact that every computer security vendor was …
Mark Rasch, 03 May 2005

Business school 'hack' raises ethical questions

Where do morality and ethics end, and criminality begin? What is the appropriate "punishment" for the crime of curiosity coupled with the act of snooping? These questions have been raised once again in the case of a number of applicants to the US' most prestigious business schools who went beyond the normal processes to sneak a …
Mark Rasch, 22 Mar 2005
The Register breaking news

Can CAN-SPAM can spim?

On 15 February an 18-year-old man from Cheektowaga, New York was charged with creating tens of thousands of fraudulent IM accounts and using these accounts to send unsolicited instant messages (you know the type, "my boyfriend just dumped me, and I am alone with a webcam" or "get great rates on a mortgage".) According to the …
Mark Rasch, 28 Feb 2005
The Register breaking news

Sniffer dog threatens online privacy

Comment The Fourth Amendment to the US Constitution is supposed to be the one that protects people and their "houses, places and effects" against "unreasonable searches". Forty-two years ago, the US Supreme Court held that attaching a listening device to a public pay phone violated this provision because the Constitution protects people …
Mark Rasch, 10 Feb 2005
The Register breaking news

Spam punishment doesn't fit the crime

Opinion I hate spam as much as the next person, but recent decisions by courts in Iowa and Virginia demonstrate how fear of technology (and justifiable annoyance) can force the legal system to impose fines and sentences that are grossly disproportionate to the harm caused by spammers. This is not to defend or justify spammers, whose …
Mark Rasch, 27 Dec 2004
The Register breaking news

Lycos goes straight

After a week of well-deserved criticism, Lycos is abandoning its scheme to launch denial-of-service attacks against spammy websites. Did the company reform in time to avoid criminal prosecution? A short-lived project by Lycos's European subsidiary to give users a method to "attack" spammers was an overall bad idea, albeit …
Mark Rasch, 06 Dec 2004
The Register breaking news

Tektrol's worst case scenario

The fine print in an insurance policy becomes an issue when a bizarre chain of IT disasters leaves a company without a single copy of the source code to its flagship product. A series of booklets by Joshua Priven describe how to survive a series of "Worst Case Scenarios." These include telling readers how to escape from …
Mark Rasch, 16 Nov 2004
The Register breaking news

Hacking: the must-have business tool

Your competitor has a wildly successful web-based tool which is being used by many of your customers. Do you (A) give up and get out of the business; (B) set up a team of product developers to make a competing product; or (C) hack into the competitor's website, steal the code, and for good measure hire their critical employees …
Mark Rasch, 26 Oct 2004
The Register breaking news

Judge defangs Patriot Act

A New York judge did the right thing last week when he threw out a USA-PATRIOT Act provision that forced ISPs to secretly co-operate with the FBI, and gave them no obvious avenue for appeal. It is "under the pressing exigencies of crisis that there is the greatest temptation to dispense with fundamental constitutional guarantees …
Mark Rasch, 05 Oct 2004
The Register breaking news

Myopic Congress lacks spyware focus

Analysis Forget Congress' myopic efforts to outlaw spyware. What we really need is better enforcement of existing computer crime laws, says SecurityFocus columnist Mark D. Rasch. In Through the Looking Glass, Lewis Carroll's Humpty Dumpty tells Alice: "When I use a word, ... it means just what I choose it to mean - neither more nor less …
Mark Rasch, 14 Sep 2004
The Register breaking news

Footing the Big Brother webtap bill

On 9 August 2004, the US Federal Communications Commission (FCC) took a major step toward mandating the creation and implementation of new Internet Protocol standards to make all Internet communications less safe and less secure. What is even worse, the FCC's ruling will force ISP's and others to pay what may amount to billions …
Mark Rasch, 17 Aug 2004
The Register breaking news

Your data online: safe as houses

A decision by a federal court in Minnesota may have profound repercussions for the ability of consumers and others to rely upon promises of security and privacy made on corporate or governmental websites - and that's just for starters. On 21 June, 2004, the United States Senate Governmental Affairs Committee was told that a …
Mark Rasch, 30 Jul 2004
The Register breaking news

Close the email wiretap loophole

Opinion Last week a Federal District Court in Boston decided that when someone reads your private email without your permission and before you receive it, it doesn't violate federal wiretap law. The ruling perfectly illustrates how we can frustrate the entire purpose of a statute simply by reading it too carefully. The case began when …
Mark Rasch, 05 Jul 2004
The Register breaking news

Google's Gmail: spook heaven?

Google's plans to run targeted advertising with the mail that you see through its new Gmail service represents a potential break for government agencies that want to use autobots to monitor the contents of electronic communications travelling across networks. Even though the configuration of the Gmail service minimises the …
Mark Rasch, 15 Jun 2004