Weekly Edition
Return to the Press page
| |||||||||||||
Public Citizen: Federal court using scare tactics to block sharing of public records
Public Citizen looks at the response of the U.S. federal court system to the Firefox "RECAP" extension, which enables sharing of court documents. "Please be aware that RECAP is 'open-source' software, which means it can be freely obtained by anyone with Internet access and could possibly be modified for benign or malicious purposes. This raises the possibility that the software could be used for facilitating unauthorized access to restricted or sealed documents." Of course, the courts could nullify this "threat" by simply making public documents, well, public.
(Log in to post comments)
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 25, 2009 15:49 UTC (Tue) by MattPerry (guest, #46341) [Link] These are hardly scare tactics. What they say is true and was already discussed at length on Slashdot and at RECAP's on web site in the blog entry titled "The Blogosphere Weighs in on RECAP." Their advice about taking caution of making sealed documents publicly available sounds like good advice. This whole article seems to be overreacting.
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 25, 2009 15:53 UTC (Tue) by corbet (editor, #1) [Link] So if RECAP were proprietary software all would be well?
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 25, 2009 17:07 UTC (Tue) by MattPerry (guest, #46341) [Link] No, of course not. But it's much harder for a program to "be modified for benign or malicious purposes" if you do not have the source code than for one which you do have the source. The lesson to learn here, which this bureaucracy hasn't taught, is to always get the program from the official channels. I've seen modified versions of Firefox add-ons that were available from unofficial channels that have been modified to steal passwords. I've seen the same for other pieces of software, both proprietary and not. That's why it's important to download the software from the official source or Mozilla's add-ons site. Who knows what a RECAP extension that you download from someone's random blog, or get on a CD, has been modified to do.The part reminding people to take care with sealed documents is wise. People can inadvertently share sealed documents without using RECAP. They could just as easily upload them to pacer.resource.org with all of their other documents without thinking. The bottom line here is that this has nothing to do with proprietary versus open source. The Public Citizen article says that the courts are using scare tactics, but from reading the advisory that they published, it's clear that no scare tactics are being used. All I see is Public Citizen being alarmist for no good reason. If the courts start sending cease and desist letters to RECAP users, closing PACER accounts, or threatening users then we'll have scare tactics, but no such things are happening. Until they do, there's nothing to see here.
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 26, 2009 6:13 UTC (Wed) by ketilmalde (guest, #18719) [Link]
> But it's much harder for a program to "be modified for benign or
> malicious purposes" if you do not have the source code than for one > which you do have the source.
..which is why "open source" Linux systems are constantly being subverted, while Windows systems remain secure?
Since a majority of users use Windows - and especially since these users are lacking proper software distribution and thus are used to download all kinds of crap off random web sites - anybody looking to access sealed documents would do much better attacking that target rather than RECAP, which only accesses public documents anyway.
So the article's stated view that RECAP is dangerous because it's open source is simply FUD - perhaps to protect their revenue model, or perhaps because they simply do not know better.
> The part reminding people to take care with sealed documents is wise
Exactly. So why would they warn against RECAP on the basis that it is open source? And implicitly suggest that using closed source is somehow safer, in spite of all evidence to the contrary?
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 26, 2009 19:43 UTC (Wed) by MattPerry (guest, #46341) [Link]
> So why would they warn against RECAP on the basis that it is open source?
> And implicitly suggest that using closed source is somehow safer, in > spite of all evidence to the contrary?
What makes you sure that they are warning because it's open source rather than just issuing a warning and mentioning that the program is open source? I think you are focusing far too much on the phrase "open source" and therefore reading too much into the statement.
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 26, 2009 17:41 UTC (Wed) by iabervon (subscriber, #722) [Link]
It may be harder to modify a proprietary program to do something different, but it's pretty trivial to write a proprietary wrapper that discloses private information in addition to running a proprietary program for the user's expected results. It wouldn't be particularly difficult to make a package that installs Microsoft Office and also a hidden program that uploads any sealed court documents found on the machine to RECAP.
Furthermore, there's no reason that the similarity that humans see between uploading public records (from a particular source) to RECAP and uploading sealed documents (not available from that source) to RECAP would make the modification of a program that does the former to do the latter any easier than making a modification to do the latter to pretty much any program that does pretty much anything.
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 26, 2009 17:45 UTC (Wed) by caitlinbestler (guest, #32532) [Link]
A server that relies on client software to enforce security restrictions is insecure. The availability of the client software is irrelevant. A fully proprietary client that was encrypted can still be dissambled once loaded into memory and all packets can be snooped.
The wire protocol needs to allow the server to enforce security or there
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 25, 2009 17:42 UTC (Tue) by cowsandmilk (guest, #55475) [Link]
Like the above commenter said, it should just serve to emphasize obtaining from official sources, running md5sum on the download to verify its what you want, etc. While we all like to believe we are careful, most people skip checking checksums in their every day life. The joy of open source is that you can look at code or trust the community to look at code, and then verify the code you receive is the trusted community-vetted version of the code.
where are they uploaded? Posted Aug 25, 2009 17:42 UTC (Tue) by coriordan (guest, #7544) [Link] I've looked, but I haven't found the page on archive.org where I can find the uploaded documents. Anyone else know where it is?
where are they uploaded? Posted Aug 26, 2009 20:35 UTC (Wed) by jwb (guest, #15467) [Link]
Don't be ridiculous. As everybody knows, archive.org is write-only.
Public Citizen: Federal court using scare tactics to block sharing of public records Posted Aug 31, 2009 18:55 UTC (Mon) by leoc (subscriber, #39773) [Link]
Does the US still use that hilarious "terror level" thing? I remember it was some kind of graph that told everyone how scared they should be. Maybe there is a chance for re-use here?
|
|||||||||||||