Amateur Radio Parity Act Passes US House

Most new houses are part of homeowners associations, covenants, or have other restrictions on the deed that dictate what color you can paint your house, the front door, or what type of mailbox is acceptable. For amateur radio operators, that means neighbors have the legal means to remove radio antennas, whether they’re unobtrusive 2 meter whips or gigantic moon bounce arrays. Antennas are ugly, HOAs claim, and drive down property values. Thousands of amateur radio operators have been silenced on the airwaves, simply because neighbors don’t like ugly antennas.

Now, this is about to change. The US House recently passed the Amateur Radio Parity Act (H.R. 1301) to amend the FCC’s Part 97 rules of amateur stations and private land-use restrictions.

The proposed amendment provides, ““Community associations should fairly administer private land-use regulations in the interest of their communities, while nevertheless permitting the installation and maintenance of effective outdoor Amateur Radio antennas.” This does not guarantee all antennas are allowed in communities governed by an HOA; the bill simply provides that antennas, ‘consistent with the aesthetic and physical characteristics of land and structures in community associations’ may be accommodated. While very few communities would allow a gigantic towers, C-band dishes, or 160 meters of coax strung up between trees, this bill will provide for small dipoles and inconspicuous antennae.

The full text of H.R. 1301 can be viewed on the ARRL site. The next step towards making this bill law is passage through the senate, and as always, visiting, calling, mailing, faxing, and emailing your senators (in that order) is the most effective way to make views heard.

Apple Aftermath: Senate Entertains A New Encryption Bill

If you recall, there was a recent standoff between Apple and the U. S. Government regarding unlocking an iPhone. Senators Richard Burr and Dianne Feinstein have a “discussion draft” of a bill that appears to require companies to allow the government to court order decryption.

Here at Hackaday, we aren’t lawyers, so maybe we aren’t the best source of legislative commentary. However, on the face of it, this seems a bit overreaching. The first part of the proposed bill is simple enough: any “covered entity” that receives a court order for information must provide it in intelligible form or provide the technical assistance necessary to get the information in intelligible form. The problem, of course, is what if you can’t? A covered entity, by the way, is anyone from a manufacturer, to a software developer, a communications service, or a provider of remote computing or storage.

There are dozens of services (backup comes to mind) where only you have the decryption keys and there is nothing reasonable the provider can do to get your data if you lose your keys. That’s actually a selling point for their service. You might not be anxious to backup your hard drive if you knew the vendor could browse your data when they wanted to do so.

The proposed bill has some other issues, too. One section states that nothing in the document is meant to require or prohibit a specific design or operating system. However, another clause requires that covered entities provide products and services that are capable of complying with the rule.

A broad reading of this is troubling. If this were law, entire systems that don’t allow the provider or vendor to decrypt your data could be illegal in the U. S. Whole classes of cybersecurity techniques could become illegal, too. For example, many cryptography systems use the property of forward secrecy by generating unrecorded session keys. For example, consider an SSH session. If someone learns your SSH key, they can listen in or interfere with your SSH sessions. However, they can’t take recordings of your previous sessions and decode them. The mechanism is a little different between SSHv1 (which you shouldn’t be using) and SSHv2. If you are interested in the gory details for SSHv2, have a look at section 9.3.7 of RFC 4251.

In all fairness, this isn’t a bill yet. It is a draft and given some of the definitions in section 4, perhaps they plan to expand it so that it makes more sense, or – at least – is more practical. If not, then it seems to be an indication that we need legislators that understand our increasingly technical world and have some understanding of how the new economy works. After all, we’ve seen this before, right? Many countries are all too happy to enact and enforce tight banking privacy laws to encourage deposits from people who want to hide their money. What makes you think that if the U. S. weakens the ability of domestic companies to make data private, that the business of concealing data won’t just move offshore, too?

If you were living under a rock and missed the whole Apple and FBI controversy, [Elliot] can catch you up. Or, you can see what [Brian] thought about Apple’s response to the FBI’s demand.

Italian Law Changed by the Hackaday Prize

A recent change in Italian law was spurred by the Hackaday Prize. The old law restricted non-Italian companies from hosting contests in the country. With the update Italian citizens are now welcome to compete for the 2015 Hackaday Prize which will award $500,000 in prizes.

We’ve heard very few complaints about the Hackaday Prize. When we do, it’s almost always because there are some countries excluded from participation. We’ve tried very hard to include as much of the globe as possible, some countries simply must be excluded due to local laws regarding contests. The folks from Make in Italy saw last year’s offer of a Trip into Space or $196,418 and set out to get the local laws changed (translated). Happily they succeeded!

The Make in Italy Foundation was started to encourage and support FabLabs in Italy. After seeing two major Hacker and Maker oriented contests — The 2014 Hackaday Prize and the Intel Make it Wearable contest — exclude Italian citizens from entering. Their two prong approach sought out legal counsel and started a petition on Change.org signed by about 1.8k supporters.

We’ve been holding off on the announcement as we needed our own legal opinion on the change (we’re not great at understanding Italian legal PDFs without some help). But today we have removed Italy from the list of excluded countries. Submit your entry today just by writing down your idea of a build which will solve a problem faced by a large number of people. Build something that matters and you could win a Trip into Space, $100,000 for the ‘Best Product’, or hundreds of other prizes. But we’re not waiting until the end, over the next 17 weeks we’ll be giving out $50k in prizes to hundreds of entries.

[Thanks Alessandro]


The 2015 Hackaday Prize is sponsored by:

Do your projects violate International Traffic in Arms Regulations?

From time to time we consider the ramifications of hacking prowess being used for evil purposes. Knowledge is a powerful thing, but alone it is not a dangerous thing. Malicious intent is what takes a clever project and turns it to a tragic end. Conscientious hackers realize this, and [George Hadley] is one of them. While working on a new project he wondered if there were guidelines as to what knowledge should and should not be shared. It turns out that the United States has a set of International Traffic in Arms Regulations that mention concepts we’ve seen in many projects. He wrote up an article which covers the major points of the ITAR.

The gist of it is that sharing certain knowledge, by posting it on the Internet or otherwise, can be considered arms trafficking. It’ll get you a not-so-friendly visit from government officials and quite possibly a sponsored stay in a secure facility. Information about DIY radar, communications jamming, spying devices, UAVs, and a few other concepts are prohibited from being shared. The one qualifying part of that restriction is that it only applies if the information is not publicly known.

SparkFun gets a cease and Desist

CandD

[Nate] over at SparkFun Electronics has posted a cease and desist letter he received from SPARC industries.  Apparently their legal department feels that his name is close enough to theirs to ignite a legal battle. They are demanding that he transfer his domain to them immediately to extinguish the flames. This all seems a bit silly, his name isn’t really at all like theirs and his product isn’t similar either.  To add to the peculiarity of this, going to their site throws up a big red malware warning for us (in chrome).

[thanks IraqiGeek]

Botnet attack via P2P software


P2P networks have long been a legal gray area, used for various spam schemes, illegal filesharing, and lots and lots of adware. Last year, though, the first botnet created by a worm distributed via P2P software surfaced, the work of 19-year-old [Jason Michael Milmont] of Cheyenne, Wyoming, who distributed his Nugache Worm by offering free downloads of the P2P app Limewire with the worm embedded. He later began distributing it using bogus MySpace and Photobucket links shared via chats on AOL Instant Messenger. The strategy proved effective, as the botnet peaked with around 15,000 bots. [Milmont] has plead guilty to the charges against him. Per his plea agreement, he will pay $73,000 in restitution and may serve up to five years in prison.

Violating Terms Of Service equals hacking


A new legal precedent may be set with the case of [Lori Drew], the St. Louis woman who posed as a teenage boy on MySpace and harassed 13-year-old [Megan Meier] until she committed suicide. Drew is being charged under the computer fraud and abuse act, on the grounds that she violated the terms of service agreement of MySpace. If she is convicted of these charges (she is also being charged with conspiracy), it may allow for the criminal prosecution of anyone who violates the terms of service agreement of a site under the same law.

Continue reading “Violating Terms Of Service equals hacking”