Is Pentagon deciding the Norwegian negotiating position on Internet governance?

3rd November 2015

In Norway, all government offices are required by law to keep a -list of every document or letter arriving and leaving their offices. -Internal notes should also be documented. The document list (called a mail -journal - "postjournal" in Norwegian) is public information and thanks -to the Norwegian Freedom of Information Act (Offentleglova) the mail -journal is available for everyone. Most offices even publish the mail -journal on their web pages, as PDFs or tables in web pages. The state-level offices even have a shared web based search service (called -Offentlig Elektronisk Postjournal - -OEP) to make it possible to search the entries in the list. Not -all journal entries show up on OEP, and the search service is hard to -use, but OEP does make it easier to find at least some interesting -journal entries .

- -

In 2012 I came across a document in the mail journal for the -Norwegian Ministry of Transport and Communications on OEP that -piqued my interest. The title of the document was -"Internet -Governance and how it affects national security" (Norwegian: -"Internet Governance og pÃ¥virkning pÃ¥ nasjonal sikkerhet"). The -document date was 2012-05-22, and it was said to be sent from the -"Permanent Mission of Norway to the United Nations". I asked for a -copy, but my request was rejected with a reference to a legal clause said to authorize them to reject it -(offentleglova Â§ 20, -letter c) and an explanation that the document was exempt because -of foreign policy interests as it contained information related to the -Norwegian negotiating position, negotiating strategies or similar. I -was told the information in the document related to the ongoing -negotiation in the International Telecommunications Union (ITU). The -explanation made sense to me in early January 2013, as a ITU -conference in Dubay discussing Internet Governance -(World -Conference on International Telecommunications - WCIT-12) had just -ended, -reportedly -in chaos when USA walked out of the negotiations and 25 countries -including Norway refused to sign the new treaty. It seemed -reasonable to believe talks were still going on a few weeks later. -Norway was represented at the ITU meeting by two authorities, the -Norwegian Communications Authority -and the Ministry of -Transport and Communications. This might be the reason the letter -was sent to the ministry. As I was unable to find the document in the -mail journal of any Norwegian UN mission, I asked the ministry who had -sent the document to the ministry, and was told that it was the Deputy -Permanent Representative with the Permanent Mission of Norway in -Geneva.

- -

Three years later, I was still curious about the content of that -document, and again asked for a copy, believing the negotiation was -over now. This time -I -asked both the Ministry of Transport and Communications as the -receiver and -asked -the Permanent Mission of Norway in Geneva as the sender for a -copy, to see if they both agreed that it should be withheld from the -public. The ministry upheld its rejection quoting the same law -reference as before, while the permanent mission rejected it quoting a -different clause -(offentleglova Â§ 20 -letter b), claiming that they were required to keep the -content of the document from the public because it contained -information given to Norway with the expressed or implied expectation -that the information should not be made public. I asked the permanent -mission for an explanation, and was told that the document contained -an account from a meeting held in the Pentagon for a limited group of NATO -nations where the organiser of the meeting did not intend the content -of the meeting to be publicly known. They explained that giving me a -copy might cause Norway to not get access to similar information in -the future and thus hurt the future foreign interests of Norway. They -also explained that the Permanent Mission of Norway in Geneva was not -the author of the document, they only got a copy of it, and because of -this had not listed it in their mail journal.

- -

Armed with this -knowledge I asked the Ministry to reconsider and asked who was the -author of the document, now realising that it was not same as the -"sender" according to Ministry of Transport and Communications. The -ministry upheld its rejection but told me the name of the author of -the document. According to -a -government report the author was with the Permanent Mission of -Norway in New York a bit more than a year later (2014-09-22), so I -guessed that might be the office responsible for writing and sending -the report initially and -asked -them for a copy but I was obviously wrong as I was told that the -document was unknown to them and that the author did not work there -when the document was written. Next, I asked the Permanent Mission of -Norway in Geneva and the Foreign Ministry to reconsider and at least -tell me who sent the document to Deputy Permanent Representative with -the Permanent Mission of Norway in Geneva. The Foreign Ministry also -upheld its rejection, but told me that the person sending the document -to Permanent Mission of Norway in Geneva was the defence attachÃ© with -the Norwegian Embassy in Washington. I do not know if this is the -same person as the author of the document.

- -

If I understand the situation correctly, someone capable of -inviting selected NATO nations to a meeting in Pentagon organised a -meeting where someone representing the Norwegian defence attachÃ© in -Washington attended, and the account from this meeting is interpreted -by the Ministry of Transport and Communications to expose Norways -negotiating position, negotiating strategies and similar regarding the -ITU negotiations on Internet Governance. It is truly amazing what can -be derived from mere meta-data.

- -

I wonder which NATO countries besides Norway attended this meeting? -And what exactly was said and done at the meeting? Anyone know?

Simpler recipe on how to make a simple $7 IMSI Catcher using Debian

9th August 2017

On friday, I came across an interesting article in the Norwegian +web based ICT news magazine digi.no on +how +to collect the IMSI numbers of nearby cell phones using the cheap +DVB-T software defined radios. The article refered to instructions +and a recipe by +Keld Norman on Youtube on how to make a simple $7 IMSI Catcher, and I decided to test them out.

+ +

The instructions said to use Ubuntu, install pip using apt (to +bypass apt), use pip to install pybombs (to bypass both apt and pip), +and the ask pybombs to fetch and build everything you need from +scratch. I wanted to see if I could do the same on the most recent +Debian packages, but this did not work because pybombs tried to build +stuff that no longer build with the most recent openssl library or +some other version skew problem. While trying to get this recipe +working, I learned that the apt->pip->pybombs route was a long detour, +and the only piece of software dependency missing in Debian was the +gr-gsm package. I also found out that the lead upstream developer of +gr-gsm (the name stand for GNU Radio GSM) project already had a set of +Debian packages provided in an Ubuntu PPA repository. All I needed to +do was to dget the Debian source package and built it.

+ +

The IMSI collector is a python script listening for packages on the +loopback network device and printing to the terminal some specific GSM +packages with IMSI numbers in them. The code is fairly short and easy +to understand. The reason this work is because gr-gsm include a tool +to read GSM data from a software defined radio like a DVB-T USB stick +and other software defined radios, decode them and inject them into a +network device on your Linux machine (using the loopback device by +default). This proved to work just fine, and I've been testing the +collector for a few days now.

+ +

The updated and simpler recipe is thus to

+ +

start with a Debian machine running Stretch or newer,
build and install the gr-gsm package available from +http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/,
clone the git repostory from https://github.com/Oros42/IMSI-catcher,
run grgsm_livemon and adjust the frequency until the terminal +where it was started is filled with a stream of text (meaning you +found a GSM station).
go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.

+ +

To make it even easier in the future to get this sniffer up and +running, I decided to package +the gr-gsm project +for Debian (WNPP +#871055), and the package was uploaded into the NEW queue today. +Luckily the gnuradio maintainer has promised to help me, as I do not +know much about gnuradio stuff yet.

+ +

I doubt this "IMSI cacher" is anywhere near as powerfull as +commercial tools like +The +Spy Phone Portable IMSI / IMEI Catcher or the +Harris +Stingray, but I hope the existance of cheap alternatives can make +more people realise how their whereabouts when carrying a cell phone +is easily tracked. Seeing the data flow on the screen, realizing that +I live close to a police station and knowing that the police is also +wearing cell phones, I wonder how hard it would be for criminals to +track the position of the police officers to discover when there are +police near by, or for foreign military forces to track the location +of the Norwegian military forces, or for anyone to track the location +of government officials...

+ +

It is worth noting that the data reported by the IMSI-catcher +script mentioned above is only a fraction of the data broadcasted on +the GSM network. It will only collect one frequency at the time, +while a typical phone will be using several frequencies, and not all +phones will be using the frequencies tracked by the grgsm_livemod +program. Also, there is a lot of radio chatter being ignored by the +simple_IMSI-catcher script, which would be collected by extending the +parser code. I wonder if gr-gsm can be set up to listen to more than +one frequency?

- Tags: english, offentlig innsyn, opphavsrett, personvern. + Tags: debian, english, personvern, surveillance.

@@ -142,56 +117,37 @@ And what exactly was said and done at the meeting? Anyone know?

New book, "Fri kultur" by @lessig, a Norwegian BokmÃ¥l translation of "Free Culture" from 2004

31st October 2015

People keep asking me where to get the various forms of the book I -published last week, the Norwegian BokmÃ¥l edition of Lawrence Lessigs -book Free Culture. It was -published on paper via lulu.com, and is also available in PDF, ePub -and MOBI format. I currently sell the paper edition for self cost -from lulu.com, but might extend the distribution to book stores like -Amazon and Barnes & Noble later. This will double the price and force -me to make a profit from selling the book. Anyway, here are links to -get the book in different formats:

- -

Buy - paper edition from lulu.com
Download - PDF, size 7.9 MiB (gratis/free)
Download - ePub, size 11 MiB (gratis/free)
Download - MOBI, size 3.8 MiB (gratis/free)

- -

Note that the MOBI version have problems with the table of content, -at least with the viewers I have been able to test. And the ePub file -have several problems according to -epubcheck, but seem -to display fine in the viewers I have tested. All the files needed to -create the book in various forms are available from -the -github project page.

- -

The project got press coverage from the Norwegian IT news site -digi.no. Check out the article -"Vil -Ã¥pne politikernes Ã¸yne for Creative Commons". - -

I've blogged -about the project as it moved along. The blogs document the translation -progress and insights I had along the way.

Norwegian BokmÃ¥l edition of Debian Administrator's Handbook is now available

25th July 2017

+ +

I finally received a copy of the Norwegian BokmÃ¥l edition of +"The Debian Administrator's +Handbook". This test copy arrived in the mail a few days ago, and +I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition +is available +from lulu.com. If you buy it quickly, you save 25% on the list +price. The book is also available for download in electronic form as +PDF, EPUB and Mobipocket, as can be +read online +as a web page.

+ +

This is the second book I publish (the first was the book +"Free Culture" by Lawrence Lessig +in +English, +French +and +Norwegian +BokmÃ¥l), and I am very excited to finally wrap up this +project. I hope +"HÃ¥ndbok +for Debian-administratoren" will be well received.

- Tags: english, freeculture. + Tags: debian, debian-handbook, english.

@@ -199,90 +155,50 @@ progress and insights I had along the way.

Gavebok overlevert Stortinget i dag

29th October 2015

Like fÃ¸r kl. 11 i dag leverte jeg fem esker med gaveinnpakkede -bÃ¸ker til Stortinget, for utdeling til alle stortingsrepresentanter. -Det ble etterfulgt av fÃ¸lgende pressemelding. Stor takk til NUUG for -lÃ¥n av epostliste for Ã¥ sende ut pressemeldingen.

- -

- -
Er opphavsretten for streng, spÃ¸r ny bok
- -
I dag kommer boken Â«Fri -kulturÂ» av Lawrence Lessig ut pÃ¥ norsk. Boken handler om -utviklingen og utvidelsene opphavsretten har hatt de siste 40 Ã¥rene. -Boken er i dag gitt i gave til alle stortingsrepresentantene. -Oversetter og utgiver Petter Reinholdtsen hÃ¥per Stortinget vil tenke -seg om to ganger neste gang det er snakk om utvidelse av -opphavsretten.
- -
Boken forteller om hvordan store medieaktÃ¸rer ved hjelp av -opphavsretten bruker teknologi til Ã¥ begrense kulturen og kontrollere -kreativiteten. Den er skrevet av stifteren av -Creative Commons, professor -Lawrence Lessig, som for tiden er med i kampen om Ã¥ bli Demokratenes -presidentkandidat i USA sitt -presidentvalg i 2016. Lessig ble sist omtalt i norske medier da -NRK i hÃ¸st viste dokumentaren Â«Kampen for et demokratisk internettÂ» -som ogsÃ¥ er -tilgjengelig -fra The Internet Archive.
- -
Boken beskriver hvordan opphavsrettens makt i USA har blitt -betydelig utvidet etter 1974 langs fem kritiske akser: varighet (fra -32 til 95 Ã¥r), omfang (fra utgivere til alle), rekkevidde (gjelder nÃ¥ -enhver fremvisning via datamaskin), kontroll (avledede verk er -definert sÃ¥ bredt at i praksis alle nye Ã¥ndsverk risikerer sÃ¸ksmÃ¥l fra -en opphavsrettsinnehaver) og til sist maktkonsentrasjon og integrering -av mediebransjen. Den dokumenterer ogsÃ¥ hvordan medieindustrien har -lyktes med Ã¥ bruke rettsvesenet til Ã¥ begrense konkurranse, og i -praksis har skaffet seg vetorett over teknologiske nyvinninger. -Nedlasting av fritt, lovlig og i utgangspunktet gratis materiale -stoppes med tekniske sperrer og lobbyert lovvern av sperrene.
- -
Utvidelsene illustreres i boken med ulike eksempler. For eksempel -en demonstrasjon av at Walt Disney ville ha blitt ansett som en -opphavsrettspirat dersom han gjorde i dag det han gjorde pÃ¥ -1930-tallet. Boken beskriver hvordan vern av Ã¥ndsverk er bra, men at -mer vern ikke nÃ¸dvendigvis er bedre. - -
Petter Reinholdtsen, som sammen med flere frivillige har oversatt -boken pÃ¥ fritiden de siste 3 Ã¥rene, hÃ¥per at boken vil gjÃ¸re en -forskjell. Â«NÃ¥r en vet hvordan opphavsrettens varighet i Norge, uten -opposisjon pÃ¥ Stortinget, ble utvidet nok en gang i mai i fjor, og -hvordan Norges handelspartner USA gjennom de nye handelsavtalene -Trans-Pacific Partnership og Transatlantic Trade and Investment -Partnership -Ã¸nsker -Ã¥ utvide opphavsrettens makt ogsÃ¥ i andre land, hÃ¥per jeg at flere -vil spÃ¸rre: Er det virkelig fornuftig Ã¥ gjÃ¸re de samme utvidelsene i -Norge?Â», spÃ¸r han. Â«Jeg hÃ¥per boken kan bidra til kunnskap og -forstÃ¥else, og kan gi Stortinget et bedre grunnlag til Ã¥ ta riktige -beslutninger som ivaretar befolkningens og samfunnets interesser i -Norge.Â»
- -
Petter Reinholdtsen er en mangeÃ¥rig fri programvareutvikler som har -vÃ¦rt med pÃ¥ Ã¥ lage systemer som operativsystemet Debian, IT-lÃ¸sningen -Skolelinux, borgerportalen FiksGataMi og innsynstjenesten Mimes brÃ¸nn. -Han forteller han selv har opplevd problemene utvidet varighet, -omfang, rekkevidde og kontroll i opphavsretten medfÃ¸rer og at boken -var en oppvekker. Â«Jeg hÃ¥per andre finner boken like interessant som -jeg gjorde. Boken kan -lastes -gratis ned fra github eller -kjÃ¸pes -pÃ¥ papir fra lulu.com,Â» avslutter Reinholdtsen.
- -

- -

SÃ¥ fÃ¥r vi se om det har noen positiv effekt. :)

Â«Rapporten ser ikke pÃ¥ informasjonssikkerhet knyttet til personlig integritetÂ»

27th June 2017

Jeg kom over teksten +Â«Killing +car privacy by federal mandateÂ» av Leonid Reyzin pÃ¥ Freedom to +Tinker i dag, og det gleder meg Ã¥ se en god gjennomgang om hvorfor det +er et urimelig inngrep i privatsfÃ¦ren Ã¥ la alle biler kringkaste sin +posisjon og bevegelse via radio. Det omtalte forslaget basert pÃ¥ +Dedicated Short Range Communication (DSRC) kalles Basic Safety Message +(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det +norske Vegvesenet er en av de som ser ut til Ã¥ kunne tenke seg Ã¥ +pÃ¥legge alle biler Ã¥ fjerne nok en bit av innbyggernes privatsfÃ¦re. +Anbefaler alle Ã¥ lese det som stÃ¥r der. + +

Mens jeg tittet litt pÃ¥ DSRC pÃ¥ biler i Norge kom jeg over et sitat +jeg synes er illustrativt for hvordan det offentlige Norge hÃ¥ndterer +problemstillinger rundt innbyggernes privatsfÃ¦re i SINTEF-rapporten +Â«Informasjonssikkerhet +i AutoPASS-brikkerÂ» av Trond Foss:

+ +

+Â«Rapporten ser ikke pÃ¥ informasjonssikkerhet knyttet til personlig + integritet.Â» +

+ +

SÃ¥ enkelt kan det tydeligvis gjÃ¸res nÃ¥r en vurderer +informasjonssikkerheten. Det holder vel at folkene pÃ¥ toppen kan si +at Â«Personvernet er ivaretattÂ», som jo er den populÃ¦re intetsigende +frasen som gjÃ¸r at mange tror enkeltindividers integritet tas vare pÃ¥. +Sitatet fikk meg til Ã¥ undres pÃ¥ hvor ofte samme tilnÃ¦rming, Ã¥ bare se +bort fra behovet for personlig itegritet, blir valgt nÃ¥r en velger Ã¥ +legge til rette for nok et inngrep i privatsfÃ¦ren til personer i +Norge. Det er jo sjelden det fÃ¥r reaksjoner. Historien om +reaksjonene pÃ¥ Helse SÃ¸r-Ãsts tjenesteutsetting er jo sÃ¸rgelig nok et +unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei +til bÃ¥de AutoPASS og holder meg sÃ¥ langt unna det norske helsevesenet +som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter +individets privatsfÃ¦re og personlige integritet hÃ¸yere enn kortsiktig +gevist og samfunnsnytte.

- Tags: freeculture, norsk. + Tags: norsk, personvern, sikkerhet.

@@ -290,65 +206,66 @@ pÃ¥ papir fra lulu.com,Â» avslutter Reinholdtsen.

"Fri kultur" av @lessig - norsk utgave av "Free Culture" tilgjengelig pÃ¥ papir, PDF og ePub

28th October 2015

Klikk her for Ã¥ kjÃ¸pe boken.

- -

I 2004, mens Creative -Commons-bevegelsen vokste frem, skrev bevegelsens stifter Lawrence -Lessig boken -Free -Culture for Ã¥ forklare problemene med Ã¸kene Ã¥ndsverksregulering og -for Ã¥ foreslÃ¥ noen lÃ¸sninger. Jeg leste boken den gangen, og den bÃ¥de -inspirerte meg og endret pÃ¥ hvordan jeg sÃ¥ pÃ¥ opphavsrettslovigving. -Jeg skulle Ã¸nske flere folk leste denne boken. Den gir en god -gjennomgang av hvordan Ã¸kende Ã¥ndsverksregulering skader bÃ¥de -nyskapning og kulturlivet, og skisserer hvordan bÃ¥de lovgivere og oss -vanlige borgere kan bidra for Ã¥ fÃ¥ slutt pÃ¥ dette.

- -

Derfor bestemte jeg meg sommeren 2012 for Ã¥ oversette den til norsk -bokmÃ¥l og gjÃ¸re den tilgjengelig for de blant mine venner og familie -som foretrekker Ã¥ lese bÃ¸ker pÃ¥ norsk. Jeg oversatte boken ved hjelp -av docbook og en gettext PO-fil, og endte opp med to utgaver, en pÃ¥ -norsk og en pÃ¥ engelsk. Den engelske publiserte jeg i forrige uke, og -den norske utgaven pÃ¥ papir -er -nÃ¥ klar for salg. Jeg fikk heldigvis hjelp med oversetting og -korrekturlesing av den norske utgaven fra en rekke frivillige. Se -side 245 for en komplett liste. Slik ser omslaget ut: - -

- -

I tillegg til den norske og engelske utgaven holder vi pÃ¥ med en -fransk utgave. Den koordineres av dblatex-utvikleren BenoÃ®t Guillon, -og oversettelsen var komplett denne uka men mÃ¥ korrekturleses fÃ¸r den -kan gis ut. Flere frivillige trengs her, sÃ¥ ta kontakt med BenoÃ®t -hvis du vil bidra.

- -

Boken er ogsÃ¥ tilgjengelig i PDF, ePub og MOBI-format fra -min -github-prosjektside. Merk at ePub og MOBI-utgavene har noen -formatteringsproblemer som jeg tror kommer av feil i docbook-verktÃ¸yet -dbtoepub (Debian BTS-rapporter -#795842 -og -#796871), -men jeg har ikke tatt meg tid til Ã¥ undersÃ¸ke problemene. For de som -vil ha elektronisk kopi anbefaler jeg Ã¥ bruke PDF- og ePub-utgaven i -denne omgang, da de ser ut til Ã¥ hÃ¥nderes bra av de fremviserne jeg -har tilgjengelig.

- -

Etter at oversettelsen til bokmÃ¥l var ferdig klarte jeg Ã¥ overtale -NUUG Foundation til Ã¥ -sponse trykking av boken. Det er Ã¥rsaken til at stiftelsens logo er -pÃ¥ baksiden av omslaget. Jeg er svÃ¦rt takknemlig for dette, og bruker -bidraget til Ã¥ gi en kopi av den norske utgaven til alle -Stortingsrepresentanter og andre beslutningstakere her i Norge.

Updated sales number for my Free Culture paper editions

12th June 2017

It is pleasing to see that the work we put down in publishing new +editions of the classic Free +Culture book by the founder of the Creative Commons movement, +Lawrence Lessig, is still being appreciated. I had a look at the +latest sales numbers for the paper edition today. Not too impressive, +but happy to see some buyers still exist. All the revenue from the +books is sent to the Creative +Commons Corporation, and they receive the largest cut if you buy +directly from Lulu. Most books are sold via Amazon, with Ingram +second and only a small fraction directly from Lulu. The ebook +edition is available for free from +Github.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Title / language	Quantity
Title / language	2016 jan-jun	2016 jul-dec	2017 jan-may
Culture Libre / French	3	6	15
Fri kultur / Norwegian	7	1	0
Free Culture / English	14	27	16
Total	24	34	31

+ +

A bit sad to see the low sales number on the Norwegian edition, and +a bit surprising the English edition still selling so well.

+ +

If you would like to translate and publish the book in your native +language, I would be happy to help make it happen. Please get in +touch.

- Tags: docbook, freeculture, norsk. + Tags: docbook, english, freeculture.

@@ -356,65 +273,59 @@ Stortingsrepresentanter og andre beslutningstakere her i Norge.

"Free Culture" by @lessig - The background story for Creative Commons - new edition available

23rd October 2015

Click -here to buy the book.

- -

In 2004, as the Creative Commons -movement gained momentum, its creator Lawrence Lessig wrote the -book Free -Culture to explain the problems with increasing copyright -regulation and suggest some solutions. I read the book back then and -was very moved by it. Reading the book inspired me and changed the -way I looked on copyright law, and I would love it if more people -would read it too.

- -

Because of this, I decided in the summer of 2012 to translate it to -Norwegian BokmÃ¥l and publish it for those of my friends and family -that prefer to read books in Norwegian. I translated the book using -docbook and a gettext PO file, and a byproduct of this process is a -new edition of the English original. I've been in touch with the -author during by work, and he said it was fine with him if I also -published an English version. So I decided to do so. Today, I made -this edition -available -for sale on Lulu.com, for those interested in a paper book. This -is the cover: - -

- -

The Norwegian BokmÃ¥l version will be available for purchase in a -few days. I also plan to publish a French version in a few weeks or -months, depending on the amount of people with knowledge of French to -join the translation project. So far there is only one active -person, but the French book is almost completely translated but -need some proof reading.

- -

The book is also available in PDF, ePub and MOBI formats from -my -github project page. Note the ePub and MOBI versions have some -formatting problems I believe is due to bugs in the docbook tool -dbtoepub (Debian BTS issues -#795842 -and -#796871), -but I have not taken the time to investigate. I recommend the PDF and -ePub version for now, as they seem to show up fine in the viewers I -have available.

- -

After the translation to Norwegian BokmÃ¥l was complete, I was able -to secure some sponsoring from -the NUUG Foundation to -print the book. This is the reason their logo is located on the back -cover. I am very grateful for their contribution, and will use it to -give a copy of the Norwegian edition to members of the Norwegian -Parliament and other decision makers here in Norway.

Release 0.1.1 of free software archive system Nikita announced

10th June 2017

I am very happy to report that the +Nikita Noark 5 +core project tagged its second release today. The free software +solution is an implementation of the Norwegian archive standard Noark +5 used by government offices in Norway. These were the changes in +version 0.1.1 since version 0.1.0 (from NEWS.md): + +

Continued work on the angularjs GUI, including document upload.
Implemented correspondencepartPerson, correspondencepartUnit and + correspondencepartInternal
Applied for coverity coverage and started submitting code on + regualr basis.
Started fixing bugs reported by coverity
Corrected and completed HATEOAS links to make sure entire API is + available via URLs in _links.
Corrected all relation URLs to use trailing slash.
Add initial support for storing data in ElasticSearch.
Now able to receive and store uploaded files in the archive.
Changed JSON output for object lists to have relations in _links.
Improve JSON output for empty object lists.
Now uses correct MIME type application/vnd.noark5-v4+json.
Added support for docker container images.
Added simple API browser implemented in JavaScript/Angular.
Started on archive client implemented in JavaScript/Angular.
Started on prototype to show the public mail journal.
Improved performance by disabling Sprint FileWatcher.
Added support for 'arkivskaper', 'saksmappe' and 'journalpost'.
Added support for some metadata codelists.
Added support for Cross-origin resource sharing (CORS).
Changed login method from Basic Auth to JSON Web Token (RFC 7519) + style.
Added support for GET-ing ny-* URLs.
Added support for modifying entities using PUT and eTag.
Added support for returning XML output on request.
Removed support for English field and class names, limiting ourself + to the official names.
...

+ +

If this sound interesting to you, please contact us on IRC (#nikita +on irc.freenode.net) or email +(nikita-noark +mailing list).

- Tags: docbook, english, freeculture. + Tags: english, nuug, offentlig innsyn, standard.

@@ -422,35 +333,99 @@ Parliament and other decision makers here in Norway.

EU-domstolen konkluderer motsatt av Skatteetaten nÃ¥r det gjelder Bitcoin

22nd October 2015

Bitcoin er i litt vinden i Norge for tiden, med -kronikk -om bitcoin-overfÃ¸ringer pÃ¥ tvers av landegrensene hos NRK Ytring -for to dager siden og -dokumentar -om bitcoin pÃ¥ NRK 2 i forgÃ¥rs og i gÃ¥r. I den sammenhengen er det -spesielt hyggelig med en gladnyhet fra EU om Bitcoin.

- -

I dag konkluderte EU-domstolen at -Bitcoin-kjÃ¸p -fra Bitcoin-bÃ¸rser ikke er MVA-pliktig (sak Câ264/14). Fant -nyheten -fÃ¸rst hos Reuters, etter tips fra innehaveren av -Bitmynt. EU-domstolens avgjÃ¸relse -er stikk i strid med -annonseringen -fra Skatteetaten i 2013, der de konkluderte med at bitcoin er et -Â«formuesobjekterÂ» som det skulle betales mva pÃ¥ ved kjÃ¸p og salg. -Dermed la Skatteetaten opp til dobbel MVA-betaling hvis en kjÃ¸pte noe -med Bitcoin fra Norge (fÃ¸rst mva pÃ¥ kjÃ¸p av Bitcoin, deretter mva pÃ¥ -det en kjÃ¸per med Bitcoin). Jeg lurer pÃ¥ om denne avgjÃ¸relsen fÃ¥r -Skatteetaten til Ã¥ bytte mening. Gleder meg til fortsettelsen.

Idea for storing trusted timestamps in a Noark 5 archive

7th June 2017

This is a copy of +an +email I posted to the nikita-noark mailing list. Please follow up +there if you would like to discuss this topic. The background is that +we are making a free software archive system based on the Norwegian +Noark +5 standard for government archives.

+ +

I've been wondering a bit lately how trusted timestamps could be +stored in Noark 5. +Trusted +timestamps can be used to verify that some information +(document/file/checksum/metadata) have not been changed since a +specific time in the past. This is useful to verify the integrity of +the documents in the archive.

+ +

Then it occured to me, perhaps the trusted timestamps could be +stored as dokument variants (ie dokumentobjekt referered to from +dokumentbeskrivelse) with the filename set to the hash it is +stamping?

+ +

Given a "dokumentbeskrivelse" with an associated "dokumentobjekt", +a new dokumentobjekt is associated with "dokumentbeskrivelse" with the +same attributes as the stamped dokumentobjekt except these +attributes:

+ +

format -> "RFC3161" +
mimeType -> "application/timestamp-reply" +
formatDetaljer -> "<source URL for timestamp service>" +
filenavn -> "<sjekksum>.tsr" + +

+ +

This assume a service following +IETF RFC 3161 is +used, which specifiy the given MIME type for replies and the .tsr file +ending for the content of such trusted timestamp. As far as I can +tell from the Noark 5 specifications, it is OK to have several +variants/renderings of a dokument attached to a given +dokumentbeskrivelse objekt. It might be stretching it a bit to make +some of these variants represent crypto-signatures useful for +verifying the document integrity instead of representing the dokument +itself.

+ +

Using the source of the service in formatDetaljer allow several +timestamping services to be used. This is useful to spread the risk +of key compromise over several organisations. It would only be a +problem to trust the timestamps if all of the organisations are +compromised.

+ +

The following oneliner on Linux can be used to generate the tsr +file. $input is the path to the file to checksum, and $sha256 is the +SHA-256 checksum of the file (ie the ".tsr" value mentioned +above).

+ +

+openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \
+  | curl -s -H "Content-Type: application/timestamp-query" \
+      --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr
+

+ +

To verify the timestamp, you first need to download the public key +of the trusted timestamp service, for example using this command:

+ +

+wget -O ca-cert.txt \
+  https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
+

+ +

Note, the public key should be stored alongside the timestamps in +the archive to make sure it is also available 100 years from now. It +is probably a good idea to standardise how and were to store such +public keys, to make it easier to find for those trying to verify +documents 100 or 1000 years from now. :)

+ +

The verification itself is a simple openssl command:

+ +

+openssl ts -verify -data $inputfile -in $sha256.tsr \
+  -CAfile ca-cert.txt -text
+

+ +

Is there any reason this approach would not work? Is it somehow against +the Noark 5 specification?

- Tags: bitcoin, norsk. + Tags: english, offentlig innsyn, standard.

@@ -458,34 +433,61 @@ Skatteetaten til Ã¥ bytte mening. Gleder meg til fortsettelsen.

Lawrence Lessig interviewed Edward Snowden a year ago

19th October 2015

Last year, US president candidate -in the Democratic Party Lawrence interviewed Edward Snowden. The -one hour interview was -published by -Harvard Law School 2014-10-23 on Youtube, and the meeting took -place 2014-10-20.

- -

The questions are very good, and there is lots of useful -information to be learned and very interesting issues to think about -being raised. Please check it out.

- - - -

I find it especially interesting to hear again that Snowden did try -to bring up his reservations through the official channels without any -luck. It is in sharp contrast to the answers made 2013-11-06 by the -Norwegian prime minister Erna Solberg to the Norwegian Parliament, -claiming -Snowden is no Whistle-Blower because he should have taken up his -concerns internally and using official channels. It make me sad -that this is the political leadership we have here in Norway.

NÃ¥r nynorskoversettelsen svikter til eksamen...

3rd June 2017

Aftenposten +melder i dag om feil i eksamensoppgavene for eksamen i politikk og +menneskerettigheter, der teksten i bokmÃ¥ls og nynorskutgaven ikke var +like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring +pÃ¥ om den fri oversetterlÃ¸sningen +Apertium ville gjort en bedre +jobb enn Utdanningsdirektoratet. Det kan se slik ut.

+ +

Her er bokmÃ¥lsoppgaven fra eksamenen:

+ +

+
DrÃ¸ft utfordringene knyttet til nasjonalstatenes og andre aktÃ¸rers +rolle og muligheter til Ã¥ hÃ¥ndtere internasjonale utfordringer, som +for eksempel flykningekrisen.
+ +
Vedlegge er eksempler pÃ¥ tekster som kan gi relevante perspektiver +pÃ¥ temaet:
+
+
Flykningeregnskapet 2016, UNHCR og IDMC +
Â«GrenselÃ¸st Europa for fallÂ» A-Magasinet, 26. november 2015 +
+ +

+ +

Dette oversetter Apertium slik:

+ +

+
DrÃ¸ft utfordringane knytte til nasjonalstatane sine og rolla til +andre aktÃ¸rar og hÃ¸ve til Ã¥ handtera internasjonale utfordringar, som +til dÃ¸mes *flykningekrisen.
+ +
Vedleggja er dÃ¸me pÃ¥ tekster som kan gje relevante perspektiv pÃ¥ +temaet:
+ +
+
*Flykningeregnskapet 2016, *UNHCR og *IDMC
+
Â«*GrenselÃ¸st Europa for fallÂ» A-Magasinet, 26. november 2015
+
+ +

+ +

Ord som ikke ble forstÃ¥tt er markert med stjerne (*), og trenger +ekstra sprÃ¥ksjekk. Men ingen ord er forsvunnet, slik det var i +oppgaven elevene fikk presentert pÃ¥ eksamen. Jeg mistenker dog at +"andre aktÃ¸rers rolle og muligheter til ..." burde vÃ¦rt oversatt til +"rolla til andre aktÃ¸rar og deira hÃ¸ve til ..." eller noe slikt, men +det er kanskje flisespikking. Det understreker vel bare at det alltid +trengs korrekturlesning etter automatisk oversettelse.

- Tags: english, personvern, sikkerhet, surveillance. + Tags: debian, norsk, stavekontroll.

@@ -493,30 +495,67 @@ that this is the political leadership we have here in Norway.

The Story of Aaron Swartz - Let us all weep!

8th October 2015

The movie "The -Internet's Own Boy: The Story of Aaron Swartz" is both inspiring -and depressing at the same time. The work of Aaron Swartz has -inspired me in my work, and I am grateful of all the improvements he -was able to initiate or complete. I wish I am able to do as much good -in my life as he did in his. Every minute of this 1:45 long movie is -inspiring in documenting how much impact a single person can have on -improving the society and this world. And it is depressing in -documenting how the law enforcement of USA (and other countries) is -corrupted to a point where they can push a bright kid to his death for -downloading too many scientific articles. Aaron is dead. Let us all -weep.

- -

The movie is also available on -Youtube. I -wish there were Norwegian subtitles available, so I could show it to -my parents.

Epost inn som arkivformat i Riksarkivarens forskrift?

27th April 2017

I disse dager, med frist 1. mai, har Riksarkivaren ute en hÃ¸ring pÃ¥ +sin forskrift. Som en kan se er det ikke mye tid igjen fÃ¸r fristen +som gÃ¥r ut pÃ¥ sÃ¸ndag. Denne forskriften er det som lister opp hvilke +formater det er greit Ã¥ arkivere i +Noark +5-lÃ¸sninger i Norge.

+ +

Jeg fant hÃ¸ringsdokumentene hos +Norsk +ArkivrÃ¥d etter Ã¥ ha blitt tipset pÃ¥ epostlisten til +fri +programvareprosjektet Nikita Noark5-Core, som lager et Noark 5 +Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket +vÃ¦re min interesse for tjenestegrensesnittsprosjektet har jeg lest en +god del Noark 5-relaterte dokumenter, og til min overraskelse oppdaget +at standard epost ikke er pÃ¥ listen over godkjente formater som kan +arkiveres. HÃ¸ringen med frist sÃ¸ndag er en glimrende mulighet til Ã¥ +forsÃ¸ke Ã¥ gjÃ¸re noe med det. Jeg holder pÃ¥ med +egen +hÃ¸ringsuttalelse, og lurer pÃ¥ om andre er interessert i Ã¥ stÃ¸tte +forslaget om Ã¥ tillate arkivering av epost som epost i arkivet.

+ +

Er du igang med Ã¥ skrive egen hÃ¸ringsuttalelse allerede? I sÃ¥ fall +kan du jo vurdere Ã¥ ta med en formulering om epost-lagring. Jeg tror +ikke det trengs sÃ¥ mye. Her et kort forslag til tekst:

+ +

+ +
Viser til hÃ¸ring sendt ut 2017-02-17 (Riksarkivarens referanse + 2016/9840 HELHJO), og tillater oss Ã¥ sende inn noen innspill om + revisjon av Forskrift om utfyllende tekniske og arkivfaglige + bestemmelser om behandling av offentlige arkiver (Riksarkivarens + forskrift).
+ +
SvÃ¦rt mye av vÃ¥r kommuikasjon foregÃ¥r i dag pÃ¥ e-post.Â Vi + foreslÃ¥r derfor at Internett-e-post, slik det er beskrevet i IETF + RFC 5322, + https://tools.ietf.org/html/rfc5322. bÃ¸r + inn som godkjent dokumentformat.Â Vi foreslÃ¥r at forskriftens + oversikt over godkjente dokumentformater ved innlevering i Â§ 5-16 + endres til Ã¥ ta med Internett-e-post.
+ +

+ +

Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan +epost kan lagres i en Noark 5-struktur, og holder pÃ¥ Ã¥ skrive et +forslag om hvordan dette kan gjÃ¸res som vil bli sendt over til +arkivverket sÃ¥ snart det er ferdig. De som er interesserte kan +fÃ¸lge +fremdriften pÃ¥ web.

+ +

Oppdatering 2017-04-28: I dag ble hÃ¸ringuttalelsen jeg skrev + sendt + inn av foreningen NUUG.

- Tags: english, opphavsrett. + Tags: norsk, offentlig innsyn, standard.

@@ -524,68 +563,52 @@ my parents.

Alle Stortingets mobiltelefoner kontrolleres fra USA...

7th October 2015

Jeg lot meg fascinere av -en -artikkel i Aftenposten der det fortelles at Â«over 600 telefoner som -benyttes av stortingsrepresentanter, rÃ¥dgivere og ansatte pÃ¥ -Stortinget, kan Â«fjernstyresÂ» ved hjelp av -programvaren -Airwatch, et sÃ¥kalte MDM-program (Mobile Device Managment)Â». Det -hele bagatelliseres av Stortingets IT-stab, men det er i hovedsak pÃ¥ -grunn av at journalisten ikke stiller de relevante spÃ¸rsmÃ¥lene. For -meg er det relevante spÃ¸rsmÃ¥let hvem som har lovlig tilgang (i henhold -til lokal lovgiving, dvs. i hvert fall i Norge, Sverige, UK og USA) -til informasjon om og pÃ¥ telefonene, og hvor enkelt det er Ã¥ skaffe -seg tilgang til hvor mobilene befinner seg og informasjon som befinner -seg pÃ¥ telefonene ved hjelp av utro tjenere, trusler, innbrudd og -andre ulovlige metoder.

- -

Bruken av AirWatch betyr i realiteten at USAs etteretning og -politimyndigheter har full tilgang til stortingets mobiltelefoner, -inkludert posisjon og innhold, takket vÃ¦re -FISAAA-loven -og -"National -Security Letters" og det enkle faktum at selskapet -AirWatch er kontrollert av et -selskap i USA. I tillegg er det kjent at flere lands -etterretningstjenester kan lytte pÃ¥ trafikken nÃ¥r den passerer -landegrensene.

- -

Jeg har bedt om mer informasjon -fra -Stortinget om bruken av AirWatch via Mimes brÃ¸nn sÃ¥ fÃ¥r vi se hva -de har Ã¥ fortelle om saken. Fant ingenting om 'airwatch' i -postjournalen til Stortinget, sÃ¥ jeg trenger hjelp fÃ¸r jeg kan be om -innsyn i konkrete dokumenter.

- -

Oppdatering 2015-10-07: Jeg er blitt spurt hvorfor jeg antar at -AirWatch-agenten rapporterer til USA og ikke direkte til Stortingets -egen infrastruktur. Det stemmer at det er teknisk mulig Ã¥ sette -opp mobiltelefonene til Ã¥ rapportere til datamaskiner som eies av -Stortinget. Jeg antar det rapporteres til AirWatch sine sentrale -tjenester basert pÃ¥ det jeg leste fra beskrivelsen av -Mobile -Device Management pÃ¥ AirWatch sine egne nettsider, koblet med at -det brukes en standard app som kan hentes fra "app-butikkene" for Ã¥ fÃ¥ -tilgang. Enten mÃ¥ app-en settes opp individuelt hos Stortinget, eller -sÃ¥ fÃ¥r den beskjed fra AirWatch i USA om hvor den skal koble seg opp. -I det fÃ¸rste tilfellet vil den ikke rapportere direkte til USA, men -til programvare utviklet av AirWatch som kjÃ¸rer pÃ¥ en maskin under -Stortingets kontroll. Det er litt bedre, men fortsatt vil det vÃ¦re -umulig for Stortinget Ã¥ vÃ¦re sikker pÃ¥ hva programvaren som tar imot -forbindelser gjÃ¸r. Jeg ser fra beskrivelsen av -Enterprice -Integration hos AirWatch at det er mulig Ã¥ ha lokal installasjon, -og hÃ¥per innsynsforespÃ¸rsler mot Stortinget kan fortelle mer om -hvordan ting konkret fungerer der.

Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter

20th April 2017

Jeg oppdaget i dag at nettstedet som +publiserer offentlige postjournaler fra statlige etater, OEP, har +begynt Ã¥ blokkerer enkelte typer webklienter fra Ã¥ fÃ¥ tilgang. Vet +ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl +og curl. For Ã¥ teste selv, kjÃ¸r fÃ¸lgende:

+ +

+% curl -v -s https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP'
+< HTTP/1.1 404 Not Found
+% curl -v -s --header 'User-Agent:Opera/12.0' https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP'
+< HTTP/1.1 200 OK
+%
+

+ +

Her kan en se at tjenesten gir Â«404 Not FoundÂ» for curl i +standardoppsettet, mens den gir Â«200 OKÂ» hvis curl hevder Ã¥ vÃ¦re Opera +versjon 12.0. Offentlig elektronisk postjournal startet blokkeringen +2017-03-02.

+ +

Blokkeringen vil gjÃ¸re det litt vanskeligere Ã¥ maskinelt hente +informasjon fra oep.no. Kan blokkeringen vÃ¦re gjort for Ã¥ hindre +automatisert innsamling av informasjon fra OEP, slik Pressens +Offentlighetsutvalg gjorde for Ã¥ dokumentere hvordan departementene +hindrer innsyn i +rapporten +Â«Slik hindrer departementer innsynÂ» som ble publiserte i januar +2017. Det virker usannsynlig, da det jo er trivielt Ã¥ bytte +User-Agent til noe nytt.

+ +

Finnes det juridisk grunnlag for det offentlige Ã¥ diskriminere +webklienter slik det gjÃ¸res her? Der tilgang gis eller ikke alt etter +hva klienten sier at den heter? Da OEP eies av DIFI og driftes av +Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to +aktÃ¸rene man kan be om innsyn i for Ã¥ forstÃ¥ hva som har skjedd. Men +postjournalen +til DIFI viser kun to dokumenter det siste Ã¥ret mellom DIFI og +Basefarm. +Mimes brÃ¸nn neste, +tenker jeg.

- Tags: norsk, offentlig innsyn, personvern, sikkerhet, stortinget, surveillance. + Tags: norsk, offentlig innsyn.

@@ -593,32 +616,101 @@ hvordan ting konkret fungerer der.

French Docbook/PDF/EPUB/MOBI edition of the Free Culture book

1st October 2015

As I wrap up the Norwegian version of -Free -Culture book by Lawrence Lessig (still waiting for my final proof -reading copy to arrive in the mail), my great -dblatex helper and -developer of the dblatex docbook processor, BenoÃ®t Guillon, decided a -to try to create a French version of the book. He started with the -French translation available from the -Wikilivres wiki -pages, and wrote a program to convert it into a PO file, allowing -the translation to be integrated into the po4a based framework I use -to create the Norwegian translation from the English edition. We meet -on the #dblatex IRC -channel to discuss the work. If you want to help create a French -edition, check out -his git -repository and join us on IRC. If the French edition look good, -we might publish it as a paper book on lulu.com. A French version of -the drawings and the cover need to be provided for this to happen.

Free software archive system Nikita now able to store documents

19th March 2017

The Nikita +Noark 5 core project is implementing the Norwegian standard for +keeping an electronic archive of government documents. +The +Noark 5 standard document the requirement for data systems used by +the archives in the Norwegian government, and the Noark 5 web interface +specification document a REST web service for storing, searching and +retrieving documents and metadata in such archive. I've been involved +in the project since a few weeks before Christmas, when the Norwegian +Unix User Group +announced +it supported the project. I believe this is an important project, +and hope it can make it possible for the government archives in the +future to use free software to keep the archives we citizens depend +on. But as I do not hold such archive myself, personally my first use +case is to store and analyse public mail journal metadata published +from the government. I find it useful to have a clear use case in +mind when developing, to make sure the system scratches one of my +itches.

+ +

If you would like to help make sure there is a free software +alternatives for the archives, please join our IRC channel +(#nikita on +irc.freenode.net) and +the +project mailing list.

+ +

When I got involved, the web service could store metadata about +documents. But a few weeks ago, a new milestone was reached when it +became possible to store full text documents too. Yesterday, I +completed an implementation of a command line tool +archive-pdf to upload a PDF file to the archive using this +API. The tool is very simple at the moment, and find existing +fonds, series and +files while asking the user to select which one to use if more than +one exist. Once a file is identified, the PDF is associated with the +file and uploaded, using the title extracted from the PDF itself. The +process is fairly similar to visiting the archive, opening a cabinet, +locating a file and storing a piece of paper in the archive. Here is +a test run directly after populating the database with test data using +our API tester:

+ +

+~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf
+using arkiv: Title of the test fonds created 2017-03-18T23:49:32.103446
+using arkivdel: Title of the test series created 2017-03-18T23:49:32.103446
+
+ 0 - Title of the test case file created 2017-03-18T23:49:32.103446
+ 1 - Title of the test file created 2017-03-18T23:49:32.103446
+Select which mappe you want (or search term): 0
+Uploading mangelmelding/mangler.pdf
+  PDF title: Mangler i spesifikasjonsdokumentet for NOARK 5 Tjenestegrensesnitt
+  File 2017/1: Title of the test case file created 2017-03-18T23:49:32.103446
+~/src//noark5-tester$
+

+ +

You can see here how the fonds (arkiv) and serie (arkivdel) only had +one option, while the user need to choose which file (mappe) to use +among the two created by the API tester. The archive-pdf +tool can be found in the git repository for the API tester.

+ +

In the project, I have been mostly working on +the API +tester so far, while getting to know the code base. The API +tester currently use +the HATEOAS links +to traverse the entire exposed service API and verify that the exposed +operations and objects match the specification, as well as trying to +create objects holding metadata and uploading a simple XML file to +store. The tester has proved very useful for finding flaws in our +implementation, as well as flaws in the reference site and the +specification.

+ +

The test document I uploaded is a summary of all the specification +defects we have collected so far while implementing the web service. +There are several unclear and conflicting parts of the specification, +and we have +started +writing down the questions we get from implementing it. We use a +format inspired by how The +Austin Group collect defect reports for the POSIX standard with +their +instructions for the MANTIS defect tracker system, in lack of an official way to structure defect reports for Noark 5 (our first submitted defect report was a request for a procedure for submitting defect reports :). + +

The Nikita project is implemented using Java and Spring, and is +fairly easy to get up and running using Docker containers for those +that want to test the current code base. The API tester is +implemented in Python.

- Tags: docbook, english, freeculture. + Tags: english, nuug, offentlig innsyn, standard.

@@ -633,6 +725,54 @@ the drawings and the cover need to be provided for this to happen.