Feeds

* Posts by tom dial

681 posts • joined 16 Jan 2011

Page:

Google Apple grapple brings crypto cop block to Android

tom dial
Bronze badge

Re: Errm, Android has had on device encryption since 2012

OSX on a machine having a multi-core processor with cryptographic exensions, perhaps? That would not be very comparable to older ARM based devices.

0
0

TOR users become FBI's No.1 hacking target after legal power grab

tom dial
Bronze badge

Re: Damaged without authorization...

The quote ("used to the injury of ...") is from 18 USC 1030 (a)(1), and appears to cover retention or disclosure to unauthorized persons of information obtained by unauthorized access or access exceeding authorization.

The paragraph describes pretty completely what Edward Snowden is accused of and Bradley Manning was convicted of.

0
0
tom dial
Bronze badge

Re: Damaged without authorization...

The version of 18 U.S.C. § 1030(a)(5) available at http://www.law.cornell.edu/uscode/text/18/1030 reads, at the citation:

"(5)

(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss."

That sounds like (a) a cyberattack, and (b) what the FBI might do in executing a warrant.

Prof. Ghappour's article, linked at the end, is much more balanced and measured than either this article or any of the comments (as of 1830 UTC).

0
0

New Snowden leak: US and Brit spooks 'tap into German telco networks to map end devices'

tom dial
Bronze badge

An interesting paper indeed, and I suspect that NSA analysts both anticipated and read it. In large part, they appear to have extended and deepened the mapping, as might be expected of such an agency.

0
0
tom dial
Bronze badge

Re: I didn't believe the SCALE

Spying, including signals intelligence, began long before i"terrorism" was one of its targets. The NSA, after all, was established in 1952 as the successor to an Army agency dating back to or before the beginning of World War II. I believe much the same is true for GCHQ. It was different then, as there were no computer-based communications worthy of mention, but cables were tapped and radio signals collected long before there was an Internet. It would be quite surprising if adding new communication technology would change that significantly or that the new technology would somehow escape notice.

Despite the great furor, it is worthwhile to ask whether signals intelligence agencies now collect a greater fraction of the global communication volume than their predecessors did 50 or 75 years ago. The answer is not entirely obvious: from WW II until the early 1970's, the NSA received a copy of nearly every telegram that entered or left the US. My personal inclination is to think that the overall communication volume has increased faster than the capability of signals intelligence agencies to absorb and make sense of them, but I could be wrong and would find an attempt to answer the question interesting indeed.

2
0
tom dial
Bronze badge

Re: With 20:20 hindsight ...

Actually, a moderately attentive and somewhat technically knowledgeable reader of James Bamford's "Body of Secrets", published in 2001 (not a typo), certainly ought to have been able to figure out the extent, although certainly not the details of NSA internet signals intelligence activities. And only the incurably dull even would consider it possible that the Russians and Chinese do not have similar, and similarly ambitious, programs.

The same goes for the notion of "trust that was built in the post cold-war period." The Five Eyes governments trust each other to a considerable extent, but certainly expect to spy on, and be spied upon by each other; France, Germany, and the other NATO countries are nearly in the same category, as, probably, are Israel, Japan, South Korea, and Taiwan, although the levels of "trust", and of spying, vary. In the end, "trust' between nations always is limited, conditional, and subject to continual review and verification. Spying, including signals intelligence collection and analysis in particular, are some of the ways this is done.

In fact, with more or less extensive signals intelligence activity by numerous governments, much of the world is nonetheless engaged in extensive and growing peaceful multilateral trade and information exchange. The Internet has been generally recognized as basically insecure for over twenty years; most people act as if they do not care, and somewhere between most and nearly all of the real damage to people has come in the form of fraud and other theft.

1
1

PLEASE STOP with the snooping requests, begs Google as gov data demands skyrocket

tom dial
Bronze badge

Re: In the USA, quote the Fourth Amendment then DEMAND a warrant first

There is somewhat more complexity to this than this post suggests. An example:

Khalid Shaikh Mohammed or Mohammed Atta would, in the lead up to the 9/11/2001 attack on the WTC and Pentagon, have been legal and quite reasonable targets for US intelligence collection and their emails could have been collected under FISA rules in effect both then and now. Several of the hijacking participants were legally present in the US various times before the attack; their email and other communications would not be allowed, either then or now, to be targeted under FiSA constraints. What about (hypothetical) email messages between them discussing the planning for that event?

As I understand it, such emails would be fair game, but the minimization rules require the US addressee's ID to be masked for any dissemination unless an appropriate court order is obtained. Some, and I include myself, think this is a reasonable compromise and much better than the alternative of discarding or foregoing collection of such messages because one of the addressees is a US person. And contrary claims notwithstanding, current law clearly allows collecting such communications.

Collection within the US probably requires a court order (not necessarily a warrant) for the collection activity; done outside the US, it would be subject to the laws of the country in which it is done, and might well be done illegally (but still could be legal under US law).

0
0
tom dial
Bronze badge

It often amazes and amuses me that people down vote simple and reasonably accurate statements of fact.

4
1
tom dial
Bronze badge

Re: Transparency

Stop and think about it. Suppose you, for some reason, should be acquainted with and exchange email with someone under investigation in connection with a criminal offense like offering a bribe to a public official. Suppose further that the district attorney obtains a warrant requring Google to produce the suspect's email communications. Suppose, finally, that after the investigation is completed in a month or so the DA declines to prosecute on the basis that no criminal offense actually occurred. Would you wish the details of that warrant to be made public? Irrespective of your wishes in the circumstances, does it serve a public purpose to publicize it, or does it serve the public better to discard and forget it?

Things are not always what they seem at first to be, and not all warrants (or subpoenas, NSLs or other official requests) lead to further government action.

2
0
tom dial
Bronze badge

The data Google presents on their web site covers from 2009 forward, and court orders for such data existed for decades before that.

There is nothing new here, and not all that much to see either. Unless Google is lying by several orders of magnitude the number of requests and accounts affected is a tiny fraction of the population of internet users (what they report is in the order of 1/1000 of 1%). US government requests (at all levels of government) in criminal matters have grown about 32% annually over the last four and a half years and and the number of affected accounts about 25% annually over the three years for which Google presents data. FISA requests over the last four years have not changed much, but the number of affected accounts increased by around 50% annually, to a total of under 16000 for the second half of 2013. NSL activity appears to have changed little over the period. Against that, the annual growth in internet users appears to be about 12%, but the usage (proxied by traffic) has been growing at about 40% annually and the rate appears to be increasing. This is not grossly inconsistent with the reported growth in demands for data production.

Google is a big company and generates a lot of income. They are unlikely to be seriously inconvenienced by the reported volume of government data requests, especially in view of the fact the US government, at least, offsets part of their cost and Prism, whatever else it does, facilitates execution of the FISA requests.

3
1
tom dial
Bronze badge

Re: Maybe if the spooks had to pay

They do have to pay the reasonable costs of satisfying the government's demands, and when it came out not all that long ago that they did so, Google and others were promptly accused of selling out theiir customers.

To a first approximation, that is what Prism is about.

9
0

Phishing miscreants THWART securo-sleuths with AES-256 crypto

tom dial
Bronze badge

Re: This clip is applicable to many articles...

Including that it links to, which requires Javascript.

0
0

iPhone 6: Advanced features? Pah! Nexus 4 had most of them in 2012

tom dial
Bronze badge

I may be overly cynical, but I do not believe Apple would have bothered with NFC and payment processing unless they had a plan for domination.

2
0

Net neutrality protestors slam the brakes on their OWN websites

tom dial
Bronze badge

Re: Get it right

To put it more plainly: the "last mile" ISPs are getting more than enough monthly rent to cover serious network infrastructure upgrades - if they choose. Those who do are likely to have moderately satisfied customers; the others, maybe not.

0
0

Europe's Google wrangle: PLEASE, DOMINANT Mr Schmidt? More?

tom dial
Bronze badge

On the other hand, if your site is not on the first page or so of Google's response list it is likely not on the first page of Bing, Yahoo, or Duck Duck Go either. Although all of these consistently are slightly inferior to Google in producing the result list I want, all are pretty good, and certainly good enough for most uses. Schmidt is correct at least for me: I want a response containing links to sites that answer my query, not a result link that has links to sites that might respond to my query.

It would be interesting to see results of a survey posing the question whether (a) others have an opinion similar to mine and (b) how many/what per cent of the population actually want to see such useless responses as foundem or nextag (also how many/what per cent actively ignore such sites, as I do, in search results).

2
0

Heavy VPN users are probably pirates, says BBC

tom dial
Bronze badge

Regret if this has been noted before, but it appears that "rampant pirate" activity consists of a bit under 2.8 million of 22 million Australians "access" Pirate Bay or Kickass Torrent. Some of them download something, some of them doubtless quite a few somethings; and some of those surely are copyright materials from unauthorized sources. Perhaps 10% of the population downloads *something* unlawfully; probably less than 1% do so regularly and in quantity; for much of it the alternative to the illegal download would not have been a legal purchase or viewing.

The BBC Worldwide submission also claims A$1.37 BILLION in revenue lost to "movie piracy", an amount on the order of 5 to 10 movie theater admission tickets for each Australian. This fanciful number was paid for by "AFACT", probably the Australian Federation Against Copyright Theft, and needs discounting by at least one and more likely two orders of magnitude before approaching reality. But as it stands, it is under 1/10% of the Australian GDP and so, effectively, economic noise. It is all but certain that any real infringement loss to purveyors of copyrighted material is proportionately much less than mall store inventory shrinkage or grocery store spoilage losses. They are making much of little trying to get the government to impose regulations that will benefit them very little.

The difficult

0
0

The Schmidt hits the clan: Google chief mauls publishers' 'abuse of dominance' claims

tom dial
Bronze badge

Re: "Antitrust" ... misused as regularly as "Antisemitism".

"I am surprised to see that there is still no real competition to that - anyone an idea why?"

Other than the obvious one that the competitors haven't a clue how to do it as well? After all, nobody is forced by anything but habit to "google" anything; they could as easily "bing" it or "yahoo!" it, but those who try it usually will have found that the result, although often close, generally fail to be either equal or superior to those Google returns.

The complainants are mostly would be competitors who want Google hobbled so they can succeed where their own efforts are deficient to what the web users want. The remainder are poor souls who envy success that is not theirs.

4
5

FCC boss Wheeler: Lack of broadband choice is screwing Americans

tom dial
Bronze badge

Close scrutiny is warranted of municipal governments that have sold monopolies. In the Cleveland, OH suburb where I formerly lived the beneficiary was Cox Communications, which held a cable and high speed internet monopoly until at&t began to offer it a few years ago. I gave it a 30 day trial and found it usually failed to meet, and never exceeded the 18 mbit advertised rate. I reverted to Cox and transferred the telephone service as well. Cox almost always equaled or exceeded the 20 mbit service I contracted for; the usual rate when I measured it generally was around 30 mbit. They also repaired the gratuitous damage the at&t installer did by cutting the coax, some of it my owned premises equipment, in several places. Several of my neighbors had similar experiences and switched back to Cox after an at&t trial. Competition, alone, is not necessarily enough. My current Salt Lake City suburb has only Comcast, which although a bit less reliable than I would like, consistently meets the 35 mbit contract rate. The "competitor" presently offers a choice of 1.5 or 5 mbit.

Another factor is that it is not cheap extend service to a large area/number of potential customers, so competitors have to front a lot of money before they can begin to erode an established customer base.

Wheeler points out a real problem, but I doubt he has the authority to cancel local monopolies or the money to replicate existing high capacity infrastructure. It is not clear that local or national government funding or operation of this type of service is a good idea given that such expenditures all too often lead to at least the appearance of impropriety.

4
0

Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather

tom dial
Bronze badge

Re: It's up to us

Upvoted with reservation: It is fairly clear that, at least at present, most citizens in English speaking and NATO countries, including India, have little reason to fear targeting by their governments. They almost certainly run a larger risk, at least in the US, that a criminal beneficiary of POS skimming will empty their bank account or run up credit charges that may cost them money and certainly will be a major irritation. And that would be true even if all the signals intelligence agencies were shuttered. The case for encrypting internet traffic and securing the network infrastructure is entirely independent of any government actions.

The moral panic over government signals surveillance that has not been shown to have been misused to a significant degree has overshadowed concern for the larger real risk from criminal activity and the risk from the overbearing laws that governments can bring to bear with or without the general surveillance.

0
1
tom dial
Bronze badge

Re: or... this is why

Anarchy has not been seen to work well, or for long, in "societies" with more than a few dozen people.

3
0
tom dial
Bronze badge

Re: If all you do is sit on the couch at night.

The Queensland VLAD act sounds much like the US Racketeer Influenced and Corrupt Organizations law which, similarly, was enacted with the best of intentions and has induced police and prosecutors to engage in a wide variety of mischief. Widespread surveillance surely makes the authorities' jobs easier, but the persistent focus on it diverts attention from the larger problem that there are all too many laws, like RICO, VLAD, and the (US) Computer Fraud and Abuse Act that give those authorities the power to pursue matters that might better be left to the civil courts (e. g., copyright infringement) or are criminal acts without help of additional, more abstract, laws (e. g., murder or embezzlement). Pruning laws like RICO, CFAA, and maybe VLAD could go far toward mitigating the risks of general surveillance, which is to a degree an obligation of governments.

1
0
tom dial
Bronze badge

Re: @dan1980

The event referenced, of course, has nothing at all to do with any kind of surveillance. The point?

1
0

Ice cream headache as black hat hacks sack Dairy Queen

tom dial
Bronze badge

Re: Are you talking to me?

From the us-cert.gov posting it is obvious that the vulnerable POSs all run some variant of Windows. However, that probably is merely a reflection of the target environment, and the root fault appears (from the article) to be deployment failures : remote access (strike 1), weak credentials (strike 2), and credential reuse (strike 3).

Someone (individuals in the case of debit cards and largely banks in the case of credit cards) is eating the cost of these depressingly repetitive events and the civil courts would seem a reasonable agent for reassigning them to the responsible parties.

0
0

Big content seeks specialist court for copyright cases

tom dial
Bronze badge

We in the US have seen how well specialized courts work out, in the form of the Court of Appeals for the Federal District (specializing in patent issues).

0
0

NIST to sysadmins: clean up your SSH mess

tom dial
Bronze badge

Is the SSH version 1 protocol still allowed anywhere? My recollection is that it has been deprecated for ten or more years, and when I left the US DoD several years ago their systems had been required for at least five years to be configured to use only protocol 2.

The article appear to address mainly sloppy administration practices that tools like SSH make easier. Monkeying with SSH will not cure that, and it is not clear that some of the matters complained of are properly the job of SSH at all.

0
0

EU justice chief blasts Google on 'right to be forgotten'

tom dial
Bronze badge

Re: Forgotten?

Really.

If your prospective employer pays any attention whatever to your teenage error, would you want to work for him? Is a 20 year old bankruptcy likely to have any effect on your multi-million pound company? It seems more like a recommendation than something to worry about (unless your company is paying dividends from the capital put in by new investors, in which case the earlier bankruptcy might be quite relevant).

Should Yahoogle be the judge? I do not think so. It would be better if each removal were reviewed and based on a judgment by a competent court.

4
1

Germany 'accidentally' snooped on John Kerry and Hillary Clinton

tom dial
Bronze badge

Re: James 51

Need to find a replacement word for sh..le.

4
0

Time to ditch HTTP – govt malware injection kit thrust into spotlight

tom dial
Bronze badge

I wonder ...

... how many people/websites actually need or benefit from the kind of security being discussed here. The articles on the Register or similar sites are fairly public information that I do not think is likely to implicate me in anything interesting to spy agencies. Comments I post are meant to be read by anyone who cares to and I try to edit them accordingly, mainly to attempt clarity and avoid being offensive. I expect that is true for most of those who read and post on this site. I never have changed comments to avoid the interest of any government agency, although I do not name the one that employed me and avoid describing in detail their information assurance procedures, but anyone seriously interested probably could find out with moderate difficulty at most.

Account creation over HTTP is a bit offputting, but I knew that going in and provided a password that I do not use for anything associated with data I wish to keep private. I sort of hope it is salted and hashed, and that TheRegister takes reasonable precautions to secure it and the associated account data, but there isn't any correct information there that I care much about keeping private.

HTTPS certainly is warranted for more important things like online purchasing or bank access. For the most important ones I really would prefer that the identification and authentication in both directions be based on something like hand-to-hand direct exchange of public keys to automated acceptance of certificates signed by one of dozens of CAs about which I know, in most cases, next to nothing.

0
0
tom dial
Bronze badge

Re: SSL is a good thing

"Browsers pop up really alarming warnings" might not be an entirely bad thing. In that case I have an explicit choice whether to accept the risk of connecting rather than the implicit and sometimes incorrect acceptance that goes with trusting the certs distributed with the browser. I still have some security from the encrypted link, and can't see that risk associated with accepting a private cert differs much from that of trusting the browser and the largely unknown CAs that signed certs for anyone who paid them money.

0
0

SpiderOak says you'll know it's secure because a little bird told you

tom dial
Bronze badge

Assuming that SpiderOak is what it claims, it seems doubtful that they are likely to be bothered by many warrants, national security letters, or subpoenas unless the cryptography they use is broken. Their customers, however, will be subject to pretty much the same range of intrusions as they are now.

0
0

Govt control? Hah! It's IMPOSSIBLE to have a successful command economy

tom dial
Bronze badge

Re: "Mega Corp" proves command and control can work!

For many years, General Motors operated an internal market economy, and were highly successful and very profitable. Different divisions competed with each other as well as the likes of Ford and Chrysler, and individual plants were competitors with other plants within their division to supply designs and components. Those less successful in winning bids for supply contracts made lower profits (or losses) and might need to shrink, while the more successful ones were more profitable and would grow. This might have declined or been abandoned in the '70s or beyond, as the major divisions came, for efficiency, to rely on more uniformity and common designs and parts, Detroit management laid a heavier hand on overall control, and the different brands became largely indistinguishable except by ornamentation and finish details. That may have contributed to the decline and near extinction of the corporation.

1
0
tom dial
Bronze badge

Re: Inefficiency

I declare, as a former civil servant, that the performance incentives in a government run organization differ from those in a private sector profit oriented one. This is true primarily at the top of the organization where strategic goal are set and in parts the organization that face its external world, but to a degree works its way into the interior and more bureaucratic parts as well. The working of an objective measure - profit - of success is critical to a profit oriented organization and largely lacking in many (most, nearly all) government agencies. The result is that in government agencies goals are more likely to be qualitative, diffuse, and ill defined, and productivity measures that exist are quite vague and disconnected from any external reality.

This is not to say that a profit motive ensures meaningful incentives in an organization; the number of failed startups strongly suggests otherwise. But the startups that don't generate profits may well fail, whereas government entities (and their private sector counterparts, charities), like "temporary" tax levies, tend to lumber on endlessly.

3
0

Password manager LastPass goes titsup: Users LOCKED OUT

tom dial
Bronze badge

Re: Who trusts a third party with their authentication?

KeePassX with the database on a USB key. I trust myself more than I trust the unknown provider of a remote service.

2
0

Amazon smacks back at Hachette in e-book pricing battle: We're doing it for the readers

tom dial
Bronze badge

Re: El Reg is Pro-Amazon sympathiser?

The full Orwell quote:

"The Penguin Books are splendid value for sixpence, so splendid that if the other publishers had any sense they would combine against them and suppress them. It is, of course, a great mistake to imagine that cheap books are good for the book trade. Actually it is just the other way around. If you have, for instance, five shillings to spend and the normal price of a book is half-a-crown, you are quite likely to spend your whole five shillings on two books. But if books are sixpence each you are not going to buy ten of them, because you don’t want as many as ten; your saturation-point will have been reached long before that. Probably you will buy three sixpenny books and spend the rest of your five shillings on seats at the ‘movies’. Hence the cheaper the books become, the less money is spent on books. This is an advantage from the reader’s point of view and doesn’t hurt trade as a whole, but for the publisher, the compositor, the author and the bookseller it is a disaster."

It is clear that many digital books are worth less than paper ones in that instead of purchasing an object outright, with an unrestricted right to use and transfer it you are buying a sometimes seriously restricted license. They should be priced lower. With that limitation, Amazon's proposal clearly would benefit *book purchasers.

Amazon claims empirical evidence that their proposal is likely to increase the revenue to publishers and authors, but they might be wrong or warping the truth for their benefit. If they are correct, though, it also could benefit publishers and authors as well.

The publishers' argument has the appearance of an attempt to justify and continue a possibly obsolescent business model, where in the future "books" may be produced by web-mediated groups of independent authors, editors, compositors, and printers; and publishers, as coordinators of the overall process (and skimmers of some of the revenue) are consigned a much less central (and profitable) role than they now have.

As another poster noted, nothing major stands in the way of Hachette or other publishers engaging in online sales of books on their lists in competition with Amazon, although start up costs could be significant and Amazon's market position would be a challenge. Those who did so likely would accrue a larger part of the total revenue and would be able to use part of it to improve the lot of the authors. If they so chose.

0
0

DIME for your TOP SECRET thoughts? Son of Snowden's crypto-chatter client here soon

tom dial
Bronze badge

Questions

Is the proposed service demonstrably superior to PGP (with the actual subject embedded in the message body) in either security or usability? Do any points of superiority matter a great deal?

Does the apparently greater complexity (e. g., to PGP) enlarge the attack surface and possibly lead to additional vulnerabilities?

Is it safe from local system compromises by hardware or software implants?

Can it be used to transmit malware?

1
0

Crypto Daddy Phil Zimmerman says surveillance society is DOOMED

tom dial
Bronze badge

As much as I respect Phil Zimmerman, I think he is largely mistaken. For quite a few years I have urged nearly everyone I know who is even marginally computer literate to use PGP or OpenPGP to secure email, with exactly one success, who already was set for, and using, one of these product.

Although this sample is not at all random and the results of analysis unsuitable for making long term projectios, it nonetheless suggests that people are not very interested. Whatever the reason, it appears likely that a great many people are comfortable with the same degree of privacy they would get by sending a post card through the mail. I do not really expect that encryption of voice mail to have enough uptake to limit the signals intelligence agencies. Those who have reasons to use encryption, or a desire for the privacy that encryption can provide probably are using it already, and I rather doubt that preaching to the faithful at Black Hat will change that much.

2
0

Microsoft OneDrive tip-off leads to arrest over child abuse images

tom dial
Bronze badge

Re: Dunno what you can say except...

in other words, someone else's privacy is fair game as long as you agree with the purpose for violating it, as stated by a trustworthy data custodian like Microsoft or Google. Presumably the NSA and GCHQ then would be OK if they simply looked for and reported those who exchange kiddie porn, keeping mindful that to do that they would have to scan everything they could get their hands on and decrypt what they could.

1
0

London cops cuff 20-year-old man for unblocking blocked websites

tom dial
Bronze badge

Re: Prediction for the next step

VPN Licensing?

5
0

Edward Snowden's not a one-off: US.gov hunts new secret doc leaker

tom dial
Bronze badge

Re: There are three-quarters of a million terrierists in the US?!?

There may be other and more shocking documents yet to come, but the one so far shown on the Firstlook web site is pretty much a bore.

A quick scan of the Intercept article suggests that a majority of the nearly 700K TIDE listees are not US people. The one document referenced in that article suggests the number of US citizens or residents probably is in the order of 10,000, or roughly 3/1000 of one per cent of the population. I made no effort to add up the numbers, which probably would not be meaningful anyhow, as the referenced document is a typically turgid bureaucratic self congratulation such as all federal agencies prepare near the end of the fiscal year. This is done so that their bosses, who receive the report, can attach it to their annual list of accomplishments. I saw, and was required to provide "input" to more than a few such documents in 40 years of federal employment.

2
0

Hacker crew nicks '1.2 billion passwords' – but WHERE did they all come from?

tom dial
Bronze badge

Iit is indeed inexcusable that so many sites fail to sanitize their input, but it would be of interest to know how many of the claimed 420,000 from which data was pilfered failed to salt and hash the passwords. Their developers warrant far harsher treatment than those who only were sloppy about input editing.

0
0

Windows Registry-infecting malware has no files, survives reboots

tom dial
Bronze badge

Re: "a tool Microsoft uses to hide its source code from being copied"

The relevant question is whether THIS database can be replaced by text files, and the answer is "yes it can."

5
1

Comcast, Time Warner boost net speeds in Google Fiber city – COINCIDENCE?

tom dial
Bronze badge

Re: Maximum speeds only

I had a similar experience (Amazon Prime, Comcast) a few days ago. At the same time, my local link showed low latency and about 50 megabits/second down, 10+ up. I suspect there might be issues related to Amazon's willingness to purchase enough capacity at their end or Comcast's connection to whatever their connection is to Amazon's servers. The other alternative is poor performance on my wlan due to the large number of neighborhood systems, some as strong as mine.

That said, competition is a Good Thing and we look forward with eagerness to the possibility that Google will bring it to us in Salt Lake City (suburbs - Xmission already provides gigabit service in some parts of the metropolitan area, I think).

0
0

Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers

tom dial
Bronze badge

Re: To be fair to Microsoft...

Google, Amazon, Apple, and others may not (at present) have had a similar warrant delivered to them and would be without standing in a court. It is not impossible that one or more of them has filed an Amicus brief, however; the article did not say one way or the other.

1
0
tom dial
Bronze badge

Re: US Tech Companies

The Internet was not designed for (or against) security. Accordingly, it is incumbent on those with a great interest in privacy of the communications they pass on the Internet to provide their own. For most of us, most of the time, the imitation privacy that goes with "not of interest to any but the communicating individuals" together with "mixed in with a great bunch of other trash" is sufficient, at least judging by the widespread failure to incur the additional cost of bothering with encryption. Using commercial services leaves one exposed to the risks that someone will snatch the messages in transmission (possibly assisted by broken SSL - including compromised certificates) or from the servers (possibly by breaking any storage encryption or compelling production using legal process). The closest thing to a guarantee of privacy is end-to-end encryption using the likes of (Open)PGP. Even that, of course, is subject to the risk that the originating or destination computer is compromised, possibly by a government agency but more likely by a criminal organisation.

1
0
tom dial
Bronze badge

Re: Damned if they do and damned if they don't!

Microsoft (Azure) T&Cs allow users to limit storage by geographical area (e. g., European, Asian, American), with some exceptions; and like all or nearly all companies, their privacy rules have a law enforcement exception. Within an area, or within the world if the customer fails to limit to a geographical area, Microsoft can move the data around as it sees fit.

I've never been a fan of "the cloud", but can't see there is a good reason not to store arbitrary data there, provided you encrypt on your premises and before transmission any data you would not want to post on a publicly accessible web page. Processing in the cloud is a different matter, as it involves outsourcing your security, accepting the associated risk, which may be either greater or less than the risk of doing it on your own.

There seems to be quite a bit of conflation in this thread about legal process and espionage, the latter being generally illegal in the target country while possibly legal in the one doing the spying. A foreign government official, including a head of state (like Ms. Merkel) could be an espionage target for various reasons, but it is unlikely that a US judge would issue a warrant to compel production of their communications. I do not think it is impossible, though, and there might be circumstances in which a warrant for communications would result in production of government officials' communications even when the target is not an official.

0
2
tom dial
Bronze badge

Re: Doom for US tech companies

"So what is stopping us?"

Near terminal laziness, starting with use of webmail, for which decent end to end encryption still is somewhere between nonexistent and seriously deficient.

"How bad does it have to get?"

For nearly all people, it will have to appear to be a lot worse than it does now, even in the mild state of moral panic in which we now find ourselves. And those who actually need end to end encryption probably are using it already, which explains the intelligence agencies' interest in communication metadata.

3
0
tom dial
Bronze badge

Re: Doom for US tech companies

For the reasons Mr. Pott cites, there will be no US law requiring that a company with a US presence must make its data available to the US government. On the other hand, the recently enacted UK Drip Act appears to go a few steps in that direction without triggering mass flight of businesses from there.

This case is not about an unrestricted requirement for US businesses to give up data held in foreign data centers on request of nosy government officials, or without a warrant. That would be a matter for the NSA, if anyone. It is, instead, about a warrant issued, in a criminal inquiry, by a federal judge with a passing knowledge, at least, of legal procedures and the fourth amendment. The decision, as the article pointed out, does not appear to set a precedent. The process of obtaining a warrant may present a low bar, as some of the FISA orders indicate, but it still interposes some procedural requirements and judicial review.

0
2
tom dial
Bronze badge

Re: Doom for US tech companies

A bit over the top on both sides. The US government won't do that (it would piss off too many Americans) and the US economy would not collapse if all non-US Microsoft/Google/Amazon etc. customers abandoned them (assuming they all could find alternatives that met their requirements).

And we are, after all, apparently talking about execution of a warrant in a criminal investigation.

0
13
tom dial
Bronze badge

Re: Doom for US tech companies

Estimate:

~90% won't care enough to do anything

~9% will care and actually do something, but won't carry it through

~1% actually will do something effective

~0.01% actually will benefit in a measurable way

US Tech companies won't suffer a lot.

9
0

Page: