* Posts by tom dial

909 posts • joined 16 Jan 2011

Page:

Tennessee sues FCC: Giving cities free rein to provide their own broadband is 'unlawful'

tom dial
Bronze badge

The lack of local loop broadband competition in the US is largely a function of the exclusive cable franchises cities granted many years in the past. That has changed significantly, although most places the choice is between cable providing 50 megabit or more service for a price some consider too high and DSL that doesn't do so well. Google, at&t, and Verizon have brought fiber and competition to a few places with beneficial results.

1
0
tom dial
Bronze badge

Re: Good times, good times, they are a-coming.

While there are reports of cities (mostly small, I think) having fielded ISPs, Provo, Utah had one that by my understanding worked out rather badly, and a consortium - "UTOPIA" - in the Salt Lake valley has not worked out too well either. Google took over Provo's and an Australian company is angling to take over UTOPIA. I'm fairly new to the area, but think the issues had to do with a combination of insufficient revenue for maintenance and upgrade (Provo) and unwillingness of some of the UTOPIA communities to make the initial investment.

That said, if the Chattanooga voters want the city to run an ISP it should be up to them, but that really should be a Tennessee issue, as regulation of local telephone service, before 1984, was a state regulation issue for the 50 states. Except for the District of Columbia, cities are corporations established by the states.

1
0

PATRIOT Act axed, NSA spying halted ... wake up, Neo, it's just a dream in the US House of Reps

tom dial
Bronze badge

The bill won't pass as it is, although it does not seem impossible that some of its provisions might find their way into other legislation. As it stands, it does not seem to be very professionally drafted in some respects. Specific mention of E. O. 12333, for instance, seems unwise, as executive orders have the effect of specifying implementation details and procedures for laws rather than the other way around. Again, specification of "contractor" in Section 9 is simply incorrect - Edward Snowden was not a contractor, but an employee of a contractor, Booz Allen. The apparent intent would be to deal with complaints originated by employees of contractors, as described in 50 USC 3033, referenced in Section 9(a)(4) of the proposed act.

Interestingly, 50 USC 3033(k)(5) contains procedures for agencies and for government and contractor employees to follow in reporting "urgent concerns", including violations of the law, about the conduct of intelligence activities. These procedures explicitly permit a government or contractor employee who has made a report to his agency inspector general to report that fact (although not, immediately, the details of the complaint) to a member of either legislative intelligence committee or their staff. I have seen no statements to indicate that Mr. Snowden took advantage of them.

1
0
tom dial
Bronze badge

Re: The Dream Nightmare, but not as you may know it or how IT tells you the Realities are

Thank you! I haven't had as entertaining a read (in this genre) since trying to thrash through some of the OWS literature back in the day. This one is better written than most of the OWS pieces, though.

For some reason it reminded me of Lyndon LaRouche and also of the Natural Law Party.

2
1

Prez Obama cares about STEM so much he just threw $240m of other people's money at it

tom dial
Bronze badge

Re: Stupid title

I realize that some government functionaries recognize no practical difference, but the article stated "$240m from the private sector", so the apparent intent is to omit the bothersome "tax and", going straight to the "spend".

1
1

US threatened Berlin with intel blackout over Snowden asylum: report

tom dial
Bronze badge

Re: And the W10 Trojan Horse

Another reason, if one is needed, to eschew Windows.

0
0
tom dial
Bronze badge

Re: Fair trial

"The US government has refused [a trial by jury.]"

Citation please, that's a basic sixth amendment right, and Snowden does not lack for qualified US lawyers.

And for those imagining Snowden's transfer to the Guantanamo Bay facility: other than Yassir Hamzi (and the prison staff) did any US citizen do time there?

0
5
tom dial
Bronze badge

Re: @Tom

There are legally approved procedures for whistle blowers. While those available to Snowden were more limited than those available to civilian and military employees, there is no evidence that he tried to use them beyond his claim, which might reasonably be discounted somewhat based on the dishonesty of some of his other actions. Beyond that, a number of senators and representatives probably would have been open to information about infringement on US civil rights and liberties and interested in initiating legislation to curb NSA excesses. That would not have prevented executive branch harassment any more than it did for J. Kirk Wiebe, William Binney, Thomas Drake, or Russell Tice. Without deprecating their treatment, it is not obvious that it is in the long run worse that what Edward Snowden will experience.

From the range of material that Snowden collected and the way he chose to release it, it appears he may have intended to inflict damage to US and allied intelligence activities beyond simply blowing the whistle on what he thought violations of US law and Constitutional rights of US citizens..

1
8
tom dial
Bronze badge

This claim sounds a bit dubious, although it is entirely plausible that hints might have been let slip that giving Snowden asylum could affect the degree of cooperation. A cutoff of US intelligence cooperation with Germany surely would be reciprocated, and given Germany's importance in Europe and the world, and its large Muslim population, it is scarcely credible that US intelligence agencies would be willing to forego German cooperation over Snowden, given that his release of data was unrecoverable anyhow. Such a mutual cutoff would degrade the effectiveness of both countries' intelligence services to a comparable degree, and would degrade also their ability to support intelligence services in other more favored countries. Statements about willingness to cooperate on economic issues seem as likely or more.

4
0

Google MURDERS Google Code, orders everyone out to GitHub and co

tom dial
Bronze badge

Re: « developers prefer superior options »

Hard to see why Google should be held to account for US export controls.

0
1
tom dial
Bronze badge

Re: My advice would be never to start using any Google service other than basic search...

It depends on the search:

Considering only left column results

1. "CALERIE" (Comprehensive Assessment of Long-term Effects of Reducing Intake of Energy)

a. Google: Best answers, no ads, all of the top 7 results pertinent.

b. DuckDuckGo: Nearly as good as Google, one ad

c. Yahoo: Rather poorer than DuckDuckGo; mixed in results for "calorie" as well as "calerie"

d. Bing: Kind of sucked, mixed links for "calerie" and "calorie"; returned a picture near the top of foods with their calorie content available with a click.

2. "slate chalkboard"

a. Google: Three marked ads on first page, remainder were vendor links except one to a quite decent Slate article on the history of blackboards.

b. DuckDuckGo: One ad, next 17 were vendor links, followed by a "how to clean" link.

c. Yahoo: Four ads on first page, remainder vendor links except for one link to an ehow article.

d. Bing: First page all ads or links to vendors except for a row of images

My best to worst ranking: Google, Yahoo, DuckDuckGo, Bing. The Slate article was much better than the Ehow one.

I noticed in passing that AdBlockPlus made a difference only for Google and DuckDuckGo.

Google has become to the Internet what Kleenex has become to tissues for a good reason. Based on my monthly (or so) cursory check and a now discontinued month-long trial of DuckDuckGo, I will use Google if I want the best result and don't care about any tracking, and DuckDuckGo if I don't want the query remembered. The other two aren't worth bothering with.

2
1

Clinton defence of personal email server fails to placate critics

tom dial
Bronze badge

I don't understand the downvotes; they seem fair questions, and one that the appropriate Senate and House oversight committees might well consider asking them in due course. The thing is, someone in State Department IT probably did tell her what the rules are, and her admin assistant probably provided her the computer access request form that would have resulted in creation of hilary.clinton@state.gov or similar. Those would be the SOP for any new employee, even the new head of department.

It does not matter much if she didn't pay attention, didn't submit the form, or simply went about establishing and using her private setup. It could well have gone unnoticed that the internal email account went unused unless it grew too large, whereupon her admin assistant would be told to ask for a larger quota. Those accustomed to receiving email from her would have grown accustomed to the unusual address and gone about their business. Security awareness is as unusual among executives, or more, than among the general run of non-IT employees.

2
1
tom dial
Bronze badge

Re: I did not have server relationships with that webmail

There is only a remote possibility that Ms. Clinton was within the letter of the law. It was not only not well thought out, but an unbelievably dumb and self-centered thing to do.

On the other hand, she could go a fair distance toward defusing it by delivering the computer equipment that supported clintonemail.com and all backups (assuming there are some that haven't been degaussed) to the State Department without further delay. Rather than asking them, and us, to trust her judgment about what is government and what is personal, she should trust Secretary Kerry to ensure that the proper decisions are made.

1
1
tom dial
Bronze badge

Government work, generally speaking, is and was required to be done using systems approved by the government for the purpose. That is why I and others who had to work remotely on occasion were issued government owned and configured laptops with provision for VPN connectivity to the agency. Ms. Clinton almost certainly would have been issued such a laptop, and probably of considerably higher spec than mine.

There were exceptions, but it was understood that they were to be rare. Toward 2010 and forward, live Linux images tailored for specific agencies were available that could run securely on private hardware and be certified for connection to DoD networks and mitigate the need to issue laptops. It was not possible to access the agency's Exchange server except from government issued computer or Blackberry. While this was in a DoD agency, none of the data was classified higher than Personally Identifiable Information and the standards for the Department of State should have been at least as strict.

Use of a private system, as against a private commercial email account, raises a large number of security and compliance issues completely aside from the Federal Records Act. Much more is required in this case than simply Bcc to a government department account.

1
0
tom dial
Bronze badge

Re: Criminal

@Goopy: It might depend on what law we are thinking of. I am thinking of the Federal Information Security Management Act, enacted in 2002, 6 or 7 years before Ms. Clinton's nomination as Secretary of State. This law establishes standards that apply to all systems that process or store government records. Based on available reports and analysis, the servers supporting clintonemail.com probably were not FISMA complaint.

I might be wrong in that conclusion. If so, it should be a simple matter for the State Department (or possibly a different agency that acts as its CIO) to produce the voluminous documentation that would prove the clintonemail.com systems were certified and accredited for their purpose

4
0
tom dial
Bronze badge

Re: When politicians fail

If she were doing it properly, it probably is true that she would not be permitted to access a private email account from a government provided secure cell phone. That was the case in the (DoD) agency in which I worked ~2007 or 2008, when supervisors and up first were issued Blackberries. Accessing the agency's Exchange from personal equipment was forbidden, and commingling personal and government activity was discouraged strongly , although not totally forbidden for practical reasons. Ms. Clinton chose to operate a private and probably unauthorized server and commingle her official and personal email.

This speaks ill of her judgment, her dedication to public service, and her suitability for any executive branch office, including the presidency.

6
1
tom dial
Bronze badge

Most of the reporting on this revolves around the question of whether Ms. Clinton "possibly" violated the Federal Records Act. However, systems that store and process government records also are governed by the Federal Information Security Management Act, enacted in 2002, which establishes standards that these systems must satisfy. FISMA requires documentation of such things as

- System Security Plan

- Configuration Management Plan

- Contingency Plan covering various system failure possibilities

- Incident Response Plan covering potential breaches

- Rules of Behavior under which the system is operated

- Security Controls Assessment.

It is augmented by a number of NIST publications and additional regulations within each department or agency that specify the requirements in exhaustive detail. Obtaining FISMA certification and accreditation is a time consuming laborious process in most cases.

Nobody speaking for either the Department of State or Ms. Clinton has issued a statement that the system she and others used for official State Department email during her tenure as Secretary of State was certified for FISMA compliance and accredited by the responsible State Department officer. Given the ease of doing so if the system was approved, we may reasonably conclude that it was not.

On the other hand, Ms. Clinton was the top level department manager, responsible for ensuring that her department followed and enforced the applicable laws.

The facts as known might reasonably be taken to call into question her judgment and suitability for another public trust position under the United States, or for election to a public office.

12
1

Australians! Let us all rise up against data retention

tom dial
Bronze badge

Re: @dan

The US Electoral College procedures were designed the way they were because the Constitution's authors as a group believed the population at large would be too fickle and uninformed to choose properly. Election tallies being what they are, the founders might have been right.

1
0

Grab your pitchforks: Ubuntu to switch to systemd on Monday

tom dial
Bronze badge

Re: Improved boot speed ?

More often with systemd than without, I think. My practice of upgrading to Testing a year or a bit more after a release hardly ever led to unplanned (e. g., kernel upgraded) reboots - until I enabled systemd after upgrading to Jessie. To be fair, it may be simply that this testing release is a bit less stable overall than previous ones. However, it has been much more of an annoyance than I expected based on past experience, and I suspect without being in position to prove it that it is due partly to systemd.

0
0

Nokia boss smashes net neutrality activists

tom dial
Bronze badge

In the US, an ambulance (or fire or police vehicle) gets all of the bandwidth, whether or not it needs it, and all other traffic is required to pull to the side of the road and stop.

This is a particularly bad example of what we would like to have happen on the internet.

0
0

Hillary Clinton draws flak for using personal email at State Dept

tom dial
Bronze badge

Some years back I worked for a DoD agency where the managed data was classified For Official Use Only because it contained employee personal and financial information. The requirement was that all government work be performed using equipment provided, configured, and maintained by the government and that any official email be done using the agency's Exchange. Similar emergency provisions to those the article describes applied to the email part and I doubt anyone ever was beaten up for a misstep on the that. However I made sure to copy or forward to myself, my manager (and usually his manager) any work related email from or to my private account, and required my employees to do the same.

It is disappointing that the State Department, which handles data of considerably higher classification and where email is far more likely to contain sensitive material, appeared. to be clueless about security, both in IT and in upper management. There likely is more to be concerned about than the technical violations of a law that seem to be the focus of most of the articles in the nontechnical press.

1
0

Snowden 'ready to return to US', claims lawyer

tom dial
Bronze badge

Re: A pipe dream

It is quite reasonable to think Edward Snowden would receive a fair trial, but there is no chance that he would be allowed to use the trial as a forum for defending what he is accused of doing. He ahd his supporters can do that away from any trial venue. The basic charges of unauthorized theft of government property, unauthorized communication of national defense information, and willful communicaion of classified communications intelligence information to an unauthorized person each carry the possibility of a substantial term of imprisonment and appear to be provable without much discussion of why he might have done them. The government likely would argue that his actions, easily documented, speak adequately to each of the charges and the reason, except possibly in a defense summation, is not relevant to the question of guilt. Jury nullification, though, is very uncommon.

It is not implausible that Mr. Snowden and his attorneys could negotiate a much reduced sentence in exchange for cooperation in confirming the extent of the damage. That would be a declining asset, however, as those who now control the material release more of it. It seems unlikely that a sentence would be possible that included no jail time, although it might be reasonable to offset it by part of the time he spent in Russia.

4
1

FCC says cities should be free to run decent ISPs. And Republicans can't stand it

tom dial
Bronze badge

Re: Just wondering

Either way, they still are operating well into the red. It might be worth asking, too, how they are doing with their equipment replacement cycle, and whether the revenue will cover it adequately going forward. However these questions are not of concern to me, as I don't live in Wilson, and they are of no real concern of Senator Tillis, unless he does; they are questions for the citizens of Wilson to ask those who operate the infrastructure and who may then act as they think appropriate at subsequent elections. It is their city, their communication infrastructure, and ultimately their money.

6
0
tom dial
Bronze badge

In principle, the threat to the free market is that municipalities will operate the local ISP at a loss, subsidizing it with tax revenues and precluding or destroying competition by private sector companies. This would be an approximate equivalent to a private company running at a loss to drive out competition so as to obtain a more profitable monopoly. Whether this would happen in practice is uncertain, although provision of "free" wifi in Wilson, NC suggests it is a possibility. One of the options in parts of the Salt Lake City area is a high speed wireless service that undercuts Comcast's price and, I believe, betters Centurylink's speed in some areas.

Nonetheless, a decision by residents to tax themselves to provide a municipal communication infrastructure certainly should be allowed. Such undertakings may not succeed - the Utah UTOPIA multi-city consortium has not been a great success - but if the taxpayers want to do it they should be allowed.

The sticky point here is whether and under what conditions the federal government, whether or not through the agency of the FCC, should undertake to change or invalidate state laws that govern the municipalities. It may be worth recalling that power can be used for either good purposes or bad. In the US we don't have to go back too far in time to find examples of both.

4
0

SIM hack scandal biz Gemalto: Everything's fine ... Security industry: No, it's really not

tom dial
Bronze badge

It is interesting that these articles and comments always seem to come back to the NSA. In the documents Intercept article linked, in fact, the only occurrence of "NSA" was in connection with GCHQ referring recovered IMSI/Ki data for Somali carriers to them, since GCHQ had little interest in it. The article made additional statements not supported by links to documents.

Certainly the NSA has been up to a lot, but in this case the actor appears to have been GCHQ.

1
0
tom dial
Bronze badge

Re: Stupid Question

Although they might be a good start, Stuxnet and exploits such as attributed to the Equation Group are not well suited to extraction and exfiltration of targeted information from a network that is properly isolated, either physically or logically, from the public internet.

It may be that Gemalto was thoroughly owned and every SIM they produced in the last four or five years is compromised. The Intercept does not exactly say that, but certainly hints at it. However, it also is possible that any hack was, as Gemalto stated, limited to computers connected to their public facing network and that the IMSIs and keys were not compromised except during transfers. Either statement is logically compatible with the documents to which the Intercept article links.

2
0
tom dial
Bronze badge

Re: Stupid Question

The Intercept says GCHQ and NSA hacked Gemalto's network, and the grammar in the lead paragraph says they stole keys from there. They point, in the second paragraph to a document they say details the operation, a PowerPoint slide in which the sole reference to Gemalto is:

"- GEMALTO - successfully implanted several machines and

believe we have their entire network - TDSD are working the

data"

Not a lot of detail, and not overly supportive of a claim that they succeeded in getting anything specific. The note containing the remark “very happy with the data so far and [was] working through the vast quantity of product”, said to accompany the slide did not accompany the article - perhaps it was in the blacked-out area of the slide. In that context one might ask why a mass grab of IMSI/Ki data from the source would require any "working through" worth mentioning.

None of the documents linked in the article mentions the Mobile Handset Exploitation Team. That isn't to say such documents don't exist or that there is no such group, but it seems odd when many of the other claims have links to related documents, especially as the article says its existence had not previously been disclosed.

The actually meaningful documents linked in the Intercept article describe getting keys by processing mass data collections. They do not state that all, or even a significant fraction of the IMSI/Ki data was for Gemalto SIMS, although given Gemalto's size many certainly would have been. The number of keys reported in the documents to have been obtained was in the order of a half million, compared to Gemalto's reported (in the Intercept article) two billion annual SIM card production. Most of the documents derived from this one:

https://firstlook.org/theintercept/document/2015/02/19/pcs-harvesting-scale/

which describes obtaining IMSI/Ki pairs by examining data intercepted in transit between vendors and carriers or between different carriers. One of the other documents, so called, appears to be an excerpt from a document describing goals:

https://firstlook.org/theintercept/document/2015/02/19/dapino-gamma-cne-presence-wiki/

We may reasonably think the agencies desired direct access to Gemalto's and others' key management facilities, but not that they succeeded in getting them.

There seems generally to be a nearly total lack of scepticism about any claim of NSA, GCHQ, or other Five Eyes sins so long as it makes reference to a document that Edward Snowden is said to have provided.

1
0
tom dial
Bronze badge

The Gemalto claim that IMSI/Ki data were not stolen from their internal network may be correct, especially if the internal networks where they generate and manage keys are, as they state, isolated from the public internet and they can establish with reasonable certainty that they were not breached.

The basis for the Intercept's claim seems to be rather insubstantial, consisting of a bullet point on a single Powerpoint slide. Most of the article depends on a management report about a moderately successful research program ("compares favourably with manual results") to collect such information from bulk internet data. Several other items suggest that GCHQ (and perhaps NSA) wanted to get this data directly from the source, but no real indication that they actually were able to do so.

2
4

Debian on track to prove binaries' origins

tom dial
Bronze badge

Re: What a complete joke

Is there a Gnu/Linux binary distribution that is functional and does not modify any developer's application code?

I leave it to a Debian developer to describe the entry path, but it certainly is not true that there is no monitoring of their actions or evaluation of their competence.

0
1

NO CLASS: Judge chucks out two class-action lawsuits against Google

tom dial
Bronze badge

Re: It isn't a matter of making cell phones cost more

I can't say I compared daily between DuckDuckGo and Google, but I ran the former as the default for about a month. During that period I found the results inadequate often enough, and did a secondary search using Google, that finally I reset the default back to the latter. It may be my searches are different, or that they benefit from Google retaining some data I don't care about overmuch. Adblock Plus takes pretty good care of the ads, including those that come on the Register pages.

0
0

Net neutrality crunch poll: Americans want to know WTF it is

tom dial
Bronze badge

Re: Poll with leading introductions results in "facts" that support pollsters' opinions SHOCKER!

Yet we do have a nominally democratic regime. If there is no need to ask after opinions in the case of proposed FCC rules for US internet operation, why is there a need to ask after them when it comes to NSA communication surveillance, where the level of ignorance may be even higher?

0
0
tom dial
Bronze badge

Re: Poll with leading introductions results in "facts" that support pollsters' opinions SHOCKER!

The wording of the questions is somewhat biased. However, the real bias in the two middle questions is the implicit one which will lead most of those who favor "good government" to disfavor what seems to be, and is, taking significant government action in secret. Nearly all respondents will know that is undesirable and the surprising thing, if there is one, is that fewer than 4/5 of them gave an answer favoring more complete (Q2) or verbatim (Q3) disclosure.

The answers to last question suggest a reasonably high general level of satisfaction with internet service as now delivered, conditioned by the fairly strong hint in the preliminary information about how those with a political party leaning should view the question. For the (sample) population as a whole, and as well for both the "informed" and "uninformed" subsamples an absolute majority think the regulation is more likely to harm than help; and in the "informed" group, those who think the it likely to be harmful outnumber by 4 to 3 those who think it will be helpful. The numbers are good enough to support a prediction that if the matter were subjected to a national vote tomorrow, net neutrality would fail rather badly.

Political Ignorance is a problem, especially with technical and engineering questions at issue, and especially when, as now, there is a good deal of distrust for both the government and traditional elites. Unlike some possible cases, however, it appears it would not affect the outcome in this one - those who claim knowledge lean the same way, although not as strongly, as those who don't.

0
0

Your hard drives were RIDDLED with NSA SPYWARE for YEARS

tom dial
Bronze badge

One up for scepticism comment. Scepticism is much needed when thinking about what it is the agencies are doing and to whom they most likely are doing it.

However, some time around the advent of ATA drives, and probably earlier for SCSI, disk drive controllers became capable of running an operating system of the complexity order of, say Minix. That is to say, capable of running the disk, managing the device cache, handling a command stream, and editing the data going between the disk and the system to which it is attached.

0
0
tom dial
Bronze badge

It is clear from the Kaspersky paper Arstechnica links to that the software suite in question is meant for very selective targeting of specific organizations, individuals, and computers. The targets appear to be heavily biased toward what one would expect to be standard espionage targets like diplomatic, military, aerospace, and telecommunications organizations, with some additional antiterrorism and financial crime targets. The NSA is a plausible source, but any other major country would love to have the sources that Kaspersky's usage breakdown suggests; it is interesting that there appear to be no Israeli targets at all.

In addition, while adding a fair amount of interesting detail, the Kaspersky report describes little that should come as a big surprise. BIOS resident malware has been known for a while, and exploits using USB and HDD firmware, although more recently revealed, are not new. Other potential, but probably less likely, targets would include video adapter, SCSI HBA, and LAN card firmware.

Windows is the same kind of target for SIGINT agencies that it is for independent hackers after financial and identity data: the main opportunity. MacOS/iOS, Linux, or *BSD will have been secondary. Widespread Linux use in the web server market might have made it the #2 platform target, but the evident intended use makes it likely that the main target after Windows is MacOS/iOS due to the popularity of iThings; it is not mentioned, but it might well be that there is similar software for Android devices.

The suggestion made or implied in quite a number of posts that ordinary citizens are being targeted by this is quite unwarranted; it is unlikely that the total number of targets affected by this type of activity exceeds the number of intelligence analysts by as much as an order of magnitude, so probably is well under 150,000, assuming the NSA is the source, or 250,000 if they outsource part of the work to other agencies. (NSA, for example, would penetrate and collect on behalf of FBI or DHS targets.) While large, this is a tiny fraction of the population even of Russia, let alone Western Europe, India, China, or the world. Only a select (relative) few will receive these implants. The rest of us will be targets of private entrepreneurs after our identities and money.

1
0
tom dial
Bronze badge

Re: Wait

I will be dusting off and refurbishing my Epson Equity III+, with floppy disk, MFM hard disks, no cdrom, no ethernet, and no USB. And running Xenix.

0
0
tom dial
Bronze badge

Re: Wait

Patching the Windows components appears to be done dynamically in memory, and would pccure after any decryption of data stored on the disk. The attacks undoubtedly are mainly against "against bog-standard mainstream PC's with no security" but seem designed to evade standared and even quite advanced security protocols. After all, they are intended for use in espionage.

0
0

Have YOU got Equation NSAware in your drives? Meh, not really our concern, says EU

tom dial
Bronze badge

Re: Encryption? Heard of it?

Disk encryption should be useless against this threat, which is activated during system (and disk subsystem) initialization. One must assume it has, or will have, access to the disk encryption secrets.

5
0
tom dial
Bronze badge

I think the reference was to:

https://archive.org/details/D2T113201308012300HardDisksMoreThanJustBlockDevicesSpriteTm

(Links to the presentation are there; the video is almost 2G) I thank the original poster for it.

0
0

After Brit spies 'snoop' on families' lawyers, UK govt admits: We flouted human rights laws

tom dial
Bronze badge

Re: What are the legal ramifications of this:

It is true indeed that in the late 1940s to the early 1960s we had a moral panic over Communists in various parts of the government and the movie industry, and that those who were compelled to testify before the Senate Internal Security Subcommittee and the House Committee on Unamerican Activities were punished severely for exercising their Constitutional right to decline to give self-incriminating testimony. Except for government employees who generally would already have lost any security clearance the punishment was not by the government, but by their private sector employers who were worried about their business. Although done on a larger scale, this was not fundamentally different from the moral panic over Satanism and child abuse in the 1980s which I think had a counterpart in the UK and possibly other countries. It also was similar to the early 2000s panic over terrorism, which still is playing out, and the present moral panic about private and especially government agency surveillance.

In each case, the damage was seen to be far greater than the evidence supported. There were, in fact, Soviet spies in the Manhattan program, State Department, and other agencies, and there were Communists in the movie industry, although I think most of the latter had changed their opinion of the USSR well before they were called to testify. There almost certainly were isolated instances of child molestation (but those involving Catholic and other clergy seem to have been overlooked until much later) but Satanic ritual abuse seems to have been entirely a product of sick minds that somehow resonated with generalized fears. There is no doubt that there were terrorists in 2001, 2004, and 2005, and the aggregate number of dead and wounded was substantial. Yet public understanding of the risk, as many have observed, was quite excessive. And so it seems, too, with the present surveillance panic. There surely have been surveillance related abuses, and a number of victims have suffered, some of them severely. However, the evidence largely is lacking that surveillance data has been used in various of the ways which we have been told we need to fear.

We should keep watch to be sure that does not change, and worry, for example, about requests for significant increases to law enforcement staffing that seem out of whack with what we actually see in the way of what reasonably can be considered crime. A matter for concern in the US, for example, would be excessive government involvement in "cybercrime", one of the new initiatives. The authorities have been trying to whip this one up for a while now, and the boundaries, while not entirely clear, could be taken to be pretty far reaching.

0
1

AT&T suddenly finds demand for 1Gbps fiber in Kansas City – just after Google arrived

tom dial
Bronze badge

Re: I wonder if Google would allow you to opt out for $29?

Our country has a (mostly) free economy. Google is free* to offer you internet service on the terms it chooses and you are free to accept it on that basis, or not. If you don't like their terms of service, stay with Comcast. Some of us have no better choice.

*Pending possible future FCC intervention.

2
4

2015 and IBM: But it wasn't supposed to be like this...

tom dial
Bronze badge

Re: Is anybody still using IBM software?

Most likely your bank is, and as well the mainframe on which it runs.

0
0

If Europe is against US's Irish email grab, it must pipe up now

tom dial
Bronze badge

The issue is not quite so simple as many posters seem to think. Orin Kerr, an actual lawyer and law professor with real knowledge of Fourth Amendment law and the Stored Communications Act, has written about this case several times in the Washington Post. The articles refer to others with different viewpoints.

http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/07/what-legal-protections-apply-to-e-mail-stored-outside-the-u-s/

http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/25/more-on-privacy-rights-in-e-mail-stored-outside-u-s/

http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/30/verizon-responds-to-my-posts-on-the-foreign-e-mail-case/

0
0
tom dial
Bronze badge

Re: Sloppy corporate structure. Sloppy security. Sloppy access rights

Whether individual states are bound by treaties is not at issue here. Judge Loretta Preska, who issued the warrant on Microsoft is a federal district judge, issuing warrants based on federal law and court rules. However, a quote from the US Constitution is informative (Article VI, Sction 2):

"This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Ting in the Constitution or Laws of any State to the Contrary notwithstanding."

It appears that treaties are quite binding upon individual states although, again, that has nothing to do with the case under discussion.

0
0

City broadband ISPs: PLEEEEASE don't do 'Title II' net neutrality

tom dial
Bronze badge

Re: we've seen it before

And thank you for the only lucid explanation of Net Neutrality that I have seen, anywhere, ever.

0
0

Never mind, Samsung, GOOGLE will EAVESDROP as you browse on Chrome

tom dial
Bronze badge

If you aren't happy with it then turn it off or use a different browser. There is no apparent need to be upset about it. Those with real concerns need to worry about much more than the browser listening or the search engine capturing a bit of drivel in the hope it can help them collect a few mils from an advertiser.

3
7

California mulls law to protect your e-privates from warrant-free cops

tom dial
Bronze badge

Re: A law is the wrong way to go

A state law is not the way to go:

1. The wording of the law, as referenced, seems a bit loose and ambiguous in certain areas.

2. As an earlier poster suggested, locals will outsource to the FBI or Immigration officials.

3. The backstop alternative will be to enlist the MPAA or RIAA include the target in an infringement suit and obtain a subpoena.

A federal law makes more sense, and would be a much better use of the interstate commerce clause than many previous ones. Most targets will be either US persons entitled to Constitutional protection under the fourth and fourteenth amendments or companies arguably engaged in interstate commerce.

1
0

Net neutrality in the US: Look out! It's Neut-gate! Or is that Net-ghazi?

tom dial
Bronze badge

Re: FCC & Congress

If they really get irritated, though, they can attach changes they want to a budget reconciliation bill, as the Democrats did with the Patient Protection and Affordable Care act. There would be a lot of pressure on the President to not veto an important appropriation bill, which could not be filibustered.

0
0

Governments beg Twitter for more data; network offers birdcage droppings

tom dial
Bronze badge

Re: Is it just me? I think it's just me.

There are several types of legal process for requesting information. From Twitter's tranparency report for the period 7/1/14 - 12/31/14:

Subpoenas 57% (~925)

Court orders 6% (~97)

Search warrants 23% (~373)

Others 14% (~227)

Details and descriptions are given at https://transparency.twitter.com/country/us

"Others" includes emergency requests (220) and any that do not have proper legal justification; the latter appear to be within the limits of rounding error, so no more than 15.

The percentage breakdown is similar for earlier periods.

The numbers and percentages given do not distinguish among those issued by federal, state, and local requesting authorities. It would be quite informative to see the numbers for these different levels of government, which would show the upper limit for requests related to national security.

0
0

ACHTUNG! Scary Linux system backdoor turns boxes into DDoS droids

tom dial
Bronze badge

Re: That explains the number of ssh login attempts

And perhaps a properly configured ssh requires public key authentication for all users, reducing somewhat the brute-force exposure.

2
0

FCC chair refuses to make net neutrality rules public before approval

tom dial
Bronze badge

Re: Republicans: Hey, tell us your plans so we can sink them.

This is an example of Mr. Obama's transparent government:

http://www.whitehouse.gov/the_press_office/TransparencyandOpenGovernment

"My Administration is committed to creating an unprecedented level of openness in Government. We will work together to ensure the public trust and establish a system of transparency, public participation, and collaboration. Openness will strengthen our democracy and promote efficiency and effectiveness in Government."

0
0

Page:

Forums