"Yahoo News does charge people for traffic sent their way."
Is that working well for them, then?
834 posts • joined 16 Jan 2011
"Yahoo News does charge people for traffic sent their way."
Is that working well for them, then?
I have a copy of IBM Xenix 1.0 that I found far better than MS-DOS for learning C programming many years ago.
MS-DOS: dereference invalid pointer -> black hole -> hardware reset & OS reload -> fix program.
Xenix: dereference invalid pointer -> bus error -> fix program.
Saved me a lot of irritation and time.
We might do worse. She's a pretty good organizer and has the people skills to handle techies. But also the common sense to avoid messes like this.
My wife, who denies any degree of technical knowledge (but is an astute judge of people), would instantly reject an invitation to follow a link and provide login details. I do not believe we can trust those who failed a trivial test of common sense to administer systems and data sets critical to proper operation of the Internet naming and numbering system.
Never infer a conspiracy when the superficially apparent facts speak for themselves. As here appears to be the case.
Presumably the "kill switch" feature would require OS support for its operation, so the notion that reflashing a device will not make it yours probably is overstating things. The feature, or course, would have been included at the behest of (primarily) state legislatures like those in Minnesota and California who were in a panic over things like cell phone robbery and texting while driving.
Still, no users, statistically speaking, actually will reflash their devices. Like much technology, this can be used for good or bad, and by either government or private actors, and nearly everyone will remain vulnerable even though the intent was to protect them and the use in nearly all countries will be to do that.
As far as I know only FBI Director Comey (in the US) has expressed concern about cell phone encryption that lacks a capability for law enforcement access based on a warrant, most of which would be issued by state or local courts. And the notion that nations outside the US would allow the sale of equipment secured by US mandated encryption is quite absurd.
What you suggest has no basis in the law, and neither the FISC nor any other court has the authority to do it.
Senator Wyden is quite right: a back door is (eventually) a back door for those who pose more actual, as against imaginary, risk for those who use (or should) cryptographic systems in the course of life or business. That said, major data exposures rarely result from cryptographic vulnerabilities or failures; there are plenty of other exploitable vulnerabilities, and one or more of them has been implicated in nearly all of the major incidents. Furthermore, government communication surveillance is not much dependent on cryptographic vulnerabilities, and would not be helped greatly by introducing back doors in cryptographic systems used in the US.
Senator Wyden's opinion piece is built upon straw men. His recently introduced bill does nothing particularly significant: it explicitly excludes CALEA, which appears to be an open door to law enforcement searches of cell phones and computers. This bill would forbid a practice that has no legal basis now, and is unnecessary. No law that I am aware of limits the use of cryptographic systems in the US, or limits the systems that people may use to those approved by the government, with possible exceptions in commerce or banking. Most users, if not all, are free to choose ciphers as they like, including those developed and analyzed outside the control of any Federal agency or, indeed, outside the US (and Five Eyes).
Senator Wyden is correct, but nonetheless is a normal grandstanding politician. He may be one of the most vocal on the subject at hand, but it is unlikely that the Congress in the present would enact a law mandating encryption systems with back doors any more than the Congress of 20 years or so ago would mandate use of the CLIPPER and CAPSTONE chips.
"The innovation of most of these OTT services is using location technology to improve efficiency." And that could be done easily and fairly inexpensively by the present franchised cab companies. But it is even easier and cheaper for them to engage in the rent seeking behavior typical of regulated entities that have coopted their regulators (and that would be the great majority of them).
In the last decade or two it is likely that most financial crimes have involved significant evidence gathered from computer systems. Bernie Madoff, for example, but he was just one of the biggest two or three.
Enough BS about the oppressive FBI getting general warrants. Those who actually bothered to look at the two cases the Reg article linked to will have noticed that each court orders was issued based on a previously issued search warrant that in turn was issued by a judge based on probable cause and a description of the material the government sought.
The government certainly does not always follow the rules as well as they should, but in these cases it appears they did. There was no bamboozling of befuddled judges, just use of a law on the books for over two centuries for what appears to be something like its intended purpose.
I believe we have seen how it worked with Blackberry v India - not all that well. The case with Android (since version 3) and Apple iOS (beginning with version 8) is a bit different, in that Google and Apple do not have the technical capability to assist law enforcement with decryption, and they are not the service providers who might be in position to do so. With Apple and Android encryption it also is not clear to whether or to what extent communication providers can help, either, if customers can install software.
The key is on the phone, encrypted and protected by a PIN or pass phrase. Those protected by a 4 - 6 digit PIN probably do not worry the authorities, who with access to appropriate emulators probably can image the phone and test the entire PIN space pretty quickly. It seems reasonable to suppose the emulators in development kits would suffice or could be extended suitably in a straightforward way. Their concern probably would be users who have passwords or pass phrases with 100+ bits of entropy.
While I am not a lawyer, I suspect the law is not entirely clear yet on the question of compulsory pass phrase disclosure, or that such a legal requirement would be held unconstitutional base on the Fifth Amendment. Those accused, for example, can be required to produce documents that incriminate them, and can be held in contempt of court if they refuse to produce them; and the documents can be used to support convicting them of crimes. The accused, of course, can decline to answer questions about the material.
It is not obvious that a subpoena could not be used similarly to compel disclosure of incriminating evidence stored in a computer system, including on a smart phone. Compelling disclosure of the pass phrase might well not fly, since that might be used to protect other systems that are not the subject of the subpoena, but requiring the targeted person to enter the pass phrase without disclosing it to law enforcement personnel might be workable.
Well, shame on Apple if they have a key that will decrypt a customer's data. If they do, it is a fair target for law enforcement as well as any hacker who can breach their firewall or social-engineer their staff.
Android 3.0. See:
For what it's worth (off topic) I am reverting after a week or so trial to Google as the default search engine for Chrome. DuckDuckGo returned a substantially less informative list.
The law, in the US, is very unlikely to be changed to require a back door to encryption. That was largely settled a couple of decades ago in connection with the Clipper chip and related proposals for data encryption systems.
In any event, there is a good deal of encryption technology, along with some probably fairly good implementations that, if not known to not have back doors are at least not known to have back doors. There also are quite a few competent cryptographers in the private sector. As long as there is free software we, including the criminals among us, will be able to have and use encryption for privacy, and the police will have problems dealing with it. But unlike Russia, China, and a few others (including some we think of as democratic) the US, and I think other Five Eyes governments, do not restrict the use of cryptographic systems by citizens and are unlikely to do so going forward.
Apple, Google, and other companies can be trusted to look after what their executives and directors consider the interests of the company (and themselves) and their shareholders. In the case of successful companies that will result in products that, like the iPhone and Galaxy, their customers think meet their needs or wants. They now think at least some of their customers want decent encryption, so they (claim to?) provide it.
What nearly all of those commenting on this overlooked is that access with due process - i. e., a search warrant - is exactly what FBI Director Comey was whining about a few weeks ago. That he was unhappy about proper cell phone encryption is his problem, and that of other law enforcement officials, is largely immaterial. Android has had it for years, and Apple for months, and that is unlikely to change. Court orders demanding that companies comply with law enforcement officials in the investigation have been issued before, and they will be issued in the future. The bottom line is that Google, the various smart phone manufacturers, and now Apple, lack the capability to decrypt the content once they provide that assistance.
The NSA Bluffdale data center actually is in Utah, ten or fifteen miles from my house. I have no other association with either it or the NSA.
The question of whether NSA operates constitutionally or not will be decided in due course by the US Supreme Court, not in the comment section of a UK based technical news web site. Aside from that, it is clear that the Congress intended and authorized the FISC to operate in secret, for reasons some might disagree with and which certainly are open to abuse. The silent implication that a court dealing with national security matters is unique to the US, however, is incorrect.
@Phil Koenig: The fact that most FISC proceedings have been kept secret may or may not mean they are not doing the job the Congess intended. The fact the you, or I, do not know about it has no evidentiary value whatever. What has been released, though, suggests they are doing it to a significant degree, and cases headed for the Supreme Court are likely to clarify that and, perhaps, modify what they do going forward.
Manning went to prison for copying and releasing to Wikileaks a large quantity of classified material, including private diplomatic correspondence that was quite embarrassing to the US government and certainly did nothing to promote peace in the Middle East or anywhere else. Assange has so far skipped not only jail, but questioning in a matter that might or might not bring him jail time. Et al? Edward Snowden surely would be facing some prison time, for the exact same offense as Manning, if he were to return to US jurisdiction but does not seem to be inclined that way.
To a first approximation, foreign intelligence is the result of combining and analyzing data from a variety of sources, some of them foreign, about the capabilities, assets, intentions, and plans of foreign nations, groups, and individuals thought to have an impact on the US, its capabilities, assets, public and private organizations, citizens, and residents. That covers a lot, and it is far from obvious that the laws, executive orders, and the agency instructions and regulations that derive from them, actually are overly broad. The NSA and other nations' similar signals intelligence agencies play a significant role in intelligence production. The NSA diffesr from many others in being ratherl better funded than most and having more of their internal activities exposed, by Congressional oversight committees, by authors such as James Bamford, by whistleblowers such as William Binney, and lastly, by Edward Snowden and those who publish the materials he copied and removed illegally.
AURORAGOLD appears to be an activity aimed at developing, maintaining, and upgrading the NSA's capability to collect and analyze data from cell phone communications, an activity clearly a prerequisite to theiir foreign intelligence mission. Nothing in it surprised me, nor should it have surprised anyone who knows anything about history, let alone anyone who has paid the least attention to the news over the last year and a half. The most disturbing thing in the documents linked and reported upon here and by the Intercept is the apparent intent to inject vulnerabilities into communication systems. It is to be hoped that Bruce Schneier is correct, and they are waiting passively to identify and exploit design and implementation weaknesses.
There has been a great deal of imprecision in reporting and commenting on various signals intelligence activities, focused largely on Five Eyes agencies, particularly the US NSA and UK GCHQ, due to documents leaked by Edward Snowden. The probability approaches 1 that the great majority of governments engage in data collection and analysis activities that are essentially indistinguishable in kind, although it is possible they are less extensive due to resource limitations.
It appears to be the position of the governments that their intelligence services need to be able to spy on *anyone* within their remit, requiring that they have access to the full communication spectrum, including radio, wire, and fiber facilities. Given the technical nature of the Internet and cell phone infrastructure it is hard to see how it could be otherwise. It does not imply that they are, in fact, spying on *everyone*, an undertaking that intelligence agency manpower limits suggest is impractical to the point of implausibility. John Poindexter's dream is not one that seems likely to be attainable.
A critical question is how to reconcile the requirement to be able to spy on any legal target, and the corresponding technical requirement to be able to access all users of all networks. In the US, the laws and executive orders, publicly known well before the Snowden Revelations, were fairly specific, overseen by agency inspectors general, the Department of Justice, the FISC, and the responsible committees in the Congress. From published or declassified FISC and other documents we have reason to think they were followed with considerable care, although there were cases of technical and administrative error, legal ambiguity, and analyst misuse for personal reasons. In the aggregate these represent a tiny fraction of the data the agency accessed, although it certainly is not a trivial matter. However it is not clear that anyone has suffered harm from these errors and transgressions.
In particular, there is little evidence, or none, that the data retained has been or is being used to suppress political dissent or create dossiers to identify those citizens (or legal residents) who must be watched for political deviance. We need to be watchful for that; governments sometimes go wrong, but it is likely that for nearly everyone (including those espousing unpopular or anti-establishment political views) the much larger risk is that their credit card details will be acquired by criminals and used to harm them financially.
Innovation in encryption is much less necessary, for now, than verification that existing implementations are not flawed. While it is necessary to keep an eye out for developments in number theory that lower the cost of finding keys, the risk of weak keys or implementations that leak key information is greater by many orders of magnitude.
I might have missed something, but the link given appears to be to a BBC report on the same decision that is the subject of this article, and states that the plaintiffs intend to appeal to the ECHR - in the future.
Every one of the listed software products is free as in beer AND free as in speech. Eight are in the main Debian repository for the upcoming release; Unity Tweak Tool is more or less specific to Ubuntu, but licensed under GPLv3; and Springseed is MIT licensed.
That the FSF would like to purify the language for clarity is OK and occasional reminders may be beneficial, but that shouldn't get in the way of meaning.
I have not seen any Google slowness in Utah. On the other hand, since making DuckDuckGo my default search engine I notice that it is noticeably slower than Google in addition to producing less satisfactory results. Not by much in either area, but I may revert to Google.
"Letting Google (~95% search market share) have too much power to pick and choose what we read is certainly a bad thing."
This is quite backwards. In this case Google's position is that for the type of information at issue it should NOT be required to control what you read.
If I recall correctly, Mario Costeja Gonzales, whose house was sold to remedy a tax delinquency, tried to have that removed from the web site of the newspaper that published the original public record of government action. That failed, and the fallback was to force Google (and presumably other search engine operators) to devise a way to hide it.
Politicians, including judges, do not necessarily understand technology or allow it to operate as intended when they do.
Now my government should follow the Gates Foundation's outstanding example and insist on open access for research that the taxpayers fund, along with public ownership of all patents obtained based on the research. I do understand that the patent thing is problematic, but have in mind the extortionate behavior of Myriad Genetics wrt the BrCa patents. Sorting out and implementing such a policy seems a better way than some others for patent and other attorneys to occupy their time.
Assumptions like "spy agencies were for spying on foreigners ... not hoovering up all data from everyone" overlook a good deal of history. In any case, it would be interesting for those who make them to explain just how, technically, they might do that - how they might get access to foreign communications of intelligence interest without having equivalent access to a great deal, if not all, of the traffic And they should explain also, with some precision, how what they are doing now differs from what they were doing half a century and more ago when they hoovered up as much as they could the entire available radio spectrum, to the extent that they were able to do so, and tapped quite a few cables in addition to requiring communication providers to deliver copies of foreign cable traffic. It is nearly a century since British intelligence snatched the Zimmerman telegram proposing that Mexico go to war with the US.
Downvoted for cause:
1. Back in the browser wars Microsoft also worked to ensure that other vendors' products did not work as well as the installed default, and made it clear (whether true or not) that removing IE would damage the OS.
2. I have just installed duck duck go as my default-from-the-omnibox search engine. It took about 5 minutes and no special knowledge of Chrome.
Customize and Control Chromium -> Settings -> Search -> Manage Search Engines, and fill out the empty line at the bottom. The hardest part was getting the URL right. It is "https://duckduckgo.com/?q=%s"
3. Google is presently at the top because it is demonstrably the best, on average, of the leading general purpose search engines. And that has been so long enough that we use "google" as an active verb much as we often use "kleenex" and "hoover" to refer to tissues and vacuum cleaners. In the meantime those who have been unable to compete seek rents from governments.
"There are many notable instances of mission creep from laws designed to combat terrorism."
If that is true you should have no difficulty listing three or four examples related specifically to telecommunications provisions like those authorized by section 215 of the US Patriot Act or mentioned in the article.
I haven't tried this with Comcast, but a few years ago I had to replace a failed Cox router which, of course, had a different MAC address. It would not establish connectivity until I had a chat with Cox tech support.
Given that many or most of the IP addresses the provider gives out, and the number of computers and users attached to each, the evidentiary value of the information is apt to be quite low, scarcely more, in the US at least, than what is necessary to get a search warrant.
I suspect that those who want anonymity had best change their computer's wireless MAC address and connect from a public WiFi point. That probably won't protect those who are active surveillance targets of concern to a nation-state, but would make tracking more difficult.
Every month or two I routinely try Google, Bing, Yahoo! and Duck Duck Go. By my judgment, the result rankings for exactly the same query typically are
2. Bing or Duck Duck Go in variable order, and close to as good a Google.
3. Yahoo, a rather distant third.
I do not claim a great deal of validity for the sample. I only run one or two queries each time and they are random ones that I happen to be interested in at the time, and hardly ever look beyond the first page. And Adblock+ always is busy blocking whatever it does for a vanilla install. However, I never have seen Yahoo! not to be significantly poorer, or Google not the best of the lot, although on occasion Bing or Duck Duck Go have returned a list identical to Google's
I do wonder if the Mozilla people were thinking of anything beyond the size of the cash bundle.
The point is that the opposition are attempting to get the government to set rules to provide them benefits that they have otherwise been unable to obtain because they are not, in fact, competitive in their own right.
Now if The Register would just enable https we ALL could be terrorist-equivalent at least once.
Upvote for the thought, but is there any reason to think there will be anyone there to provide services?
Retail banks in the US have been trying to discourage this type of behavior for decades, and while they have not succeeded, have made substantial "progress" in some places.
You would be paying the police the £7000 daily for whatever their assigned duties were. There is an excess cost only if their assignment to Assange Monitoring has necessitated additional hiring.
Since a sizable majority of the Senators voted in favor of a debate and vote on the proposed Freedom Act, and those voting against were those generally supportive of military and intelligence agencies, there seems to be no particular reason to think the NSA, or anyone else in the Executive branch, needed a resort to blackmail.
Sometimes the obvious answer is the correct one.
So is Edward Snowden's career any less "over" for going illegal than it would have been for actually pushing within the organization? To be sure, the whistle blower protections, not entirely effective for civil service employees, are less so for contractors. However, it is not clear that Mr. Snowden could not have accomplished as much, or nearly so, by objecting within until NSA advised Booz-Allen that they no longer required his services and then contacting a sympathetic Senator. There has been, after all, very little change in NSA activities, and there is little prospect of significant change in the foreseeable future; and as far as I can tell, the same is true more or less in the other Five Eyes countries. The biggest change seems to be greater use of decent encryption, which everyone should have done years ago anyhow.
The present state of Fourth Amendment law still appears, on balance, to support, or at least consistent with collection of call record metadata without a warrant. Recent court decisions have answered the question differently, and the Supreme Court presumably will resolve the still-open question in due course. In any case, at the time the domestic call metadata program was developed, and extending through most of 2013, both it and the law under which it was authorized appear to have been within the limits of Constitutional behavior, opinions to the contrary notwithstanding.
"a sysadmin can't f*ck up your life by sending the men in black after you"
Probably not the men in black, but the NSA (or GCHQ ...) probably cannot do that either. On the other hand, I very strongly suspect that ordinary (service provider) sysadmins have sent police after viewers of child pornography, and think I have read of a case but am too lazy to support it. I know for a fact that some employers systematically review logs and act on at-work offenses against both work rules and laws.
We were talking here about Patriot Act section 215 metadata, provided by carriers from billing records, logs, and similar sources. Scanning content during transmission would be a different program, XKeyStore, which is foreign intelligence data collection authorized under Foreign Intelligence Surveillance Act section 702.
Concern about possibilities for misuse of collected metadata has a rational and historical basis in the US and perhaps more so in some other countries. Unfortunately, sloppy use of the English language (and doubtless others) in reporting on the "Snowden revelations" combined with widespread underlying distrust of government activities has whipped up a certain part of the population into a moral panic not greatly different from the satanic ritual abuse panic of 25 or 30 years ago.
At the root is a widespread sense that the Government is not to be trusted, that its operators view themselves as better than the rest of us and therefore entitled to make the rules and to to establish and operate the agencies and programs that govern us for our own good irrespective of our wishes. They supply confirmation in the form of comments like Jonathan Gruber's recently outed description of the tactics used to obtain passage of the Affordable Care Act and their rationale, as well as the presumed Presidential action to revise enforcement of US immigration laws, details of which are to be announced this evening. To worsen things, such actions tend to be supported enthusiastically by their supporters without much consideration of the possibility that another President and Congress might act quite differently, although surely "for our own good".
Conflation of "logging" with "spying" and portrayal of the government's capability to track pretty much anyone as a fact that the government tracks pretty much everyone feeds the diffuse general anxiety about whether the government officials consider themselves our masters or our agents. Selective reporting that tended to omit context, conflate foreign and domestic data collection, overlook NSA's internal controls, and deprecate the Foreign Intelligence Surveillance Court except where it found fault with NSA activities have further contributed to a widespread sense that the government is to be distrusted and feared, and the program needs to be stopped, this despite the fact that it has not been shown to be instrumental in any oppression.
The truth is that if you are a target of government interest, there is not a lot you can do about it and they very likely will get you if they want. They can collect your metadata, as well as that of your contacts and their contacts from providers without a warrant and without notification. They can conduct physical surveillance without much justification, and a police officer behind your car will query a variety of databases for your license plate if he has the time. They can conduct heavily armed raids based on sometimes flimsy justification: Randy Weaver, David Koresh and the Branch Davidians, and the YFZ Ranch come readily to mind as probable government overreach. The government's prosecutors can use old or badly written laws to lay on outrageously excessive charges - Aaron Swartz and the Ohio Amish beard cutters, as well as a number of whistle blowers, are recent examples. And the governments' police can seize your property if they think it was used for or resulted from illegal activity. And not a bit of this is even remotely dependent on "mass surveillance", electronic or otherwise.
Jason Bloomberg is quite correct. The US communication metadata is potentially useful after the fact in finding those responsible for criminal (including terrorist) acts. The notion that it can be used prospectively to detect and thwart terrorism and other crimes probably is as much a pipe dream now as when Admiral Poindexter prototyped and advocated the canceled "Total Information Awareness" program. That is indicated by the scarcity of evidence offered by the NSA (and, as far as I know, the other Five Eyes SIGINT agencies), and the data would be similarly (un)useful for identifying anti-government domestic activity.
The most compelling argument against the NSA's bulk metadata collection probably is that for the few hundred times a year it is searched the operation is not cost effective relative to the alternative of executing a series of search warrants against the various communication carriers. If done piecemeal, though, current legal precedent is fairly clear that a warrant is unnecessary.
What does it say about a high rank NSA executive who became aware of the call data collection in 2009 that citizens who read the New York Times knew of about three years earlier?
That said, policy differences are to be expected in any government agency and the approval decision in any case might go either way. There are technical arguments that favor routinely collecting the metadata and storing it in a database. These include timeliness, uniformity of format and content, and availability of data from all carriers at the same time. Those apply irrespective of the internal or judicial controls that govern access to the data. There also are legal arguments and judicial precedents that favor use of court orders rather than search warrants to authorize metadata collection. Many may find them unpersuasive, but until quite recently there seems to have been a lack of decisions in favor of requiring a warrant for metadata collection, and they are part of the legal environment in which the NSA operates.
If I ever choose to switch from Chrome to Iceweasel I'll have to change the default browser. I check several every month or two and Yahoo! consistently runs a distinct third to Bing (2) and Google (1).
Aside from that, how the plaintiff compares with others is not the relevant fact. What counts is how the accident changed her capabilities, and unless the new data can be compared with data from before the injury my reaction as a juror would be to pretty much ignore it in favor of relevant testimony about the injury and her actual capabilities before and after it occurred. Bringing in the Fitbit and a statistical analysis of currently collected data seems a flim-flam to put a gloss of science on a claim.