484 posts • joined 16 Jan 2011
Re: Tail wagging the dog.
"Three words: 'Bay of Pigs'". This is a particularly bad example, as the undertaking was known and approved by both President Eisenhower and President Kennedy. The CIA sponsors evidently were wrong in predicting success, but were operating with approval of their supervisory chain.
Re: Tail wagging the dog.
Re: Tail wagging the dog.
Neither the executive nor the legislative branch of the U. S. government "runs" the USA in a meaningful sense. It is useful to remember that, and that an executive agency like the CIA (or DoD/NSA) does not for long go far beyond what the top level executives and the President approve if the Congress takes issue with it. The process is political at the core, and often accompanied by great posturing and puffing, such as we see today over the CIA and the report on torture.
"Enhanced interrogation techniques" were approved by the President (of the time), disapproved by a later President and (we hope) discontinued. They were investigated by the Congress, subject to constraints established by the executive agency involved but agreed to by the Congress. There is no chance that the President was unaware of or disagreed with this. The article reports claims that both the congressional investigators and their CIA hosts failed to comply with the ground rules. The claims, while serious, will be resolved in the usual way, by the elected officials (both legislative and executive and the executive branch political appointees. The people, as always, will largely* ignore the whole thing.
While the UK has different arrangements, possibly somewhat less constrained by semi-immutable documents like the US Constitution, I expect things are done in much the same way. In either country, governments may change after varying periods, but the regime is almost certain to remain largely unchanged.
*One of the main exceptions being those who comment on articles like this one and the NYTimes article on which it is based.
Re: To the first AC:
I. e., "the future will be like the past". That's one model, a really simple one, and maybe not the worst. The real questions are (a) has this occurred because we are burning the carbon based combustibles many orders of magnitude faster than the sun is remaking them; (b) if that is so, is there anything even remotely possible, politically, that would change it favorably; or (c) would it be better to try to anticipate and mitigate the effects?
Re: "Merely...make money"
"The act of viewing something on a computer screen is publishing (i.e. making a copy)."
If that is true, it is just one of the things wrong with copyright law as presently constituted. The notion that I should be prohibited by law from installing on my equipment a program to pick and choose what things to display on my screen is simply perverse, much like the idiotic notion that maintaining a copyright beyond 10 - 20 years from the initial creation date provides a meaningful incentive to create new works rather than a disincentive.
Good luck suing the US Government for money.
Re: Well, perhaps not all the tactics.
Schneier appears here to have been discussing hardware and software machine implants and techniques for capturing cell phone communications. Within the national boundaries, police (types) have been using similar techniques for a long time to bug machines (mostly with warrants), as have criminals. There are differences in detail, but nothing really all that new. They have no overwhelming need to build bogus cell towers, since they can obtain authorized access through the courts. Criminals may find it useful to emulate this, and with dozens of software defined radios priced in the under $1000 range it is doubtful that they will be as much as 3-5 years behind in that.
Re: This makes you want to weep...
Which is more at risk: your money or your liberty?
In the U. S., it appears overwhelmingly to be money (Target, Nieman-Marcus, ...). Nothing I know about the UK suggests it would be different there. What these agencies do may seem creepy, may not be worth the very considerable expenditures, and certainly could be misused. However, reports of actual misuse seem to be even scarcer than verifiable successes.
The uproar over spying by government established spy agencies is at least as much a moral panic as that over "terror". The latter at least is rooted in actual events.
Re: Since when
And there are, of course, powerful incentives within the USPTO to approve patents applications rather than deny them.
Re: Pure BS of the finest quality
An upvote for the reminder that Dual_EC_DBRG was known for years to be a bit funny.
A few points, however:
- It's a fine point, to be sure, but there is not, as far as I have seen, proof that NSA knows the particular values that would make the generator an open book. It was known early on that the generator was biased, and that should have been enough to make anyone knowledgeable (like RSA, perhaps, or NIST) wary of using it. The Shumow and Ferguson paper showed that numbers exist that would make the DBRG predictable to one who knew them. They did not demonstrate a way to obtain them. I have seen no reports of evidence that NSA knows them, and don't know that the values are an automatic byproduct of, or even obtainable from, the construction method specified in Appendix A of the NIST recommendation, which might actually have been used to produce the publicly revealed constants.
- I was unwilling to cough up $100 to see the specified X9.62 standard, but anyone who was, or had access to an X9.62 validated generator could generate their own initial points and be free of the suspicion that NSA had the secret points that would break their generator.
I may be wrong in this. I am not an expert in the field, nor widely familiar with the published (or unpublished) literature; but then neither are the vast majority of those who have written or commented about this issue. That said, I would judge the claim that Dual_EC_DBRG was backdoored to be "not proved", along with the claim that RSA is guilty of accepting a bribe to include it.
Dual_EC_DBRG in its standard implementation is questionable for both bias and the possibility that NSA (or someone else) might have a back door, but an independently produced implementation using different constants might be free of those concerns. It does occur to me, however, that it may be difficult to pick initialization points for the algorithm to produce unbiased output: If it were easy, NSA surely would have done so, whether or not they were simultaneously creating a back door.
Re: What a baffoon
Better yet, disconnect them from the public internet and either control them manually on site or run an additional additional and purpose built network, with no interconnection (not even the same PC/terminal) for remote maintenance. That will increase costs (but also employment) and take time to deploy, but eliminate a lot of opportunities for mischief. We really ought to be doing that even now. We have gotten a bit lazy and may have to pay the price.
No, and again No. First, the market in document editors did not determine the success of Word. That largely was determined by the market in desktop operating systems, in which Microsoft had, and exploited, a near monopoly. Second, a government has, or is supposed to have, non-economic interests such as very long term support and transparency that may be as important or more so than any economic ones. The Magna Carta, or the U. S. Declaration of Independence/Constitution are readable now by people skilled in the language and writing of the time they were written, as we might wish for legal documents prepared now in machine readable form to be accessible 50 or 100 years in the future. There is more reason to be confident that that will be true if they are prepared in a format based on a transparent standard such as ODF than on one like OOXML that is translucent at best. My personal preference is UTF-8 done with a plain text editor for most official documents.
Re: Open Source Means Choice
You are entitled to your opinion, and to use word - just be sure to use its ODF capability in dealing with your government. For myself, I had an approximately 20 year battle with various Word versions due to their propensity to corrupt my document with formatting information from copy-and-paste snippets. The results - font changes, sections of light yellow text on white background, and the like - proved impossible to suppress and quite annoying to fix.
I don't understand at all the mention of "a financial reason for [Microsoft's document formats] to succeed". They have more than once orphaned their own document formats and don't seem to have been laggards about installing new features that break old formats and software versions. One might almost think this resulted from an incentive of a different type.
Competition: Cox v. AT&T
A couple of years ago (in Cleveland) I was induced to switch from Cox to AT&T, which had just brought fiber to the neighborhood (still copper to the house, though). This was based on a promise of more speed for fewer dollars. Not much risk, since AT&T ate the installation &setup fee and allowed free 30 day evaluation. The results:
Cox 15 Mbit (usually measured at 20 - 25) @ $50/mo. v. AT&T 18 Mbit (usually measured 10 - 12 and never exceeded 15 when I checked) for the same $50/mo. AT&T also destroyed the existing Cox feed by cutting cables, one of them mine, at several points. They also hassled about termination and equipment return when I switched back.
Others' experience may differ, but Cox always seemed to keep ahead of the operational demand and, at least in my neighborhood, generally delivered better than the plan spec. I look forward with anticipation to the possibility that Google will arrive in Salt Lake City to compete with Comcast ("up to 50 Mbit, usually less than 35, @ $70) and CenturyLink (in my neighborhood "up to 6 Mbit" @, I think, $30).
Re: The USPTO
Evaluate examiners on applications completed, keeping mindful that denying an application will likely lead to refiling with amendments, possibly many times. Of course, the application is incomplete until either the patent is granted or the applicant exhausts all options for amending it, something that might take years. An examiner who acts deliberately will act less quickly, receive a lower appraisal rating, be less likely to receive awards, pay raises, and promotions, and in the end, more likely to seek more rewarding and remunerative employment elsewhere. One who completes applications quickly after cursory review to ensure proper spelling and grammar will receive outstanding appraisals, performance awards, pay raises, and promotions. The "best" eventually will fill the top level executive positions. The USPTO is a bureaucracy, and Imhoff's Law applies.
Re: I am pleased
We in the U. S. have a nearly incomprehensible array of government entities. To begin with, there are the federal, state, county, and municipal governments, each somewhat independent of the others. But beyond that there are numerous "authorities" set up for special purposes, such as the recently (in)famous Port Authority of New York and New Jersey, or the less well known Ohio Turnpike Authority, established about 60 years ago to oversee construction and operation of the Ohio Turnpike until the 40 year construction bonds were paid up from the tolls charged (after which the tolls were to be eliminated. Still in business, it recently raised the toll rates substantially. If that were not enough, we also have aownship supervisors for unincorporated areas and a variety of semigovernmental committees to deal with issues like regional development promotion that are of interest to a number of government entities but not clearly the responsibility of any.
For those of us with certain attitudes it is an endless source of entertainment.
Contrary to many/most commentators, I look forward to (possible) arrival of Google fiber in my neighborhood. Our present vendor, Comcast, delivers decent, but sometimes burdened, service for a rather high price and competition would be good to see, as would the implied 20 - 50 fold speed increase.
As with any other infrastructure, it will be put first in population centers, and to prevent its becoming a loss center Google may decline to extend it too far into the boondocks and other solutions may be appropriate. However, Provo tried that a few years ago and apparently didn't do it awfully well, hence their willingness to give it to Google and pay additional to document it.
Re: Has ANYONE dared check in at a US airport ...
They might indeed. But would not the offense here be the "passing off", not the mere use of the logo? Even the U.S. law cited in the article conditions the offence on implying the endorsement of the NSA rather than the use as such. That might be unconstitutionally vague, but when, as in the Liberty Maniacs case, there is no question of agency endorsement, existing First Amendment law almost surely would end things. On the other hand, there probably is no problem making it illegal to pass oneself off as a government official, nor with putting in evidence that a copy or near copy of the agency logo was used in furtherance of an impersonation. But the offense would be the impersonation, not the use of a symbol.
There is absolutely nothing about this that is peculiar to the NSA or indicative of totalitarianism. People with a little authority and a larger sense of self-importance sometimes act before thinking of consequences (and appearances) and wind up looking quite foolish, as in the case of the now famous Salt Lake City school lunch fiasco. It nearly always is safe to bet on human error and stupidity against plots and conspiracies, especially if the latter involve more than a few dozen.
Beyond that, the law in question appears doubtfully applicable; there is no chance at all that the articles in question could be judged "reasonably calculated to convey the impression that such use [of the NSA seal] is approved, endorsed, or authorized by the National Security Agency." It also is near certain that any action of this type would fail a First Amendment test in the first court, as the government's capitulation suggests they might also have thought.
I thought this had been settled a couple of months back when The Register (I think) had an article on it and I ordered one for myself (mug with "Spying on you since 1952").
Sometimes bureaucrats - managers in a bureau - have a sense of humor, but most often not. Those who work in a bureau are much less likely to be offended. I suspect that if I had a dollar for every one of these mugs in the NSA facility at Fort Meade I could take my wife out for dinner at a high end restaurant and have some change left.
Re: Enterprise software licensing is so much fun...
My conversation with an Oracle customer support representative several years ago about Oracle DBMS led me to conclude that they were happy to have the product downloaded and used for development on a single user machine but that anything beyond that would require purchase of some kind of license. Exploration of the meaning of "beyond that" yielded up that they would consider the following to be violations:
- installing and running the software for any purpose other than application and database development;
- running it for any purpose on a machine that would allow more than one concurrent user.
The context was that we would have liked to put it on a surplus HP 9000 for some skunkworks like development involving three or four developers; the answer was that they would expect about $30K to purchase and $10K annually for maintenance. We chose a different approach to the problem.
Peoplesoft licensing might differ but, knowing Oracle, I doubt it would be advantageous to users.
Re: Google worse than NSA
So you load (in the earlier post) all badness on the NSA when, as we in fact agree that the problem is much more complex.
I am less ignorant of U. S. history than you appear to think, but do not think the U. S. government has, operating internationally, behaved a great deal differently - either better or worse - from the average major power. That certainly includes a sizable share of the bad, and of the stupidly bad, nearly all of them initiated or sanctioned by our elected legislators and carried out more or less enthusiastically by the executive branch. And that was my point in a slightly later post: the NSA is not THE problem, nor is the CIA or FBI or any other executive branch agency.
The real problem is in the laws and policies that established these agencies and govern their operation. As shocking as they were to many, the documents Edward Snowden released, and the additional ones later declassified, indicate that, in the main, the NSA operated within its charter, reported on itself when it identified errors and abuse internally, and when chastised by the FISC on occasion for exceeding the limits of the laws and executive orders, they modified their programs in response. The documents also show that, allowing for 40 years of technology change, NSA operates now in nearly the same way it did before FISA enactment in 1978. They do not show an out of control agency that is making things up as it goes along. The situation with the CIA probably is similar: we know for sure that the President exercises personal control of drone assassination of U. S. citizens, and it is between probable and certain that all major CIA initiatives going back to the agency's beginnings were known at the time to the President, the cabinet, and at least selected legislators in both houses of Congress.
Indeed, many were widely known and supported by the Press and public opinion, at least early on. And that, I think, is a major part of the underlying problem. A poisonous combination of political and historical ignorance with periodic moral panics leads to atrocious public policy choices. During the last century or so we have had two Red Scares, a "fifth column" panic on the West coast at the start of WW II, anti-alcohol and several waves of anti-drug hysteria (and seem to be starting another even now), the Satanism and pornography panics, and the terrorism panic. From those, with enthusiastic support of much of the population, we have got a huge amount of criminal activity that extended into Canada, Mexico, and other Central and South American countries; four rather large undeclared wars, the most recent associated with renditions and officially sanctioned assassinations; internment without due process of more than 100,000 of Japanese origin, most of them U. S. born citizens; serious attempts to suppress First Amendment rights in the '50s, '60s, and '70s and questionable, if not illegal, collection of communication data since the 1940s. In addition, scores of people were jailed or blacklisted based on their leftish political leanings and quite a few others were convicted and given long sentences based on testimony from carefully indoctrinated small children about acts that were impossible or for which there was no corroborating evidence. Unfortunately for those who argue that the government and its various agencies aim to oppress us and become our rulers, most of this resulted, directly or indirectly, from legislative and executive actions taken with the support or acquiescence of a majority of the population.
And now we have yet another moral panic, about privacy. It is expressed at Google, Yahoo!, Facebook, and the like, who know mostly what we choose freely to let them know; and very slightly more recently, the NSA, which collects huge amounts of data about both U. S. residents and others. I suspect this will be merged to another budding panic, over theft of personal financial and credit information. This will result in many stern editorials, great stirring among the people, and demands that Something Be Done about it. Our dutiful legislators, having tested the wind direction, will comply as they did when the question was about Communism, drug addiction, or terrorism. I know no reason to believe that the results will be appreciably better.
Re: Google worse than NSA
Mixing agencies, here. NSA may supply information leading to drone targets, although it probably is not the only source of such information. Drones are sent, sometimes based on direct instruction of the President, by either military forces or the CIA.
The problem, to the extent there is one, goes much beyond the NSA to encompass a significant part of the executive branch; and in various ways the congress is seriously implicated as well. The question to ask here might be "would anything be much different tomorrow if the NSA were shut down and all of the data it has collected were destroyed at Midnight tonight?"
Re: Google worse than NSA (@Don Jefe)
With all due respect, I think this is well over the top. Please provide references to identify those "disappeared" or even prosecuted as a byproduct of NSA programs. It is one thing to be alarmed at the prospect that these federal government activities could be used maliciously in oppressive ways and quite another to suggest that they have been or even are likely to be. It appears to me that for nearly everyone there is much greater actual danger from local police, with sticks and guns, or from local and federal prosecutors with subpoenas and warrants, than the NSA. And the risk of financial loss to which the post alludes certainly appears, in the light of recent grabs from Target and others, to come much more from criminal hackers.
I do not claim that what my government is doing through the NSA and other intelligence agencies is a good thing, but that its actual significance is being overstated relative to a large number of other risks.
As a US tax payer, and having scanned the document I am impressed - that some number of people could labor for a year and release what superficially is a useless POS. As a former government employee (DoD) I can state that more useful documents have been available internally from Defense Information Services Agency for some years. Some is available only within DoD, but good deal of it is available to the general public.
Re: How about @HollyHopDrive
At a party in 1999 I was told by the deputy CIO of a regional (but growing) bank that their plans were to implement only browser based applications going forward and tp replace existing workstation based clients as quickly as possible. As he put it: "I don't want to be maintaining 3,000 desktops." I believe banks are not among the most adventuresome in deploying IT. Remote management software has been much improved since 1999 but the point remains valid. It sounds as if the UK NHS and its various components had no long-term plan for managing the application software that supports the medical staff and patients, and their plan, such as it is, is to continue to have no plan but to default to Microsoft.
One wonders whether the Linux path taken by Munich and by the larger French Gendarmerie might have been both possible and advantageous if initiated at the time the XP EOL was announced.
Someone should explain how any of Ms. Kroes's suggestions would prevent anything NSA or similar SIGINT agencies have been seen doing, accused of doing, or might possibly be doing or able to do that we don't know of.
Seems like a power grab attempt.
Re: Old Neelie is good for a laugh!
At ~1800 UTC, 11 downvotes from those immune to truth and rational thought.
Nothing in this article or the NBC and Spiegel articles to which it links reports anything we should not expect "our country's" intelligence services to be doing on a regular basis to the full extent of their capabilities, for any value of "our country". Capture and publication on youtube of the now famous telephone conversation between Victoria Nuland and Geoffrey Pyatt may be officially unattributed but certainly was not done by any of the Five Eyes SIGINT agencies.
Re: Yeah sure...
While I am skeptical of statements like this from GCHQ and our NSA, I do wonder why they should be thought less "truthy" than those of Edward Snowden, Glenn Greenwald, etc. Certainly there is no significant evidence in what has been published to warrant equating either agency with the Stasi or similar. The closest I have noticed in the US are local police departments and on-the-make prosecutors, hardly any of whom need or rely on SIGINT agencies.
As an aside, in the US before 1861 (a) slavery was illegal in many places, (b) not all slaves were black, and (c) not all slave owners were white. Slavery was not permitted in much of US territory from about 1820 forward. I'm not aware of white slaves, but some number were native American, and some number of slave owners were black; small numbers, to be sure.
Let the downvoting start.
Re: "Mobile 'killswitch' mandate"
Perhaps you are not a "US Person" and so are led to understate our problem. Here, "the government" includes at least federal and state governments able to do serious mischief, and sometimes (e. g., New York) city or county governments as well. In this case, the California state government, pretending at sovereignty, proposes the ill-considered solution to what largely is a non-problem or at most an embellishment of an existing one. In this case as in many others, the government acts with the best of intentions, not a plan to harass and suppress the citizens.
I am inclined to wonder exactly who would run a "formal marketing test", how it would be conducted, what standards would be used to judge "fairness". After all, nobody is compelled to use Google, and Google is not the dominant search engine because it was first in the market. Yahoo, for example, preceded it by three or four years and became an also-ran because more people chose freely to use Google than did Yahoo or other web portals. It is not clear how to construct a better market test than that.
Re: To get around the muzzling orders...
In the long run it is likely that intelligence services of various other countries, some operating under fewer constraints than the NSA, and the police agencies of those countries, will cooperate with US officials to deal with terrorism and criminal activity. As they have in the past.
Moving to the Principality of Sealand sounds interesting, but it is not clear why anyone would want to move to a place where there are no legal protections at all. My own inclination would be Iceland, with both reasonable laws and power availability.
Re: Twitter stands alone on this?????
We should keep in mind that there are two components to the data collection. One of them, the wholesale scanning of traffic, is not the subject here. The other is data demands made by warrant or subpoena. It would, indeed, be nice to have some numbers describing the total of all NSL and FISC orders, both the number of orders and the number of accounts. The only real source for such data would be the national security agencies which issue NSLs and the FISC or the agencies that obtain the orders. Such numbers might overstate the problem, since there almost certainly are instances in which account information for a single individual is demanded in multiple orders; but that would not be a bad thing, and the government would be in position to supply a count of the unique individuals affected in addition to the raw figures.
It is all but certain that many would disbelieve any such reports, although the authorized reports by the respondents would provide a way to validate at least their plausibility.
Fewer than 903 requests touching under 1400 accounts out of however many million Twitter has seems a bit short of being evidence of a police state in the making, especially as the number has not changed greatly over the last year and a half. Twitter's description states that these requests are made "typically in connection with criminal investigations." In the USA that would require a warrant or subpoena, usually from an ordinary court. Their presentation of all requests in a single category clearly indicates that the number of FISA requests and NSLs is quite small.
I think they are trying to draw attention from their less than stunningly good financials and that we can easily find more worrisome things, such as credit information leaks, with which to concern ourselves.
Re: From Desert Fox to Desert Ox
Recalling that the NSA is in the Department of Defense I would not be so quick to dismiss military hackers' skills or intelligence. On the other hand, the idea that the DoD put out a cyber hit on Hastings almost certainly is paranoid fantasy.
Re: Not another NSA article
But, for those who didn't read the source document, the article referenced at footnote 32 on page 11 describes certain Internal Revenue Service capabilities and activities. While thinly sourced and quite vague (much like reports about the NSA), it suggests rather strongly that the NSA is not the only threat we Americans face from our government, and for nearly all of us it is a far more salient one.
Re: Wrong analogy
I am fairly libertarian by inclination, but the paranoid strain gets a bit tiresome after a while. Please provide the locations of your UK gulags as evidence of parity between the old USSR and the UK. As far as I am aware you are under far more surveillance in the UK than we in the US, but have not heard where you store your zeks.
Re: Great, so that means they're going to issue cryptographically signed releases as well, right?
Maybe the real tragedy is that Microsoft probably is quite correct in thinking this exercise will convince the marks of their purity.
Re: Great, so that means they're going to issue cryptographically signed releases as well, right?
"crypto accelerator drivers and some of the crypto libraries used to be unavailable under that program."
For real? That alone should be grounds to cancel the order unless the applications have no current or future need for encryption, or the manufacturer's crypto is to be disabled and replaced by something for which the source is available and can be built on the machine it runs on.
Re: google site:microsoft.com
Thanks for the reference to "bing it on". Tried it, and it confirmed my previous evaluation. In this case, Google 3, Bing 0, Draw 2, generally in the range I've seen before. Having failed for years now to compete successfully, Microsoft engages its pet public interest group to lobby for hobbling the more successful search service.
Re: @ Tom Dial
First to market maybe?
We may draw our own conclusions as to whether paying competitors not to make generics after patent expiry bears a similarity to racketeering. It is not entirely clear which party would bear a greater share of blame, but it is entirely clear that the losers are those who might benefit from the drugs at issue.
"Most breakthrough medicine has come from public institutions such as universities." And much of that paid for with grants of public money - i. e., taxes.
This type of thing really needs to stop, and that does not depend on whether you like or hate Google, Microsoft, Apple, or one of the more egregiously victimized RIM, to name a few. I have contended for years that a programmer who does not infringe at least a patent a day should be fired for idleness. Software patents need to be killed and a stake driven through their hearts. Increasingly I find it difficult to sympathize with any patents at all, as most of them impede progress as much as they promote it.
The old tradeoff of monopoly in exchange for disclosure is pretty much totally broken in the case of software patents, and in the US, at least, a great deal of the remaining patents are bought in large part with taxpayers' money in the form of research grants. Even in the drug business, so often the favorite rationalization of patent proponents, the advances often are marginal, the games the drug corps play to extend them and suppress competition are close enough to racketeering in their structure as to make the distinction difficult.
Remember what happened when Massachusetts tried this. There may be more to come on this.
Re: Missing the point
I miss the point about secure distribution of public keys. Public keys are, well, public. The primary difficulty is knowing for sure whose key, which can be verified in a number of ways, such as direct personal delivery, key signing by trusted endorsers, or direct communication (out of band, such as telephone) of either the key text or its fingerprint. Virtru may be trying to take the place of a trusted endorser (the Public Key wrapping). To that I ask "what will they do to earn my trust?"
Someone also should explain how, other than using Tor or similar, one could anonymise the metadata.
I call BS
"Research from Harris Interactive, commissioned by Virtru, found that 83 per cent of Americans are concerned about the privacy of their email communication, and even more have not yet taken steps to secure their email because they don't know how. Americans worry about being targeted by advertisers based on the content of their private emails (83 per cent) as well as messages being read by unintended recipients (75 per cent)."
Harris Interactive, is not what I think of as a purveyor of anything approaching valid research. They self-classify as a market research firm, their web site reeks of shilldom, and their respondents appear to be self-selected and perhaps drawn in by the rewards. It does not improve the credibility of this research, so called, that Vertru hired it done, perhaps to bolster a business plan and justify funding solicitations. I was unable to locate the actual poll results or the interview schedule on which it might have been based. In particular, the wording of the questions is important and might explain why the results seem to show that 5 Americans of 6 express "concern" about email privacy, but fewer than 1 in 6 report having done *anything* about it because they don't know how.
GPG, and I assume PGP, just are not that hard to set up for POP3 and IMAP clients, and Mailvelope, despite having some issues that require care in use, also is not that hard. It is likely that the level of concern really is quite low and that its extent in the population will decay over time back toward whatever was normal in years previous to 2013; and that the great majority of those who "don't know how" didn't actually take the trouble to try and find out.
Somewhere between many and almost all of the comments are seriously over the top. There are on one hand those which fix on the massiveness of the surveillance and its assumed infringment of liberty, and on the other those (far less numerous) which suggest that to prevent terrorist attacks it somehow is sort of warranted. Both claims are, in the present, more than a bit far-fetched.
There is very little evidence, if any at all, that the domestic phone and other metadata and its analysis has led to any general loss or infringement of personal liberty. There also is little or no evidence that this data has been very useful, let alone essential, in preventing any attacks. Both are understandable inasmuch as the data seems actually to have been used in the order of a few thousand times a year. Arguments on both points seem more hypothetical than real and are likely to remain so.
I suggest that we are experiencing the early phase of a moral panic, itself fruit of the earlier moral panic that followed upon the 9/11 attack and was enhanced by the Madrid and London bombings. That this is so is suggested by the fact that there seems to be little similar opposition (yet?) to the US Postal Service collection and retention of the corresponding metadata for all first class mail (to "prevent" further anthrax attacks?) or to the cameras on nearly every street corner in US and UK cities. None of this surveillance has any real utility in identifying terrorists (or, indeed, more common criminals) either before or after they act. Yet as far as I have seen, only the Section 215 metadata program has generated widespread opposition.
The plain facts are that the Section 215 metadata program appears to be effectively useless for its claimed purpose, is extremely unlikely ever to become effective, and costs a lot of money that could be spent much more wisely (although the amount, in federal, or even DoD, budget context really is not very large). Although it could be used by a malevolent government to suppress dissent, there is no evidence that it has been; and a government out to suppress its citizens has plenty of cost effective means to do so, goons and truncheons being among the obvious. It could at the margin be used to intercept terrorists before, or more likely after, they act, but either probability is small and evidence of either is seriously lacking. Even then, its admissibility in a criminal proceeding and its acceptability to jurors are doubtful. We should do without this data, avoiding the small risk of its misuse, and accepting the small risk that it would be necessary, as opposed to merely expedient, to disrupt plots and capture plotters.
Re: I feel sorry for the guy
I don't think "innocent until proven guilty" applies here (yet). If Mr. Snowden were to be arrested, arraigned, and brought to trial, the ground rules would be such that the government would need to prove to a jury beyond their reasonable doubt that Mr. Snowden had committed the specific actions that constitute the crime(s) charged. Absent that he would be found not guilty and released, and could not be retried on the same alleged offenses.
Juries may, in some circumstances, consider a defendant's state of mind in reaching a verdict, but generally are not supposed to decide guilt or innocence based on whether they think the defendant had good intentions. Jury nullification, however, is rare but not entirely unknown.
And on what basis do you make this rather extraordinary claim? A single example would be quite illuminating.
- Does Apple's iOS 7 make you physically SICK? Try swallowing version 7.1
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Hands on Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update
- Video Snowden: You can't trust SPOOKS with your DATA
- 166 days later: Space Station astronauts return to Earth