* Posts by tom dial

1106 posts • joined 16 Jan 2011

Page:

Net neutrality: How to spot an arts graduate in a tech debate

tom dial
Silver badge

But: infrastructure to consistently deliver 99.9% or more of packets with no more than 20 ms latency may be costlier to build and operate than what is required for delivery of email where minutes of delay is likely to be somewhere between unnoticed and quite acceptable. Many of the comments here seem to relate to how the differential should be billed.

0
0
tom dial
Silver badge

Re: Except that....

As a Netflix and occasional Amazon streaming customer I consider it in my interest if the source, intermediate, and delivery communication providers can provide consistent unpixelated video content delivery that is within the buffering capability of my TVs. That may cost more in network investment and operation, and I see no reason that the cost necessarily should be recovered in part from those who are not Netflix or Amazon customers, and it makes no difference to me whether the collection is directly from me or proxied by Netflix and Amazon, who would pass it through to me anyhow.

My guess is that network neutrality works best when network capacity at all points exceeds traffic by a factor of 5 to 10 and begins to break with increasing frequency as that factor declines from that.

0
0

Ex-HP top aide in the clink for racking up $1m on company credit cards

tom dial
Silver badge

One shareholder, one upvote!

See subject.

3
0

What's Russia smoking? Kremlin bans Wikipedia for dopey article

tom dial
Silver badge

Re: @Chris Parsons -- Russia is a slow-mo failed state

In the United States, lobbying, whether or not one likes it, is rather difficult to describe as "corruption", as it is a constitutionally protected activity. The exact wording, in the First Amendment, is "Congress shall make no law respecting an establishment of religion or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances".

That last phrase legitimizes lobbying and makes it difficult to restrict much beyond making bribery illegal. But that may not matter greatly, as a legislator who takes side payments for exercise of official duties is as corrupt, or more, than one who offers the bribe, but is subject mostly to discipline by other members of the legislature, something that legislators seem loath to do. The Congress also may be disinclined to regulate lobbying (within First Amendment limits) because public relations firms and policy advocacy organizations always are eager to hire former legislators after they retire or their constituents dismiss them. And in the end, it is the voters who decide whether to retain a Senator or Representative because he (or she), possibly corruptly, acts to their collective benefit, or to elect someone new who will do a better job.

0
0

Ex-Prez Bush, Cheney sued for email, phone spying during Olympics

tom dial
Silver badge

We (the US) certainly are increasing the number of surveillance cameras. On the other hand, I have not seen meaningful evidence of their use in either the UK or the US to affect personal liberty of, or even to track actively, those engaged in their ordinary activities, whether legal or not. Like telephone and internet metadata, they appear to be used to collect information that can be mined after a crime is committed to help identify and track suspects, or to track those suspected on other grounds of planning a crime. This is as one might expect based on the ratio of possible watchers to citizens, which I suspect in the US is well under about one per 10,000; this is much smaller than the number of police officers on patrol to citizens, which for New York City probably approaches 1 in 1000. In the middle sized suburb where I used to live there typically was about one officer on patrol for each 2500 residents and the 8 observation camera displays were visible to one officer, the shift supervisor, for every 50,000 residents.

0
0
tom dial
Silver badge

Re: No Chance (You're Right!)

It is likely that since the 1972 Olympics in Munich, Germany (if not before), every host country has conducted intense surveillance, both physical and electronic, of the entire area and its surround for months before and during the events. Given the nearness in time of the 2002 Winter Olympics to the attacks of September 11, 2001, the US might have increased surveillance beyond initial plans, but the surveillance probably would have been well into the planning stage by 2000 or early 2001 and probably would have included much or all of what actually took place.

0
0

Security fears arise over body-worn plodcam footage

tom dial
Silver badge

The rush in the US to mount body cams on all police officers so as to gain proof of or prevent allegedly unprovoked police murders of unarmed civilians of color often has led the advocates to skip over a variety of considerations. Cost is one. Despite the federal government proposal to offer money for purchase of a significant number of these, the ongoing operating cost remains largely unaddressed. Another big one is privacy, noted in this article. Many police encounters are for domestic matters likely quite embarrassing to all parties and in the end often of little or no enduring interest and not worth storing (and risk of public exposure). Repositories of such videos surely would be attractive hacking targets. In addition, custody and authenticity of police or other videos of events involving police could be an issue in later court proceedings. Some of the videos that were objects of great interest in connection with claims of police misbehavior either clearly were edited (Eric Garner's arrest) or were temporarily suspected of editing (Sandra Bland's arrest). Any editing of these particular videos probably is immaterial to any subsequent legal action, but as the number increases, chain of custody and security will be a significant issue if anyone wants to use them as evidence.

As often happens, people lock onto simple answers to complex problems that are likely to be wrong or at least far from complete (credit to H. L. Mencken). Police use of body cameras may well inhibit bad behavior by both police officers and their clients, but will not end either. It is too easy for a police officer to turn off, forget or omit to turn on, or for a camera to be knocked off during an encounter that turns nasty. On the other hand, if these cameras are to be left running at all times the amount of mindless video collection is quite large, nearly 1,000 hours daily for the force in the middle sized city where I used to live that typically had 16 officers and 4 supervisors on patrol.

2
2

NSA-resistant email service Lavaboom goes BOOM! (we think)

tom dial
Silver badge

Every OS is likely to have vulnerabilities, and they will be zero day vulnerabilities until their existence is found and disclosed. While I prefer Linux for various reasons, provably better security is not one of them. In particular, I do not think it is reliably established that it is less subject to software vulnerabilities than Windows or MacOS; OpenBSD or FreeBSD may be more secure, but I do not think such a claim is provable.

Thunderbird, Enigmail, and GnuPG are equally available for Windows as Linux, and seem also to be available for MacOS, FreeBSD, and OpenBSD. They take a bit of effort to set up and use, but no more than most ordinary users - if motivated - are capable of, and not much more, if any, than ProtonMail. In my experience, it is difficult to convince most people that email encryption is worth any effort at all.

ProtonMail may provide easier to use public key management than GnuPG or PGP, but it seems to require users to trust them.

For nearly everyone, the security of either ProtonMail (or similar services) or Thunderbird with Enigmail and GnuPG will be entirely adequate, as they are not, in fact, targets of any SIGINT or law enforcement agency.

Anyone seriously concerned about intelligence and law enforcement agencies should use other methods than email, or should handle all email encryption or decryption on equipment built from rather old components; enclosed in a windowless, soundproofed, and electromagnetically shielded room and powered with a battery or generator within the room; and never connected to the internet. Encrypted messages should be transferred from and to that machine using media that cannot convey malware. CDs or degaussed and freshly formatted floppy disks probably are ok for outbound, but are a risk for inbound, for which, paper and typing may be the only safe way. For such cases, ProtonMail might be a good delivery vehicle for messages already encrypted using GnuPG, as it seems to provide metadata security that may exceed what is possible for Enigmail with GnuPG.

0
0

Mainframe big boy Big Blue tries to drum up new biz via Linux

tom dial
Silver badge

Re: Meh! Nothing really new here.

It would be helpful if those who vote against statements that purport to be factual provided statements of the reason why. If the claim is incorrect, evidence of that makes sense; a simple downvote leaves readers with no particular knowledge to wonder why. There is a difference between contesting a claim because it is false and contesting it because the downvoter, recognizing it as true, is unhappy about that.

Upvoted, based on the knowledge or belief that the Linux kernel is able to run on bare zSeries hardware and that DB2 for Linux will run on processors with IFL engines, i. e., that Gumby's statements are correct.

1
0

PALE, MALE AND STALE: Apple reveals it has just ONE black exec

tom dial
Silver badge

Re: So?

Why would you say "we" have a problem?

It might be that the company has a problem, probably best addressed by the directors, in that the hiring officers are using criteria not very likely to be related to capability to do the job. That is true equally whether an individual is, or is not. hired or promoted based on such criteria. Preferential hiring based on race, sex, or gender identification is as invidious and inappropriate either way.

2
0

Hillary Clinton kept top-secret SIGINT emails on her home email server

tom dial
Silver badge

Re: On the other hand...

It is not evident that the clintonemail.com administrator would know if the system had been penetrated. Was it configured for security? Was it patched regularly? Was it protected by a firewall more advanced than that on a Linksys consumer router? Were all the factory default passwords changed to be unique and non-obvious ? Was an IDS installed and operating? Were there regular backups? Were the backups replicated off site? Was there a contingency plan to deal with outage?

Whatever the deficiencies of the State Department IT management and staff might have been, there is a pretty good chance they could answer in the affirmative for all their systems. In the case of clintonemail.com, the contingency plan seems to have been "wait for the water to recede and the mains power to return", arguably an entirely inadequate plan for the sole email provider for a cabinet member and top level executive of a major federal department. I have not seen reports that discuss any of the others.

1
0
tom dial
Silver badge

Re: @smudge

The law (FISMA) and State Department regulations that apply do not prohibit use of a privately owned and operated server to process and store US government data, although they establish fairly stringent requirements, given partly in NIST 800-53. It is not impossible that Ms. Clinton's server satisfied all the requirements, and was certified and accredited by the State Department CIO. If that were true, though, I expect Ms. Clinton or the State Department would long since have announced that fact. Neither has done so.

Whether the clintonemail.com server was more or less secure than those at the State Department is no more than idle speculation.

0
0

Doubts cast on Islamic State's so-called leak of US .mil, .gov passwords

tom dial
Silver badge

Re: President Password

The passwords described would not have worked in the US DoD in 2005 or 6, possibly earlier. The standards when I retired at the end of 2011 were length of 12, at least two each of upper case, lower case, digits, and special characters (subject to acceptance by the application or system). New passwords were to be different from any of the last 10, from any used less than a year in the past, and from the password used on any other system. Three consecutive occurrences of the same character were never allowed, and some systems disallowed all repeats, ascending or descending digit sequences, or both. Password change was required every 60 days or less and most systems and applications enforced that.

Some of the properties, of course, could not be validated automatically, and some systems and applications enforced standards better than others. Password managers were gaining popularity, but spreadsheets or notes in drawers were more or less the norm.

0
0

Apple and Google are KILLING KIDS with encryption, whine lawyers

tom dial
Silver badge

Re: Yup

Crimes in which inability of law enforcement personnel results in failure to identify, arrest, and prosecute the criminal will be a tiny fraction of all crimes, and the one used as an example probably is not one of them. The great majority of arrests and prosecutions are of the obvious suspects, supported by witnesses and obvious physical evidence, sometimes bolstered by forensic evidence analysis. The article appears to be aimed at inducing a moral panic to support action that a great majority, if they thought about it, would think a bad idea.

2
0
tom dial
Silver badge

An observation

This might have been posted before but also might bear repeating.

The phones that got the prosecutors all worked up were an iPhone 6 and a Samsung S6 Edge - neither of them a typical burn phone, so probably traceable to their owners without resort to decryption of the contents. My s3 has a barcode inside the back cover labelled "VZW' and the IMEI can be seen by lifting the battery. It would be harder with an iPhone, but I suspect that equipment available to law enforcement agencies could identify the carrier and implicitly the account without destroying the phone. Of course the account information, like the stored data, might be useless. The phones might have been left at the scene because the killer(s) stole them and found them useless due to the lock code. Hopefully the police didn't handle them so much as to destroy latent fingerprint information.

I also found annoying in the article the false statement that Google had reengineered Android encryption so that they - Google - no longer could to decrypt phone contents. Intentionally faulty data encryption, as far as I know, was a uniquely Apple failing.

But then, this was an opinion piece and maybe not subject to significant fact checking by the New York Times, bastion of journalism, with a masthead that still reads "All the News That's Fit to Print".

2
0

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

tom dial
Silver badge

Re: Why does the government fear private computers?

Looking at Iraq, Syria, Bahrain, Yemen, Jordan, Egypt, Libya, and Tunisia to name a few, is it clear that we should want a local "arab spring"? Really?

"Mulitiple layers of robust 'safeguards': for example? And under what plausible conditions would they likely be used?

What subjugation would that be? For monitoring, aside from objections to wire sniffing that some might not describe as surveillance as long as it was limited to machine filtering, what outcomes exceed limits that a majority would think reasonable (limited to Europe/EEC, Five Eyes, South Korea, Japan for discussion purposes)?

Governments are established to govern, and police are hired to enforce the laws. News articles notwithstanding, in the countries identified above, they usually do so without interfering excessively with the majority of the population. When they do, courts often will curtail the excesses, and those who object can try to persuade legislators to change the laws, or try to replace the legislators so as to try to change the laws from within. The fact that they may fail to do so may not mean they are corrupt or under control by the 1% or other enemy of the people; it may simply mean that the majority who elect the legislature and executive are not dissatisfied enough to vote for change. And like it or not, no established government, however legitimate, is going to put up with attempts to overthrow it by means outside the law.

2
1
tom dial
Silver badge

Re: Just goes to show..

No processor that accepts a microcode load (Pentium and earlier?)

No storage device more advanced than a 3.5" FDD or an MFM HDD

No USB of any type

Removable (and removed) jumpers to disable writing to the BIOS storage and NVRAM

Probably some other things I overlooked.

That still won't keep people from installing root kits and other malware, but it might at least prevent putting them where they are effectively invisible and very difficult to remove.

1
0

Assange™ to SQUAT in Ecuadorian broom closet for ANOTHER FIVE YEARS (maybe)

tom dial
Silver badge

Re: If you were Assange

Suppose you were, and wait out the Swedish statute of limitations. What then? The British charges related to the bail jumping still will be pending, so leaving the Ecuador embassy would be risky. I haven't looked, but suspect there is no statute of limitations for any plausible US charges., so they would not be brought until you are out of the embassy and in UK custody. At that point, pending US charges could be used as a basis to request extradition, and given the relation between the US and UK it might well be granted.

Has Mr. Assange elected a life term, or perhaps permanent semiretirement, in Ecuador's London embassy?

On the other hand, five more years on, the US might no longer care enough to press charges (even if they really do now), and you could look more than a bit of a fool for not going back to Sweden and facing the charges there.

4
0

Law prof Lessig vows to take cash out of politics by raising tons of money

tom dial
Silver badge

Re: Doomed

The link is interesting indeed. I had no idea that retirees contribute such large amounts, although it did not come as a surprise that their money favored Romney over Obama by around 6 to 5, or that lawyers (mainly plaintiff attorneys by some reports) and the educational establishment supported Obama over Romney by a large margin. It is interesting, too, that notwithstanding the wailing, mostly by "progressives", the Obama campaign and its supporters underspent Romney's by a fairly significant amount and yet won rather handily. Money to run a campaign surely is important, but not decisive. Enthusiastic volunteers, with appropriate organization and guidance, can make substitute for a good deal of money, yet nobody ever would think to suggest either reporting or regulating their number.

1
0
tom dial
Silver badge

One problem here

is that without gutting the First Amendment, there is a pretty firm ban on regulating political activity, extending (since the Citizens United decision) to spending money for political advocacy.

It is not clear whether this is a real problem or not, because it is not clear that this spending of money, no matter that some see it as "obscene", actually has all that much influence on electoral outcomes. Assertions about vote buying clearly go beyond what can be established.

1
0

BOFH: Knitting bobble hats on the steps of the guillotine

tom dial
Silver badge

This is almost too real world to be funny.

It put me in mind of a project at my former place of employment that started in 2009 or 2010 to which my successor recently was reassigned as part of an agency plan to produce well-rounded middle managers. The project has to do with consolidating and rationalizing about 500+ Access- or Excel-based "micro-apps", developed by accountants, that provide function omitted from the large accounting systems they support. The investigation and analysis continues still, hampered by a requirement to maintain their functionality in the face of changes to laws, regulations, and the systems they support, and as well the frequent discovery of additional ones. From what he told me a few weeks ago they are, by now, at the second or third level information-gathering-survey stage.

2
0

FBI may pillory Hillary with email spillery grillery

tom dial
Silver badge

Re: Rules when she was in office....

On the other hand there was a law, the Federal Information Security Management Act - FISMA - of 2002, with plenty of rules and regulations in place by around 2005 or 2006.

In general, the law and instructions that followed from it required computer systems used to process and store government data to be particularly configured to ensure data security, be backed up regularly, and have a disaster recovery plan in effect that provided for continuity of operations if the primary system became inoperative. All that has to be documented in excruciating detail, and conformity verified before the system is approved by the agency's approving official (usually the CIO) and attached to a network. Conformity is required to be reverified periodically, including testing of the business continuity plan.

If the servers behind clintonemail.com met the standard, Ms. Clinton and her supporters could have brought it out immediately and effectively ended the discussion by requesting the State Department to release the systems' certification and accreditation documents. Instead, she diverted attention by delivering printed email copies to the department and requesting they be released, and erased them from the server or servers. It is quite safe, therefore, to conclude that the servers used were operated in violation of the law and contrary to established Department of State instructions.

Ms. Clinton, however, was not just a State Department employee presumably violating the law and agency instructions; she was the department director, responsible to see that the department and its employees, including herself and others who had clintonemail.com accounts, operated within the law and in accord with the departments established instructions.

It appears she did not do so. That is far more than poor judgment; it is, arguably, a disqualifier for election to the office of President, the duties of which include, among other things, to "take Care that the Laaws be faithfully executed".

1
0

Hey, FBI. Wanna track someone by cellphone? Get a proper warrant, says US appeals court

tom dial
Silver badge

Re: There are two cases here

One of the requests specified a period about six months long, and it appeared to me from the opinion (1) that it was the only one for which records were produced, presumably on the basis that it logically included the others, and (2) was of particular concern to the Fourth Circuit panel, as it should have been. A request for all the records over that length of time, even for specific cell phones should raise immediately the question of whether the request would have been too broad for a warrant, even given the fact that the existing legal standard did not seem to require one.

0
0
tom dial
Silver badge

Re: Re: Relax

Police agencies have been monitoring public meetings pretty much as long as there have been police and public meetings. And concern about excessive surveillance of protest activity certainly is warranted in view of numerous well documented instances. That is part of the reason, in the US, for the First Amendment as well as the Fourth. On the other hand crowds, especially those gathered to protest a perceived injustice, have been known to become unruly, resulting in damage and interference with the rights of those they disagree with or who just happen to be nearby. There is ample justification for a reasonable degree of physical surveillance of public protests. There may be, in addition, justification for follow-on surveillance of particular individuals seen as advocating for and possibly engaging in activities that violate laws; and that surveillance could include cell phone location monitoring.

Nothing in this case or any other that I am aware of supports law enforcement action to "trawl through location (or call!) records" without approval by a court except in exigent circumstances. The issue in this or similar cases is the type of court approval required, not whether it is required. Technological changes over the last several decades has lead to generation and retention of "metadata" far exceeding what occurred or was possible several decades ago. Given that enormous increase in the potentially searchable data, the issue is, essentially, where the boundary should be set between activities that require an ordinary court order based on reasonable suspicion and those that constitute a Fourth Amendment search and require a warrant based on probable cause.

1
0
tom dial
Silver badge

Re: Relax

In obtaining court orders rather than warrants, police in both Riley and Graham seem to have followed the law and the generally understood constitutional guidance of Smith and similar decisions, and their practice was consistent with decisions in other cases (in other circuits) as recently as a few months ago. In short: the authorities were following the Constitution. The Fourth Circuit panel majority thought otherwise, apparently in part because of the large amount of data requested and received based on one of the court orders.

Due to the split between circuits, the Supreme Court is likely at some point to resolve the issue. If they rule that the search in Graham was a Fourth Amendment search requiring a warrant it would be a tightening of the present standard. If they rule the other way, things revert to the status quo, which has been the standard since 1979, more than 35 years ago. Either way, there is no possibility that it will be "part of the slippery slope where we find ways around the Constitution".

While it is somewhat off topic, the NSA metadata collection was done under the same legal interpretations, more or less (certainly a bit strained to say the least), under a law enacted in part with intent to authorize continuation of a program that nearly everyone agreed was not legal. NSA obtained quarterly orders from a competent court directing carriers to deliver metadata. Since then a different court has made a determination that the Patriot Act did not, in fact, authorize that and the program has expired and one hopes is winding down as provided in the recently passed Freedom Act. Whether this collection was a Fourth Amendment search is, I think, undecided as yet and probably moot.

1
0
tom dial
Silver badge

Re: Is it just for law enforcement?

Defense attorneys can arrange for subpoenas, probably including the cell phone companies. In addition, court system rules require that the prosecution make evidence available to the defense.

1
0
tom dial
Silver badge

Re: The issue is the definition of "unreasonable"

The authorities were not monitoring the locations of any cell phones. They obtained information about the location of particular phones during a six month period more than six months in the past, presumably to corroborate evidence suggesting that the individuals charged were present at the time and near the place of crimes. Active monitoring of current cell phone location raises additional issues.

As for either monitoring individuals or retrieving their past locations, we need to have a formally disinterested party like a court review such things rather than having the police do it on their own. There are rules allowing exceptions that allow after-the-fact approval when time and circumstances do not allow requesting an order or warrant ahead of time.

1
0
tom dial
Silver badge

Relax

Most people (actually nearly all of them) are not suspected of criminal activity, and therefor not worth the effort required to obtain either a court order or a formal warrant, and therefore are not at risk that their cell phone metadata will be either collected or used against them.

It may be time for the Supreme Court to revisit Smith v. Maryland and similar cases, but the paranoid panic over this type of government activity is largely unwarranted. The difference between what the police did and what the appeals court decided is necessary is mostly about the degree of justification required for the "search", and therefore the type of document required to authorize it. This is similar, if I remember correctly, to Riley v California, in which the Supreme Court decided that search of cell phone contents incident to an arrest would require a warrant but let the conviction stand. In both cases, the police probably could have obtained warrants, although in Graham a court asked for a warrant might have limited the periods more than did one of the court orders, which covered a period of around six months.

The decision (linked in the article) gives brief summaries of a number of previous and somewhat related decisions and is interesting to read whether or not you think the court's reasoning persuasive.

1
4

Secret US-Pacific trade pact leak exposes power of the copyright lobby

tom dial
Silver badge

Powers of Congress (Article I, Section VIII)

"8. To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."

"securing for limited Times" certainly was not meant as 70 to perhaps as much as 150 or 160 years. Moreover, securing the rights for such a period is a disincentive to further creative work by authors except insofar as they sell the copyright too cheaply. It is a fairly effective preventive measure widely used against others who might build on prior works.

" to Authors and Inventors" does not mean their descendants who did not write or invent.

There are few better examples of the legislature coddling special interests, and the best that can be said about efforts to push others into it is that it hasn't been done by force and violence (yet, I think).

3
0

Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin

tom dial
Silver badge

Re: remember a strong 30-char pw?

The plea agreement was linked in the article. The government got something and reduced the sentence recommendation in exchange for that and the guilty plea - perhaps some names of individuals to whom the data were to be delivered. Side payments probably would not be documented in the plea agreement.

1
0

Sysadmin jailed for a decade after slurping US military docs

tom dial
Silver badge

Re: Professional expectation

Division of responsibilities would be good practice, as the NSA discovered and I think corrected or is correcting. Those worthy of trust still will not perform unauthorized actions, as Mr. Glenn did, that go beyond what is necessary to perform their duties.

0
0

Global spy system ECHELON confirmed at last – by leaked Snowden files

tom dial
Silver badge

An anonymous coward suggested above that there are two fundamental alternatives in the context of signals surveillance:

"1) Monitor everyone (or try to)

2) Target the surveillance, legally."

A question that has occurred to me from time to time is this: In an environment in which a very large amount of communication occurs within the internet infrastructure, is there an operational definition of (2) that would distinguish it from (1)? Put differently, is it possible to accomplish the second without also effectively configuring for and to a very large degree doing the first?

For example, if the FBI has a warrant issued by a US court in, say, Manhattan, that gives them the authority to target the communication of a US national thought to be planning a terrorist attack in, say, Washington, DC, how much communication traffic will they need to access, examine (programmatically or by hand), and filter to track the individual's cell phone, email, and land line communications if he or she is in the United States? If a targeted person travels to the West coast or abroad, how much additional traffic will need to be examined and filtered to attain the goals of the warrant? If a few hundreds or thousands of such individual targets are subject to collection, for the sake of argument all based on properly justified and issued warrants, the required collection and filtering structure is likely to begin to resemble XKEYSCORE and related downstream analytic programs. What if it is, in addition, a collaborative arrangement built up to support similar warrant execution requirements levied on the other Five Eyes agencies by their governments and designed to adapt to a set of targets that varies over time?

Terrorism surveillance, however, is not the only and probably not the largest goal of the signals intelligence agencies. We know, or certainly should, that foreign intelligence agencies seek a wide variety of information about many subjects of interest in formulating foreign and military policy, and that they target officials of foreign governments with little restraint to obtain it. They do so by various means that include electronic and other eavesdropping that are legal according to the laws under which they operate, although often quite illegal under the laws of the targeted country. The methods, procedures, and technical arrangements used for foreign intelligence electronic data collection are essentially indistinguishable from those used for execution of warrants against individuals.

I won't argue about whether such activities are morally correct, a question about which there is an enormous range of opinion when it gets down to details; under the laws of the country that does them, however, they probably are legal. My point is that either of the basic alternatives described seems to lead to the same result: a capability to gain access to a large part of the internet data stream together with processes to filter and select the data of interest out of it.

4
0

James Woods demands $10m from Twitter troll for 'coke addict' claim

tom dial
Silver badge

Re: He should be ashamed

Trampling human rights is not limited to either the Republican party (among US political parties), the US government (among governments), or government wannabes like ISIL, Al-Shabaab, Boko Haram, or Shining Path.

3
0

New twist in telco giants' fight to destroy the FCC's net neutrality

tom dial
Silver badge

if lawyers weren't paid when they lose...

If I recall correctly, SCO's lawyers were more or less compelled by circumstances to agree to take part of their payment from their lawsuit's winnings. That probably worked out rather badly, since most of SCO's assets after the loss were dribbled away by the bankruptcy referee and whatever was left went to the SCO principals.

Sometimes there may be a bit of justice.

9
0

Chat about Safe Harbour all you like, the NSA's still the stumbling block

tom dial
Silver badge

Re: NSA is the problem

Is there evidence that NSA has greater access to data resident in the US than that resident elsewhere? The procedures used would differ somewhat, but access to foreign data stored in the US may require legal process that may not be needed to access it in some other locations where NSA has the authority under US law to obtain it directly without troubling to make a request.

0
0

Automattic says spooks asked for something it can't reveal

tom dial
Silver badge

Re: So, up to 125 then

"None", as Automattic reports for 2014 and the first half of 2015, would appear to be 0, as does the sentence following their table: "We are pleased to report that we received no National Security Requests during 2014 or so far in 2015."

Rounding does not apply, and a positive number of requests less than half of 249 could not truthfully be shown as 0. Showing "0 - 249" for the first half of 2013 suggests there was at least one, and if they are being truthful, there were no more than 249.

4
0

How British spies really spy: Information that didn't come from Snowden

tom dial
Silver badge

Re: Why are they not more often in the news ?

The arrests probably were in the news, along with arrests for a variety of offences where the police did not use intercepted electronic communication as part of the basis. It would be rare that communication interception brought an arrest, and a bit rarer still that it would be attributed to GCHQ surveillance given their known inclination to remain in the background.

The NSA were said plausibly to have passed information from intercepts to the US DEA and were criticised severely despite the likelihood that both the intercepts and their transmittal to DEA were of a kind authorized explicitly in the US Code.

1
0

Facebook fails to block NY DA's fat warrants for profiles of suspected September 11 fraudsters

tom dial
Silver badge

To describe the result somewhat differently, there seems to be exactly the same possibility to challenge a warrant for data before execution as there is, and has been, to challenge a warrant to search your house, car, or office. And I wonder if that might not be the case in quite a few places other than the US, to the extent that the question has been brought to a court and settled.

As the court and article noted, the defendants are entitled to challenge the warrants after the fact and, if successful, suppress any evidence they revealed. And nothing prevents legislatures establishing additional constraints for the future, if they wish.

1
1

The Ruskies are coming for you, NSA director tells City bankers

tom dial
Silver badge

Re: secure?

The Arpanet was designed to be resilient in the face of physical disruption, but not particularly to protect the content of communication it was used to transfer. The goal was to ensure deliverability. For data protection there were, and are, other measures like encryption that go back centuries in time, as do the problems with ensuring message integrity and privacy. Both goals have associated difficulties.

1
0

Bloke thrown in the clink for hacking SIXTY PER CENT of Americans

tom dial
Silver badge

Re: Not under THIS...

This is not China; we have no great firewall. It is doubtful that the Constitution grants it the authority to enact laws that compel businesses or individuals to administer their systems in a secure way; and if they do, there is no way they have the resources to enforce such laws. As noted, they do not have the effective power to make their Secretary of State or OPM director to do that.

It would be interesting to see a presentation of the theory under which the federal government is responsible to "even begin to protect the digital assets of the US" other than those of federal agencies. The administration has argued that it should, but his was met with considerable pushback from many who were concerned about giving the government too much power - many of them now, doubtless, seriously agitated about the NSA and its activities.

They can, and do, sponsor various activities and organizations such as MITRE and CERT, but in many respects the internet and its connected systems are not fundamentally more secure than they were in November, 1988 - much depends on the diligence of the system and network administrators; some are competent and motivated to secure their systems, but all too many are lazy, incompetent, and do not care much beyond doing the minimum to ensure continuation of their regular paychecks.

2
4

Citizenfour director Laura Poitras sues US for years of border security harassment

tom dial
Silver badge

Re: Thou shalt not...

The claimed harassment had nothing at all to do with Edward Snowden, as all of it occurred well before any of us, including Ms. Poitras, had heard of him. The runaround on the FOIA requests might relate to that, however, or it might relate to a combination of incompetence and intransigence on the part of some of the agencies in handling such requests. ODNI appears likely to have given Ms. Poitras a standard response to any FOIA request for material that is either sensitive or potentially embarrassing: they denied it on the basis that the fact of its existence or nonexistence was classified as related to intelligence sources and methods. The DoJ, on the other hand, denied release of the 6 pages they or the FBI admitted having found as a matter involving grand jury secrecy. Other agencies seem at most to have gone through the motions minimally and hoped the FOIA requests would go away.

2
0

Google makes new hires ONE pay offer. 'Negotiation'? What's that?

tom dial
Silver badge

Re: A very Google solution

In the US government, which employs far more people than Google, offers are entirely algorithm based and in not negotiable at the entry level: generally General Schedule grade and step. Relocation may or may not be paid, depending on the announcement. Mid-level and senior hires may have some wiggle room to negotiate, as probably also is the case with Google.*

I expect a great many companies with staffing large enough to justify a separate HR organization have algorithms to constrain compensation for legal compliance reasons. Without a substantial survey it is not clear to what degree Google is exceptional in its rigidity.

* The US DoD switched for several years from the General Schedule to a "National Security Personnel System" that set up a small number of overlapping pay bands and gave supervisors and managers considerable flexibility in determining employee salary. After three or four years they went back to the old General Schedule.

0
0

Attention dunderheads: Taxpayers are NOT giving businesses £93bn

tom dial
Silver badge

Re: The majority of UK Tax burden is not being paid by companies...(Hollywood Accounting Method)

The studios make a profit on the services they sell to the independent entities that produce the film. The (natural person) partners of the producing entity collect salaries or purchase the bonds of the producint entity. Simple bookkeeping takes care of ensuring there is no "profit". While this is partly made up on the spot, and the actual structures in use surely are more subtle and complex, it is clear that rivers of cash do not imply a profit.

0
1
tom dial
Silver badge

Re: So how didn't he get it?

It has been popular here in the US for some years to state as fact that anything the government does not take in taxes constitutes a government "tax expenditure". Thus, the dependent exemption on the personal income tax form, or the mortgage tax exemption is transformed into a "tax expenditure", especially when the deduction claimant has above-median income. This is the stuff of the Guardian article.

1
0
tom dial
Silver badge

Re: The Truth of the Matter is this...

It would seem that the Greek problem is that they never managed to reach a primary surplus or put forward a remotely plausible plan to do so,. That would lead naturally to the conclusion that they could not repay any amount of debt in a finite number of years, something that quite understandably concerned their debtors. The reason for failure, whether government giveaways, tax fraud, or other corruption, appears to a first approximation quite immaterial.

2
1

US OPM boss quits after hackers stole chapter and verse on 21.5m Americans' lives

tom dial
Silver badge

Re: Nice pension

As noted, the paper SF-86 has been replaced by an application served from OPM. That is not a reason to for the database containing the data to be on a network attached to the internet. At my former agency (not OPM) we were exceedingly careful about Personally Identifiable Information leaks; this is the mother all PII compromises.

1
0
tom dial
Silver badge

"if you ever filed for a security clearance..."

I expect not. OPM was quite a bit behind in digitizing old documents, probably including the security clearance questionnaires and any information collected during background investigations. From 2003 or so the SF-86 form was a filled PDF served by OPM, and I think the background investigation data was set up similarly; those surely are gone. SF-86 before then and other similar forms such as the SF-85p may still exist only on paper. Newer ones and the related background investigation data probably were digitized as received and older ones would have been done as time and other resources allowed; some of those may not be gone, but the more recent ones that matter the most probably are. The backfile conversion data may be scanner output files, a bit more difficult or costly to use than the recent SF-86 data.

OPM may never know enough detail about it to be sure, but over time will come pretty close. There is likely to be uncertainty about the status of those in process during the breach period, whether new or backfile conversion. Similar considerations probably apply to other types of clearance processing, for example National Agency Checks and National Agency Checks with Inquiries. OPM probably will notify everyone whose information cannot be shown never to have been digitized.

0
0

Crap crypto crackdown coming as FBI boss testifies to US Congress

tom dial
Silver badge

"Could those who devised the Fourth Amendment really conceive of a device that could store every piece of information about you and every communication and that could not only store that information but catalogue it, index it, search it, cross-reference it, copy it and display it, and could do so taking up no more space than satchel?"

Probably not, but they would not have hesitated to say that a government search of such a device would require a warrant issued "upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched and the ... things to be seized." And they almost surely would have said the same about communications passed between two such devices.

0
0

Page:

Forums