* Posts by tom dial

2001 posts • joined 16 Jan 2011

Facebook's big solution to combating election ad fraud: Snail mail

tom dial
Silver badge

Re: Simpler solution

The number of political advertisements in campaigns for federal office makes this pretty much a nonstarter, especially if it is to be done by federal law enforcement agency.

In any case, it does not address political trolling, which arguably is a more significant issue despite a paucity of evidence that foreign trolling has, or had, much effect.

0
0
tom dial
Silver badge

Re: Election integrity is easy *if* they're willing.

Considerations like those mentioned may be behind severe restrictions on both early and absentee voting in some states. Like the Democratic bastion of New York.

0
0
tom dial
Silver badge

Re: Question?

A clear case of form superseding substance?

0
0
tom dial
Silver badge

Re: Little of what they did was actually paid for advertising

" ... campaigns are going to hire social media teams who will basically be like US based troll farms." That horse seems to have left the barn quite a while back. I thought it was well known that the Democratic Party and campaigns made significant use of social media by no later than 2008 and that the Republican Party and campaigns did so starting no later than 2012. A search engine will locate a fair amount of academic work on the subject easily enough, much of it relating to countries other than the US.

To the extent they do not exist already, domestic political troll farms can be assumed to exist and be active in future election campaigns. Whether that's a good thing or not is mostly immaterial; such activity generally is under the fullest first amendment protection. Libel and slander laws may apply, but truth regulation generally is not permissible; in that environment, truth and truthiness are pretty much equivalent. Facebook and other private sector organizations can do pretty much what they like to control this, but it is implausible that they will have much taste for restrictions that will, or that they think will, cost them users or customers. The scurrilous pamphlets of the early 19th century have given way to the social media postings of the 21st, and we will learn to live with it.

0
0
tom dial
Silver badge

Re: Delivering a narrative is not done via advertising

It is correct that increased turnout by a party's adherents will improve its results. A citation or so is in order to the point that Facebook, Twitter, and perhaps other social media actually had that effect differentially between the two largest parties. Even if that turns out to be true, more are needed to establish that postings by Russians were a significant part of that.

1
0
tom dial
Silver badge

Re: Delivering a narrative is not done via advertising

This presumes implicitly that these Facebook and other social media activities affect whether and how people vote to a significant degree. That is something difficult to prove and as far as I have seen reported definitely not yet established as a fact. That does not mean it should be ignored. However, what the Russians are claimed to have done is not meaningfully different from what a great many Americans have done to a similar degree. The $100K or so they apparently spent on Facebook and other ads was around 1/100 of 1% of the total 2016 presidential campaign outlay, so one may reasonably suggest its importance was pretty limited.

3
2
tom dial
Silver badge

It doesn't even really require deep pockets to hide your location, especially if, as Special Prosecutor Mueller has charged in part, you have connections with the foreign government and potential use of "embassy staff" for in-country pickup and delivery.

8
1

Teensy plastic shields are the big new thing in 2018's laptop crop

tom dial
Silver badge

I use a piece of a post-it note when I feel a bout of paranoia coming on.

Does anyone offer soundproof covers for the microphone? (And speakers, too, maybe: I recall reading a while back that some of the sound chips can be "adjusted" to operate in reverse and use the speakers as microphones).

2
1

Roses are red, Kaspersky is blue: 'That ban's unconstitutional!' Boo hoo hoo

tom dial
Silver badge

Re: What a bunch of hypocrites the US are :/

As I understand the US government claim, in part, is that the information the Kaspersky AV uploaded became available to the Russian government. I am not aware whether they took a position on whether that was because Kaspersky cooperated with the Russian government or simply that the Russian government penetrated Kaspersky's infrastructure obtained it without Kasperdky's knowledge or consent. From the perspective of US government agencies, the difference would be immaterial.

If it is a "proven fact" that the US government put Apple in an "iron grip"for refusing to share and/or apply a backdoor to their product in order to give the US government unrestricted access to their devices" it should be easy to give a reference. That cannot mean the well known case of the iPhone used by the December 2, 2015 San Bernardino shooter, since the order given to Apple in that case required no such thing. Anyone who thinks otherwise may see the original order at

https://www.justice.gov/usao-cdca/file/825001/download

This order arguably required a back door to the specific iPhone and required that if Apple implemented the government's proposed solution, it "be coded with a unique identifier of the phone so that the SIF would only load and execute on the 'SUBJECT DEVICE'."

0
1

NSA code backported, crims cuffed, leaky AWS S3 buckets, and more

tom dial
Silver badge

Re: Voting rolls computers hacked by Putin and his pals

"Voting rolls computers" and electronic voting machines are entirely different things. The first maintains records of who is eligible to vote, their address, ward and precinct, usually their declared political party affiliation (if any) and often records of their participation in prior elections; these systems do not have a record of anyone's election choices. This generally is public record information and is used to prepare listings for use in conducting elections. The systems often are connected to the internet both to facilitate making the public records available and sometimes for use in validating voter identification at election locations.

The second are machines used to record votes, anonymously, usually with large touch screens and headsets for use by visually impaired voters. They usually, maybe always, are not connected to the internet or any other communication facility. Typically, all their openings are locked during election operation and usually covered by a plastic or paper seals that cannot be removed without destroying them, as hacking normally would require. Other, fairly extensive manual controls also act to make hacking difficult. These machines are imperfect, and arguably should be discarded in favor of old fashioned paper ballots marked the voters using a hand held writing instrument. They are, however, rather more secure and tamper proof than many reports would suggest.

0
0
tom dial
Silver badge

Russians had actually got into voting rolls computers before the 2016 election

Two points.

First, somewhere between most and nearly all* voter registration information maintained by US states is publicly available to political parties, candidates, and others for a copying fee. The most important question is whether the hackers gained power to change any of the information, which could have disrupted voting activity to some degree by either allowing illegal voting or preventing legal voting. Either would be bad, but apparently no such alteration occurred.

Second, there is little, if anything here that was not reported a year or more ago. My recollection at the time was that a number of states discounted, pushed back, or ignored DHS notifications given them before the election. Indeed, the NBC News article linked here refers back to an NBC News report in September, 2016. DHS pushed back before Obama left office and declared election management to be critical infrastructure - and some states continued to resist US government intervention aimed at preventing foreign government intervention. It is not clear why this is news again now ecept that some of the states may well have done little and there is another electon less than a year off.

* Election operations are a state government function. What is collected, maintained, and publicly available about voters varies by state.

2
1

Are you an open-sorcerer or free software warrior? Let us do battle

tom dial
Silver badge

Re: "But the latest version is incompatible with the one you've got."

The latest version of Word is, for probably 75% to 95% or more users, no more fit for purpose than the earliest version or, for that matter any Windows based version of Wordstar or WordPerfect.

4
1
tom dial
Silver badge

Re: What's in it for the user?

All versions of the GPL grant the freedom to modify as well as the freedom to distribute the modified product (if you wish), but no obligation to support it. You have the freedom to obligate yourself to support the modified product you distribute, or not, just as do vendors of other open or closed source software.

One thing "in it" for the user of GPL software that is not (required to be) there for users of proprietary software and a great deal of software derived from other open source projects is a somewhat enforceable right to obtain the source code and either take on maintenance yourself or hire a contractor to carry on maintenance when the provider no longer does so. That is possible of open source software generally, but not necessarily of products based on open source software that are not themselves open source. For closed source software, it generally is not possible even if the software is as fit for purpose now as it was when acquired years earlier.

2
0

US broadband is scarce, slow and expensive. 'Great!' says the FCC

tom dial
Silver badge

Some places they don't. In many places, including the part of Utah where I live, garbage and trash collection is a paid for by a separate and specifically identifiable assessment, billed quarterly. If I want them to pick up yard waste beyond the normal garbage, I can opt for the extra service, at a higher cost. As far as I know.I could arrange to have it handled by a private collection service if I wished.

Sewage disposal also is separately billed by a different commission; I doubt I could change that, however.

0
0
tom dial
Silver badge

1. Roads generally have been viewed as a government function. (Telecommunications have not been so viewed in the US).

2. A significant and I think increasing number of roads, bridges, and tunnels are, in fact operated based partly on collection of tolls, so not "at the expense of all" at least entirely.

3. There is some activity in the US to sell toll roads to private sector businesses, who certainly will run them on a toll basis.

0
1
tom dial
Silver badge

Re: report finds agency actions have restored progress

A bit of agreement about the proper functions of government would help quite a bit. Until that happens nothing is likely to change much, or for more than a few congressional election cycles.

2
1

Nunes FBI memo: Yep, it's every bit as terrible as you imagined

tom dial
Silver badge

Re: Let the investigation run its course

And if something is found, so be it also.

It may be worth noting that presidential impeachment by the House of Representatives, followed by a vote for conviction by 2/3 of the Senators after a trial over which the Chief Justice presides, is an inherently political process due in part to the lack of a legal definition of "high Crimes and Misdemeanors". That term can mean pretty much what half the representatives agree upon.

1
0
tom dial
Silver badge

The FISC appears to accept and grant warrant requests on pretty much the same basis as other courts. If anything, the preliminary review standards are higher, at least in a formal sense, since each application must be approved by the Attorney General, the Deputy Attorney General, or the Assistant Attorney General for the National Security Division. That is after they are approved by the Director or Deputy Director of the FBI. It is my recollection that the law does not allow delegation of this authority.

Given the requirement that one of two FBI officials and one of three DoJ officials review and approve each of several thousand of these warrant requests each year, it is certain that they rely heaviy on their subordinates for fact checking and for care and accuracy in preparation, including care that the bureau and department are not acting in a partisan way or allowing other to manipulate the process for partisan purposes. The drift of the Nunes memo is that the internal controls, at least in the specific case, might have been less stringent than they should have been.

2
0
tom dial
Silver badge

Whether the subject of a warrant may be aware of being under suspicion has nothing at all to do with *whether* a warrant should be issued. It might affect the urgency of obtaining one, but then it would be unnecessary to include it in the application.

2
1
tom dial
Silver badge

Re: Really?

Adam Schiff's obvious motives are to help explain away the embarrassing Clinton election loss and to damage the Trump administration. The obvious motive a DoJ and FBI are that the Nunes memo stakes claims that amount to the FBI and DoJ controls over warrant applications are either weaker than they would have us believe (and that we would want them to be) or subject to partisan use in some circumstances. Or both. Either, if true, would be a major stain on the organizations that they would go to great lengths to avoid.

6
6
tom dial
Silver badge

Re: Burser Really?

Orin Kerr, a real lawyer with considerable knowledge of fourth amendment law, commented on this last Wednesday at Lawfare (before "the memo" was released). My take on his analysis is that the an ordinarily attentive judge knowing of Steele's bias probably would have allowed it, although lack of independent corroboration by other material in the application might have pushed him or her the other way. The full post is at

https://lawfareblog.com/dubious-legal-claim-behind-releasethememo

The memo is written to suggest corroboration was lacking, but not quite come out and say so, simply noting that one thing mentioned, the Isikoff Yahoo article, did not provide independent corroboration because it led back to Steele. We don't know what else in the application might have done so, although we know that some of the Steele material was publicly available before the "dossier" was produced.

12
0
tom dial
Silver badge

Re: This memo is great!

The FISA process, as described in the linked oregonlive.com article (from 2013) and implicit in the Nunes memo, does not appear to be materially different from other warrant seeking and granting processes. The primary differences are (a) higher level and possibly greater review requirements preliminary to submission and (b) that the proceedings and documents are classified in addition to the norm of merely being private.

The factual statements in the memo suggest the FBI might have been a bit loose in checking out some of the material used to justify obtaining and continuing the warrant in this case, and that suggests the possibility that such looseness is a habit.

The real problem probably is people. The FISC apparently approves a couple of thousand such requests annually, around 8 in an average work day. There are only a few DoJ officials authorized to sign off on them, and these warrant justification documents likely run to quite a few pages. Their review probably is a boring and time consuming task for a busy a Deputy AG or AG, and likely to deferred to subordinates who themselves might not be at 100% all the time.

8
1
tom dial
Silver badge

Re: Really?

While that is pretty much correct in operational terms, what the memo outlines with factual statements (which may be untrue or overstate) and hints at is a possibly unseemly combination of carelessness and eagerness do dig up dirt about activities that, although they appear questionable, are not illegal in themselves and could as well be innocent (at least insofar as that could apply to dealings with some of the individuals named in the "dossier.")

If the FBI were seeking a FISA warrant against me, I would be unhappy if the same questions could be raised with any plausibility.

31
6
tom dial
Silver badge

In all, the much awaited memo is pretty much a yawn. To say it provides insight into the matter of FBI activity or FISA procedures is quite a stretch, and it probably describes no more than a somewhat disturbing sloppiness in FISA warrant preparation, possibly due to a mix of haste and legitimate concern by the responsible officials. But it speaks to a serious problem, perhaps more serious owing to involving the president, at least peripherally.

The type of misbehavior it hints at is exactly the type alleged to have occurred on a mass basis (actually, a few thousand times a year, according the the linked Oregonlive article) in hundreds, or more likelyt thousands, of articles, as well as far more numerous comments in The Register and many other publications, both on line and in print. The misbehavior, if it occurred, is not different when it is directed at a Trump campaign associate with questionable activities from when it is directed at a US citizen under some degree of suspicion of terrorist activity or espionage. Treating the two situations differently reeks of hypocrisy.

Kudos to The Register for providing the document in PDF and for the link to squite balanced discussion of FIS at oregonlive.com, which gives an uncommonly straight description of FISA requirements, quite unlike most of that given by more prominent national outlets.

17
8

FBI slams secret Nunes memo alleging Feds spied on Team Trump for political reasons

tom dial
Silver badge

First, lobbying (the technically correct term for most of the activities bought by "the millions going into Washington") is both lawful and constitutionally protected (first amendment, third clause). Bribery, for which some of it might be spent, is not protected, not lawful, sometimes prosecuted, occasionally with success.

Second, a good deal of the "billions finding their way into corporations" do, in fact, buy domestic services and supplies, pay salaries and taxes, and otherwise contribute to the general welfare. The fraction may be too small for many people's taste, but it is a rare corporation that does not spend around 80% of its gross revenue for such things. Those, like Google and Uber, that have no tangible product probably are the most notable exceptions.

0
0
tom dial
Silver badge

I estimate that over 99% of the US population is unaffected by these Washington carryings-on and knows something between nothing and very little beyond the condensed conclusions that for more than a year now have been trumpeted to them by the (mostly) coast based media.

There may or may not be something dodgy about Carter Page, or about the Justice Department's request to the FISC for a surveillance warrant on him. That will come out in legal proceedings some time in the future. Release of the Republican memo about it, or the Democratic counter-memo, is unlikely to affect that one way or another; federal judges are not likely to be swayed by such politically motivated nonsense.

On the other hand, the notion that all this is an existential crisis for the US government approaches insanity.

4
5
tom dial
Silver badge

Re: Why I quit reading your article

Orin Kerr, at https://www.lawfareblog.com/dubious-legal-claim-behind-releasethememo offers a legal analysis that pretty much rubbishes the idea that use of the Steele "dossier" in partial justification of the surveillance warrant on Page has any merit.

As a moderately disinterested and amused observer, I am inclined to the opinion that there really isn't much to either the "collaboration" or "Russian meddling" panic. The major US political parties each offered a poor and unworthy candidate in 2016, and it s far from clear that we got the worst of them for the long run. Now they are fighting over policy positions under the guise of national security. Little will come of it that is either good or bad. The only thing likely to clear the air is for the DoJ investigation under Mueller and the Senate investigations to go to completion without undue delay. It seems evident that there is unlikely to be a useful contribution from either the Democrats or the Republicans on the House committees.

7
3

Intel alerted Chinese cloud giants 'before US govt' about CPU bugs

tom dial
Silver badge

Assuming the consequent usually is not considered a logical fallacy.

It seemed to me reasonable to ask for actual evidence, or even suggestions of evidence, that the US government (probably the DoJ rather than the NSA or even the DHS) ever had taken such actions. I am not aware of any, but others might be.

0
0
tom dial
Silver badge

Is there evidence of the NSA being other than a mostly passive consumer, sometime hoarder, and rather active user of vulnerability information? I have not become aware of such, but follow such matters only fitfully and would be interested in a cite or two of such court orders.

In intel's position, I would be more worried about US government leaks than about suppression of patch development, and probably more worried about the results of the class action lawsuits that have started the last few sweeks and will continue to grow for some time.

2
0
tom dial
Silver badge

Re: "We certainly would have liked to have been notified"

So Intel, Google, et al. declined to notify "lesser" users as well as the US and presumably allied governments of defective processors, but notified foreign purchases of the processors, assuming, apparently, that those purchasers would be equally reticent with their government. While not proved, it is both possible and plausible that the Chinese government agents presumed responsible for raiding the US OPM for millions of SF-86 and similar files (including a couple of mine) had more than a month lead over the US in preparing and perhaps deploying exploits based on these defective chips, as well as in preparing to defend China's infrastructure against such exploits.

Given the sometimes astonishing leaks from US government agencies and the apparent eagerness of some media to publish anything juicy that comes their way, that may be understandable. Given that the main companies involved in this instance are homed in the US, I expect their managements may shortly come to see omitting DHS from the notification to have been a bit shortsighted, however.

It is not necessary, or true, that the Five Eyes SigInt agencies view "the rest of the planet" as enemies to understand their behavior. For one thing, that determination is largely the province of the political classes. There are, of course, a few enemies as well as quite a few more adversaries, not to say a number of deeply religious groups so enlightened as to send their young men, and sometimes women and children to blow themselves up and take out some of the heathen in their quest to bring them enlightenment. The "rest of the planet" is not peopled entirely by nice people cheerfully engaged benignly in the pursuit of happiness; not, at least, by my standards. The implication that these agencies are engaged principally in internal spying exhibits considerable ignorance, possibly willful, of their primary purpose, the somewhat accidental structure of the Internet, and the general decency, and the legal controls and resource limits, that restrict what they actually do to far less than what they have, necessarily, the capability to do to accomplish their primary mission: to collect and analyze information to form judgments about the true interests, desires, capabilities, and intentions of overwhelmingly foreign actors.

4
4

So you accidentally told a million people they are going to die: What next? Your essential guide...

tom dial
Silver badge

I buy it. At least in the federal civil service the two basic bases for dismissal of non-probationary employees are poor performance and misconduct. it is terribly difficult to terminate an employee for poor performance or even, sometimes, for non-performance.

I know of a case (this in a US DoD agency) in which a solid foot of paper documentation was diligently accumulated, over a period of over a year, of an employee's incompetence, non-performance of assigned duties, subbasement level annual appraisals, and failure to improve despite detailed counseling from his supervisor. The employee in question previously had been passed on by several other supervisors who noted the behaviour but were unable or unwilling to do the work of documenting it.

Finally, the I's and T's dotted and crossed, the day came when he was notified of termination on the basis of inadequate performance. Then followed the lawsuit, in which the African-American former employee alleged race discrimination by his supervisor, a white man, and manager, a white woman originally from southern Virginia. I knew both of them well enough to know the discrimination claims were rubbish, but under civil service procedures they still had to be adjudicated fairly. In the end, the employee was, indeed, terminated, but based on disability, complete with a pension based on standard Civil Service Retirement System rules.

On the other hand, I know of a case in in the same agency where a very competent and generally high performing employee fell into the habit of playing on-line games during working hours when, as sometimes happened in his branch, not busy with specific work-related tasks. Unfortunately, the employee's cubicle was adjacent to one of a few doors from a general work area to the building corridors and in plain view from the deputy department director's office. The employee also had fairly serious personal hygiene issues. Dismissal (based on misconduct) required no more than collection of some Internet traffic showing the online gaming, a few informal counseling sessions, a warning letter and meeting and, when the behaviour was later repeated, a dismissal letter. A sad part is that, after receiving the warning letter, the employee had passed up an early retirement opportunity that included a $25,000 lump sum payment at separation, although I heard later that she had, with legal assistance, arranged to obtain the lump sum as well as the annuity to which she was entitled in any case but otherwise would have been deferred for two or three years due to age and service requirements.

The Hawaii EMA might have been better off to have "found" porn on the hapless employees work PC.

13
2

Twitter breaks bad news to 677,775 twits: You were duped by Russia

tom dial
Silver badge

It would be quite useful to see unbiased reporting and analysis about assertions like this, with quantitative data. Political ignorance in the US has long been known and somewhat widely reported upon. Ilya Somin's "Democracy and Political Ignorance" has been out since 2013 and a revision was published in 2016. While it addresses ignorance of government organization and political process more than the effects of either deliberate or unintentional misinformation, the two are plainly related.

A significant question that seems rarely addressed is the relation of the apparent Russian organized information to the total, both in quantity and in source. It seems unlikely that the Russian organizations described made up what they propagated as much as they amplified garbage ideas already current to some degree in the politically illiterate segments of the US population. Further, based on what probably is a comparatively very small numbers of such actors and their productions, claimed success in disrupting the US polity seems a rather extreme stretch.

Indeed, the frenzied reporting on it may well be far more disruptive: in stirring up an oversensitive president to actions and statements that do him and the country no good, and in generating numerous congressional and criminal investigations that, so far, have not revealed much of great consequence. The investigations are incomplete and may yet bear fruit, but much of what has been reported so far can be understood as originating in the political ignorance of the President and some his advisors, both now and during the campaign. It should not be overlook that Donald J Trump is among the least prepared of all US presidents, in both experience and temperament.

It is somewhat a fluke that despite his obvious limitations, he was an energetic and effective campaigner whose message, for what it is worth, resonated well with a near majority of the (on average, fairly ignorant) voters, while his chief opponent, with her own burdens, was less energetic and effective in key states. The Russians might have had some effect, but not likely enough to measure in the overall noise of the campaign. Democrats and others looking to assign blame would be better off focusing on Jill Stein, who collected enough votes in Pennsylvania, Wisconsin, and Michigan to give Clinton a win in those states and in the electoral vote.

3
0

America restarts dodgy spying program – just as classified surveillance abuse memo emerges

tom dial
Silver badge

Re: Responsible observation

It might be premature to describe what is publicly known as "foreign spies ... conspiring with your political candidates to overthrow your government." The last time I looked there were two indictments for activities unrelated to any political campaign that, in addition, took place well before the 2016 presidential election cycle began, and two for lying to FBI agents about activities that may be open to question but are not illegal on their face.

There probably will be more to come, and some of it may go over the limit of what is legal. Technically, Flynn may have exposure here, but under a law on the books for over 200 years that, as far as I know, never has been used in a successful prosecution despite quite a few fairly recent opportunities. We certainly need to attend to this and let both the special prosecutor's and various congressional investigations run their respective courses., but constant whipping up of hysteria is unlikely to be beneficial.

1
1

Feds may have to explain knowledge of security holes – if draft law comes into play

tom dial
Silver badge

Re: Freedom is slavery ..

"The NSA has been hoovering up the worlds communications for decades." Of course they have - the NSA since 1952 (65 years) and its various predecessors from 1917, for a total of a full century and counting. It is their mission. The implicit suggestion that the US or NSA are unique in this is absurd, as quite a few countries (including the other four of the Five Eyes) are active in the same sort of activity, for the same reasons.

A significant part of this "hoovering" is, for technical reasons, conducted within the US, and wherever done will collect information pertinent to both senders and receivers, even when only one of them can plausibly be thought "foreign." That probably is how Ambassador Kislyak's conversations with Michael Flynn were collected. It may be unfortunate, but plainly is unavoidable, that some "US Person" communications will be collected. Much has been made of this type of collection, but it is permitted by the operative laws, which the Congress may, if it wishes, adjust as it sees proper.

Most of the collected communications, especially in later years after exponential growth of Internet communication volume, has almost surely been discarded, a large part of it because of legal retention limits, but mostly because automated filters reject it or administrative retention limits based on practical considerations are reached.

It is incorrect in part to say the legal provisions were secret until Snowden leaked them, however. They are, and were, generally available in the US Code (Title 50) and were the subject of extensive and well publicized hearings around 1976, and legislation in 1978. The Foreign Intelligence Surveillance Act was amended in 2008 after additional hearings. Executive order 12333, with various amendments, has been in effect, and available in the Federal Register since December, 1981. The Foreign Intelligence Surveillance Court and the FISC Court of Review also were established in the law; they were no secret, either, despite the fact that they deal with classified material and issue classified decisions. Those classified decisions, along with the classified briefs and arguments that preceded them, comprise a major part of what was kept secret until (and mostly after) Snowden leaked them.

James Bamford's books, as well as others, along with numerous reports in major news publications like the New York Times and Washington Post revealed a good deal about NSA activities over its lifetime, so many, maybe most, NSA surveillance activities were not secret, although most people were, and probably still are, ignorant of them.

Did the NSA sometimes exceed its authority? Certainly, and in some instances they were taken to task by the FISC and required to step back. In other cases the activities got congressional blessing after the fact (e. t., the US Patriot Act). In quite a few cases, the excesses were technical errors or, in a few, employee misconduct. Based on reading a significant number of the documents Snowden leaked, in addition to or instead of the breathless reporting about the documents does, in fact, suggest rather strongly that NSA management has established meaningful and generally effective controls and auditing procedures over authorized activities; that the NSA staff have implemented many of them in software; and that the analysts and other staff generally adhere to them.

1
0
tom dial
Silver badge

Re: Yeah, Right

The general drift of what is in the material Snowden took and Greenwald, Poitras, and numerous others published is that the NSA, in general, has adhered to the provisions of the laws under which it operates. To be sure, they have operated at and occasionally exceeded those legal limits. And they have requested and sometimes received Attorney General and FISC permission for expansive interpretations of the powers the law grants them. When denied or overruled, however, they appear to have pulled back appropriately. They seem to have had fairly extensive internal controls and audit trails, and reported errors, as required, to the AG and FISC. All of this apparently was known to congressional oversight committee members, or could have been had they bestirred themselves and looked at the classified material the NSA made available to them. The presumption should be that if this bill is enacted, they will follow the law as modified.

In any case, the NSA presumably is one of the non-enumerated "stakeholders" mentioned in 6 USC 148(m) that is the subject of this bill; That section reads:

"(m) Coordinated vulnerability disclosure

The Secretary, in coordination with industry and other stakeholders, may develop and adhere to Department policies and procedures for coordinating vulnerability disclosures."

The bill in process appears to require only a report of certain DHS policies and procedures that may include NSA activities related to software vulnerabilities NSA know and others do not. At that, it seems to require only one such report where one reasonably would expect it to direct periodic reporting. It also does not require that they release any information about those vulnerabilities, or regulate their use of them beyond limits in place or to be legislated otherwise. So not only can the NSA, based on history, be expected to follow the proposed law, there seems to be no important reason for them, or DHS, not to comply.

As referred to the Senate, the bill seems pretty inconsequential.

2
2
tom dial
Silver badge

It would not have been hard to put the entire essential content in the article:

"a) Report

Not later than 240 days after the date of the enactment of this Act, the Secretary of Homeland Security shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report that contains a description of the policies and procedures developed for coordinating cyber vulnerability disclosures, in accordance with section 227(m) of the Homeland Security Act of 2002 (6 U.S.C. 148(m)). To the extent possible, such report shall include an annex with information on instances in which such policies and procedures were used to disclose cyber vulnerabilities in the year prior to the date such report is required and, where available, information on the degree to which such information was acted upon by industry and other stakeholders. Such report may also contain a description of how the Secretary is working with other Federal entities and critical infrastructure owners and operators to prevent, detect, and mitigate cyber vulnerabilities.

(b) Form

The report required under subsection (b) shall be submitted in unclassified form but may contain a classified annex."

If I were at DHS this would not bother me a lot, larded as it is with weasel phrases like "to the extent possible," "where available," and "may contain;" especially as I could put anything touchy in a classified annex.

A feel-good act on a par with the best of them, this will take a fraction of an analyst's year to compile and arrange. As written and, on January 9 passed by the US House of Representatives, it seems to be required only once. Representative Lee ought, at the least, to have required it to be updated annually.

3
0

Last week: Microsoft accused of covering up rape claim. This week: Microsoft backs anti-cover-up law ¯\_(ツ)_/¯

tom dial
Silver badge

Re: It's a start

"it's entirely possible that after [the police] looked at the evidence they found that she had not actually been raped."

A more accurate description would be that the police who investigated presented the collected evidence to the appropriate prosecutor, who made a determination that the evidence was insufficient to warrant a rape charge. Alternatively, as very often happens, the accuser, with or without encouragement from the police, did not cooperate in the investigation or did not press her claim.

Claims like this one (presumably the case described at https://www.bloomberg.com/news/articles/2017-12-14/microsoft-intern-s-rape-claim-highlights-struggle-to-combat-sex-discrimination) are difficult. Both participants likely were adults capable of legal consent, both apparently had consumed alcoholic beverages, perhaps to the point where one or both were making poor decisions. We have been told, so far, only one side of the story; in any court proceeding, the accused would have the opportunity to present his side, and to question the witnesses brought against him. The letter to Microsoft from the complainant's lawyer suggests she might have been a poor witness and that prosecution, even with evidence of intercourse and the timely complaint to the police, would have been unlikely to lead to a conviction.

It is not at all clear that corporate HR departments, however constituted, can do justice to such matters when they happen off hours and off company premises.

10
0

FCC douses America's net neutrality in gas, tosses over a lit match

tom dial
Silver badge

Re: Steady on, folks.

A quick scan of recent Federal Register entries suggests the delay between agency action and Federal Register publication is much nearer a month than a year (or more). That said, the Congress can override (subject to presidential veto) within the 60 days after it receives the agency report and the Federal Register rule publication. I would look for the rule to become effective around the middle of March, 2018.

6
0

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row

tom dial
Silver badge

Re: Leaks: Mathematically probable.

Linked in the original post:

http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0147905

3
0

US politicos wake up to danger of black-box algorithms shaping all corners of American life

tom dial
Silver badge

This would be more persuasive if you described how the credit reporting company benefited from the utility company requiring you to provide a security deposit.

5
2
tom dial
Silver badge

Most phone contracts now come with a phone that bears a sticker price of several hundred dollars and a payoff period of around two years; there probably are some setup costs as well, although those probably are much less. The company never will see these again, and it is unsurprising that they would wish to check the ability and apparent willingness of the customer to honor the contract.

Again, a decade ago we experienced a serious financial crisis caused, in large part, by the combined activities of dishonest or possibly misled borrowers, dishonest or possibly careless loan originators, gullible or possibly dishonest loan repackagers and risk analysts, and bankers who, by the time they bought the financial assets, could not reasonably tell whether they were any good or not, even if they had made an honest effort to find out. Secondary, but important, assistance and encouragement by government agencies whose mission was bound to promoting home ownership. Regular credit checking early in the loan process might have prevented that, and at the least would have mitigated it.

It may be that there are reasonable arguments against whatever methods Fair Isaac uses to compute its magic number, and it may be desirable that those methods, and their inputs, be more public. However, it is long past the time when people went to their local bank or savings and loan or credit bureau and arranged a loan with someone they knew, and who knew them. Without the credit reporting and evaluation organizations, and their algorithms, economies would be much smaller, provide fewer opportunities, and goods and services would be, on average, considerably costlier than they are. Some might consider that a good thing, but I do not.

3
5

Expert gives Congress solution to vote machine cyber-security fears: Keep a paper backup

tom dial
Silver badge

It is not clear why so many people are so concerned to get electronic voting "right" when there is no obvious reason to have it at all other than to speed reporting of the outcome. Manual voting using paper ballots with optical counting, if desired, satisfies the requirement quite well, including quick answers. Manual counting would take longer, but arguably be more transparent. There is absolutely no requirement that returns be complete enough by the 10PM or 11PM news to project a winner; no harm follows from procedures that were (almost) fast enough to project national election winners with decent accuracy before the advent of voting machines.

Recounts, if needed, can be handled the same way and will take no more than about twice as long.

22
0

Russia threatens to set up its 'own internet' with China, India and pals – let's take a closer look

tom dial
Silver badge

Re: Live experiment is easy

"It would be easy for countries that want to make a porn-free environment to use a root zone file that excludes the .porn TLD.

Until someone set up an alternate root server, shared with the cognoscenti, that adds .porn back in?

0
0
tom dial
Silver badge

Re: Kremlin, lying? Colour me astonished ...

Not Trump, I think, but his opponents in the Resist "community," especially those who believe he stole the election by collaborating with the Russian efforts that swung all the alt-right votes away from Hillary Clinton (not to mention the authors of the Constitution some two and a quarter centuries back with their diabolical electoral college).

6
9

Facebook notifications to reveal who saw dodgy Russian election ads

tom dial
Silver badge

So FB can tell not only which ads were shown on my web browser, but they can tell also which of them I actually looked at? This on a PC with either (one case) no camera or (other case) a piece of post-it note over the camera window? I do not believe that. I also am skeptical about whether they know that I also use AdBlock Plus and some ads are not presented at all, although I have had enough refusals from paywallish sites over ad blockers to suspect they might.

Then there is the fact that I, and probably some others, occasionally look at garbage sites for amusement, or see the "meddling" ads and have our opinions nudged opposite to what the ads appear to be promoting.

I, for one, am tired of endless moral panic promotion by those who presume they know better what I should look at that I do; and that most explicitly includes the legislators arguing that something must be done to prevent political discussion and advocacy that they do not think appropriate for us slow-minded folks in the hinterlands between the forty mile strips along the Pacific and part of the Atlantic coasts.

3
1

Then there were four: Another draft US law on 'foreign' (aka domestic) mass spying emerges

tom dial
Silver badge

Re: Let's be clear. Senators and Con-gresspeople are ignoring the written Constitution.

Asset forfeiture laws are primarily a fifth and fourteenth amendment issue. Somewhere between most and nearly all of the assets seized under civil forfeiture were found in the course of searches the owner permitted; those searches, accordingly, did not require a warrant. Their taking, with scarcely a hint of due process, plainly violates the clear language of the fifth and fourteenth amendments. Criminal asset forfeiture following the owner's guilty plea to or trial and conviction for criminal acts is an entirely different matter, in which the seized assets generally were found based on fourth amendment searches and connected by some evidence to the criminal acts. Even that, however, often overdone and abused.

0
0
tom dial
Silver badge

Re: Pesky 14th amendment says

I do not see anything like that in the fourteenth amendment. That one, basically, prohibits states from doing what the national government is is not allowed to do with respect to citizens. The discussion in this case is necessarily rooted in the fourth amendment, which speaks of "the people," which rightly has been taken to include non-citizens within the United States. A number of other amendments also do not distinguish citizens from noncitizens. These include all the other amendments that comprise the Bill of Rights.

The fourth amendment, as another poster noted, does not define "unreasonable searches," which has led to a good deal of litigation over the last two and a quarter centuries and doubtless will continue to do so.

2
1

Google says broader right to be forgotten is 'serious assault' on freedom

tom dial
Silver badge

Would the right to be forgotten apply

to the Internet Archive?

https://www.theregister.co.uk/2017/11/16/head_like_a_memory_hole/

0
0
tom dial
Silver badge

Re: Should paedophile sex offenders have the 'Right to be Forgotten' ?

In many places in the US, including where I live, this does not even remotely approach a right. People (nearly all men) convicted of certain sex offenses (including pedophiles) not only have no right to be forgotten but are required to register with the police where they live and have their residence location and the general nature of their offense published or publicly available. Convicted pedophiles generally are restricted in addition as to where they are permitted to live (not too close to schools, for instance). These restrictions often are for life and difficult or impossible to have expunged. A pattern that occurs with somewhat bothersome frequency involves consensual sex by a couple of whom one is slight below the legal consent age, occasionally by well under a year.

0
0
tom dial
Silver badge

Re: Google do have a point - albeit they also have a vested interest

I agree generally, but this seems a bit over the top in describing the proposed restrictions as equivalent to book burning. Search engines compile and present indexing information to already existing records. Removing the links would not make the records vanish, but only make them more difficult to find. An interested person might conduct the search, less efficiently, by manual means or even deploy a special purpose search engine to crawl the web and report the links using technology that has been known - and in some degree used - for nearly a quarter of a century.

0
0

Forums

Biting the hand that feeds IT © 1998–2018