A corporation is nothing but a creation of government in the first place. How is it nonsensical if the government tells the corporation it can't do business in a certain way?
No, they can't physically prevent anybody from viewing public social media data.
They also can't prevent anybody from, say, racial discrimination, and if you're not a total idiot and avoid creating a paper trail, they can't even reliably catch you at it. Nonetheless, it's demonstrably effective when they create anti-discrimination rules, because your average manager isn't going to take any risks.
What they really ought to be doing is setting a rule that nothing you do that's not clearly and directly related to the work can be considered in making corporate employment decisions.
You can find people goofing off like that anywhere. ANYWHERE. Public sector, private sector, intelligence, law enforcement, judicial branch, and hot dog stands. And, yes, they get away with it at about the same rate everywhere.
I had a private sector job where I was paid 7 figures for two years to literally do nothing at all.
So what is interesting about this personnel matter, other than your desire to demonize anybody who works for the government?
Look folks. If you let somebody other than yourself hold your unencrypted data (or hold the keys to your encrypted data), then you can expect those data to be given to people you don't want them given to.
That's not a US law matter, and it's not an international law matter. It's a laws of physics matter. It will happen regardless of anybody's laws.
Only idiots store anything in the cloud unencrypted if they don't want it known.
The solutiond to this are decentralization, user-managed end-to-end cryptography, and stealth technology. Where that interacts with the law is in the need to keep those things from being forbidden (or to make it impossible to enforce any laws against them).
Spending time on some doomed attempt to keep governments from forcing corporations to turn over data is a distraction.
It may actually be a useful distraction, because as long as the governments think they can get what they want by attacking Google or whoever, their attention doesn't turn to finding ways to attack the actually effective technical approaches. With some luck, you might even get them to tie themselves up in giant nets of treaties and precedents that would make it harder for them to interfere with anything actually effective once they figured out that they needed to.
But it's not useful to drink your own Kool-Aid and think that you'll ever get useful protection from Google, Microsoft, or anybody else.
The easiest way to implement that would be just to log the session keys, rather than handing over the private key. That works even with PFS.
But an even easier way is just to hand over the plaintext, which is what a bank would do.
I predict that it will be extremely rare, if it ever happens at all, for there to be any demand for anybody to decrypt something ephemeral like TLS. What these guys are really interested in is logged text messages, email, files in cloud storage, contents of phones, and the like. They don't want to grovel through your HTTP traffic. They want your personal papers served up on a silver platter.
You know, noxious as this sort of thing is, you shouldn't be trusting a third party to encrypt your data for you in the first place. Forcing those third parties to break their security won't "kill real encryption", because "real encryption" is done end to end without trusting them in the first place.
To be fair, you can't really blame the Manchester border police for following up on that complaint, given the terrorist attack that had taken place in the city just 24 hours before.
Yes, yes I can. It was a stupid complaint and a stupid thing to follow up on, and I don't really give a damn if the monkeys were scared that day.
Hey, I will give you 10 magic points if you go over to the nearest park and stomp the flower beds. You can even tell everybody you have 10 points.
That's a sincere offer. I'm making it for snarky reasons, but I truly promise that if you go do that, I will award you 10 points. Think of it! 10 points! Awarded by me!
Now, if you go stomp the flowers, who should the law hold to account?
No, the real stupid that happened here were her constituents that vaulted her to the halls of power instead of showing her to the door reserved for crooked politicians. It pains me to say that, since I am very much not a Republican or conservative, but honesty compels me to call stupid by it's proper name.
Actually, the alternative to Harris would have been Loretta Sanchez, who was running to the left of her. The final ballot was Harris vs. Sanchez. There was no serious Republican candidate for that seat.
The "shall not provide to a consumer methods, source code, or other operating instructions" gag order is itself an unconstitutional prior restraint on speech, and probably a more dangerous one than the porn restriction itself.
Trying to restrict any site that might "facilitate prostitution and the trafficking of persons for sexual servitude" is surely unconstitutional because of the sheer breadth of what you could read "facilitate" to mean.
Delegating the decision about what to block to a private company with no meaningful oversight is a huge due process issue.
The fact that it requires something that's technically impossible might also be a wee little due process issue. And if you defy the clear language and read it down to require only what is technically possible, then it fails on vagueness.
It also says "or to disrupt continued unauthorized access".
So DoS attacks are fine as long as you don't actually delete any files on their machine or create a threat to public safety.
The whole "hacking back" concept is idiotic, anyway. You're giving your enemy control over your targeting. If this happens, Joe jobs will become even more popular than they are now.
If anyone can just throw in their own button and change the code of the button to patch the phone, you've just got around Apple's security though the Home Button.
What the hell are you talking about? One presumes that the button sends a scan of the finger to some more central part of the phone. Unless the button itself is verifying the finger, replacing the button should have no security effect.
Fingerprint scanners, including Apple's, are trivial to bypass from the outside, anyhow.
But Apple shouldn't allow 3rd party's to get around it or we're right back to people getting mugged for iPhones
As opposed to people ending up unable to use their iPhones because they've lost the passwords. Either way, you lose the phone.
People get mugged for shoes and handbags, too. Should those be glued on?
It should always be possible to wipe and reset a device without knowing any passwords or having any fingerprints or showing any receipts or whatever. Not to get into it and see what's on it already, but to restore it to a usable blank state.
... and getting past the lock screen is a nonissue for phone theft anyway, since you can't change an IMEI without replacing the core of the phone. If your device gets stolen, the network can blacklist it. That may or may not be a good thing, but it means that we would not be "right back to people being mugged for iPhones" if it were possible to factory reset and reuse a device in your physical possession.
Telling somebody that you'll ban them from the country for 5 years if they don't withdraw a request for admission is not doing their job. Especially when it's a naive person whom you are holding incommunicado.
It is, however, deprivation of civil rights under color of authority, and you can get a Federal prison sentence for it. Which is what should be happening to a lot of these people and their bosses.
The "paranoid" mode is basic least-common-denominator crypto security practice.
I know the kids today want everything to be easy, but some things are not easy. You can't rely on somebody else to hold your crypto keys and expect to have any security.
If it's not a privacy problem for Google to collect data so long as it doesn't use them, I assume you agree with the US Government's contention that it hasn't "intercepted" phone or Internet traffic so long as no human has looked at the contents...
On the post: Once Again With Feeling: 'Anonymized' Data Isn't Really Anonymous
So I assume...
https://www.techdirt.com/articles/20170329/13234837037/no-you-cant-buy-congresss-internet-dat a-anyone-elses.shtml
On the post: EU Looks To Prevent Employers From Viewing An Applicant's Publicly Available Social Media Information
How is that nonsensical?
A corporation is nothing but a creation of government in the first place. How is it nonsensical if the government tells the corporation it can't do business in a certain way?
No, they can't physically prevent anybody from viewing public social media data.
They also can't prevent anybody from, say, racial discrimination, and if you're not a total idiot and avoid creating a paper trail, they can't even reliably catch you at it. Nonetheless, it's demonstrably effective when they create anti-discrimination rules, because your average manager isn't going to take any risks.
What they really ought to be doing is setting a rule that nothing you do that's not clearly and directly related to the work can be considered in making corporate employment decisions.
On the post: National Security Work Leaves Plenty Of Time For Games, Outside Employment, And Sexual Misconduct
Re: So the fuck what?
Correction: it was 6 figures, not 7. But I literally did do nothing at all, not even come in to work.
On the post: National Security Work Leaves Plenty Of Time For Games, Outside Employment, And Sexual Misconduct
So the fuck what?
You can find people goofing off like that anywhere. ANYWHERE. Public sector, private sector, intelligence, law enforcement, judicial branch, and hot dog stands. And, yes, they get away with it at about the same rate everywhere.
I had a private sector job where I was paid 7 figures for two years to literally do nothing at all.
So what is interesting about this personnel matter, other than your desire to demonize anybody who works for the government?
On the post: Another Judge Says The Microsoft Decision Doesn't Matter; Orders Google To Hand Over Overseas Data
Re: Re: Yeah, OK, whatever
On the post: Another Judge Says The Microsoft Decision Doesn't Matter; Orders Google To Hand Over Overseas Data
Yeah, OK, whatever
Look folks. If you let somebody other than yourself hold your unencrypted data (or hold the keys to your encrypted data), then you can expect those data to be given to people you don't want them given to.
That's not a US law matter, and it's not an international law matter. It's a laws of physics matter. It will happen regardless of anybody's laws.
Only idiots store anything in the cloud unencrypted if they don't want it known.
The solutiond to this are decentralization, user-managed end-to-end cryptography, and stealth technology. Where that interacts with the law is in the need to keep those things from being forbidden (or to make it impossible to enforce any laws against them).
Spending time on some doomed attempt to keep governments from forcing corporations to turn over data is a distraction.
It may actually be a useful distraction, because as long as the governments think they can get what they want by attacking Google or whoever, their attention doesn't turn to finding ways to attack the actually effective technical approaches. With some luck, you might even get them to tie themselves up in giant nets of treaties and precedents that would make it harder for them to interfere with anything actually effective once they figured out that they needed to.
But it's not useful to drink your own Kool-Aid and think that you'll ever get useful protection from Google, Microsoft, or anybody else.
On the post: UK Government Using Manchester Attacks As An Excuse To Kill Encryption
The easiest way to implement that would be just to log the session keys, rather than handing over the private key. That works even with PFS.
But an even easier way is just to hand over the plaintext, which is what a bank would do.
I predict that it will be extremely rare, if it ever happens at all, for there to be any demand for anybody to decrypt something ephemeral like TLS. What these guys are really interested in is logged text messages, email, files in cloud storage, contents of phones, and the like. They don't want to grovel through your HTTP traffic. They want your personal papers served up on a silver platter.
On the post: UK Government Using Manchester Attacks As An Excuse To Kill Encryption
You know, noxious as this sort of thing is, you shouldn't be trusting a third party to encrypt your data for you in the first place. Forcing those third parties to break their security won't "kill real encryption", because "real encryption" is done end to end without trusting them in the first place.
On the post: Brazilian Journalist Detained By UK Border Police For Reading A Book About ISIS
Yes, yes I can. It was a stupid complaint and a stupid thing to follow up on, and I don't really give a damn if the monkeys were scared that day.
On the post: Game Maker Sues Milwaukee Over Permit Requirement To Make Augmented Reality Games
Er...
That's a sincere offer. I'm making it for snarky reasons, but I truly promise that if you go do that, I will award you 10 points. Think of it! 10 points! Awarded by me!
Now, if you go stomp the flowers, who should the law hold to account?
On the post: Lawyer's Association Asks New California Attorney General To Drop Its Abusive Prosecution Of Backpage
Actually, the alternative to Harris would have been Loretta Sanchez, who was running to the left of her. The final ballot was Harris vs. Sanchez. There was no serious Republican candidate for that seat.
On the post: Georgia Lawmakers Look To Go Down Porn-Censoring Unconstitutional Rabbit Hole
Re: ditto Oklahoma
Yep, they're pretty close to the same, definitely to the point where they had to be cut and pasted.
State legislators are mostly morons, so you can usually find one to introduce any garbage you want...
On the post: Georgia Lawmakers Look To Go Down Porn-Censoring Unconstitutional Rabbit Hole
You forgot some...
The "shall not provide to a consumer methods, source code, or other operating instructions" gag order is itself an unconstitutional prior restraint on speech, and probably a more dangerous one than the porn restriction itself.
Trying to restrict any site that might "facilitate prostitution and the trafficking of persons for sexual servitude" is surely unconstitutional because of the sheer breadth of what you could read "facilitate" to mean.
Delegating the decision about what to block to a private company with no meaningful oversight is a huge due process issue.
The fact that it requires something that's technically impossible might also be a wee little due process issue. And if you defy the clear language and read it down to require only what is technically possible, then it fails on vagueness.
On the post: Congressman Introduces Bill That Would Allow People And Companies To 'Hack Back' After Attacks
Not ONLY for purposes of identification.
So DoS attacks are fine as long as you don't actually delete any files on their machine or create a threat to public safety.
The whole "hacking back" concept is idiotic, anyway. You're giving your enemy control over your targeting. If this happens, Joe jobs will become even more popular than they are now.
On the post: Apple Says Nebraska Will Become A 'Mecca For Hackers' If Right To Repair Bill Passes
What the hell are you talking about? One presumes that the button sends a scan of the finger to some more central part of the phone. Unless the button itself is verifying the finger, replacing the button should have no security effect.
Fingerprint scanners, including Apple's, are trivial to bypass from the outside, anyhow.
As opposed to people ending up unable to use their iPhones because they've lost the passwords. Either way, you lose the phone.
People get mugged for shoes and handbags, too. Should those be glued on?
It should always be possible to wipe and reset a device without knowing any passwords or having any fingerprints or showing any receipts or whatever. Not to get into it and see what's on it already, but to restore it to a usable blank state.
... and getting past the lock screen is a nonissue for phone theft anyway, since you can't change an IMEI without replacing the core of the phone. If your device gets stolen, the network can blacklist it. That may or may not be a good thing, but it means that we would not be "right back to people being mugged for iPhones" if it were possible to factory reset and reuse a device in your physical possession.
On the post: Upset About Border Patrol Cruelty? It Didn't Start Under Trump
First bullet point
Telling somebody that you'll ban them from the country for 5 years if they don't withdraw a request for admission is not doing their job. Especially when it's a naive person whom you are holding incommunicado.
It is, however, deprivation of civil rights under color of authority, and you can get a Federal prison sentence for it. Which is what should be happening to a lot of these people and their bosses.
On the post: Court Says Location Of FBI's Utility Pole-Piggybacking Surveillance Cameras Can Remain Secret
Lesson learned
On the post: Snowden's Favorite Email Service Returns, With 'Trustful,' 'Cautious,' And 'Paranoid' Modes
"Paranoid"?
I know the kids today want everything to be easy, but some things are not easy. You can't rely on somebody else to hold your crypto keys and expect to have any security.
On the post: Google Hating Mississippi Attorney General Sues Company... With Ammo From EFF
On the post: Judge Leaning Strongly Towards Tossing Pimping Charges Against Backpage Executives
Re: Re: Intermediary liability could be a good thing...
"Companies"?
If you have to have a company to run the service, it's not decentralized enough. Even a wee little company.
Next >>