Why let the facts get in the way of a good complaint?
Judges are supposed to follow the law as written - whether they like it or not. (There are out's for them in some cases, but usually not.) The decision they rendered here was based on the language Congress handed them: The court relied on the “exceedingly broad language” of § 1030(e)(1) that “’[i]f a device is “an electronic … or other high speed data processing device performing logical, arithmetic, or storage functions,’ it is a computer.” The court also held that “there is nothing in the statutory definition that purports to exclude devices because they lack a connection to the Internet.”
Congress also wrote the law that, for the most part, takes away a judge's discretion in deciding on the sentence. One can make some arguments for this (it increases predictability, it helps ensure that rich white kids don't get shorter sentences for the same crime as poor black kids); one can make political arguments for it (people feel judges are too lenient and have chosen, through their elected representatives, to be tougher on criminals); and one can make very good arguments *against* it (basically, little in real life is cut and dried and trying to pin things down too much leads to miscarriages of justice). Nevertheless, this is the law we have on the books today.
I'd be the first to agree that it's absurd to enhance a sentence based on "use of a computer" when that "computer" is a cell phone. Hell, I'd even agree that enhanced sentencing for using a computer on the Internet is a bad idea. But I disagree that this is an indictment of the judges involved. It's an indictment of Congress, which passed bad laws.
The first part of fixing a problem is putting the blame in the right place.
Is it legitimate for Apple to do something like this? There's plenty of precedent. Apple views their store as ... like a store. Try going into a Walmart, setting up a booth, and selling books or CD's or whatever. You want to sell at Walmart? You use their system: You deliver stuff wholesale, they get it out to consumers. Start an auction on Ebay, then make side deals with people to sell stuff without Ebay getting its cut, and they'll close your account (and perhaps go after you if for what you owed) if they find out. A real estate agent gets paid even if you find a customer yourself. (I bought my first house based on a newspaper ad. The seller was pissed that he had to pay the broker, who had absolutely nothing to do with the sale, his 3% - but the contract with the broker required it and is quite enforceable.) In a way, Apple is being more open here than Walmart would be: It's as if Walmart said "sure, set up your booth - but you also have to let us sell your books/CD's at the same time."
Is it a good idea for Apple to do this? We'll see. Sony and Amazon and Barnes and Noble are certainly pissed about it, but realistically, if you're an Apple customer, this is unlikely to hurt you - and in fact it probably makes it more convenient for you. (The only way you as a consumer get hurt is if Sony and Amazon and B&N decide to drop their apps entirely. That seems unlikely - Apple didn't make this move until it was offering a market so large that they would find it difficult to walk away. But Amazon in particular is no pushover - they'll certainly bargain hard. We have certainly not heard the last word on how this will actually work.)
If you're going to split Verizon, you have to split AT&T along the same lines - classic DSL vs. U-Verse, with the slowest marketed U-Verse speed being twice the highest classic DLS speed.
But if you start down that path, why not start splitting cable providers into areas where they've built out DOCSIS 3.0 and areas where they haven't?
The fact is that no one (other than the carriers themselves) have data this fine-grained - and it's not even clear that they do. Oh, they know the theoretical speeds of their "last-mile" offering; but that's nowhere near the same thing as actual measured data. Fios, for all the theoretical speed of its fiber, could have crippled connections into and out of wherever all that fiber converges. Or there could be other things limiting them, perhaps even stuff they aren't aware of.
The Netflix data is valuable exactly because it's measured, not a guess. Networks are complex combinations of many different components, and you're kidding yourself if you think you can know the performance of any non-trivial network without measurement.
Sigh. So many remarks, so little understanding. And in this case, understanding is actually quite important.
The attack on Facebook *was* a man-in-the-middle-attack, not just keystroke logging. Like many sites - including stores and even banks - Facebook encrypted the password (and probably the username) that you sent. You'll see sites that do that show a little "why is this secure?" help box to assure you that, no, the page itself doesn't show a lock indicator (because it isn't https) but your credentials are perfectly safe because they are sent "using 128-bit encryption".
But they are not at all safe because you have no idea who you are actually talking to. It could be Facebook/the store/your bank; or it could be someone who mocked up a page that looks like Facebook's/your store's/your bank's, complete with a nice, encrypted username/password mechanism, sending your username/password right to them. The Tunisian attack was a slight variation in that they modified the real page on the fly to inject this attack, rather than making up a fake site - but the end result was the same.
If you're going to put your stuff in a safe-deposit box handed to you by a bank official - make sure you're really at a bank, and that it's a real bank official handing you the box! Relying on a "secure username/password" field on an unauthenticated page is like accepting an offer of a safety deposit box from some guy on the street outside the bank. Sure, the box is solid steel and the lock is high quality - but who else has the key?
If a site you deal with offers "security" by encrypting just the login information - complain to them. You'll almost certainly be unable to get a message to anyone who actually understands the issue - but if you follow up by closing your accounts, eventually they'll get a clue.
On the post: Should Everyone Who Uses A Phone Or A Computer As Part Of A Crime Get A Longer Sentence?
Why let the facts get in the way of a good complaint?
Congress also wrote the law that, for the most part, takes away a judge's discretion in deciding on the sentence. One can make some arguments for this (it increases predictability, it helps ensure that rich white kids don't get shorter sentences for the same crime as poor black kids); one can make political arguments for it (people feel judges are too lenient and have chosen, through their elected representatives, to be tougher on criminals); and one can make very good arguments *against* it (basically, little in real life is cut and dried and trying to pin things down too much leads to miscarriages of justice). Nevertheless, this is the law we have on the books today.
I'd be the first to agree that it's absurd to enhance a sentence based on "use of a computer" when that "computer" is a cell phone. Hell, I'd even agree that enhanced sentencing for using a computer on the Internet is a bad idea. But I disagree that this is an indictment of the judges involved. It's an indictment of Congress, which passed bad laws.
The first part of fixing a problem is putting the blame in the right place.
-- Jerry
On the post: Apple Trying To Run All Content Sales Through Its Own Sales System
Is it a good idea for Apple to do this? We'll see. Sony and Amazon and Barnes and Noble are certainly pissed about it, but realistically, if you're an Apple customer, this is unlikely to hurt you - and in fact it probably makes it more convenient for you. (The only way you as a consumer get hurt is if Sony and Amazon and B&N decide to drop their apps entirely. That seems unlikely - Apple didn't make this move until it was offering a market so large that they would find it difficult to walk away. But Amazon in particular is no pushover - they'll certainly bargain hard. We have certainly not heard the last word on how this will actually work.)
-- Jerry
On the post: Netflix Shows Which ISPs Actually Perform Well... And Which Don't
Re: No Way
But if you start down that path, why not start splitting cable providers into areas where they've built out DOCSIS 3.0 and areas where they haven't?
The fact is that no one (other than the carriers themselves) have data this fine-grained - and it's not even clear that they do. Oh, they know the theoretical speeds of their "last-mile" offering; but that's nowhere near the same thing as actual measured data. Fios, for all the theoretical speed of its fiber, could have crippled connections into and out of wherever all that fiber converges. Or there could be other things limiting them, perhaps even stuff they aren't aware of.
The Netflix data is valuable exactly because it's measured, not a guess. Networks are complex combinations of many different components, and you're kidding yourself if you think you can know the performance of any non-trivial network without measurement.
-- Jerry
On the post: How Facebook Dealt With The Tunisian Government Trying To Steal Every User's Passwords
The attack on Facebook *was* a man-in-the-middle-attack, not just keystroke logging. Like many sites - including stores and even banks - Facebook encrypted the password (and probably the username) that you sent. You'll see sites that do that show a little "why is this secure?" help box to assure you that, no, the page itself doesn't show a lock indicator (because it isn't https) but your credentials are perfectly safe because they are sent "using 128-bit encryption".
But they are not at all safe because you have no idea who you are actually talking to. It could be Facebook/the store/your bank; or it could be someone who mocked up a page that looks like Facebook's/your store's/your bank's, complete with a nice, encrypted username/password mechanism, sending your username/password right to them. The Tunisian attack was a slight variation in that they modified the real page on the fly to inject this attack, rather than making up a fake site - but the end result was the same.
If you're going to put your stuff in a safe-deposit box handed to you by a bank official - make sure you're really at a bank, and that it's a real bank official handing you the box! Relying on a "secure username/password" field on an unauthenticated page is like accepting an offer of a safety deposit box from some guy on the street outside the bank. Sure, the box is solid steel and the lock is high quality - but who else has the key?
If a site you deal with offers "security" by encrypting just the login information - complain to them. You'll almost certainly be unable to get a message to anyone who actually understands the issue - but if you follow up by closing your accounts, eventually they'll get a clue.
-- Jerry
Next >>