"Legal language is designed to be as exact and non-vague as possible"
This is a bit misleading. Legal language is professional jargon. All profession jargon is designed to accomplish multiple goals, usually stated as:
1) Facilitate clear and effective communication, as you said 2) To facilitate obfuscation 3) To provide an indicator of who is a part of the profession and who is not.
"you're probably right about people not understanding what the so-called Dark Net is, but you can't draw that conclusion simply because they think it ought to be shut down."
I can. Thinking that something ought to be shut down implies that they think there is some distinct entity called the "dark net" that can be shut down. But such a distinct entity does not exist. The term "dark net" refers to a whole bunch of independent and very often entirely unrelated different services and activities.
So saying something like "the dark net should be shut down" is a nonsensical thing to say, and betrays a fundamental lack of understanding.
Yup. Of all of the ways that the US "justice" system has devolved, this is one of the easiest examples to get people to understand -- because it's clearly insane even on a brief glance.
True, but once the canary pops there can be no further warning, so it's of limited usefulness. Combine that with the fact that canaries aren't universal, and that makes it even worse.
For example, if I were to go to Reddit for the first time now, I would not know that a canary ever existed, so I wouldn't get the warning.
The best course of action (and not just because of government surveillance) is to treat every site as if they had a canary die.
I have no faith that just because something isn't settled law, it isn't done. A big player with an interest in fighting the feds could probably make a stink, but a smaller one, or one that isn't as interested in protecting their customers as much as covering their own ass, would more likely silently roll over.
First, they are too coarse to be useful. All the government has to do to defeat them is to issue an NSL that they don't really care about to kill the canary. From then on, there is no warning.
Second, you can't really trust that the canary will be killed as expected. Secret orders might require the canary to stay up inappropriately.
The safer (and likely correct) thing to do is to assume that all information held by a third party is also in the possession of the government. So be very, very cautious about what information you provide to a third party.
In this case, the two are the same thing. If they can't do it, then they have nothing to talk about. If they do it, then they can't take the legal risk of talking about it.
"No matter what, there will be security holes."
Exactly right, which is why it's important that there be a way to find them.
"The law says don't circumvent, so the solution ends there."
I should have been more specific. What is in dispute is a variation on anticircumvention laws and whether or not they are good things. I maintain they are terrible, counterproductive, and restrict people from doing things that nobody would argue are bad.
So in this context, when I'm talking about breaking the law, I'm not talking about the law we're disputing over, I'm talking about the other laws that are aimed directly at nefarious behavior.
Not only do they not (or at least, none of the major ones I know of), but they make it a point to tell you very clearly that they don't, and if anyone calls to claim otherwise, don't talk to them.
First of all, no amount of law against research will stop people from probing it to find the vulnerabilities. Further, any cracks made by bad actors will be distributed just as widely as if such a law didn't exist.
If that's the point, then the idea is a huge fail from the start. All it will do is make sure that any vulnerabilities found will be in the hands of criminals while making it impossible for the good guys to talk about, or do, anything.
"Meanwhile, the original "researcher" says that he had no intention of breaking the law, and like DVD replication software, the intent wasn't to pirate anything. So now you have to prove that (a) he wasn't researching, (b) he intended his patch or plug in for piracy and not research."
No, you really don't. You just have to prove that he broke the law.
A "security researcher" is anyone who is looking into the security of a thing.
"The answer would be that almost every hacker in the world would claim to be "just researching" when they are caught trying to get around HTML5's DRM sceheme."
They can claim that, sure, but that doesn't mean their claim will hold up.
If all they were doing is actual research (regardless of the purpose for the research), all is well. If they were actually engaging in nefarious activities, though, then claiming "research" would hardly stand up when the prosecution presents the evidence of the nefarious activities.
This is a great question, and I hope one of the lawyers here will address it.
My guess is that the third party doctrine doesn't apply for the same reason it doesn't apply to your rental home: there is a long-established expectation of privacy with them, in the sense that whoever is renting the box or your home to you does not have legal access to its contents except under very specific circumstances.
On the post: Oculus Users Freak Out Over VR Headset's TOS, Though Most Of It Is Boilerplate
Re:
On the post: Oculus Users Freak Out Over VR Headset's TOS, Though Most Of It Is Boilerplate
Re: Re: Yeah, yeah... something laywer something billable hours
This is a bit misleading. Legal language is professional jargon. All profession jargon is designed to accomplish multiple goals, usually stated as:
1) Facilitate clear and effective communication, as you said
2) To facilitate obfuscation
3) To provide an indicator of who is a part of the profession and who is not.
On the post: 71% Want The Dark Net Shut Down, Showing Most Have No Idea What The Dark Net Is
Re: Incorrect Conclusion
I can. Thinking that something ought to be shut down implies that they think there is some distinct entity called the "dark net" that can be shut down. But such a distinct entity does not exist. The term "dark net" refers to a whole bunch of independent and very often entirely unrelated different services and activities.
So saying something like "the dark net should be shut down" is a nonsensical thing to say, and betrays a fundamental lack of understanding.
On the post: Oculus Users Freak Out Over VR Headset's TOS, Though Most Of It Is Boilerplate
Oculus' problem
I'm sure that's a problem, but a bigger problem for Oculus is that they're joined at the hip to Facebook, and so are inherently suspect.
On the post: Anti-Piracy Informant Who Thought He Was A Paid Informant Sues Adobe For Not Paying Him
He forgot the first rule of contracts
(Legally not always true, but practically it's nearly always true.)
On the post: Chase Freezes Guy's Bank Account For Paying His Dogwalker For Walking Dash The Dog
Re: Re: That's nothing.
On the post: DOJ Reopens Asset Forfeiture Sharing Program After Temporary, Budget-Related Shutdown
Re: Re: Re: Re: Government thieves
On the post: Our Comment On DMCA Takedowns: Let's Return To First Principles (And The First Amendment)
Re: Re: Re:
On the post: Reddit's Warrant Canary On National Security Letters... Disappears
Re: An NSL they don't care about
For example, if I were to go to Reddit for the first time now, I would not know that a canary ever existed, so I wouldn't get the warning.
The best course of action (and not just because of government surveillance) is to treat every site as if they had a canary die.
On the post: Reddit's Warrant Canary On National Security Letters... Disappears
Re: Re: The reasons these canaries are pointless
On the post: DailyDirt: Cheaper Rockets Taking Off
Re: Re: Rocket science is hard?
I love a good bit of pedantry. :)
On the post: Stupid Patent Of The Month: Mega-Troll Intellectual Ventures Hits Florist With Do-It-On-A-Computer Scheduling Patent
Re:
On the post: Reddit's Warrant Canary On National Security Letters... Disappears
The reasons these canaries are pointless
First, they are too coarse to be useful. All the government has to do to defeat them is to issue an NSL that they don't really care about to kill the canary. From then on, there is no warning.
Second, you can't really trust that the canary will be killed as expected. Secret orders might require the canary to stay up inappropriately.
The safer (and likely correct) thing to do is to assume that all information held by a third party is also in the possession of the government. So be very, very cautious about what information you provide to a third party.
On the post: Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?
Re: Re: Re: Re: Re:
In this case, the two are the same thing. If they can't do it, then they have nothing to talk about. If they do it, then they can't take the legal risk of talking about it.
"No matter what, there will be security holes."
Exactly right, which is why it's important that there be a way to find them.
"The law says don't circumvent, so the solution ends there."
I should have been more specific. What is in dispute is a variation on anticircumvention laws and whether or not they are good things. I maintain they are terrible, counterproductive, and restrict people from doing things that nobody would argue are bad.
So in this context, when I'm talking about breaking the law, I'm not talking about the law we're disputing over, I'm talking about the other laws that are aimed directly at nefarious behavior.
On the post: CNBC Asks Readers To Submit Their Password To Check Its Strength Into Exploitable Widget
Re: Re: Re: Only part of the problem
Not only do they not (or at least, none of the major ones I know of), but they make it a point to tell you very clearly that they don't, and if anyone calls to claim otherwise, don't talk to them.
On the post: Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?
Re: Re: Re:
If that's the point, then the idea is a huge fail from the start. All it will do is make sure that any vulnerabilities found will be in the hands of criminals while making it impossible for the good guys to talk about, or do, anything.
"Meanwhile, the original "researcher" says that he had no intention of breaking the law, and like DVD replication software, the intent wasn't to pirate anything. So now you have to prove that (a) he wasn't researching, (b) he intended his patch or plug in for piracy and not research."
No, you really don't. You just have to prove that he broke the law.
On the post: Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?
Re:
"The answer would be that almost every hacker in the world would claim to be "just researching" when they are caught trying to get around HTML5's DRM sceheme."
They can claim that, sure, but that doesn't mean their claim will hold up.
If all they were doing is actual research (regardless of the purpose for the research), all is well. If they were actually engaging in nefarious activities, though, then claiming "research" would hardly stand up when the prosecution presents the evidence of the nefarious activities.
On the post: Senator Wyden Lays Out New 'Compact For Privacy & Security In The Digital Age' In Response To Surveillance/Encryption Fights
Re: Third party doctrine
My guess is that the third party doctrine doesn't apply for the same reason it doesn't apply to your rental home: there is a long-established expectation of privacy with them, in the sense that whoever is renting the box or your home to you does not have legal access to its contents except under very specific circumstances.
On the post: DailyDirt: Do It Yourself Shopping -- Stores Without Employees?
Re: Who will have money if its all automated?
On the post: Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?
Re: Re: DRM Could be Used by Terrosits to Hide their Actvities
For one thing, DRM schemes exist that use no encryption whatsoever.
Next >>