What the public NEEDS is different from what the AI community WANTS. AI is no different from other forms of IT automation. For all of them, the public needs to have product liability imposed.

Dan Geer covered this quite well back in 2014 in his BlackHat keynote. See http://geer.tinho.net/geer.bla... (section 3.) Schneier and many others also agree. Currently, there are many situations where IT automation creates great harm for the public. But, the lack of product liability has removed the incentive to remove those harms.

What the AI community WANTS is a magic checklist that will absolve them of guilt for the problems they create.

• Proof 1: We can't know all attacks. We can't defend against unknown attacks.
• Proof 2: Even if we could know all attacks, we can't afford to defend against all attacks.
• Proof 3: Even if we could afford to defend against all attacks, if risky CyberSecurity behavior is more profitable, then we won't eliminate failure.

A more useful question is, how can we make things better? After a couple decades of doing the things they currently call CyberSecurity, I have found several much more interesting questions. They include:

1. 0) Can we more accurately measure effective CyberSecurity success? Currently we are measuring the failures. Shouldn't we measure the successes?
2. 1) Can we do a better job of measuring the complete costs (to ourselves and society) of failure?
3. 2) Can we do meaningful epidemiology of CyberSecurity? Can we more accurately determine what helps, and how much it helps?
4. 3) Can we be more accurate and complete in distributing responsibility for failure and improvement?
5. 4) Can we create and sustain meaningful positive incentives that favor CyberSecurity over insecurity?

I have found that when I improve these areas, I improve security.

• - You would have been better off to "roll your own" initialization than using the backdoored initialization that NIST/NSA provided as default for eliptical encryption. We can't trust the NSA to not abuse their snooping power. We can't trust US intelligence to keep a secret. If you rolled your own initialization, then future attackers have to do a lot more work.
• - Given the situation, you may be better off using MUCH bigger public key key sizes than is the current standard, to prepare for the possibility of quantum computers.
• - Almost all the big encryption solutions that maintain some form of trust bottleneck are vulnerable to single point failure, including government coercive force. Lastpass is a good example. The grandparent poster WAS better off "rolling his own password manager with emacs and standard encryption on a Text File" then using Lastpass.

This is not a technical issue.

For the last 232 years, the supreme law of the land in the United States is the US Constitution. All government powers, whether Executive, Legislative, or Judicial, are subordinate to the limits defined in the Constitution.

Claiming that the US Legal system must have unfettered access to all information is the same as saying that the US Legal system must not be fettered or subject to the US Constitution. That leads me to 3 important questions:

1. Why is NOW a good time to abandon the US Constitution?
2. What authority does Director Wray claim to be superior to the US Constitution?
3. Shouldn't Director Wray be immediately fired for violating his Oath to "..Protect and Defend the Constitution of the United States.."?

I live in a rural area. I use a Verizon MiFi with an unlimited data plan, that was mandated by the FCC in exchange for Verizon getting a chunk of spectrum. I get 34mbps wirelessly, which is enough and beats the crap out of the ~2mbps DSL available.

I live very far from the interstate and have very nice 4g - I wouldn't have been able to purchase my 45 acre plot of land for cheap if not for wireless data, because I work from home and depend on internet. I pay $45/mo for unlimited data.

You seem like you're making shit up, nice work!