Encrypting data at rest doesn't get you much. Anyone who gets access to the backend gets access to the cryptographic keys used to read the data at rest.

This is the case whenever the attacker has access to the cryptographic endpoint. The fact is, as long as Google is one of the cryptographic endpoints, if you have access to Google's data, you have access to it regardless of whether you pretend to encrypt it. The only way you can significantly change that is to make yourself (that is, the person sending and the person receiving the e-mail) the cryptographic endpoint, so that Google only ever sees ciphertext.

But that's not very convenient.

I actually used the more-recent numbers for "healthcare spending as % GDP". Arguably, healthcare spending per capita (adjusted for purchasing-power parity) may be more useful, but the gap between the US and other nations is a lot smaller there. Both numbers are available. :-)

Theoretically, yes. Practically, it's often not that easy to "just lie to it". (So, in practice, it becomes an arms race of effort just like everything else.)

For example:

That's easy to detect through timing attacks, it turns out. You would also have to be very careful to exactly replicate the behavior of the hardware you're virtualizing, or that's detectable, too.

Now, talk about difficult problems! The easy part would be having trustworthy networking gear. The hard part would be that "detect the suspicious traffic" boils down to "detect a side-channel attack used for exfiltrating data", which is somewhere in between very difficult and impossible.

In a strange world where 15 is nearly double 11, yes.

Roughly, across the US, there seems to be an average conviction rate for police misconduct of 50/month. The average rate of people being killed by police is about 35/month.

So, for every cop convicted of misconduct, there appears to be about 0.7 that get away with murder (assuming, almost certainly incorrectly, that every person killed by police qualifies as "murder" and that all of them "get away with it").

"Yes" and "no" are the only ways you get to vote on a bill. They point out quite clearly what needs to be addressed in the bill in order for it to be acceptable to them. They also actively lobby to suggest new legislation and amend in-process legislation. You don't see that here, because that's not what this story is about, because this bill is up for vote.

They are part of the process. They're a pretty influential lobbying organization.

Well, the police should be operating exclusively within the U.S. Anyone within the U.S. has 4th Amendment rights, regardless of whether they are a citizen, a resident, or a foreigner. While there is a foreign-intelligence exception (per court findings, not per the text of the amendment), that exception only applies when the intelligence-gathering is directed against a foreign entity reasonably believed to be located outside the US.

I'd love to see the justification someone gins up for tracking individuals that must be physically located within the US for the purposes of gathering intelligence on individuals that are required to be located outside the US.

You know that's a TV show, where they edit out all the interactions that are boring, right?

That's not the route they seem to usually go.

In national-level news (i.e., in a serious or well-publicized case), a couple of weeks ago.

About a month ago (same caveat as above).

Sure, because they don't already do that with most-wanted lists, just less accurately.

This is the LAPD we're talking about. I think that fact was already pretty well-known.

Making public a ton of classified documents is not criticism. It might be right, it might be wrong, it might be some of both, but it's not accurate to describe it as "criticism".

How's criticizing the government going for all the people who criticize their handling of Manning? For the people who are criticizing the NSA now?

I get the same thing on some browsers/devices. The color difference ends up being almost undetectable. (Then, on other browsers, it's perfectly clear.)

The holdover of calling it "metadata" is a little odd.

All metadata is, naturally, data. That's not the odd part; people should know that.

It's reasonable to call it "phone call metadata". That's what it is. That indicates that it is not the content of the calls, but it's other data about the calls. So in the context of phone calls, it's metadata, because it's not the phone call content itself. Once it's separated from that context, it's just "data".

Saying "it's just metadata" makes no sense at all, since the "meta-" part give you no information about the data's value.