They don't need a warrant if they're not trying to gather admissible evidence. See "parallel construction" for an example of what they do with this data.

Not at all useless. Simply decode all possible sequences and rank them, ranking the most self-consistent interpretation highest. You may also have other sources of data to help correlate the interpretation (there was an article earlier this year about measuring sound using the video footage of a mylar potato chip bag's vibrations.) Even if the room is crowded, it might be possible to identify a few isolated words from the audio recording of the conversation.

The next thing you do is throw away those conversations that you're not interested in. Regardless of whether the conversation resulted in "You punched a fish" or "You munched a dish", neither is going to have value when you're searching for criminal activity. But if your streams could be "I bought the ammo so we can rob the bank" or "I mopped the jam up sorry can you mop the tank?" one of those could be valuable.

99.999% of conversations are inane drivel. If this technology is applied, the number of false positives is going to rapidly overwhelm a system. More discrimination and correlation is going to be needed to actually produce intelligence from this data. But never think that data is worthless or unusable.

The only thing I would disagree with in this statement is the word "incompetence." It seems to me that any banker who could walk away with millions in bonuses after all that theft is an extremely competent criminal.

You don't need access to their PC if you have a copy of its credentials (otherwise, yes, it's a lot of effort to dig stuff out of a phone that probably could have come from the PC itself.) But who knows what kind of access you have to their PC? Perhaps you can send a corrosive DLNA packet to iTunes and get the credentials that way. Or maybe a snatch-and-grab phishing attack has only the capacity to send a few hundred bytes before it gets shut down, instead of letting you download all the juicy gigabytes of backup files.

Attacks don't always have to be directly on the repository of the info; sometimes it's very useful to be able to make them from a distance.

Oh, the fools! If only they'd built it. with 6001 hulls! When will they learn?

It's not really a MITM attack, it's spoofing credentials. It's copying the credential token from machine X, installing it on machine Y, then telling machine Y to connect to iCloud pretending to be machine X, and then downloading all the ancient backups in hopes they contained undeleted and unprotected juicy information.

In the past people have used "sort-of" MITM attacks* for jailbreaking, specifically to keep your iPhone from "upgrading" itself to the new version of iOS. The jailbreakers had figured out that they could restore from an old version of iOS and jailbreak it, so Apple wanted to stop that. They introduced SHSH blobs that contained your phone's signed version info, and when you wanted to install an old version of iOS from a backup, they would check to make sure you hadn't upgraded to a newer version. So the jailbreakers came up with a program called TinyUmbrella that you would load up with your iPhone's old SHSH blobs, and it would pretend to be the official Apple blob server. You'd modify your hosts file to redirect the Apple server at your local host, run TinyUmbrella, then launch iTunes. When iTunes wanted to restore the user-specified version of iOS, it would request the latest blobs, but TinyUmbrella would deliver them, tricking the phone into staying at its older version of iOS. In more recent versions of iOS Apple required the server to securely exchange the messages so iTunes could no longer be fooled, but this worked through about iOS version 6 or so.

Of course, this is not a MITM attack against iCloud, but rather against their update process. Still, it was a pretty clever hack.

* I say "sort-of" because TinyUmbrella did not intercept the blob exchange itself; it only stood in as a phony Apple server for a SHSH blob you had to extract on your own, using another tool.

Was your high school's student parliament dedicated to the violent overthrow of the US government? Don't you think that's maybe the kind of student activity you might find rather difficult to forget? Then it's probably not the same thing.

Private research dollars are expected to produce profitable innovations. Bell Labs wasn't run for the good of all humanity, it was run to innovate in the communications space, and it did. They made tremendous amounts of money on the research their lab produced. And the rest of us have continued to benefit from the existence of the transistor. But even though they were wildly successful, where are they now?

Government funded research isn't expected to produce profit, but instead to the betterment of all. Look at any the Big Science projects, such as anything NASA does, or the Human Genome Sequencing project. These projects aren't intended to produce money, they are intended to further our collective understanding.

If private labs are profitable, they are built and run. Google Labs, Microsoft Research, etc., they do a lot of useful stuff and donate much of it. Even the research universities are not contributing as much to the common good as they once did, and are now becoming profit centers for their schools. A tiny example is to look at how much money the University of Minnesota's ag laboratories have made patenting apple hybrids. This is something that once upon a time would have been shared with everyone.

Private money isn't the only answer.

If it's something you're passionate about, don't wait. I went back as soon as my son left the house, and I found I had more free time. Very satisfying.

No. Companies (at least the executives running them) look at their code base differently than technologists. They see the cost of maintenance as X$, and if it's written in ten languages, the cost of hiring ten people to do maintenance is 10X. If you say "one person can know ten languages" they assume such people are expensive and very hard to find.

They want a simple way to manage the cost of maintenance. Cutting the number of languages in use accomplishes that goal, in their minds. Therefore, this practice will continue at companies that don't have unlimited IT budgets.

This. Something like 5-15% of people are immune to logic, and you just have to ignore them if you want to make progress. What it means is that you have to convince more of the people in the "unknown" category. The problem is that of those logic-proof people, some have a strong financial incentive to sway opinions to their side, so it becomes a tough battle.

Not the whole audience. Some of us actually do care that they're not spouting the technobabble you hear in the typical Sci Fi shows, or that when the characters do make mention of it, it's to mock it, just as we do.

Normal cell conversation encryption isn't end-to-end. GSM encryption only protects the conversation from your phone to the tower you're talking to. You're right in that both parties each need one of the high security phones to support true end to end encryption. I've heard it said that at Facetime and iMessage used to be secure, but the tinfoil hat crowd has claimed Apple has since had to provide "lawful intercept capability".

Because the baseband systems are generally invisible to the phone OS, and because the phone OS is usually the place people are interested in hacking, they have not received much attention. Still, there are quite a few researchers who have begun hacking the baseband stack, and in general they've found them to be very poorly coded, and riddled with security vulnerabilities. They have discovered serious flaws that allow malformed packets from the wireless network to hack the phones. While it may be "unlikely", it could certainly be possible.

Also, take a look at CANDYGRAM.

The US is finally going to Chip and PIN next year. It just takes a long time to get a million businesses to spend the money needed to convert their readers.