...budget cuts to space exploration. Good thing Football is safe.
It's not just ensuring that "Football is safe." The Super Bowl will have on the order of 100k people in and around the stadium and more than 100 million people watching. We can argue about whether the specific measures will be effective, or whether they invade privacy, or whatever, but don't dismiss a high-value terrorism target as just a football game.
This makes me wonder if there are exceptions.
Being mostly deaf, I use IP-relay a lot, and use an IM client to access it. Does the simple act of logging my IMs turn me into a criminal?
I doubt it. As far as I can tell, the prohibition is on recording; it's legal for one party of a telephone conversation to transcribe the conversation. Also, do people usually understand that they're talking to you over a relay? (I assume your friends do, but I don't know what the protocol is if you were, say, calling your credit card company.) If someone knows they're talking over a relay, then I think you could argue that they've implicitly consented to the transcription. It seems like explicit consent isn't necessary, just notification (i.e., "this call may be recorded..." or a specific beep tone).
And since this is Slashdot and a lot of us presumably live in California it's worth mentioning that barring a warrant only one party to a phone call needs to be aware that it's being taped in this state.
Nope, that's wrong. California is a two-party consent state:
"without the consent of all parties to the communication..."
The DOE tried to push polygraphs on its cleared employees, and met with a lot of resistance from the scientists:
http://www.spse.org/Polygraph_comments_Livermo.html
The DOE can require polygraphs of its cleared employees in some circumstances, but to my knowledge it's rare that they actually do this.
"Cushy pension"? Federal Employees get 1% for each year of service i.e. work 30 years and get 30% of your annual salary as a pension. They also get a 4% contribution to a 401(k). Better than nothing, but not really "cushy". Employees who are required to carry guns get a better deal, but TFA had to do with "IT" employees.
I wanted to be an FBI agent, and went through part of the hiring process a few years ago when they were aggressively trying to hire people with advanced CS degrees. I dropped out of the process due to the salary: ~$50-62k (depending on location), including the extra "availability" (overtime) compensation. At the same time, the FBI was posting >$100k positions for (non-agent) computer scientists.
This is a routine trick in a security audit: drop some USB sticks in the employee parking lot, and see how many folks just plug it into their computer.
Sure, the process can still be subverted, but it's a lot easier to verify that a hard drive has been destroyed
Imagine, if you will, someone who wanted your data and could intercept the drive for long enough to swap the platters on a drive (thus taking the important data with them).
If someone wants your data and they have enough access that they can actually swap platters and smuggle the data out, then you're already in trouble. Destroying a hard drive makes it a lot less likely that data will be inadvertently leaked.
There was a challenge not long ago for anyone to recover any data whatsoever from a harddisk that had been overwritten just once with zeros (which should be considerably easier than one that was overwritten with random data). I don't remember what the prize was, but it was a considerable amount of money and would have been priceless publicity for any data recovery company that could pull it off.
That fact that nobody publicly proved that they could do this does not mean that it can't be done. If NSA had the capability to do this, do you think they'd share that information? If the data is sensitive enough, why risk even a very small chance that it could be recovered by the wrong party?
Well, DBAN is open source. If you have suspicions, you're welcome to review the source compile your own version with a trusted compiler. If that isn't to your liking, there are commercial tools that do the same thing.
This requires a) proving that the software is correct and b) verifying that the compiled result hasn't been tampered with. For the latter, I'll refer you to http://cm.bell-labs.com/who/ken/trust.html.
As for, "What if a drive is mishandled and doesn't get wiped," well, isn't that a concern with physical destruction too?
Sure, the process can still be subverted, but it's a lot easier to verify that a hard drive has been destroyed (along with inventory checks on all hard drives being removed from a facility) than it is to verify that a hard drive has been properly wiped.
There is software out there (like D-BAN) which will repeatedly overwrite the data on a hard drive, rendering it unrecoverable. Why not use that, rather than relying on encryption?
How do you verify that the software does this correctly, and that it hasn't been tampered with? What if a drive is mishandled and doesn't get wiped? And if there's a process to do this correctly and with no chance of failure, is it worth that effort to recycle some old hard drives?
Where I work, hard drives with less-sensitive data can be reused; other ones are ground up into little bits. Data cannot be recovered(*) from a thoroughly destroyed hard drive. What assurance is there for a software solution?
(*) To the best of my knowledge. Maybe NSA can piece together the dust of a hard drive, but I highly doubt it.
It is very difficult to prophesy, especially when it pertains to the future.