Haha, yeah, anyone who can take on the US Government and win is by definition an expert in national security. By now he probably also read more documents on national security than even the most highly cleared guys. He had everything from the minutiae of NSA tech to reports written for the inspector general. Given the rampant lying that occurs inside the security state he's probably the only guy with any clarity on how things really work at all, especially because judging from previous behaviour around the Wikileaks incidents, a lot of the NSA/DoD guys will have refused to read any of the public reports in case they get "contaminated" by classified materials!
Lots already. Even if you ignore the Constitution, people running the NSA and general security state have been caught lying to Congress (a crime), lying to the kangeroo FISA court meant to be overseeing them (contempt of court), lying to regular courts about whether defendents were being informed about the origin of evidence against them (more contempt of court), violating FISA court orders (more contempt), and re-interpreting the PATRIOT Act in such a way that even the guy who wrote the damn thing was shocked - that's just normal law breaking: you aren't supposed to be able to "reinterpret" laws however you see fit.
But when you ask "is there a way to charge anyone with a crime", I think you already know that the answer is yes just because there are so many vaguely worded laws in the USA that basically anyone can be charged with some kind of crime. What matters is whether you actually ARE charged, and that's an entirely politically driven decision.
That's the situation in the USA. In the UK the laws are much worse and much vaguer, believe it or not, to the extent that there's basically no functioning oversight at all - the UK equivalent of FISA is not only not a court, it's actually staffed by anonymous people! There's no way to find out who even sits on it. And they have never ruled against the intelligence services even once: FISA Court has at least made a token effort to appear useful. RIPA, the law that is claimed to authorise such collection, is so vaguely worded as to be basically useless as a law - it would appear to authorise practically anything. And the Prime Minister, unlike Obama, has rejected the very notion that there might be a debate at all - simply asserting that if GCHQ does it, it must be by definition be OK.
So even though the situation in the USA is dire, it's actually not as bad as it could be.
And how many of those $50 tablets were approved by Google and run the Google apps suite? I thought the answer was "almost none of them".
The article gives no useful info - assuming any such dispute exists at all, it could be for any reason: seems like the blog is just assuming it must be the dual boot capability because that's what gets traffic. But if for some reason that was the issue, Asus or anyone else could ship devices running the regular open source Android, sans Gmail/Maps/Play Store, without having to deal with Google.
Such tools have been around for a long time in the Windows world. The reason is division of labour. One of the dirty secrets about malware that lots of people hate to hear is that vast quantities of it get in through people pirating software and movies (which demand special "codecs"). After all why bother finding zero day exploits when you can just bind your malware to a Photoshop crack and watch hundreds of thousands of people come to you?
The opportunity is so vast that the black market divided into different job categories. There were the spammers who would buy bots from bot bot herders. The herders would buy "installs" of their bots from installers. The installers would buy binders from binder developers, obtain cracked versions of popular programs, use the binders to join the bots with the apps and then upload them to torrent sites. The installers weren't programmers so binders needed point and click GUIs, but that's OK, the value add they provided was knowing how to get around the blocks the torrent sites tried (uselessly) to put in place to stop this, along with simple brute force of numbers.
Often binders would also be combined with tools called crypters, which do what you'd expect, they just polymorphically encrypt the newly bound crack+app. Crypter developers competed based on how "FUD" their product was (fully undetectable). When AV companies learned to spot their decryption stubs, they'd modify it a bit and release a new version.
I watched this market for a little while a few years ago which is how I know all this lingo. It appeared to be a large and thriving industry. All driven by the greed of pirates.
Er, it is implemented in the client! S/MIME has been implemented by all non-webmail clients for years. When used correctly it's more or less transparent: every email is signed (you get an smime.p7s attachment), and if you receive a signed mail and have S/MIME configured too, your client can/will automatically encrypt the response.
But there are reasons it's not widely used: in the consumer space, most people don't bother getting an email address cert (even though Comodo and StartSSL give them away for free, it takes 2 minutes). And in the corporate space, often you don't actually want employees using end to end encryption, because you need the ability to do things like have internal messaging archives that are searchable, you need the ability to do document discovery when you get sued, employees suck at key management and keep losing them, etc.
Encrypted asynchronous messaging is just a tremendously hard problem. Look at agl's Pond project to get a flavor for what doing it seriously takes.
How do you intend to stop IT departments reconfiguring computers they themselves purchased?
I don't think you thought that one through. At all. It's not even a reasonable goal.
The money sitting in the Caribbean wasn't earned in the USA anyway. It's sitting there waiting for either:
1) The USA to drop its stupid double taxation policies (the money was already taxed once, where it was earned, and most countries try to avoid double taxing in this situatoin). In that case the money could be reallocate to the USA and spent there, where it would of course eventually get taxed again in the process of being paid out as wages or buying things, but at least just moving it into the states wouldn't be a taxable event.
2) A use for it to crop up outside the USA.
Obviously there's nothing you can spend billions of dollars on in the Caribbean - that's just a holding area until the money finds somewhere to be more useful.
Interesting. I just checked: the Flash bundled with my Chrome is the older version (but it's sandboxed to some extent). So then I opened up Firefox and checked the plugin version, and discovered it was already at the newest patched version. I don't recall any update, so I guess the Flash Player plugin updated itself in the background without me noticing, and actually managed to do that faster than Chrome did. Impressive!
They won't let you renounce citizenship if the embassy official thinks you are doing it for tax reasons. Even if they don't think that, they charge a giant "exit tax" and can levy fines for previous non-filings (even if you were, e.g. born to a US parent but never actually lived there).
Basically US citizenship is a modern form of slavery. The scary thing, from my perspective as a non-US citizen, is that once FATCA infrastructure is in place, there's really nothing to stop them extending the list of criteria for people who are considered "US persons" for tax purposes. The US has vast debt and a crippled, dysfunctional politics that can't agree on tax rises or spending cuts. The obvious solution for them is to tax foreigners, which is exactly what FATCA is designed to achieve. However FATCA doesn't fully activate until 2017 according to the current schedule so there's time left yet.
More to the point, I'm struggling to get excited about this idea - the document is probably right that high speed car chases are extremely dangerous. The people in the article going "zomg what if it goes off accidentally in traffic" amaze me. What if it goes off accidentally? Er, the car glides to a halt. What if someone is in a high speed car chase? Better not be a pedestrian in the way
I'm usually pretty concerned about erosions of civil liberties, but seriously, if you're being chased by the cops and you're a human rights activist - things already went so badly wrong that being able to outdrive the pursuers seems like the least of your problems.
The questions about whether it could be made secure are very real and important, for sure, but again
Pretty sure that those things are not problems to do with how these specific laws are written, they're fundamental flaws in the trial process and thus the judiciary itself. If such basic rules are being ignored then by definition you wouldn't know if an accused person was actually a traitorous spy or not, would you, because the system would be unable to come to any trustworthy conclusion.
Er, no. Go read a history of Google. The search engine came first and for several years they had no idea how to fund it at all. They sold search services to Yahoo and Netscape. They put their code in a box and tried to sell the Google Search Appliance. They did a bunch of other random things before they eventually tried out keyword based advertising. To say the search engine was a byproduct of a desire to serve ads just makes you look like an idiot who is making stuff up as you go along.
I'd love to believe that, but I think what did it is more like what the OP said - lots of apps could be bought off the shelf for not much money, that did everything interesting. I mean, I learned programming on a BBC Micro in the 80's, which was a great machine back then, but it was *handwave* 10x as expensive as the game-price-subsidised NES boxes and I couldn't write competitive or even interesting video games for it as a kid, because I didn't have enough skill. So not surprising that most people lost interest.
EMV offers no additional protection whatsoever in a card present scenario unless the customer is required to enter a PIN. Which as you know.. convenience blah blah, speed blah, reasons. And nobody will.
You realize that hundreds of millions of people around the world routinely type in PIN numbers for every transaction, right? I've typed in a PIN for every card payment I've made for years, as have all my friends and family. We're not dead yet. I fail to see why Americans are somehow unable to deal with this when everyone else can.
Anyway, you don't seem to understand how EMV rollouts work. People are not given a choice about PIN authentication. You do it, often into a portable device that is a bit like a specialised mobile phone but with a PIN pad, card slot, display and 3G connection that the waitress brought over to your table. The banks insist on it and so do the merchants. It takes about as much time as signing with a pen does.