Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Censorship? (Score 1) 539

They're absolutely correct; the makers of Adblock Plus are engaging in censorship of digital advertising created by some others and allowing through the digital advertising created by some others, which isn't optimal and thus there are different solutions which do not opt for such fickle behavior.

However, the key part here is that it isn't by force, it's by choice of the enduser of the product; in direct juxtaposition of being on the receiving end of forced digital advertising delivery.

In almost all cases, in order for me to view content, I must first opt in, by only my visiting the site in question, to digital advertisements before I am able (if at all) to disable the advertising through payment. Instead of bitching, we just utilize these tools to (UBlock Origin is my preference) to censor our own content.

I mean, I get it; they are fighting hard to reduce that 30% of Europeans and 10% of Americans blocking ads but enough w/the rhetoric, please.

Comment Re:Not a zero-sum game -- and not that simple (Score 1) 395

You again reiterated the false choice. I explained exactly why it is a false choice, and why some possible solutions, which may or may not be available under all circumstances, can address some of the problems without weakening crypto standards themselves, or weakening existing complete crypto systems. That you don't want to acknowledge this is so does not make it untrue. You are focused on backdoors, various key escrow solutions, and the like, and not on practical reality.

Comment Not a zero-sum game -- and not that simple (Score 1) 395

Liberty and Safety are not at two ends of a zero-sum sliding scale, wherein one must be sacrificed in discrete and equal units for the other. We can and should have a good measure of both, and it is government's charge to provide for the latter, while protecting (or, depending on your view, not infringing upon) the former. To say nothing of the fact that our very existence has been an exercise in the sacrifice of "liberty" for an orderly civil society governed by the rule of law, except in the fantasies of internet tech-libertarians.

And what a worthless survey: "warrantless surveillance" of what? Of who? Foreign intelligence targets do not require and never have required a warrant.

Gone are the days where the US targeted foreign communications on distant shores, or cracked codes used only by our enemies. No one would have questioned the legitimacy of the US and its allies breaking the German or Japanese codes or exploiting enemy communications equipment during WWII. The difference today is that US adversaries -- from terrorists to nation-states -- use many of the same systems, services, networks, operating systems, devices, software, hardware, cloud services, encryption standards, and so on, as Americans and much of the rest of the world. They use iPhones, Windows, Dell servers, Android tablets, Cisco routers, Netgear wireless access points, Twitter, Facebook, WhatsApp, Gmail, and so on.

The distinction is no longer the technology or the place, but the person(s) using a capability: the target. In a free society based on the rule of law, it is not the capability, but the law, that is paramount.

US adversaries use the very same technologies we use. The fact that Americans or others also use them does not suddenly or magically mean that no element of the US Intelligence Community should ever target them. When a terrorist in foreign country is using Hotmail or an iPhone instead of a walkie-talkie, that cannot mean we pack our bags and go home. That means that, within clear and specific legal authorities and duly authorized missions of the Intelligence Community, we aggressively pursue any and all possible avenues, within the law, that allow us to intercept and exploit the communications of foreign intelligence targets.

If they are using hand couriers, we target them. If they are using walkie-talkies, we target them. If they are using their own custom methods for protecting their communications, we target them. If they are using HF radios, VSATs, satellite phones, or smoke signals, we target them. If they are using Gmail, Facebook, iPhones, Android, SSL, web forums running on Amazon Web Services, etc., we target them -- within clear and specific legal frameworks that govern the way our intelligence agencies operate, including with regard to US Persons.

That doesn't mean it's always perfect; that doesn't mean things are not up for debate; that doesn't mean everyone will agree with every possible legal interpretation; that doesn't mean that some may fundamentally disagree with the US approach to, e.g., counterterrorism. But the intelligence agencies do not make the rules, and while we may inform issues, we do not define national policy or priorities.

And on backdoors, we don't need "backdoors".

What we do need is this:

A clear acknowledgment that what increasingly exists essentially amounts to a virtual fortress impenetrable by the legal mechanisms of free society, that many of those systems are developed and employed by US companies, and that US adversaries use those systems -- sometimes specifically and deliberately because they are in the US -- against the US and our allies, and for a discussion to start from that point.

The US has a clear and compelling interest in strong encryption, and especially in protecting US encryption systems used by our government, our citizens, and people around the world, from defeat. But the assumption that the only alternatives are either universal strong encryption, or wholesale and deliberate weakening of encryption systems and/or "backdoors", is a false dichotomy.

How is that so?

Encrypted communication has to be decrypted somewhere, in order for it to be utilized by the recipent. That fact can be exploited in various ways. It is done now. It's done by governments and cyber criminals and glorified script kiddies. US vendors could, in theory, be at least a partial aid in that process on a device-by-device basis, within clear and specific legal authorities, without doing anything like key escrow, wholesale weakening of encryption, or similar with regard to software or devices themselves.

When Admiral Michael Rogers, Director of the National Security Agency and Commander, US Cyber Command, says:

"My position is -- hey look, I think that we're lying that this isn't technically feasible. Now, it needs to be done within a framework. I'm the first to acknowledge that. You don't want the FBI and you don't want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn't be for us. I just believe that this is achievable. We'll have to work our way through it. And I'm the first to acknowledge there are international implications. I think we can work our way through this." ...some believe that is code for, "We need backdoors." No. He means exactly what he says.

When US adversaries use systems and services physically located in the US, designed and operated by US companies, there are many things -- compatible with our law and with the Constitution -- that could be discussed, depending on the precise system, service, software, or device. Pretending that there is absolutely nothing that can be done, and it's either unbreakable, universal encryption for all, or nothing, is a false choice.

To pretend that it's some kind of "people's victory" when a technical system renders itself effectively impenetrable to the legitimate legal, judicial, and intelligence processes of democratic governments operating under the rule of law in free civil society is curious indeed.

Some ask why terrorists wouldn't just switch to something else.

That's a really easy answer -- terrorists use these simple platforms for the same reason normal people do: because they're easy to use. Obviously, a lot of our techniques and capabilities have been laid bare, but people use things like WhatsApp, iMessage, and Telegram because they're easy. It's the same reason that ordinary people -- and terrorists -- don't use Ello instead of Facebook, or ProtonMail instead of Gmail. And when people switch to more complicated, non-turnkey encryption solutions -- no matter how "simple" the more tech-savvy may think them -- they make mistakes that can render their communications security measures vulnerable to defeat.

Vendors and cloud providers may not always be able to provide assistance; but sometimes they can, given a particular target (device, platform, etc.), and they can do so in a way that comports with the rule of law in free society, doesn't require creating backdoors in encryption, doesn't require "weakening" their products, and doesn't violate the legal and Constitutional rights of Americans.

And of course, it would be nice if we were able to leverage certain capabilities against legitimate foreign intelligence targets without our targets and the entire world knowing exactly what we are doing, how, when, and why, so our enemies know exactly how to avoid it.

Secrecy is required for the successful conduct of intelligence operations, even in free societies.

"The necessity of procuring good Intelligence is apparent and need not be further urged -- all that remains for me to add, is, that you keep the whole matter as secret as possible. For upon Secrecy, Success depends in most Enterprises of the kind, and for want of it, they are generally defeated, however well planned and promising a favourable issue." â" George Washington, our nation's first spymaster, in a letter to Colonel Elias Dayton, 26 July 1777

Disclaimer: I'm a subscriber, so I see stories early.

Comment No. No limits on speech. But... (Score 2) 563

No. No limits on speech. That is exactly the wrong idea. But being on a CT watchlist if you're immersed in ISIS propaganda, and don't have a clear reason otherwise for doing so? Yep, that's gonna happen.

Problem with watchlists?

Quiz:

1. Should the government have the ability to keep ANY list(s), to include names and other attributes of people, for counterterrorism and intelligence purposes?

2. Should the government be able to watch non-protected aspects of a US Person suspected of terrorism, foreign intelligence ties, etc., without a warrant?

3. Should the government be able to watch protected aspects of a US Person suspected of terrorism, foreign intelligence ties, etc., with a warrant?

4. Can the government keep secret the fact that a US Person (or any other person) is on any CT watchlist and/or is subject of a CT/CI investigation?

5. Should the government be able to deprive a US Person of Constitutional rights without due process, or by virtue of appearance on a CT watchlist?

Answer key: 1. Yes. 2. Yes. 3. Yes. 4. Yes. 5. No.

Comment Re:Fundamentally Flawed (Score 1) 93

Your whole extended statement fell apart with the title.

"NSL = for things that DO NOT require a warrant"

Actually, warrants are the mechanism by which a free society achieves balance between personal and collective rights. Absent that...

Nope. Not everything government does requires a warrant. That is an undeniable fact. The case law which says metadata, for example, affirmatively does not require a warrant, has no expectation of privacy, and is not covered by the Fourth Amendment, is over 35 years old.

It got even weaker when you stated that "NSLs DO have massive amounts of LEGAL oversight..." States facts not in evidence. What, exactly, are these "massive" oversight mechanisms?

https://www.fas.org/sgp/crs/in...

"Hey, can you help us out..." is laughable because you characterize this as a friendly understanding between actors who know each other. In fact an NSL is 100% coercive, cannot be challenged, and it's secrecy is the ultimate weapon. An NSL compels the recipient to do as demanded and never tell anyone else. The NSL itself could be illegal but the recipient cannot even inform a lawyer, as that would violate the secrecy provisions. Oh, but do tell us about the "massive" oversight.

But NSLs -- which are nothing more than a letter -- are not illegal. That's the point. In fact, the only thing found unconstitutional about NSLs were the extent and length of the gag orders accompanying them.

By your logic, any law enforcement or government entity should NEVER be able to approach a business about anything and ask for help. It should ALWAYS require a court order, no matter the information requested. That's how you might think it should work, but that is not compatible with reality.

When you state "...if a NSL is used, the person is almost certainly a foreign intelligence target under active investigation..." you put the cart before the horse. Your language is that of conclusions concerning a criminal, as found by a court of law. Except this comes before a court of law has had any chance to hear a case. This is lazy argumentation to support a flawed process.

No, you are putting the cart before the horse by implying that a warrant is required for information or persons who fundamentally DO NOT require a warrant. What you are essentially saying is that a warrant-like approval process needs to happen for any sort of action or information request government takes or makes, ever, to ensure that the government isn't "lying" about it not needing a warrant...which defeats the whole purpose, and timeliness, of not needing a warrant.

Finally, you mention FISA. This joke of a process has a 97% warrant approval rate. Standard court warrants have about a 60% approval rate. Literally nothing else needs be said about how weak the FISA process is; statistically, this approval rate cannot be explained or justified. Except, by repeating what the FISA court really is: A one-sided process meant to produce a Yes answer, with no right of reply or rebuttal. Retroactive FISA warrants are further evidence of the corrupt/flawed/lazy thinking that produced FISA in the first place.

This comment truly shows your ignorance, because you have no idea how FISA works. At all. The IC does not approach FISA with requests that will probably get denied, because it is a massive waste of time and resources for the literal armies of lawyers who submit FISA requests -- for FOREIGN intelligence collection -- on behalf of IC agencies. Law enforcement agencies, however, do this all the time because they have no other choice but to try. So your assumption that just because the approval rate is high is because it's a "rubber stamp" and really doesn't care about what it's approving is false.

Of course, you have already made up your mind and use a lot of specious and absolutely false logic to arrive at your conclusions, so this conversation is moot.

Comment NSL = for things that DO NOT require a warrant (Score 1, Troll) 93

Note what this (or any) NSL does not request, for good or ill given the explosion in digital communications since Smith v Maryland in 1979 and subsequent case law (which effectively says that metadata, as "business records" provided to a third party, do not have an expectation of privacy and are not covered by the Fourth Amendment): CONTENT of communications.

Note what is also missing here: the target. People assume it's an innocent US Person. The fact is, if a NSL is used, the person is almost certainly a foreign intelligence target under active investigation, and the reason why requests are "dropped" is because IF a NSL was used in the first place, we don't want to reveal any further sources, methods, or what we know.

Unless and until the Supreme Court of the United States speaks on this matter again -- and it very well may, and it very well may rule differently given how the communications landscape has changed in 35+ years -- that is the law of the land. Not peoples' opinions, not tech commentator know-it-alls, not self-proclaimed security experts.

If something doesn't legally require a warrant, it amounts to a formal request. I'm not saying it's always perfect execution, but the whole purpose of a NSL is so that it runs through its own legal process -- which, again, is for information that does NOT require a warrant. I know people think it has no oversight, but either something requires judicial oversight, or it doesn't. And NSLs DO have massive amounts of LEGAL oversight, just not a warrant signed by a judge -- repeating myself here -- because one isn't required for information sought by a NSL.

And like information that we seek under Intelligence Community authorities, we don't want the target of the collection or surveillance knowing we are targeting them, or where, or how. Yeah, it sucks, and it's imperfect, and all that, but even in a democratic society, you can't just say every single national security or intelligence issue has to be in the open. That's not how even democratic societies work, or can work, or should work, when it comes to national security matters. Some things tilt too far in one direction based on national events, or politics, etc. Then they tilt back. It's never fast enough for proponents or critics.

The main issue is that people say that something like a NSL is "bad" because it doesn't have judicial oversight in the form of a warrant. If the information sought doesn't legally require a warrant, I don't know what to tell them. Then when we do actual court orders and warrants when required for foreign intelligence collection, issued by the very court whose sole purpose is to protect the rights of Americans under the law and Constitution in the context of foreign intelligence collection, they complain because the evidence is heard and rulings are issued in secret.

A NSL at its core is nothing more than a formal process and notification, with a lot of other legal considerations surrounding it, that is the equivalent of someone saying, "Hey, can you help us out...and oh, by the way, here's a bunch of other legal crap which justifies this. And don't tell anyone, because this is a national security issue." I understand why people make an issue of it, because they'll say, ok, even if it's used for all "bad guys" it still "could be abused". Uh, and? Any government power at all "can be abused". Secret ones "can be abused" in secret.

And yet, the government still has to have powers, and some of them on the national security and intelligence side are necessarily cloaked in secrecy. And in the conduct of war, diplomacy, law enforcement, and counterterrorism as the United States, with our myriad interests at home and abroad, we do all of these things for a reason. No, it's never perfect, and it never will be. People act surprised when the use of something like NSLs skyrockets since the late 90s...well, guess what else skyrocketed since the late 90s? The goddamned internet, which we invented, and our enemies are literally using it against us. No, not bullshit like tweets and Facebook pages; adversaries using the internet for no-shit coordination, collaboration, and C2. AND intentionally using US systems and services because they know that it's a legal rat's nest for us to get to them there, even if they're non-US Persons outside the US.

So anyway, yeah, it sucks, but the general attitude most people in the national security and intelligence communities are operating under is we had better be using the full extent of the capabilities afforded to us under the law, and we don't make the law.

The other issue, speaking broadly, is that sometimes the target itself is not subject to Constitutional protections at all, because the target is a non-US Person outside the US, and it is absurd to argue that if said target's communications touches the US in any way, suddenly it should be subject to Constitutional and warrant protections, because warrantless efforts to obtain it otherwise "could be abused".

SCOTUS can either speak to it, or Congress can pass a law. My own PERSONAL opinion, in a vacuum, and absent everything else I know, is that metadata should be protected -- because of 1.) the explosion in digital communication and the internet in the ensuing decades, combined with 2.) government's ability to exploit large amounts of collected data because of advancements in technology.

I would point out that even though portions of the statute with regard to NSLs have been found unconstitutional, it has only been about the gag order and length of time, not the use of a NSL, which is essentially a formal letter.

The issue of who the Constitution protects and where has many different arguments, but in a traditional law enforcement/intelligence/national security context, generally we see it as protecting either 1.) US Persons (be they citizens, permanent residents, lawful visitors, groups of the above, etc.) or 2.) people IN the US, no matter who they are.

The FISA Amendments Act shifted this a bit due to the reality that over 70% of international internet traffic touches the US somehow, by design or incidentally, and we had an absurd situation where both ends of a conversation would be AQAP members outside the US, who are not US citizens, and have never been in the US, who we suddenly can't collect on, even with capabilities outside the US, because one of them is using Hotmail.

If Constitutional protections applied to everyone, everywhere, my view is that the concept of borders and nation-states is meaningless, and it also destroys foreign intelligence collection -- and I mean Destroys. That said, we can certainly argue that we want to follow Constitutional *principles*, and aside from things people want to cherry pick that they don't like, I would say that, generally speaking, we do that.

Comment Re:Yes! (Score 3, Informative) 785

I switched to a Mac in 2012 for my personal shit and about 6 months ago went to a Mac for work too. With the release of Office 2016 for the Mac, I honestly cannot find a single thing I cannot do comfortably on my Mac anymore.

If you have a serious problem with it, Parallels has been running Windows apps for me better than any native PC installation since version 7 back in 2012.

I mean, I know you're probably trolling or trying to be funny, but it's a dead joke in 2015.

Comment Re:We don't need "backdoors" (Score 1) 259

Put simply, there exist plenty of systems and techniques that don't depend on a third-party who could possibly grant access to secure communications. These systems aren't going to disappear. Why would terrorists or other criminals use a system that could be monitored by authorities when secure alternatives exist? Why would ordinary people?

That's a really easy answer -- terrorists use these simple platforms for the same reason normal people do: because they're easy to use. Obviously a lot of our techniques and capabilities have been laid bare, but people use things like WhatsApp, iMessage, and Telegram because they're easy. It's the same reason that ordinary people -- and terrorists -- don't use Ello instead of Facebook, or ProtonMail instead of Gmail. And when people switch to more complicated, non-turnkey encryption solutions -- no matter how "simple" the more savvy may think them -- they make mistakes that can render their communications security measures vulnerable to defeat.

I'm not saying that the vendors and cloud providers ALWAYS can provide assistance; but sometimes they can, given a particular target (device, email address, etc.), and they can do so in a way that comports with the rule of law in free society, doesn't require creating backdoors in encryption, and doesn't require "weakening" their products. And of course, it would be good if we were able to leverage certain things against legitimate foreign intelligence targets without the entire world knowing exactly what we are doing, so our enemies know exactly how to avoid it. Secrecy is required for the successful conduct of intelligence operations, even in free societies.

Comment Re:We don't need "backdoors" (Score 1) 259

Sure. One hypothetical example:

The communication has to be decrypted somewhere; the endpoint(s) can be exploited in various ways. That can be done now. US vendors could, in theory, be at least a partial aid in that process on a device-by-device basis, within clear and specific legal authorities, without doing anything like key escrow, wholesale weakening of encryption, or similar with regard to software or devices themselves.

The point is that when US adversaries use systems and services physically located in the US, designed and operated by US companies, there are many things that could be discussed depending on the precise system, service, software, or device. Pretending that there is absolutely nothing that can be done, and it's either unbreakable, universal encryption for all, or nothing, is a false choice.

To sit here and pretend that it's some kind of "people's victory" when a technical system renders itself effectively impenetrable to the legitimate legal, judicial, and intelligence processes of even democratic governments operating under the rule of law in free civil society is curious indeed.

Comment We don't need "backdoors" (Score 3, Informative) 259

And the NYT has a new and extensive story that absolutely "mentions" crypto.

We don't need "backdoors". What we need is a clear acknowledgment that what increasingly exists essentially amounts to a virtual fortress impenetrable by the legal mechanisms of free society, that many of those systems are developed and employed by US companies, and that US adversaries use those systems against the US and our allies, and for a discussion to start from that point.

The US has a clear and compelling interest in strong encryption, and especially in protecting US encryption systems used by our government, our citizens, and people around the world from defeat. But the assumption that the only alternatives are either universal strong encryption, or wholesale and deliberate weakening of encryption systems and/or "backdoors", is a false dichotomy.

Comment Nicely done, connecting to NSA (Score 1) 139

Guess what people the NSA isn't going after with something as close-held as the linked exploit?

"Hackers, Activists, and Journos"

I know that doesn't really seem to matter to people, and that it's easier to cherry-pick contextless, misunderstood, fringe examples that are believed to prove some "point", or isolated examples of outright abuse and extrapolating, without any proof whatever, that to mean it is obviously systemic and widespread, instead of realizing that NSA's chief mission, as a foreign intelligence agency, is foreign signals intelligence collection, and that US adversaries use the same phones, laptops, networks, systems, devices, services, and providers as you.

And, stunningly, we still develop ways to actually target and collect against them.

Mind-bending, I know.

Comment Re:decline in leadship quality (Score 1) 289

OK, I'm coming out of cryogenic storage to tell you to shut up. You opened this subthread with *bizarrely ignorant claptrap*, and should have shut up when the first reply called you out on your lies. But now you're doubling down.

Lincoln could not be the "trigger that started the Civil War" when he was elected *after the war started*, after the majority of the Confederate states had already seceded, the last 4 were already proceeding with secession, and the Confederacy had already started shooting at the Union. Which should have been enough facts to shut you up, but I suppose you enjoy the kind of BS sometimes known as "from the South's perspective": any lie to deny the truth, however bizarrely ignorant.

Lincoln wasn't a "two-bit" lawyer prior to his political career, he was an extremely well accomplished lawyer. And he didn't have "zero experience", he had represented Illinois prominently in the US House of Representatives, and served in the Illinois House of Representatives for 8 years prior to that.

Lincoln was of course recognized as a good leader while destroying the Confederacy, being reelected to do so. That is the very definition of "recognized as good leader": reelected wartime Commander in Chief of the USA. Yes, the US press and many factions are always highly critical of any president; "universally recognized as a good leader" doesn't even belong to FDR.

Oh, how about your BS about Lincoln's "razor close" first election? Lincoln: 1,866,452; Douglas: 1,376,957; Breckinridge: 849,781; Bell: 588,789. That 489,495 margin over #2 was a *landslide* 10.4%, . What the hell are you talking about? You also said something deranged like "but if the South had been voting in the second election". What about "but if the South had freed its slaves instead of seceding"? Because they're equally nonsensical hypotheticals. And your Electoral College split 4 ways because *there were 4 candidates*, no reflection on Lincoln's leadership. But Lincoln's 180 EVs to the combined total of the other 3 at 123 EVs was an even bigger landslide than the popular vote. The words "razor close" don't describe any aspect of Lincoln's *landslide victory* over a full field, representing a new party in a large war-divided country.

And how does maintaining his commitment to Emancipation, even in face of a resigning Cabinet member (showing Lincoln's commitment to including even those who disagreed in his Cabinet, more committed than they were to staying), show anything but deeply effective leadership - as the government didn't suffer, but instead the nation was kept together even despite the war?

Your spin on all that crazy talk is that Lincoln turned out to be a leader who rose to the occasion, despite no reason to expect it. But in fact Lincoln gave all indications of being an exemplary leader from start to finish of his presidency.

Were you perhaps educated about Lincoln out of some "ex" Confederate state textbook? In any case, who taught you that when you're totally wrong you should ignore being proven wrong and double down with even more wrong?

Comment Re:Yes but it could have been *any* reflected Stat (Score 4, Insightful) 47

This post only demonstrates your misunderstanding of things (by talking about "home routers", for example, in this context). And yes, attribution in cyber is hard -- that's one of the most-discussed, fundamental problems of cyber.

You can also go down the Princess Bride-esque rabbit hole of saying that China knows that some people -- like yourself -- will make arguments that "it could be the US or UK making it look like it's China", and thus conduct an attack, or that we know that they know that we know that, and therefore the US did it, etc.

At some point, you have to apply Occam's Razor and ask: who benefits? And the most obvious, direct, and clear beneficiary of this kind of interference is China. Not the US, not the UK, not some imagined Western Illuminati cabal with China being innocent victims; no: China.

Slashdot Top Deals

If it happens once, it's a bug. If it happens twice, it's a feature. If it happens more than twice, it's a design philosophy.

Working...