Screening is already meaningless. Anyone who knows Bayes' theorem can figure that one out. The prescreening is simply a consequence of the security organizations finding out that they do have to respect reality to some extent: people won't put up with it otherwise.

Someone ought to make a deck of cards, like playing cards, but instead of the usual pictures, put names of logical fallacies on them. Then you could reply to an invocation of a fallacy simply by dealing the corresponding card.

Not so good for Slashdot of course, but for the real world... it would be succinct and satisfying.

The problem is that it takes only *one* hacked reader to steal your fingerprint, and then that entropy is lost forever. If your password is stolen, you just change your password, but you can't easily change your fingerprints. In this respect, most biometric data is more like names than passwords: if you tell me your name, I know that you're saying that you could be the person with the name in question, but I don't know that you can't be someone else.

What you would ideally want is something that takes a name and something that changes every time you try it, then combines them in a certain manner that cannot be reversed but can be checked. To use the name analogy, if you have to give both your login and password (or your name and password), then if someone steals your password, you're safe unless he also knows your name - you have a window in which to change your password before the adversary determines what your name is. Yet like with names, if the adversary has properly prepared his plan and is attacking you alone, the biometrics won't help you. He might record your voice, lift fingerprints, etc.

It may seem tempting to get around that problem by making a tamper-resistant fingerprint reader so that your fingerprint is never really exposed to the world. The reader would then do some sort of authentication with a remote site and the data would stay on the reader (or be dynamically sampled). The problem with that is that there's no such thing as being fully tamper-proof, and you leave fingerprints everywhere. The bad guys can get another reader and wire it up to take fingerprint info from an external source, then lift your prints from somewhere. That is -- unless the reader itself holds a key that it combines with the fingerprint data, but then you're back to two factors as mentioned above: a name (your print) and a password (the device itself, which can be replaced if compromised).

Okay, let's try to simplify it even more. Quantum computers have gates just like ordinary computers. There's a difference, though: instead of acting only on a single value, they act on a whole bundle of them at once (that's the probability distribution). You can in effect calculate a function on many inputs at once, but you can't reach behind the curtain and pick all the answers (or any answer you want) from the result. When you do ask the computer to reveal an answer, you get a random answer from the entire bundle according to its probability. The clever part about quantum algorithm design is then to first alter the input bundle in the way you want, then selectively amplify the answer that you're interested in so you'll get it very often and get other answers rarely if at all.

More or less. I Am Not A Quantum Physicist, grain of salt, etcetera.

The process of assembling this quote is done by software at the full discretion of the owner of the computer.

So if you want to play that movie or clip on mplayer instead of Windows Media Player, you're of course free not to divulge any information that you're using mplayer - but if the site doesn't get a signed "I'm using Windows Media Player" token, it won't play the video clip in question. That freedom, like the freedom to work or not to work, is worthless if there's an imbalance of power - if all the video sites only want WMP for instance, or if you want to leak evidence of illicit goings-on at your company and the company server will only serve the data to an MSOffice version that can be trusted to stick the document in sealed storage.

How about this solution: put a switch somewhere on the computer. Switch up? Then you can't forge TPM keys. Switch down? Then you can do so at your discretion. If you want protection that is truly for your own good, you'll just leave the switch up (and no virus can forge anything). If the programs you're running start professing allegiance to their owners in preference to you, flip that switch down and bypass them. Sure, lusers may be socially engineered, but if they're that gullible, the malware could do a DoS by instructing them to stick pieces of metal into the closest outlet, too.
If Trusted Computing is truly about empowering the user, then this switch solution should only empower the user more and so there should be no opposition to it beyond the social engineering complaint.

I've consulted for a bank, and here's the dream : full offline money. If you have a TPM they will manage your account in your laptop (or phone, or ...) and have full offline payments. Because the TPM will only give their program access to the data, they can still prevent you from simply adding money in your own account, while allowing fully disconnected payments to occur which the bank will only find out about weeks after the fact (and so can you on other's computers of course).

That sounds like a pretty big incentive to find someone with an electron microscope, or if you're part of organized crime, getting your own. It's not like TPM hacks haven't been pulled off before.

O(n^3), not O(log(n)). If it'd been log(n), the demo quantum computers would already be good enough. As for symmetric crypto, any black box search can be sped up to take the square root of the time it would otherwise take, so a QC would have about as hard a time cracking 256-bit AES as an otherwise comparable classical computer would have cracking 128-bit AES.

It is dead, dead, dead. It thought it was hot, guess what, it's not!

As a culture, we find that the most appropriate treatment of people who have a criminal psychosis is to isolate them and help them, forcibly. We also find that they are not "wrong" and don't need to be punished, but require help. I don't readily see how an act of violence in this case is a critical point where we force help on the unwilling. So, why not force it earlier and prevent the violent acts?

To be a devil's advocate right back (angel's advocate?):

The danger is that preemptive treatment of, say, schizophrenia, can turn into preemptive treatment of sluggishly progressing schizophrenia, were the government to become sufficiently corrupt.

There's also the usual Bayesian argument: if the pre-crime test has 0.1% false positive and negative rate, and there are 10 terrorists in the US, the test is useless, even though 0.1% sounds really impressive and could convince lawmakers. For ordinary crimes, it would still claim a lot of innocents to be suspect.

Wasn't the League of Nations the first real attempt to get global consensus?