Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Facts not in evidence (Score 1) 406

by daveschroeder (#49122177) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

Your (and my, and any individual citizen's) personal interpretation of the Constitution is not the measure. It is the interpretation and implementation by our three branches of government. I realize that some reading this believe they have all been compromised, or that they think some particular thing is "obviously unconstitutional" (even though the judicial, legislative, and executive branches say otherwise), but the fact is we have the system of government we have. So how about you consider the alternative: one where you don't assume that everyone working at every/any level of government, e.g., NSA, doesn't have the worst motivations and is actually trying to do their best to honorably, legally, and Constitutionally, protect our nation and its people instead of the opposite. How about that?

Comment: Re:Facts not in evidence (Score 1) 406

by daveschroeder (#49121915) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

If you would actually like to have a discussion, I am more than happy to engage. I have articulated these views (not on this specific topic, of course) long before I ever served in uniform, and they have nothing to do with a "paycheck" -- in fact, it's the inverse: the reason I chose to serve is because of my personal desire to do what I can to support things I believe in, and believe are important for our nation and my family and fellow citizens, not the other way around. Yes, our system of government is imperfect...grossly so -- but I choose to support it over any and all alternatives, warts and all. (And that is not to say that there are not things that cannot be improved.)

And again -- and I sincerely mean this -- if you are actually serious about engaging in a dialogue, I am happy to.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 1, Flamebait) 406

by daveschroeder (#49121645) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

Yes, where to even begin...

Do you realize that over 70% of FOREIGN internet traffic enters, traverses, or otherwise touches the US?

Do you understand that an individualized warrant is required to target, collect, store, analyze, or disseminate the communications content of a US Person anywhere on the globe, and that the current law on the issue is stronger and more restrictive with regard to US Persons than it has ever been?

Do you understand that the FOREIGN communications we are going after are now intermixed with the communications of the rest of the world, including that of Americans?

Do you understand that when terrorists use Gmail, Facebook, Yahoo, WhatsApp, Hotmail, Twitter, Skype, etc. etc. etc., or Windows, or Dell computers, or Android phones, or Cisco routers, and so on, that there is no technical distinction between your communications and theirs, yet -- surprise -- we still would like to access those communications, and have legal, policy, and technical frameworks to do so, even if you have not personally inspected them yourself?

If you are a US citizen, and not covered by any warrant, no one cares about your communications. And almost by definition, no foreign intelligence agency (NSA, CIA, DIA) remotely gives a shit about your communications, and would greatly prefer to avoid it altogether, unless you have some kind of connection with foreign intelligence targets -- in which case any collection or monitoring of your communications would require an individualized warrant from FISC or another court of competent jurisdiction. I realize you think this isn't the case, and that all of your communications are being mined and monitored (illegally, no less), and since proving a negative is impossible, I won't be able to help in that regard.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 1, Informative) 406

by daveschroeder (#49121505) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

No. The trigger for this isn't that companies are holding data...it's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.

And? NSA may "want" a lot of things. That doesn't mean they are going to get it. But if a US-based company is holding encrypted data to which they also have access, you had damned well better believe the government is going to seek access to that data if it is supported by law. If companies want to take the direction of removing themselves from the encryption picture altogether, that is their prerogative. And guess what? There are other technical ways to get that data, such as before it's encrypted in the first place.

Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.

No, there isn't. And I didn't say there is. I was stating a set of facts, as are you. See? We can talk like adults.

Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.

No...you are completely misunderstanding my point. If you reread what I said, you will note that nowhere did I argue that anyone should build a backdoor for anything...but the fact is that some US-based companies DO have the ability to decrypt stored encrypted data, which they sometimes do for any variety of reasons, and, if when those services are storing the foreign communications of adversaries of the United States, which they are, then we should have a legal framework that allows access to said data. That is all.

Arguing for a master key -- which is what you THINK ADM Rogers is arguing for, but actually isn't -- is antithetical to the security interests of the United States, our people, our military, our intelligence community, and anyone else who requires secure communications in any form. But if you have already formed your conclusions, that is fine. What ADM Rogers is arguing for is a legal framework for data access of entities that operate within and under a US legal construct...and if there is encrypted data present that the data holder cannot access, that is just the way it goes. But as you know, there a number of ways to access the contents of what is ultimately encrypted data without breaking the encryption...ways that are as old as this decades-old discussion.

And we are going to seek those ways, and I will say something that is offensive to many slashdotters' sensibilities: if you support the principles that you claim to -- things like freedom, of speech, of choice, of anything else -- then you should support the abilities of one of the strongest powers in the world at actually, materially, and in reality (not in your little internet fantasy) of actually protecting and projecting those ideals. Actually judging the actions of the US Intelligence Community based on facts, to say nothing of having some perspective on history and reality beyond what self-styled internet tech-libertarians tell you, would be helpful also.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 1) 406

by daveschroeder (#49121335) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

The point is the exact reverse of what you are saying.

This is not about whether the Germans or Japanese should have incorporated "backdoors" that any external entity would have required.

This is about the fact that US adversaries, today, as you and I speak, are using the EXACT SAME systems, networks, devices, services, OSes, and encryption standards and protocols, as you and I and innocent Americans and many others in the world. THAT is the issue...does this fact put those communications off limits?

Please. Your comment proves just how deep the misunderstanding of this situation actually is.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 0) 406

by daveschroeder (#49121297) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

Good for you. And if you are a non-US person outside the US (which covers about 99.9% of the communications that foreign intelligence agencies -- key word being foreign -- actually care about) engaged in activity that is a national security threat to the US, as defined by the valid mechanisms (even if you personally disagree with those mechanisms) that democratic nations such as the US develop, then we will try to access your communications. I don't see how this is possibly shocking. Shocking, perhaps, if you are a US adversary, or someone who believes that it's all an overarching plot by the US and other free Western nations to illegally access everyone's communications, especially that of their own citizens to solidify power, or serve corporate/elite/shadowy overlords, but otherwise...yeah, no.

Comment: Facts not in evidence (Score -1, Troll) 406

by daveschroeder (#49121239) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

1. "Secret courts". The Foreign Intelligence Surveillance Court is the very court whose sole purpose is protecting the rights of Americans under the law and the Constitution in the context of foreign intelligence collection. Secrecy is required for the conduct of foreign intelligence, even in free societies. That you may disagree with this does not invalidate this fact. That you may see 3-4 pieces of a 1000 piece puzzle and believe you have the full picture does not invalidate this fact.

2. "Spying on everyone". Not sure what you mean, but if you could possibly be referring to metadata collection, that has been affirmed by a Supreme Court ruling that is 35 years old.

And if even the US Supreme Court ultimately renders the phone metadata collection "unconstitutional", it won't mean that it was unconstitutional, or even is unconstitutional at this very moment. The program, to date, is factually lawful and constitutional as the law and existing case law stand -- even including Judge Leon's ruling, which he himself immediately stayed, and was countered by another federal ruling of the same standing.

What an unconstitutional finding would mean is that things aren't the same as they were in 1979: that, with the rise of digital communications and the ability to track not one, or dozens, but hundreds of millions of call records easily, and because large amounts of metadata can often reveal as much private information about a person as communications content, the balance now runs afoul of the reasonableness doctrine of the Fourth Amendment.

And that would be a perfectly valid finding...which does not in the least impugn NSA's purpose or motives. It is not NSA's job to second-guess the law, case law, both houses of Congress, two Presidents from opposite parties, the Attorneys General of said two Presidents, the courts, and the very court established explicitly to protect the rights of Americans under the law and the Constitution in the context of foreign intelligence collection.

It is NSA's job to conduct its missions as aggressively as possible within the law and its resource limitations. My personal prediction is that, because of the nature of modern digital communications, this kind of mass collection of metadata will be found to be unconstitutional. The interesting thing is that people who think it is "clearly" unconstitutional seem to think things are innately or inherently constitutional or unconstitutional, ignoring incredible and fantastic complexities that already exist in interpretations of the Fourth Amendment, to say nothing of the rest of the Constitution and Bill of Rights.

Things aren't magically constitutional or unconstitutional. They are so based on the application and interpretation of the law and the Constitution by the courts, even in the simplest of circumstances. Certainly basic rules applying to things like, say, vehicle or home searches are well-tested and the officials who implement them (e.g., local LEOs) are well-versed in these topics. But when there is a question, it is the courts that decide -- NOT individual peoples' whims, feelings, or opinions.

The current, indisputable fact is that phone call metadata, as a "business record" provided to a third party, does NOT have an expectation of privacy and is NOT covered by the Fourth Amendment. There is no gray area, and that case law, as embodied by Smith v. Maryland, applies just as easily to one phone call, as to 10, as to millions. Certainly in 1979 SCOTUS never imagined that this principle could be applied in a blanket fashion touching any American with a telephone; conversely, SCOTUS probably also never imagined that terrorists would plot devastating domestic attacks using our own communications systems within our own country.

In any event, it seems likely that bulk metadata collection will no longer be allowed, and NSA and the IC will simply figure out ways to do their jobs within the confines that our system of government prescribes. That's fine, and that is the way our system works. But for people to say that NSA is "obviously" breaking the law or that metadata collection is "clearly" unconstitutional -- when both are not only subjective, but provably false, statements -- is highly offensive to people who see the care that goes into these efforts, all of which are designed solely to protect our Nation and its people.

I have said it before, and I will say it again: adversaries of the United States, be they terrorists or nation-states, increasingly use the same systems, networks, services, providers, operating systems, devices, tools, encryption standards, and so on as Americans and much of the rest of the world. To have the "capability" to target the one necessarily implies the capability to target them all. The distinction is no longer the technology or the capability -- it is ONLY the target; the person on the other end. In a democratic society based on the rule of law, it cannot be the capability, but the LAW, that is paramount.

Comment: Actually, ADM Rogers doesn't "want" that at all (Score -1, Flamebait) 406

by daveschroeder (#49121059) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.

If you actually care about our system of government, or that of any Western governments, then you would support that, too.

If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?

Oops...now the the fact is that US adversaries no longer are using their own custom software/hardware/encryption/etc. and now share the same technologies that Americans and the rest of the world use does not magically place these technologies off-limits for exploitation or targeting. It would turn modern intelligence gathering -- yes, of even free nations -- on its head.

The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability. That these constraints are erroneously believed to not be effective, or that the press and public willfully misunderstand the legal landscape alongside the big picture of SIGINT in the digital age, does not mean the constraints don't exist. The level of constraint on our activities, even activities conducted with respect to non-US Persons exclusively outside the US, rises to a level that I can only compare to a bad joke. An even worse joke is when people believe NSA is operating rouge, with virtually no constraints or oversight (at least any meaningful oversight), juxtaposed with the reality we work in every day.

If we're essentially saying that it was only okay for the US and our allies to, for example, break the German or Japanese codes during WWII simply because Americans weren't also using the same codes, and therefore that is the only reason that the government could be "trusted" to not misbehave or abuse its powers, then we have a serious problem on our hands.

So, take your message content and apply that to yourself. Thanks!

Comment: Re:Prediction: (Score 4, Insightful) 206

by daveschroeder (#48680051) Attached to: N. Korea Blames US For Internet Outage, Compares Obama to "a Monkey"

First of all, you say, "North Korea didn't hack Sony," as if it is an indisputable, known fact. It is not -- by any stretch of the imagination.

The fact is, it cannot be proven either way in a public forum, or without having independent access to evidence which proves -- from a social, not technical, standpoint -- how the attack originated. Since neither of those are possible, the MOST that can be accurate stated is that no one, in a public context, can definitively demonstrate for certain who hacked Sony.

Blameless in your scenario is the only entity actually responsible, which is that entity that attacked Sony in the first place.

Whether that is the DPRK, someone directed by the DPRK, someone else entirely, or a combination of the above, your larger point appears to be that somehow the US is to blame for a US subsidiary of a Japanese corporation getting hacked -- or perhaps simply for existing.

As a bonus, you could blame Sony for saying its security controls weren't strong enough, while still reserving enough blame for the US as the only "jackass".

Bravo.

Comment: Prediction: (Score 5, Insightful) 206

by daveschroeder (#48679895) Attached to: N. Korea Blames US For Internet Outage, Compares Obama to "a Monkey"

Many of the same slashdotters who accept "experts" who claim NK didn't hack Sony will readily accept as truth that it was "obviously" the US that attacked NK, even though there is even less objective proof of that, and could just as easily be some Anonymous offshoot, or any number of other organizations, or even North Korea itself.

See the logical disconnect, here?

For those now jumping on the "North Korea didn't hack Sony" bandwagon that some security "experts" are leading for their own political or ideological reasons, including using rationales as puzzling and pedestrian as source IP addresses of the attacks being elsewhere, some comments:

Attribution in cyber is hard, and the general public is never going to know the classified intelligence that went into making an attribution determination, and experts -- actual and self-appointed -- will make claims about what they think occurred.

With cyber, you could have nation-states, terrorists organizations, or even activist hacking groups attacking other nation-states, companies, or organizations, for any number of motives, and making it appear, from a social and technical standpoint, that the attack originated from and/or was ordered by another entity entirely.

That's a HUGE problem, but there are ways to mitigate it. A Sony "insider" may indeed -- wittingly or unwittingly -- have been key in pulling off this hack. That doesn't mean that DPRK wasn't involved. I am not making a formal statement one way or the other; just saying that the public won't be privy to the specific attribution rationale.

Also, any offensive cyber action that isn't totally worthless is going to attempt to mask or completely divert attention from its true origins (unless part of the strategic intent is to make it clear who did it), or at a minimum maintain some semblance of deniability.

At some point you have to apply Occam's razor and ask who benefits.

And for those riding the kooky "This is all a big marketing scam by Sony" train:

So, you're saying that Sony leaked thousands of extremely embarrassing and in some cases damaging internal documents and emails that will probably result in the CEO of Sony Pictures Entertainment being ousted, including private and statutorily-protected personal health information of employees, and issued terroristic messages threatening 9/11-style attacks at US movie theaters, committing dozens to hundreds of federal felonies, while derailing any hopes for a mass release and instead having it end up on YouTube for rental, all to promote one of hundreds of second-rate movies?

Yeah...no.

Comment: Re:Just tell me (Score 3, Interesting) 463

by daveschroeder (#48152325) Attached to: Positive Ebola Test In Second Texas Health Worker

No, it didn't. It was "some sort" of droplet transmission by monkeys in adjacent cages.

That is NOT -- repeat, NOT -- "airborne" transmission.

And no, it didn't go through the ventilation system; it was later learned that sick monkeys sneezing while they were being transported past well monkeys did indeed transmit the virus in this case.

It was also a completely different strain than the one we are talking about.

Airborne transmission occurs when an infectious agent is able to cling to particulates in the air and ride air currents for significant amounts of time, over significant distances, through ventilation systems, etc., long after the infected person who expelled the virus is no longer in the area.

Droplet transmission is NOT "airborne" transmission. It is projecting bodily fluids directly onto a well person in close quarters...usually less than 3 feet, but under optimal conditions, perhaps further. That is still not airborne transmission.

Furthermore, coughing/sneezing is probably one of the least effective ways to spread Ebola, even via droplets. Blood, feces, and vomit are the primary ways this will be spread. Yes, virus "could" be in saliva, mucous, semen, etc. But that's not the primary way Ebola spreads.

Airborne transmission would be very bad, but the Ebola virus is too large to spread this way. It would have to shed about 75% of its genome to be small enough for airborne transmission in sub-5um droplet nuclei that could ride on particulates. And if it did that, it wouldn't be "Ebola" anymore -- it would be something very different; perhaps still deadly, perhaps not, and so much different from what we are talking about right now that it is next to meaningless to discuss.

So, in closing: no, Ebola is not airborne.

Money may buy friendship but money cannot buy love.

Working...