Slashdot videos: Now with more Slashdot!

Among the stories of your life, family and other things, also tell a story of progress. Tell of things that we enjoy today that didn't exist when you were a child. How did those things come to be?

I am very sorry to hear of your impending death and the pain it will bring to your family.

Maybe also tell a cautionary tale for when she is an adult. The world has had dark episodes of history before. And it could again, but on a much larger scale. What lessons can be learned from the past to prevent it happening again?

Most ordinary users I know actually like the idea of encryption. They just can't use it because no one has created a highly opinionated encryption API that is intended to be plugged into browsers, email applications, office suites, etc. and is dead simple to use. This is something that an open source desktop like KDE should take on as a proof of concept. I'm sure there's plenty of code in GPG that could be extracted, turned into a tight little module and then wrapped with really slick C or C++ APIs with really friendly dialogs in Qt or GTK.

Firefox comes with a couple of calculators built in. It has since before it was called Firefox.

Your (and my, and any individual citizen's) personal interpretation of the Constitution is not the measure. It is the interpretation and implementation by our three branches of government. I realize that some reading this believe they have all been compromised, or that they think some particular thing is "obviously unconstitutional" (even though the judicial, legislative, and executive branches say otherwise), but the fact is we have the system of government we have. So how about you consider the alternative: one where you don't assume that everyone working at every/any level of government, e.g., NSA, doesn't have the worst motivations and is actually trying to do their best to honorably, legally, and Constitutionally, protect our nation and its people instead of the opposite. How about that?

If you would actually like to have a discussion, I am more than happy to engage. I have articulated these views (not on this specific topic, of course) long before I ever served in uniform, and they have nothing to do with a "paycheck" -- in fact, it's the inverse: the reason I chose to serve is because of my personal desire to do what I can to support things I believe in, and believe are important for our nation and my family and fellow citizens, not the other way around. Yes, our system of government is imperfect...grossly so -- but I choose to support it over any and all alternatives, warts and all. (And that is not to say that there are not things that cannot be improved.)

And again -- and I sincerely mean this -- if you are actually serious about engaging in a dialogue, I am happy to.

Yes, where to even begin...

Do you realize that over 70% of FOREIGN internet traffic enters, traverses, or otherwise touches the US?

Do you understand that an individualized warrant is required to target, collect, store, analyze, or disseminate the communications content of a US Person anywhere on the globe, and that the current law on the issue is stronger and more restrictive with regard to US Persons than it has ever been?

Do you understand that the FOREIGN communications we are going after are now intermixed with the communications of the rest of the world, including that of Americans?

Do you understand that when terrorists use Gmail, Facebook, Yahoo, WhatsApp, Hotmail, Twitter, Skype, etc. etc. etc., or Windows, or Dell computers, or Android phones, or Cisco routers, and so on, that there is no technical distinction between your communications and theirs, yet -- surprise -- we still would like to access those communications, and have legal, policy, and technical frameworks to do so, even if you have not personally inspected them yourself?

If you are a US citizen, and not covered by any warrant, no one cares about your communications. And almost by definition, no foreign intelligence agency (NSA, CIA, DIA) remotely gives a shit about your communications, and would greatly prefer to avoid it altogether, unless you have some kind of connection with foreign intelligence targets -- in which case any collection or monitoring of your communications would require an individualized warrant from FISC or another court of competent jurisdiction. I realize you think this isn't the case, and that all of your communications are being mined and monitored (illegally, no less), and since proving a negative is impossible, I won't be able to help in that regard.

My motivation for commenting on these topics on slashdot may be informed by my position, but has nothing to do with it beyond that.

No. The trigger for this isn't that companies are holding data...it's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.

And? NSA may "want" a lot of things. That doesn't mean they are going to get it. But if a US-based company is holding encrypted data to which they also have access, you had damned well better believe the government is going to seek access to that data if it is supported by law. If companies want to take the direction of removing themselves from the encryption picture altogether, that is their prerogative. And guess what? There are other technical ways to get that data, such as before it's encrypted in the first place.

Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.

No, there isn't. And I didn't say there is. I was stating a set of facts, as are you. See? We can talk like adults.

Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.

No...you are completely misunderstanding my point. If you reread what I said, you will note that nowhere did I argue that anyone should build a backdoor for anything...but the fact is that some US-based companies DO have the ability to decrypt stored encrypted data, which they sometimes do for any variety of reasons, and, if when those services are storing the foreign communications of adversaries of the United States, which they are, then we should have a legal framework that allows access to said data. That is all.

Arguing for a master key -- which is what you THINK ADM Rogers is arguing for, but actually isn't -- is antithetical to the security interests of the United States, our people, our military, our intelligence community, and anyone else who requires secure communications in any form. But if you have already formed your conclusions, that is fine. What ADM Rogers is arguing for is a legal framework for data access of entities that operate within and under a US legal construct...and if there is encrypted data present that the data holder cannot access, that is just the way it goes. But as you know, there a number of ways to access the contents of what is ultimately encrypted data without breaking the encryption...ways that are as old as this decades-old discussion.

And we are going to seek those ways, and I will say something that is offensive to many slashdotters' sensibilities: if you support the principles that you claim to -- things like freedom, of speech, of choice, of anything else -- then you should support the abilities of one of the strongest powers in the world at actually, materially, and in reality (not in your little internet fantasy) of actually protecting and projecting those ideals. Actually judging the actions of the US Intelligence Community based on facts, to say nothing of having some perspective on history and reality beyond what self-styled internet tech-libertarians tell you, would be helpful also.

OMG, that must invalidate everything I have to say!

Sorry, been there, done that, been through all the logical fallacies you can lob my way.

The point is the exact reverse of what you are saying.

This is not about whether the Germans or Japanese should have incorporated "backdoors" that any external entity would have required.

This is about the fact that US adversaries, today, as you and I speak, are using the EXACT SAME systems, networks, devices, services, OSes, and encryption standards and protocols, as you and I and innocent Americans and many others in the world. THAT is the issue...does this fact put those communications off limits?

Please. Your comment proves just how deep the misunderstanding of this situation actually is.

Good for you. And if you are a non-US person outside the US (which covers about 99.9% of the communications that foreign intelligence agencies -- key word being foreign -- actually care about) engaged in activity that is a national security threat to the US, as defined by the valid mechanisms (even if you personally disagree with those mechanisms) that democratic nations such as the US develop, then we will try to access your communications. I don't see how this is possibly shocking. Shocking, perhaps, if you are a US adversary, or someone who believes that it's all an overarching plot by the US and other free Western nations to illegally access everyone's communications, especially that of their own citizens to solidify power, or serve corporate/elite/shadowy overlords, but otherwise...yeah, no.

1. "Secret courts". The Foreign Intelligence Surveillance Court is the very court whose sole purpose is protecting the rights of Americans under the law and the Constitution in the context of foreign intelligence collection. Secrecy is required for the conduct of foreign intelligence, even in free societies. That you may disagree with this does not invalidate this fact. That you may see 3-4 pieces of a 1000 piece puzzle and believe you have the full picture does not invalidate this fact.

2. "Spying on everyone". Not sure what you mean, but if you could possibly be referring to metadata collection, that has been affirmed by a Supreme Court ruling that is 35 years old.

And if even the US Supreme Court ultimately renders the phone metadata collection "unconstitutional", it won't mean that it was unconstitutional, or even is unconstitutional at this very moment. The program, to date, is factually lawful and constitutional as the law and existing case law stand -- even including Judge Leon's ruling, which he himself immediately stayed, and was countered by another federal ruling of the same standing.

What an unconstitutional finding would mean is that things aren't the same as they were in 1979: that, with the rise of digital communications and the ability to track not one, or dozens, but hundreds of millions of call records easily, and because large amounts of metadata can often reveal as much private information about a person as communications content, the balance now runs afoul of the reasonableness doctrine of the Fourth Amendment.

And that would be a perfectly valid finding...which does not in the least impugn NSA's purpose or motives. It is not NSA's job to second-guess the law, case law, both houses of Congress, two Presidents from opposite parties, the Attorneys General of said two Presidents, the courts, and the very court established explicitly to protect the rights of Americans under the law and the Constitution in the context of foreign intelligence collection.

It is NSA's job to conduct its missions as aggressively as possible within the law and its resource limitations. My personal prediction is that, because of the nature of modern digital communications, this kind of mass collection of metadata will be found to be unconstitutional. The interesting thing is that people who think it is "clearly" unconstitutional seem to think things are innately or inherently constitutional or unconstitutional, ignoring incredible and fantastic complexities that already exist in interpretations of the Fourth Amendment, to say nothing of the rest of the Constitution and Bill of Rights.

Things aren't magically constitutional or unconstitutional. They are so based on the application and interpretation of the law and the Constitution by the courts, even in the simplest of circumstances. Certainly basic rules applying to things like, say, vehicle or home searches are well-tested and the officials who implement them (e.g., local LEOs) are well-versed in these topics. But when there is a question, it is the courts that decide -- NOT individual peoples' whims, feelings, or opinions.

The current, indisputable fact is that phone call metadata, as a "business record" provided to a third party, does NOT have an expectation of privacy and is NOT covered by the Fourth Amendment. There is no gray area, and that case law, as embodied by Smith v. Maryland, applies just as easily to one phone call, as to 10, as to millions. Certainly in 1979 SCOTUS never imagined that this principle could be applied in a blanket fashion touching any American with a telephone; conversely, SCOTUS probably also never imagined that terrorists would plot devastating domestic attacks using our own communications systems within our own country.

In any event, it seems likely that bulk metadata collection will no longer be allowed, and NSA and the IC will simply figure out ways to do their jobs within the confines that our system of government prescribes. That's fine, and that is the way our system works. But for people to say that NSA is "obviously" breaking the law or that metadata collection is "clearly" unconstitutional -- when both are not only subjective, but provably false, statements -- is highly offensive to people who see the care that goes into these efforts, all of which are designed solely to protect our Nation and its people.

I have said it before, and I will say it again: adversaries of the United States, be they terrorists or nation-states, increasingly use the same systems, networks, services, providers, operating systems, devices, tools, encryption standards, and so on as Americans and much of the rest of the world. To have the "capability" to target the one necessarily implies the capability to target them all. The distinction is no longer the technology or the capability -- it is ONLY the target; the person on the other end. In a democratic society based on the rule of law, it cannot be the capability, but the LAW, that is paramount.

What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.

If you actually care about our system of government, or that of any Western governments, then you would support that, too.

If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?

Oops...now the the fact is that US adversaries no longer are using their own custom software/hardware/encryption/etc. and now share the same technologies that Americans and the rest of the world use does not magically place these technologies off-limits for exploitation or targeting. It would turn modern intelligence gathering -- yes, of even free nations -- on its head.

The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability. That these constraints are erroneously believed to not be effective, or that the press and public willfully misunderstand the legal landscape alongside the big picture of SIGINT in the digital age, does not mean the constraints don't exist. The level of constraint on our activities, even activities conducted with respect to non-US Persons exclusively outside the US, rises to a level that I can only compare to a bad joke. An even worse joke is when people believe NSA is operating rouge, with virtually no constraints or oversight (at least any meaningful oversight), juxtaposed with the reality we work in every day.

If we're essentially saying that it was only okay for the US and our allies to, for example, break the German or Japanese codes during WWII simply because Americans weren't also using the same codes, and therefore that is the only reason that the government could be "trusted" to not misbehave or abuse its powers, then we have a serious problem on our hands.

So, take your message content and apply that to yourself. Thanks!

The Westgate mall attack wasn't a bomb. It was armed gunmen, and 67 people ended up dead with over 175 wounded.

That arbitrarily seizes cash left and right because it is deposited in "structured deposits" to avoid a policy requiring the transaction information be logged in a government database. I'm sure this will be a real hit--with the IRS.