The US has been attacking multiple countries via the Internet for years. We did it first. We did it best. Yay US. Years ago, our doctrine was that Internet attack was a favorable option, because it had less unfortunate consequences than physical attack. But now, Internet can be much more devastating that physical attack. And the US has the most to lose in Internet attack.

The US economy is totally dependent on the Internet. Internet attack can cripple or destroy us. We can no longer afford to legitimize Internet attack. The past aggressive internet attacks by the US, China and Russia have legitimized Internet attack for all the remaining governments. EVERYBODY who has anything valuable, now gets a chance to receive targetted, remote attack by several governments, PLUS targetted attack by the many organized crime groups.

The US must formally cease undeclared war via the Internet. We must work with all other governments to ensure that we ALL stop waging undeclared war via the Internet.

it incentivized the little man to go out and buy a 10,000 pound diesel truck

Hey look you're talking about me! 14 months ago I bought a dually diesel F-350 so I could haul a 16k pound RV around America and check it out with my family of 5. I lived in the RV for a year, and it's not like I drove the truck every day, so for all I know my carbon footprint went down. I wouldn't know, since I don't actually give a shit.

My kids got to see more of America. It's a beautiful country, and the fact that I had an option like that is part of what makes it beautiful.

It's really hard for me to take the vast majority of environmentalists seriously since their ideological ancestors are the reason nuclear power has been hamstrung for so long. If we'd built nuclear power plants we'd be outputting drastically less CO2, and energy would be cheaper. Environmentalists took that away from me, and now they'd also like to take my truck away to 'pay' for their dumbass policies.

America is about freedom. Figure it out. Identify how to convince free people to change their behaviour in the way that you want.

You can do this by making reasonable arguments. Which brings me to:

the best possible thing that could happen for both the earth AND human beings would be for the price of oil and coal to skyrocket. Would it cause an economic disaster? Probably. Would it be worth it? Not a single doubt in my mind.

Millions of human beings would die in the short term. Specifically, poor people. It seems like an extreme position to say "let's kill millions of poor people, for the environment!" but you do you.

claimed she attend 10 gang rape parties but only stopped going after she was the target

Read closer, she doesn't even make that claim! She said she was the target in 1982 but attended ten parties from 1981 - 1983. She went back for more by her own account!

He knowingly lied about devil's triangle

A lot of people in the yearbook reference devil's triangle. They reference "losing" at devil's triangle. You think this evidence plus Occam's Razor supports it being a multi-party sex act? Which high school kid ever says he lost at a threesome?

Oh yeah and other kids from the school have come out saying it's a freaking quarters game. So there's that.

You people are loony.

Law enforcement has unanimously unendorsed him

Hyperbole is always fun. If I find a single law enforcement officer that supports him, you're proven to be "just saying shit" rather than having constructive dialog. I assert at least one law enforcement officer supports him.

This guy's a phony!

Had Kavanaugh said...he didn't adequately respect women and that although he had no recollection, he could not completely deny that in his drunken state he might have crossed a line with the young Dr. Ford, and if so he felt very sorry for it, I'd have respected him and felt differently about his nomination.

What if he didn't do it though? Your statement has two variants based on the facts:

1) He did the things he is accused of.
In this case, it's a fine and rational statement.

2) He did not do the things he is accused of.
In this case, your statement makes no sense at all. Should he confess to something that didn't happen in order to appease weak-minded people? This would make him unfit for any leadership position.

What you really mean is you believe he is guilty of what he is accused of without evidence.
That's a fine stance to take. It's not rational and has all manner of horrendous outcomes if it becomes widespread, but at least it's not disingenuous.

We use the words: cyberweapon, cyberwar, and cyberattack and think that we know the consequences of conflict. But our prior experience with conflict deceive us. Our instincts are wrong. Our sports metaphors delude us. We undervalue defense. We greatly overvalue attack. At the core, we still believe that Internet warfare is win-able. We believe that victory will go to the righteous aggressor. We believe that attack is sexy and desirable.

The reality is, Internet attack is like poisoning all sources of water, and hoping that your enemy dies first. There is no "Win" in "CyberWar". We all have to defend the same stuff. None of us have functional defenses. Every successful attack weakens us all.

It is easy to capture, analyze and reproduce somebody else's attack. If somebody drops a bomb on you, it is hard to reassemble all the bits, unburn the chemicals, and reuse it. But, if a government deploys an Internet attack, it is easy to copy the attack and repurpose it. When the US deploys an Internet attack, we give our enemies the motive, means, and opportunity to destroy us.

Yeah, that and the companies who don't want to do "military applications" can just do pure research. Pure, ivory-tower research... which the DoD can just pay someone else to integrate into an actual weapon system. It's not like a machine learning algorithm knows or cares to what use it's put, once it is out there.

Dumb posturing; I also wonder if these people have considered what a world dominated by Chinese and Russian military AI will look like, and what effect it would have... I am not sure it would be the best of all possible worlds, exactly.

The Pentagon is trying to CyberAttack our way to a more secure future. But Security comes from Defense, not attack.

Thousands of years of human experience have shown that destruction is easier than creation. One man can quickly destroy something that takes a community months to create. It may be that "To every thing there is a season; and a time for every purpose under heaven." But, if you don't spend more time on creation than destruction, you end up a lonely, starving scavenger. Any stable, prosperous society must provide more rewards for creation then destruction.

Modern economies of manufacture and transportation have made many things better, but this is not one of them. In almost every way, the modern economy favors attack:

• * The huge advantage granted to market leaders guarantee that we all, government, corporate, and private, foreign and domestic, use the same computers and software.
• * There are great economic incentives to ship quickly, with many features, rather than spend time and money to create secure products.
• * Our sales and advertising driven economy has convinced us that new stuff, with new features and vulnerabilities is always better than old stuff.
• * Products are deployed LONG before understanding. Most of the issues, bugs, and vulnerabilities are discovered after things go into production.

The Internet has made many things better, but this is not one of them. In almost every way, the Internet favors attack over defense:

• * The Internet makes everything more complex. This provides the attacker with a vast array of attack surfaces.
• * The Internet makes it easier to extend influence. This allows attackers to greatly extend their list of victims. An attacker can easily apply a viable attack strategy to every eligible Internet target.
• * The Internet increases the pace of attack. Usually attack can easily outrun any possible warning.

The transition to digital has made many things better, but, again, this is not one of them. In almost every way, being able to make effortless, accurate copies favors attack:

• * It is easy to automate attack. This greatly reduces the cost of attack. It also removes the economic cost of scaling up attack against multiple victims.
• * It is easy to make self-replicating attack. This allows attack to spread itself beyond any previous control or limit.
• * It is easy to capture, analyze and reproduce somebody else's attack. If somebody drops a bomb on you, it is hard to reassemble all the bits, unburn the chemicals, and reuse it. But, if somebody develops an Internet attack, it is easy to copy the attack and repurpose it. Internet attack efficiently spreads destructive knowledge and capability direct to your enemies.

The reality is, Internet attack is like poisoning a common watershed, and hoping that your enemy dies first. There is no "Win" in "CyberWar". We all have to defend the same stuff. Every successful attack weakens us all.

We have a fairly clear understanding of how to increase security through defense. Almost every Internet Security expert agrees on the general shape of the necessary changes. But, the changes are HARD and EXPENSIVE. So, we keep hauling out the "Security Through Destruction" fantasy. If we were really serious about improving Defense, we would make changes like:

• 1) Change US politics and policy toward CyberWar. Our long-held belief is that Internet attack is less devastating than conventional attack. But now, all economies are so dependent on the Internet, that a sustained Internet outage would kill more people than a nuke. We need to lead the world to the negotiating table and impose strategic limits on Internet Attack. This needs to be enforced by cooperative International Internet monitoring and meaningful penalties.
• 2) Separate the Defenders from the Attackers. Defense needs it's own budget. Internet Defense must be prioritized OVER Attack. While Attack can inform Defense, it can't create Defense. Successful Defense requires entirely different skills and attitudes than Attack. And currently the supporters of Attack keep trying to kill any effective Defense measure in it's infancy.
• 3) Impose Product Liability on Software. The model proposed by Dan Geer could be a good start: https://www.youtube.com/embed/...
• 4) We also must have International rejuvenation of consumer protection standards. Manufacturers must be held accountable for dangerous defects in their devices. Even when the sale is across national boundaries.
• 5) Update our regulatory requirements to create large mandatory penalties for "Failure to Defend". Currently we have slight penalties for "Failure to Comply". In response everybody is encouraged to achieve minimal compliance and no more. New regulations must push us to REAL security, not the illusion of false security.
• 6) Create meaningful Internet/Cyber epidemiology. Schneier has discussed this a couple times. Government must compile accurate, available statistics that allow us to determine: The actual nature of current threats; The likelyhood of threat; The effectiveness of various "treatements" to counter the threat.
• 7) We must adopt a more consistent understanding of the "First Sale" doctrine. We need to consistently apply the rights and responsibilities of ownership to all our internet connected devices. There should be no question that we are responsible for our internet connected devices.
• 8) We must understand that connecting to the internet effects everybody. We must accept that our internet-connected devices can effect everybody. We must accept responsibility to properly configure and maintain our devices.
• 9) We must allow our ISP's to act for the good of ourselves and our communities. We must require them to properly handle abuse reports. We must require them to properly pass abuse reports to the owners of internet connected equipment. We must require them to disconnect misbehaving internet equipment if an abuse report doesn't result in timely mitigation.
• 10) We must update copyright law to aggressively mitigate orphaned code. We need to understand that code is orphaned, once disclosed vulnerabilities and exploits are not promptly addressed. When code is orphaned, ownership (and full code publication) must quickly pass to the community.
• 11) In order to enable the previous point, we should require the Copyright Office to escrow source code before granting extended (beyond a few weeks) copyright protection.

Our culture has turned away from Defense and Security on many fronts. We need to make progress on many fronts, if we wish to have meaningful improvements in Internet Security.

We already have limits on how US government can use personal information. The Carpenter Vs US lawsuit will continue to define those limits. We created these protections because we realized that government can use personal information to predict, manipulate, and control us. The combination of powerful government and enabling personal information is a threat to self-determination and rule by consent of the governed.

We have seen many recent examples where powerful modern entities used technology and personal information to predict, manipulate, and control us. FaceBook can predict, control and manipulate us. So can Google, Amazon, Political Action Committees, The Russian Government, advertising agencies, and so on. We need to take further action to protect our unalienable right of self determination. If we fail to act, our society and government continue to transform into "Rule by Manufactured Consent of the Manipulated".

Manipulation is a threat to ourselves and our society. Manipulation advances the goals of the manipulator. Manipulation has no fundamental respect for reality. Past manipulation divorced the victims from reality. Manipulation weakens both individuals and society. Present day manipulation must not be assumed to be legitimate, just because it is cheaper, more effective, more powerful, or wielded by new entities.

Once personal information is collected, it is almost impossible to destroy. It will be monetized. It will leak. It will spread. The cell-phone companies will sell or breech. An Intelligence agency will seize and leak. A well-meaning judge will issue a General Warrant.

For NOW, when you need privacy, you must DITCH THE PHONE.

One path forward is to realize that any personal information that is effective at predicting, controlling or manipulating us IS our identity. As long as this information is effective, and valuable, it is a part of us. We must establish that owning your own personal information is an unalienable right. The right of owning your personal information can not be stolen, seized, legislated or contracted away.

Attempts to legislatively say: "Thou Shalt NOT" will probably be ineffective when the underlying economy strongly favors collecting, storing, and using private information.

The most effective legal protections against invasive data collection are to change the economy of personal information. This sounds harsh and invasive, but it may be the only workable protection from widespread privacy threats and manipulation.

• 1st, we need to increase the expense of collecting and storing personal data.
• 2nd, we need to decrease the value of using personal data.

For example, we can increase the expense of collecting, storing and exchanging personal data by:

• * Require accurate tracking information on the collection, storage and exchange of personal data. This should include identifying information for every entity that handled the data. This should be coupled with large mandatory fines for any data that is missing past transaction history. Currently, data brokers have low overhead and bear no responsibility for their behavior. They are selling goods worth billions. Their activity should be tracked as completely as credit card transactions. Requiring accurate documentation of the personal data marketplace will increase the expense of reselling personal data.
• * Impose aggressive taxes on collected, stored and exchanged personal information. It obviously has value. It is a major asset of Google and Facebook. It should be taxed like real estate or an economic transaction. The higher the taxes, the less incentive to collect, store and exchange personal information.
• * Forbid exporting personal information from the country of origin. If an entity wishes to collect, store, or exchange personal information, they must do it in the country of origin.
• * Add more teeth to "data breach" legislation. Remove any "due diligence" protection. Impose mandatory fines for data breach. Fines should be based on the number and severity of personal "facts". The higher the fines, the less incentive to collect and store personal information.
• * Impose full breach liability on every upstream entity in the data collection stream. Currently, data collectors and brokers get rich by selling to a wide market and experiencing no liability. Imposing liability for the behavior of down-stream purchasers of personal data will greatly increase the expense of collecting, storing and exchanging personal data.

Then we must work to harden our society against the manipulative effects of collected personal data. This is a continual challenge. Things we might consider include:

• * Require search engines and social media to unmistakably indicate if we are viewing "Relevant, tailored for us illusion" or "Consensus Reality".
• * Consistently penalize search engines and social media when they inaccurately represent "Consensus Reality"
• * Require search engines and social media to provide a simple, always on-screen method to easily switch between "Relevant, tailored for us illusion" or "Consensus Reality".
• * Impose meaningful, effective restrictions on our government's ability to attempt to manipulate "Consensus Reality"
• * Require our government to protect it's citizens from other government's or corporation's attempts to manipulate "Consensus Reality"
• * Impose mandatory penalties on the enabling parties for every occurrence of identity theft. This means penalize the banks, the credit reporting agencies, and even the IRS. If identity theft occurred, then their process must have immediate, corrective feedback.
• * Require multi-factor authentication when authenticating to critical resources.
• * Educate our society that biometrics might be identifiers, but should never be an authentifier.

Ultimately, dealing with the problem of privacy abuse and invasive data collection will take much more than a legislative "Thou Shalt Not".

I believe that the FBI is attempting to distract us from the critical, core issues of this debate. In arguing the technical details of accessing cell phones, they distract from the critical speech issues. They REALLY don't want us to ask:

• * What should be the limits of government power?
• * Are we engaged in Speech or Association when we use our phones?

The US government has managed to bypass the 1st, 4th and 5th amendments by creating and extending the 3rd party doctrine. This doctrine roughly states that once information passes out of an individual's direct control, he can no longer exercise any control over it. This gives the government easy access to huge amounts of shared information.

The "Responsible Encryption" debate is a new legal theory to destroy speech and freedom. It is a "No Party Doctrine". That is, No Party, except the government, is allowed to control information. The No Party Doctrine says that information is so important to the government, that nobody except the government should be allowed to control it. There is no information so sensitive, private or protected that it should escape government control. Since information is so important, individuals must not be allowed to control it through their speech, actions, tools, or situations.

The FBI is cheerfully stating that the creators of the constitution would have allowed complete government control if only they had realized that information was important to a criminal investigation.

We should denounce the "Responsible Encryption" proposals as a straightforward attack on our freedom of thought, speech and association.

Instead, we should act to limit the 3rd party doctrine and restore our rights of speech and association.

• Is mass surveillance consistent with an assumption of innocence?
• Is mass surveillance consistent with government that is based on the consent of the governed?

Out personal information is widely available to multiple groups. The government has easy access to an almost endless amount of information about us. There is:

• Collected credit-card purchasing information.
• Collected cell-phone tracking information.
• Real-time car tracking.
• Collected browser activity from Google, Web sites, and search engines.
• Collected travel information from hotels/airlines.
• Mass monitoring of the Internet by the Intelligence community.

The 3rd party doctrine roughly states that we can only assert a privacy right over information we directly control. If the information is shared with a 3rd party, they we don't control it, and we can't assert a privacy right over it. As the 3rd party doctrine has expanded, we have lost privacy over any shared information.

Now, law enforcement wishes to move beyond the limits of the 3rd party doctrine. They advance the legal theory that we should not be allowed to control our own information/privacy AT ALL. They believe that the desires of law enforcement should always outvote an individual's desire for freedom, privacy or liberty. That we should never be allowed to be secret, private or alone.

The proposals for "Responsible Encryption" are a simple end-run around the 1st, 4th and 5th amendments to the US constitution. Instead of debating this crap, we should be demanding stronger privacy protections. We need to restrict the 3rd party doctrine. We need to penalize any lawyer or judge who participates in granting "General" warrants. We need to restrain the Intelligence community from conducting mass surveillance on the US public.