Sometimes the blood that waters the tree of liberty is that of innocents. You can never have perfect safety, and even trying to get very close to it will involve massive compromises in liberty. The price of liberty may just be the occasional 9/11... accepting the tragic deaths of a thousandth of a percent of the population every few years in order to avoid stomping on the freedoms of the other 99.999%.

I view the victims of terrorist attacks against a free society as unwitting, tragic heroes for the cause of freedom. At least, as long as we allow them to be. If we, on the other hand, choose to react to their deaths by smashing freedoms in a vain attempt to prevent the unpreventable, then we convert their deaths from heroic memorials for liberty to sad signposts on the road to a police state.

AFAIK, there is no such thing as a YouTube account any more; it's been merged with the Google+ account system. I think what actually happened was one of two things: either you didn't have a Google+ account and one was created (more precisely, your Google account was "upgraded" to a Google+ account), or you did have one and just didn't realize that it was being used for YouTube.

In either case, if you don't want to have a Google+ account, you can delete it, either effectively downgrading it to just a Google account or you can delete your Google account entirely. Be aware, though, that a lot of Google's other services are tied to your Google account, so only delete it if you don't use Google's other services: don't buy apps on the Play store, don't use Calendar or Contacts, don't want Google to back up your device settings, don't want search history automatically propagated between your web browser and mobile device, etc., etc., etc. Personally, I think having the account adds a lot of value to both my mobile experience and my desktop experience, and I'm also of the strong opinion that I'd rather have a single Google account across all of Google's services (and to use it for single sign-on to many other web and mobile properties) rather than manage a bunch of separate accounts, but I'm biased. You can make your own evaluation and choose appropriately; most of Google's services and products can be used without an account, except where that really doesn't make sense.

(Disclaimer: I work for Google -- I'm pretty sure I'd feel the same even if I didn't work for Google, though. Note that I don't work on any of the aforementioned stuff, and am really just speaking as a knowledgeable user, albeit one who has a fairly high degree of trust in Google's competence and intention to behave responsibly with my data and use it to help me, because a big part of my job is securing the data to prevent leakage and internal abuse).

Sir, I applaud your refusal to be dictated to by the supposed authorities who specify what they call "proper" spelling. Sadly, I lack your backbone.

The fundamental basis for the FISA court's decisionmaking on the warrants is constitutionality, plus, of course, USC 50 and the established precedents. The problem isn't that that the FISA court (FISC) can't evaluate the constitutionality of the law, it can, but that FISA hearings are ex parte, so there's no one to argue the view that the law is unconstitutional.

Another serious, though subtle, problem with the FISC structure is that there is effectively no appellate review... the court has no oversight. There is an appellate court over FISC, but there is no one to force it to be used. If the government gets the answer they want from the court, fine, they go ahead. If they don't, it's purely at the government's discretion whether they want to appeal, and risk having a precedent set that goes against them if the higher court upholds the original ruling or whether they'd rather just tweak their request a bit and try again.

This creates a situation where the government can push the boundaries of what FISC will allow with no concern that they might get slapped down in any definitive way. As it turns out, based on the numbers published, the court doesn't say "no" very often anyway, and of course there is no appeals process for approved warrants.

The bottom line is that our courts are adversarial for a reason, and since the FISA procedures omit that very important element they're strongly biased in favor of whatever view the government chooses to argue -- because that's the only view that is argued.

Possibly, but that certainly wouldn't be related to what you searched for.

Did you have a legal duty to be truthful, as in you could be prosecuted for lying to the public? Officers of publicly-traded companies do.

Can you reproduce?

Already addressed in my comments about certificates and certificate pinning, see above.

I have, several times. Perhaps I missed it in this thread. It's on my /. profile.

First, having certs does no good -- which is good because those are public information which Google sends to every browser that asks for them. Perhaps you meant private keys? Giving those keys would constitute providing indirect access, which Google has specifically said it does not do. Google's disclaimers have been pretty thorough; there aren't any significant loopholes. Either Google is lying, the NSA does not actually have access to gmail data, or the NSA has achieved a tremendous espionage coup and managed to keep it secret from Google.

Not really an answer to the question, but good security design should focus on identifying all of the relevant threats (aka a "threat model") and mitigating all of them to the degree that makes sense -- and any good threat model will inevitably identify insider threats as the highest risks most at need of mitigation, because, by definition, insiders have greater opportunities to conduct attacks, and they have roughly the same motives as external attackers.

If you find that your organization doesn't spend 95+% of its security time, money and effort on foiling insider attacks, it's almost certainly not doing a good job. If it is adequately hardened against insiders it'll be darned near impossible for outsiders.

My impression of the NSA has always been one of an extremely high degree of competence, so the Snowden leaks surprised me. You can't stop insiders from gaining access to the data they need to do their jobs, of course (though you can often segment job responsibilities to minimize it), but you can and should make it a lot harder for them to get access to other sensitive data, and Snowden was apparently able to get a lot of stuff that wasn't relevant to his responsibilities.

> Almost everybody simply regurgitates what they see on
> cable TV, or talks about their offspring.

That would actually be an improvement (though, admittedly, a small one). Around here, 92.7% of all conversation, among people over age 30 or so, consists of complaining about medical problems.

I've actually come to the conclusion that children are more interesting to talk to than adults. I don't remember that being the case when I was younger.

I don't believe it's possible for Google to be legally compelled to lie, but I could be wrong.

I just tested it, and an unencrypted search for GOSIP does not redirect to an encrypted session, so no certificate at all. The reason I asked about China is because I think I read something about Google choosing to redirect some searches to HTTPS in order to defeat filtering by the Great Firewall.

I don't believe that's possible, and I'm certain that Google would fight it, hard, because of the potential for damage to Google's business.

Google uses SMTP over TLS whenever possible. Unfortunately, most other mail providers don't support it, so I believe SMTP traffic to and from Google is often unencrypted. Email from one Google account to another doesn't have that problem, of course.