Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment No. This is an unprecedented shit in nothing. (Score 0, Flamebait) 983

It is a remotely-controlled device, jury rigged for a purpose that is not at all its use.

I know people will become uncontrollably outraged about this, but it's a standoff weapon. Just like a spear, a bow and arrow, an explosive tossed through a door or window, a gun, or even a vehicle employed as a weapon.

The legal standard for lethal force is the same. Beware of academics or other commentators who will claim this is some kind of new territory for which there is no legal standard and that we have no idea how to approach.

But by all means: pretend this is an "Unprecedented Shift in Policing" instead of an improvisation under nightmarish circumstances.

Comment Re:Actually 3rd point was agreement with trial jud (Score 1) 23

Actually whoever the new guy is, I don't find the site to be "improved" at all; seems a little crummy. The story was butchered and incorrectly interpreted, and the all important software for interaction seems less interactive.

But what do I know?

As to my absence I've been a bit overwhelmed by work stuff, sorry about that, it's no excuse :)

Comment Actually 3rd point was agreement with trial judge (Score 4, Informative) 23

The story as published implies that the ruling overruled the lower court on the 3 issues. In fact, it was agreeing with the trial court on the third issue -- that the sporadic instances of Vimeo employees making light of copyright law did not amount to adopting a "policy of willful blindness".

Submission + - Appeals court slams record companies on DMCA in Vimeo case

NewYorkCountryLawyer writes: In the long-simmering appeal in Capitol Records v. Vimeo, the US Court of Appeals for the 2nd Circuit upheld Vimeo's positions on many points regarding the Digital Millenium Copyright Act. In its 55 page decision (PDF) the Court ruled that (a) the Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA, (b) the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge", and (c) a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. The Court seemed to take particular pleasure in eviscerating the Copyright Office's rationales. Amicus curiae briefs in support of Vimeo had been submitted by a host of companies and organizations including the Electronic Frontier Foundation, the Computer & Communications Industry Association, Public Knowledge, Google, Yahoo!, Facebook, Microsoft, Pinterest, Tumblr, and Twitter.

Submission + - Prominent civil liberties expert says he and Snowden were wrong on NSA 1

An anonymous reader writes: Last week, Geoffrey Stone, a longtime civil liberties stalwart, Constitutional scholar at the University of Chicago, and member of the National Advisory Council of the American Civil Liberties Union, moderated a live discussion with Edward Snowden from Russia. As a member of the President’s Review Group on Intelligence and Communications Technologies, Stone was given unfettered access to unfettered access to our national security apparatus, and told the NSA what he thought. This week, Stone offered more detail on his own findings that only someone with direct knowledge can provide: "So before I began the work on the review group, my general view was that, from what I learned in the media, the NSA had run amok and created these programs without appropriate approval or authorization or review. And whatever I thought of the merits of the programs, my assumption was that it was illegitimate because it didn't have appropriate review and approval. What surprised me the most was that this was completely wrong. [...] The more I worked with the NSA, the more respect I had for them as far as staying within the bounds of what they were authorized to do. And they were careful and had a high degree of integrity. My superficial assumption of the NSA being a bad guy was completely wrong. [...] I came to the view that they were well intentioned, that they were designed in fact to collect information for the purpose of ferreting out potential terrorist plots both in the U.S. and around the world and that was their design and purpose." Stone provided detail and examples, including rationale and justifications for the review group's findings, and concluded that Snowden "was unduly arrogant, didn't understand the limitations of his own knowledge and basically decided to usurp the authority of a democracy."

Comment Re:Last we will hear of that.... (Score 1) 255

I was referring to the iOS 7 device, which they can easily unlock/break (see Section I), but declined to do so this time (the EDNY case).

The combination of iOS 8/9 with iPhone 6 and newer (HW security enclave) is designed to not be able to be broken by Apple, even if it wanted to.

That's not to say that nothing is breakable, ever; it's all about the level of effort required and whether or not one can bypass the crypto altogether.

Comment Re:Last we will hear of that.... (Score 1) 255

No, the phone is running iOS 9 -- this is the San Bernardino phone. The phone running iOS 7 was the case in the Eastern District of New York -- which of course Apple's own law enforcement compliance statement says it will unlock when presented with a warrant, but I guess it didn't feel like it this time.

Comment Section 702: not "Americans" (Score 1) 49

Section 702 facilitates targeting and collection on non-US Persons outside the United States whose communications enters, traverses, or otherwise touches the United States, as over 70% of international internet traffic does, or as does any non-US Person outside the US using any US-based cloud or internet service.

Where US Persons come in is because US corporations and organizations are also "US Persons". But if we suddenly say that doing foreign intelligence collection on non-US Persons outside the US should require the same individualized warrant protections as Americans citizens living in the US, it absurdly turns the entire purpose and function of foreign intelligence collection on its head.

And if you already don't trust the government, you won't care about anything in this explanation anyway.

Comment Since this device is running iOS 7... (Score 2) 114

...I guess it's time for Apple to update its law enforcement compliance guide:

I. Extracting Data from Passcode Locked iOS Devices

[...]

For iOS devices running iOS versions earlier than iOS 8.0, upon receipt of a valid search warrant issued upon a showing of probable cause, Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Appleâ(TM)s native apps and for which the data is not encrypted using the passcode (âoeuser generated active filesâ), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 through iOS 7. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, iMessage, MMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party app data.

Comment Re:Not a zero-sum game -- and not that simple (Score 1) 395

You again reiterated the false choice. I explained exactly why it is a false choice, and why some possible solutions, which may or may not be available under all circumstances, can address some of the problems without weakening crypto standards themselves, or weakening existing complete crypto systems. That you don't want to acknowledge this is so does not make it untrue. You are focused on backdoors, various key escrow solutions, and the like, and not on practical reality.

Comment Not a zero-sum game -- and not that simple (Score 1) 395

Liberty and Safety are not at two ends of a zero-sum sliding scale, wherein one must be sacrificed in discrete and equal units for the other. We can and should have a good measure of both, and it is government's charge to provide for the latter, while protecting (or, depending on your view, not infringing upon) the former. To say nothing of the fact that our very existence has been an exercise in the sacrifice of "liberty" for an orderly civil society governed by the rule of law, except in the fantasies of internet tech-libertarians.

And what a worthless survey: "warrantless surveillance" of what? Of who? Foreign intelligence targets do not require and never have required a warrant.

Gone are the days where the US targeted foreign communications on distant shores, or cracked codes used only by our enemies. No one would have questioned the legitimacy of the US and its allies breaking the German or Japanese codes or exploiting enemy communications equipment during WWII. The difference today is that US adversaries -- from terrorists to nation-states -- use many of the same systems, services, networks, operating systems, devices, software, hardware, cloud services, encryption standards, and so on, as Americans and much of the rest of the world. They use iPhones, Windows, Dell servers, Android tablets, Cisco routers, Netgear wireless access points, Twitter, Facebook, WhatsApp, Gmail, and so on.

The distinction is no longer the technology or the place, but the person(s) using a capability: the target. In a free society based on the rule of law, it is not the capability, but the law, that is paramount.

US adversaries use the very same technologies we use. The fact that Americans or others also use them does not suddenly or magically mean that no element of the US Intelligence Community should ever target them. When a terrorist in foreign country is using Hotmail or an iPhone instead of a walkie-talkie, that cannot mean we pack our bags and go home. That means that, within clear and specific legal authorities and duly authorized missions of the Intelligence Community, we aggressively pursue any and all possible avenues, within the law, that allow us to intercept and exploit the communications of foreign intelligence targets.

If they are using hand couriers, we target them. If they are using walkie-talkies, we target them. If they are using their own custom methods for protecting their communications, we target them. If they are using HF radios, VSATs, satellite phones, or smoke signals, we target them. If they are using Gmail, Facebook, iPhones, Android, SSL, web forums running on Amazon Web Services, etc., we target them -- within clear and specific legal frameworks that govern the way our intelligence agencies operate, including with regard to US Persons.

That doesn't mean it's always perfect; that doesn't mean things are not up for debate; that doesn't mean everyone will agree with every possible legal interpretation; that doesn't mean that some may fundamentally disagree with the US approach to, e.g., counterterrorism. But the intelligence agencies do not make the rules, and while we may inform issues, we do not define national policy or priorities.

And on backdoors, we don't need "backdoors".

What we do need is this:

A clear acknowledgment that what increasingly exists essentially amounts to a virtual fortress impenetrable by the legal mechanisms of free society, that many of those systems are developed and employed by US companies, and that US adversaries use those systems -- sometimes specifically and deliberately because they are in the US -- against the US and our allies, and for a discussion to start from that point.

The US has a clear and compelling interest in strong encryption, and especially in protecting US encryption systems used by our government, our citizens, and people around the world, from defeat. But the assumption that the only alternatives are either universal strong encryption, or wholesale and deliberate weakening of encryption systems and/or "backdoors", is a false dichotomy.

How is that so?

Encrypted communication has to be decrypted somewhere, in order for it to be utilized by the recipent. That fact can be exploited in various ways. It is done now. It's done by governments and cyber criminals and glorified script kiddies. US vendors could, in theory, be at least a partial aid in that process on a device-by-device basis, within clear and specific legal authorities, without doing anything like key escrow, wholesale weakening of encryption, or similar with regard to software or devices themselves.

When Admiral Michael Rogers, Director of the National Security Agency and Commander, US Cyber Command, says:

"My position is -- hey look, I think that we're lying that this isn't technically feasible. Now, it needs to be done within a framework. I'm the first to acknowledge that. You don't want the FBI and you don't want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn't be for us. I just believe that this is achievable. We'll have to work our way through it. And I'm the first to acknowledge there are international implications. I think we can work our way through this." ...some believe that is code for, "We need backdoors." No. He means exactly what he says.

When US adversaries use systems and services physically located in the US, designed and operated by US companies, there are many things -- compatible with our law and with the Constitution -- that could be discussed, depending on the precise system, service, software, or device. Pretending that there is absolutely nothing that can be done, and it's either unbreakable, universal encryption for all, or nothing, is a false choice.

To pretend that it's some kind of "people's victory" when a technical system renders itself effectively impenetrable to the legitimate legal, judicial, and intelligence processes of democratic governments operating under the rule of law in free civil society is curious indeed.

Some ask why terrorists wouldn't just switch to something else.

That's a really easy answer -- terrorists use these simple platforms for the same reason normal people do: because they're easy to use. Obviously, a lot of our techniques and capabilities have been laid bare, but people use things like WhatsApp, iMessage, and Telegram because they're easy. It's the same reason that ordinary people -- and terrorists -- don't use Ello instead of Facebook, or ProtonMail instead of Gmail. And when people switch to more complicated, non-turnkey encryption solutions -- no matter how "simple" the more tech-savvy may think them -- they make mistakes that can render their communications security measures vulnerable to defeat.

Vendors and cloud providers may not always be able to provide assistance; but sometimes they can, given a particular target (device, platform, etc.), and they can do so in a way that comports with the rule of law in free society, doesn't require creating backdoors in encryption, doesn't require "weakening" their products, and doesn't violate the legal and Constitutional rights of Americans.

And of course, it would be nice if we were able to leverage certain capabilities against legitimate foreign intelligence targets without our targets and the entire world knowing exactly what we are doing, how, when, and why, so our enemies know exactly how to avoid it.

Secrecy is required for the successful conduct of intelligence operations, even in free societies.

"The necessity of procuring good Intelligence is apparent and need not be further urged -- all that remains for me to add, is, that you keep the whole matter as secret as possible. For upon Secrecy, Success depends in most Enterprises of the kind, and for want of it, they are generally defeated, however well planned and promising a favourable issue." â" George Washington, our nation's first spymaster, in a letter to Colonel Elias Dayton, 26 July 1777

Disclaimer: I'm a subscriber, so I see stories early.

Comment No. No limits on speech. But... (Score 2) 563

No. No limits on speech. That is exactly the wrong idea. But being on a CT watchlist if you're immersed in ISIS propaganda, and don't have a clear reason otherwise for doing so? Yep, that's gonna happen.

Problem with watchlists?

Quiz:

1. Should the government have the ability to keep ANY list(s), to include names and other attributes of people, for counterterrorism and intelligence purposes?

2. Should the government be able to watch non-protected aspects of a US Person suspected of terrorism, foreign intelligence ties, etc., without a warrant?

3. Should the government be able to watch protected aspects of a US Person suspected of terrorism, foreign intelligence ties, etc., with a warrant?

4. Can the government keep secret the fact that a US Person (or any other person) is on any CT watchlist and/or is subject of a CT/CI investigation?

5. Should the government be able to deprive a US Person of Constitutional rights without due process, or by virtue of appearance on a CT watchlist?

Answer key: 1. Yes. 2. Yes. 3. Yes. 4. Yes. 5. No.

Comment Re:Fundamentally Flawed (Score 1) 93

Your whole extended statement fell apart with the title.

"NSL = for things that DO NOT require a warrant"

Actually, warrants are the mechanism by which a free society achieves balance between personal and collective rights. Absent that...

Nope. Not everything government does requires a warrant. That is an undeniable fact. The case law which says metadata, for example, affirmatively does not require a warrant, has no expectation of privacy, and is not covered by the Fourth Amendment, is over 35 years old.

It got even weaker when you stated that "NSLs DO have massive amounts of LEGAL oversight..." States facts not in evidence. What, exactly, are these "massive" oversight mechanisms?

https://www.fas.org/sgp/crs/in...

"Hey, can you help us out..." is laughable because you characterize this as a friendly understanding between actors who know each other. In fact an NSL is 100% coercive, cannot be challenged, and it's secrecy is the ultimate weapon. An NSL compels the recipient to do as demanded and never tell anyone else. The NSL itself could be illegal but the recipient cannot even inform a lawyer, as that would violate the secrecy provisions. Oh, but do tell us about the "massive" oversight.

But NSLs -- which are nothing more than a letter -- are not illegal. That's the point. In fact, the only thing found unconstitutional about NSLs were the extent and length of the gag orders accompanying them.

By your logic, any law enforcement or government entity should NEVER be able to approach a business about anything and ask for help. It should ALWAYS require a court order, no matter the information requested. That's how you might think it should work, but that is not compatible with reality.

When you state "...if a NSL is used, the person is almost certainly a foreign intelligence target under active investigation..." you put the cart before the horse. Your language is that of conclusions concerning a criminal, as found by a court of law. Except this comes before a court of law has had any chance to hear a case. This is lazy argumentation to support a flawed process.

No, you are putting the cart before the horse by implying that a warrant is required for information or persons who fundamentally DO NOT require a warrant. What you are essentially saying is that a warrant-like approval process needs to happen for any sort of action or information request government takes or makes, ever, to ensure that the government isn't "lying" about it not needing a warrant...which defeats the whole purpose, and timeliness, of not needing a warrant.

Finally, you mention FISA. This joke of a process has a 97% warrant approval rate. Standard court warrants have about a 60% approval rate. Literally nothing else needs be said about how weak the FISA process is; statistically, this approval rate cannot be explained or justified. Except, by repeating what the FISA court really is: A one-sided process meant to produce a Yes answer, with no right of reply or rebuttal. Retroactive FISA warrants are further evidence of the corrupt/flawed/lazy thinking that produced FISA in the first place.

This comment truly shows your ignorance, because you have no idea how FISA works. At all. The IC does not approach FISA with requests that will probably get denied, because it is a massive waste of time and resources for the literal armies of lawyers who submit FISA requests -- for FOREIGN intelligence collection -- on behalf of IC agencies. Law enforcement agencies, however, do this all the time because they have no other choice but to try. So your assumption that just because the approval rate is high is because it's a "rubber stamp" and really doesn't care about what it's approving is false.

Of course, you have already made up your mind and use a lot of specious and absolutely false logic to arrive at your conclusions, so this conversation is moot.

Slashdot Top Deals

"'Tis true, 'tis pity, and pity 'tis 'tis true." -- Poloniouius, in Willie the Shake's _Hamlet, Prince of Darkness_

Working...