Follow Slashdot stories on Twitter


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:FBI Word games (Score 1) 345

On the contrary, they work just as well as in other cases. Just because a warrant is granted, this does not guarantee a search will be fruitful.

The difference is that encryption guarantees the search will not be fruitful.

Given that situation, I would tend to lean toward the side that favors the citizenry over their government masters.

Me too, not least because I think the pendulum has swung too far towards government. But I also recognize that proper law enforcement is a good thing.

Comment Re:FBI Word games (Score 1) 345

True, but even if they did ban encryption, there will always be some other way to achieve the same ends, especially if you are a criminal who doesn;t care about the law.

Just like trying to ban guns by law Its a stupid idea to begin with, since it only limits/restricts/unnecessarily punishes law-abiding people, so they weren't ever a threat anyway.

Most criminals don't plan very well. If they had to get illegal encryption software to secure their communications and papers, they'd screw it up. For that matter, even in the present where it's legal but not on by default in most cases, they won't do it. The problematic situation is when everything is strongly encrypted by default, all the time -- which I think is a good thing, and in fact a big part of my day job is to make that true on all Android devices. But even though it is a good thing in general, it will have a significant negative impact on law enforcement.

Comment Re:FBI Word games (Score 1) 345

There's also that pesky 'secure in your own home' concept, whereby the planting of false evidence is meant to be at least slightly difficult. Once they have access, there's nothing stopping escalation to curtail someone that is causing an issue.

Encryption or the lack thereof has no impact on that whatsoever.

Comment Re:FBI Word games (Score 1) 345

But I think it's important to admit that there is a real subject of debate here.

No. There isn't.

Problem is that encryption is more than just sending messages to your co-conspirators. There's banking. Paying bills. All that other good stuff that we do without thinking about the encryption. Back door on encryption means that that's all gone. Can't afford to do online banking with broken encryption. Can't afford a lot of the conveniences of modern living (haven't had to actually write a check in years. And don't expect to have to again)....

Actually, banking, etc., are exactly the areas where escrowed encryption would work just fine. The bank could simply escrow its private keys with a federal agency and the cops could get stuff decrypted with a court order. Done, and done. But it's irrelevant, because a warrant served on the bank will get your transaction records.

No, the relevant sort of encryption here is local storage encryption.

Comment Re: FBI Word games (Score 1) 345

Sorry, but the state at which all laws are fully enforced to their maximum extent is not the ideal our society was founded on. Rather, we accept that some lawbreakers will get away as the cost of our freedom. In essence, law abiding citizens have a vested interest n ensuring that law enforcement is NOT 100 percent successful.

Obviously. But we're likely moving the balance point, which bears discussion.

Comment Re:I don't see the bug either (Score 4, Informative) 43

I have asked on an internal mailing list. If the response is something I can share here, I will.

The response is basically that it's not worth fixing because there are so many other ways to do the same thing, many of them arguably better (for the attacker). Fixing this would require redesign of lots of stuff... and it couldn't prevent any of the other attacks that achieve the same thing, so it would be a lot of effort for no return.

An example of a similar/better attack:

In that demonstration the example banking site is not HTTPS-protected, but the attack would work just as well if it were. There are other ways as well, I'm told (I'm not a web security guy).

My takeaway is that *every* time I type or submit sensitive data into a web page I must check the address bar. I actually do that anyway; this just reaffirms the importance of that habit.

Comment Re:I don't see the bug either (Score 4, Insightful) 43

Maybe. I think the issue (if any) lies here:

2) Get them to click on a login using Google link that sends them to (something like this)

The problem is that the Google login page will be totally legitimate. The lock icon will be green, certificate pinning will ensure all is safe/good, etc. So it's not completely unreasonable that a person who might have been suspicious (but not too suspicious to click the link) prior to this point would now decide "okay, this is legit", and continue onward... and not notice that on the fake login page they're no longer on a Google site.

So, if it's a weakness, it's one that doesn't affect totally clueless users, who could have been directed to the fake login page to begin with, and it doesn't affect clueful/careful users who check their address bar at both the real and fake login pages and know how to tell the difference. It affects only somewhat careful users who check their address bar at the real login page and then figure they're safe from there on out. Well, it also has to be a user to is willing to click a Google login link from a random, untrusted site.

So I agree it's very, very narrow. I'm not sure I agree it's not an issue. But I know the Google Security Team guys well (I work for Google, on security, though not this stuff), and they're extraordinarily paranoid (that's a good thing), so my guess is that there is some other mitigating factor that I'm not seeing, and they just haven't done a good job of communicating the rationale to the researcher, or have some reason they can't communicate it.

I have asked on an internal mailing list. If the response is something I can share here, I will.

Comment Re:How to make it cheaper? (Score 1) 64

I see the carpooling part, but the summary also mentions charging fares, not splitting costs. Presumably the car owner is for hire and accepts them, Google just uses something along the lines of "Uber Pool" and "Lyft Line" which also matches riders going in the same direction. Which isn't a differentiator at all, as the article claims.

The difference is that no the much lower fares will be too low to motivate anyone to take driving on as a job. If the fare value is so low that it doesn't even cover the full value of vehicle fuel and wear and tear, much less the driver's time, then no one will try to make money at it. Instead, it will just be a way to defray part of the cost of a journey one was making anyway. In other words, ride sharing.

Comment Re:FBI Word games (Score 1) 345

I'm glad that we have people on our side that are smarter than him.

You realize you're implicitly siding with criminals here, right? They also want to keep the FBI out of their data.

Oh, I agree with your conclusions. Banning encryption, or requiring backdoors, is a simply unacceptable level of intrusion in a democratic society. Its potential for abuse is too extreme to risk.

BUT... law-abiding citizens do also have an interest in seeing that lawbreakers are caught. Assuming we vote in people who pass appropriate laws and criminalize things that seriously and negatively affect our lives, things like murder, kidnapping, robbery, identity theft, and pot smoking (kidding!), then we really do want cops to be able to get the information needed to identify the perpetrators of crimes and to prosecute them. So we do not want a situation in which evidence is not generally available, leading to either failing to lock up a lot of people who are actively dangerous to us, or to locking up a lot of innocent people because we've had to lower the standards of evidence required for prosecution.

I'm pretty certain that we're just going to have to accept a world in which prosecutions are a lot harder, because the alternative is even worse. I also don't think it will be as bad as all that, because most criminals are stupid. It doesn't matter if the conspirators' email is encrypted when one of them posts the deed on Facebook. But I think it's important to admit that there is a real subject of debate here.

Slashdot Top Deals

According to the latest official figures, 43% of all statistics are totally worthless.