Slashdot Mirror
Data Retention Proven to Change Citizen Behavior
G'Quann writes "A new survey shows that data retention laws indeed do influence the behavior of citizens (at least in Germany). 11% had already abstained from using phone, cell phone or e-mail in certain occasions and 52% would not use phone or e-mail for confidential contacts.
This is the perfect argument against the standard 'I have nothing to hide' argumentation. Surveillance is not only bad because someone might discover some embarrassment. It changes people. 11% at least."
There are tons of studies showing that people act differently when they know they're being watched or recorded. I'd say that the 11% figure is a huge understatement, 89% of users are clueless, or, most likely, most folks have been assuming a lack of privacy all along. I'm in the 'lack of privacy from the beginning' camp. hanzie
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
To what extent have studies like this modified governments' behavior?
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
That means 11% of the people were going to do something morally wrong and thought twice about getting caught. That proves survaillence is doing it's part to curtail the unwashed masses of wickedness on the interwebitubes. When more like 50% start censoring themselves then we'll know that people take their freedom of speech seriously and make sure only edifying things are spoken.
Perhaps the 11% that changed their behavior was the 11% that SHOULD change their behavior. Drug dealers, thieves, politicians, etc.
Raw numbers mean nothing without context.
But I had never questioned my privacy over telephones or online until I started hearing rumors about Echelon all over the internet.
Then Carnivore was announced and basically confirmed all the suspicions. Everything that's happened since is just in the wake.
You're nothing; like me.
"This is the perfect argument against the standard 'I have nothing to hide' argumentation."
There's more than that. Even if you have nothing to hide, you can still be mistakenly thought to have something to hide. All it takes is one false positive to ruin your day.
Germany is a place that knows what wiretaps and domestic spying is all about. Everyone's grandfather can tell them what the Nazis did to friend and foe alike. Public display of Nazi symbols is still against the law because it outrages so many. People who lived through the East German Police state have more recent and personal reasons to fear this kind of monitoring. Domestic spying is about eliminating political opposition and the only way to save yourself from that is to run away. Eventually, even those who manage to keep out of sight by doing nothing are destroyed by the schemes of those in power. States that do this are out of control.
If you understand these things and how computers work, you have no choice but to use and advocate free software. Non free software has the ability to end freedom of press and every other right. We are well down that path, with newspapers raided, citizens spyed on, an unpopular war of aggression, torture and other evil things. You can have your privacy with free software and should demand it.
I am a name troll of Westlake. Visit my homepage to learn why.
Yeah, the guilty 11%!
-Peter
People who say "I have nothing to hide" realize they have already lost the argument and so try to turn it into a veiled personal attack to change the discussion.
The perfect counter to it is "so why would you tolerate someone spying on you if you have done nothing wrong?"
this thing is bad for telecom industry ? reducing the demand and all ?
Read radical news here
For 11% of the people it is.
Authorities believe 11% of Germans are hiding something.
Update at 9.
...obviously are afraid that the government will suspect them of something if they answer that their habits did change. I would say that probably more than 11% of people changed their habits. Just an opinion, though.
I understand your whole argument except the 'free software' implication. I don't see how paying for software, or getting it for free, has anything to do with one's ability to preserve privacy and political security.
Maybe you meant to say "Microsoft allows politicians to open backdoors" or "Linux programmers would not care what politicians want." But since you said neither, your vague comment leaves me wondering how 'free software' relates to 'preserving privacy'.
If you have complete control over your software, as free (as in freedom) software guarantees by definition, you can enforce your own privacy and security. If you have a solution you cannot modify, you are completely restricted to its ideas of privacy and security.
Human freedom has to extend to freedom of information and freedom of control over our own tools, including software and hardware. If we allow our corporations and governments to control our tools, they move on to controlling our media (DRM's already here) and eventually our legal freedom (DMCA raids?!)
Sam ty sig.
Is it no surprise that, as people learn, government and business are monitoring and tracking them they modify their behavior?
It's working. People are afraid to communicate, talk only in closets, and while we claim "free speech" we dare not exercise it because of the terrible consequences of daring to say something unpopular, "anti-government," or "anti-corporation."
We now all live in soviet union where corporate/government kgb punishes you for offenses of opinion.
Sure, criminal behaviour has changed. Instead of using regular cell phones, professional bad guys now use nice untraceable prepaid cell phones (and discard them regularly). So, the data retention has indeed brought on a change - but the change makes the data retention useless.
What the data retention does do, is to trip up the only-vaguely-criminal acts of the amateur. For instance, it is now much easier to track down the affairs of an unfaithful spouse, and to win a nice fat divorce settlement. Somehow I doubt that was the original aim of the data retention.
Behavior changes when people are observed? Psychologists have known this for years. It's called the Hawthorne effect, and it's something you always have to watch for when studying behavior.
Warning: Apple/Nintendo fangirl. Likes her electronics cute & cuddly. May be rabid.
These 11% (would probably be higher if more people actually knew what their governments could do) are proof that paranoid schizophrenia doesn't exist. It's not paranoia when people really are watching your every move, reading your email, and listening to your phone conversations. Paranoid schizophrenics, rejoice! You're just schizophrenic now!
Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
The thing is, the vast majority of people have no way to verify that their software is secure, even if it's open source. And even the people who do have the ability aren't going to. Are you really going to read through every line of code in the Linux kernel looking for backdoors? What about the compiler you use to build it? And the same for every application you use. Even for widely used pieces of software you can't assume that someone would find a backdoor that had been inserted -- look at the recent Debian SSH key bug (yes, I know that wasn't a backdoor, but it could just as well have been). Open source isn't a guarantee of anything.
The guy really sounds mentally unstable. Granted none of us like what he stands for, but beyond that, he really seems to have some issues other than having a tight sphincter. Maybe they should direct him to get professional help.[blockquote]Before walking out of the courtroom, Thompson filed what he called "Thompson's Formal Objection to June 4 Sanctions hearing. In the documented, 4,500-word objection, Thompson questioned Tunis' ability to sit on his hearing, calling her incompetent and arrogant and threatening to have her removed from office "in the days and weeks ahead." He also went on to call the people run The Florida Bar fascists and denied that he was involved some sort of "petty culture war."[/blockquote]
If you want news from today, you have to come back tomorrow.
Religion was invented for this purpose thousands of years ago simply because the monitoring technology wasn't available. Does this mean Germany will abandon religion?
It's also possible that that many people actually do have something to hide.
Because anything and everything my doctor writes down is reviewable by some nitwit risk analysis agent who's performing an analysis of my background and medical history that was originally written to standards associated with middle class, heterosexual, white christian males.
not poor minorities from the ghetto. and certainly not poor fags.
it's no wonder gov't has no respect for private citizens when the folks that are hired have to open up their life history and medical record and thus _must_ have nothing to hide or be very good at hiding it.
If you can actually be arsed to check sigs (and the keys and their signers) for all the packages you download then fair play to you.
... why would I trust you?
You'll still have to follow every commit just to check you didn't get stung by something like the Debian entropy fiasco.
Then maybe your compiler has been backdoored? It's happened before.
Once you've got your trusted OS up and running I'd love for you to forward me a copy!
But then again
Point being, you can never "have complete control over your software".
That's a useless argument. Having the source and having a community built around the source is already infinitely better than having neither. The very tangible result of this is that Windows Vista is covered in DRM and privacy leaks from the ground up, while you can get a wide range of modern Linux and BSD distros with neither of those problems.
Sam ty sig.
No, it is not... 89% did not change their behavior — arguably, because they had nothing to hide.
BTW, is your glass 11% empty, or 89% full?
In Soviet Washington the swamp drains you.
I guess you didn't think that those 11% might have something to hide. Maybe they were breaking the law. Maybe they were being unethical, which would include semi-legal things like cheating on their SOs. Maybe they are, like so many people on
The mere fact that 11% changed their behavior does not mean or even imply a problem with said argument. It does imply that 11% actually did have something to hide.
And, that is what I think is behind all this paranoia and over-reaction. You all have something to hide.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
You were doing great before the second paragraph, with the immediate leap to 'Free Software' without any explanation (intentional backdoors would have been a good one). After that, I just had to look at the username to confirm my suspicion.
But yeah. Aside from the twitterism near the end, I'm in complete agreement.
Like I just replied to the other AC, of course you have no way to verify that it's secure, but at least with the source you still have power over it. If you don't want DRM integrated into the kernel, you don't have to have it. Go ahead and remove the DRM from Vista. I'll wait right here.
Sam ty sig.
Freedom means that you can do all of that and teams of people do for both cooperative and competitive reasons. All of the usual guards for non free software apply. People are watching their computers and will report suspicious communication. Then come all of the free software checks. The code gets checked upstream by the team that creates it and then downstream by many distributions that use it before finally being checked by the much larger number of users. The free software community is able to verify code from creation to desktop use and it's a fairly competitive place. For every kind of check you have in the non free world, you have more and better in the free world as well as greater competition and willingness to report wrongdoing. This makes it unlikely you will be caught by malicious code.
"This is the perfect argument against the standard 'I have nothing to hide' argumentation. Surveillance is not only bad because someone might discover some embarrassment. It changes people. 11% at least."
What a silly interpretation of simple data.
Could it be that 11% have something to hide?
Taking a random review of the people I know well, I'd say this is understating it.
-Styopa
I learned here at Slashdot that Europe is perfect, so this couldn't have happened there.
In light of the people deciding that people don't have anything to hide, I ask that everyone answer the following questionnaire:
1) What is your bank account PIN number?
2) What is your annual salary?
3) What is your Significant Other's phone number?
4) What are your passwords to various email and web accounts?
5) What is the length of your penis?
... how many exhibitionists have increased their use of e-mail, etc. knowing that someone is watching?
In the perfect world, all the voyeurs would get jobs with the gov't peeking at all the flashers and leave the rest of us alone.
Have gnu, will travel.
Yes, look at it. Luciano Bello found it. He's a Debian developer. Please don't go off about how long it took to find it. Think about that: it makes GP's point for him.
And ook at the rest of the argument. ~Are you going to read every line~? C'mon: strawmen don't get much more blatant than that. Similarly with "Open source isn't a guarantee of anything." As compared to what, please? Another strawman.
As always, all IMO. Insert "I think" everywhere grammatically possible.
Fortunately, they screen for this beforehand when casting reality TV shows, and make sure 100% of the participants don't modify their behavior if they're being watched.
"If you have complete control over your software, as free (as in freedom) software guarantees by definition, you can enforce your own privacy and security"
There are no guarantees of privacy, only those of freedom to do what you want with the software (excl. distribution). I think you will probably find that your license specifically says that it is provided WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE (hint: this will include privacy).
I don't disagree with your argument that free is better (I use Linux/BSD exclusively), but as to the *absolute* that you have complete control I think you are missing a lot of that which we who live in the pragmatic universe call "reality". Unless, of course, you are rms and have written your own OS from the ground up, in machine language, on machine built by yourself out of generic components available from a wide variety of globally dispersed suppliers.
No? Oh, well, tough break.
The license does guarantee you have control over it, whether or not you have the practical means to assert the control you want. If a feature violates your privacy, you're welcome to remove it. If that would deny you some functionality, such as a protocol feature, that's your decision, and a free software license won't get in your way.
It's splitting hairs at this point, but the difference between libre software and closed software is so large in this case that I am comfortable using generalisations like "complete" and "guarantee".
Sam ty sig.
If you understand these things and how computers work, you have no choice but to use and advocate free software. Non free software has the ability to end freedom of press and every other right. We are well down that path, with newspapers raided, citizens spyed on, an unpopular war of aggression, torture and other evil things. You can have your privacy with free software and should demand it.
Not to mention parts of OpenSSL commented out, resulting in millions of invalid and insecure keys--OH WAIT.Truth is, Joe Sixpack (or even Joe IT or Joe Programmer) is going to assume that the software he uses on the computer/network is secure, regardless of whether or not it's "free", and especially if it's a system component that is taken for granted. It wouldn't be feasible to do a monthly code audit of every single component of the OS, even with the power of the community.
> ..the vast majority of people have no way to verify that
> their software is secure..
Doesn't matter. So long as we are ALLOWED to possess Free Software it keeps em honest. How can you enforce a backdoor when there are hundreds of distribution points? When anyone who wants to can replace/rewrite a major codebase at whim?
Now compare to closed commercial software. First off remember that all closed shops utterly depend on the government to grant and enforce the monopoly they depend upon for their revenue. As a practical matter there are only a handful of closed shops still in the operating system game, leaving a few pressure points we would all be left depending upon.
Democrat delenda est
The survey simply asked respondents if they KNEW about data retention, not if they knew that it was actually in place and in effect. Thats like asking someone if they know that a flaw in a car "could" cause an explosion and then claiming the majority are aware of such manufacturing flaws and the subsequent recalls.
The recent debian thing was caused by some developers who thought they knew better than the upstream provider, and they ended up SIGNIFICANTLY DESTROYING security in the process.
That wouldn't have happened if they couldn't modify the source in the first place.
See? Having the source isn't a utopia, idiots still screw things up.
Why does the mention of hiding something make everyone assume it is illegal or immoral?
Maybe I'm hiding my plans or ideas for a revolutionary new produce or service so I can patent it and develop it. Maybe I'm hiding the fact I sneak off every night to night school to get that high school diploma so my friends don't think less of me. Maybe I sneak off to the gym to improve my self and only I will know if I fail. Maybe I want to hide the gift I got my girlfriend and the running around I did to get it.
Privacy is the right to control the personal aspects of your life and who you share them with.
You like strawmen, don't you? Those weren't strawmen, they were rhetorical questions and valid points to consider. That doesn't make them strawmen.
Any quantum physicist could have told you that!
Yes, and that's still much better than when much worse mistakes are made in proprietary systems. At least in the open source case the mistake *was* found, and because of the heterogeny of the open source space, it only affected "some" distributions, and the fix was released in a matter of hours. I haven't heard of a single high profile target compromised because of that error. Many Windows bugs have affected over 80% of the world's desktops at a time, and there have been *plenty* of those, not just one.
And if you want to play this game, why not bring up the case where an actual blackhat tampered with the Linux upstream CVS repository and his clever backdoor was still caught before it was even released. http://kerneltrap.org/node/1584 Just because a single error occured in Debian's process does not damn the entire open source world.
Sam ty sig.
the mayor, Kwame Kilpatrick, was sending all sorts of text messages of nasty sorts (speaking ill of local politicians, incriminating himself in a murder and corruption trial.) But one of the questions that I bet a lot of people were left asking.. Are my text messages being saved by the phone company? I can't say for sure but someone else here may know... maybe they were being saved only because he was a government employee?
The problem is that it's not a government that is watching, it is always a human. Most probably low-paid.
Oh, yes, sure. Ever since the ruling-party's nominee approved of domestic spying, we've seen Hillary run away and Obama eliminated. Right...
Do you, really? Have you ever looked at, say, OpenOffice.org code to be certain, there are no backdoors in it? Especially — in its recently lauded fork (RedOffice) made at that happy place of undisturbed freedoms?
In Soviet Washington the swamp drains you.
I don't see how paying for software, or getting it for free, has anything to do with one's ability to preserve privacy and political security.
Free software is not about money, as is free in "free beer". It is about freedom as is in "free speech".
With commercial software you have no legal possibility nor adequate technical tools to deeply verify if software you use has backdoors or anything else you do not want to be there inside your computer, phone, videorecorder, anything. And actually it does not matter if such malvare serves to government mafians or criminal ruffians. Whoever they are, THEY have control of all your information interactions. You have no privacy at all.
With Free Software, if you care to train your relevant skills, you at least have a chance to affect what kind of software you use and how and this means indirectly YOU have control of your information interactions. That's privacy.
Implications of both situations to political security are obvious.
There you are, staring at me again.
A post that doesn't get the difference between 'free as in freedom' and 'free as in beer' gets modded up Insightful? Please...
Send your spendthrift head of state this
That's not the point. With open source you have the possibility of checking the source for things you don't agree with. If you're not a programmer you can hire one.
With proprietary software you don't even have that.
Send your spendthrift head of state this
correction, including distribution. :)
Send your spendthrift head of state this
I currently work for a non-Free software company (not as a developer though), and want to point out that as not entirely true. It depends very highly on the industry and the customer. Being an employee I could get a copy of our software at no cost or close enough that it wouldn't matter (or so I assume; worse-case scenario, I re-generate myself a temporary key once a month). However I still choose to write my own applications where I could use our pre-built tool. Cost is not the issue: it's a combination of (my general lack of) experience with the
Back on topic though, we could still sell our software even if copyright law didn't exist or if it was open source. Why? We have a support department. Not a forum, but a department. When you're selling to companies, there's tremendous value to them to be able to pick up a phone and call someone when something's not working. Consider the paid versions of MySQL, for example. I'm not at all knocking FOSS for this approach to support, but rather pointing out that if your target audience consists primarily of large businesses, the ability to get in direct contact with someone who's paid to troubleshoot or walk across the building to find the developer who wrote the problematic code is a BIG selling point.
For software that costs under a couple hundred bucks, this isn't so much of an issue. However when companies are going to be making an investment in the tens to hundreds of thousands of dollars on software, you can bet your ass that the support and maintenance of that software is very important. Don't get me wrong - we've lost deals to Drupal and Joomla probably as often as we've lost deals to our "real" competition, but more often than not those were very unqualified leads anyways.
I work in sales, so take it with a grain of salt if you will. But I'm not saying that commercial/closed-source software is better than free or open-source software (it goes both ways all the time and often is a matter of opinion), just that it's more than the existence of IP laws that keep us in business.
How are sites slashdotted when nobody reads TFAs?
I expect it would be much harder to sneak something evil into a large-scale, high-profile project than some few-person svn repo on Sourceforge. Something like a Linux distro has enough eyeballs looking at the code that a backdoor would be relatively easily spotted (especially when comparing versions of a file), where with a small tool it's not unlikely for code to never get looked at again so long as it's still functioning properly.
How are sites slashdotted when nobody reads TFAs?
ah, yes, Free Software. I can see the Jack Bauer scenario now.
Jack: Are we on a secure line?
Chloe: Don't worry, Jack. I'm running Free Software on my laptop. This makes me automatically immune from wiretapping of my cellphone...
Je ne parle pas francais.
I actually trust my government for the most part. (It's not the US government, incidentally.) Having said this there's no way in hell that I support legislation that gives the government and its agencies power to snoop more on its citizens, at least without some very carefully designed procedures in place such as requiring warrants from independent judges, etc.
The whole nothing-to-hide argument seems thin. Personally I don't have anything serious to hide that I'm aware of, and I doubt I ever will. That said, I also have no reason to believe that I'll trust the government and its agencies in the future.
Simply trusting agencies not to abuse their power isn't good enough, because sooner or later someone will always come along who's happy to abuse their position and take advantage of it. (Communism's great until the corrupt people get to the top and then use that influence to change the rules and keep themselves there and push their own agenda.) By the same token, I have no reason to believe that if extra power is given to police and similar agencies to snoop on me and others, that they won't be full of people ready to abuse that ability in 10 or 15 years time.
Having a good and reliable government is as much about good design of its rules and keeping them firmly in place as it is about trusting the people who are in it. Sooner or later bad people will come along, but a good structure will keep the influence of those people to a minimum.
Privacy - we all have something to hide, of course we do. Our right to privacy ties in well with the principle that you are innocent until proven guilty. Why do "they" want to spy on ordinary people? In a sense, to prove that we are not guilty - so they assume we are guilty until it has been proven otherwise. You can't build a happy society on mistrust and suspicion.
E-mail and phone calls are just conversations that happen to occur using electronic means. Requiring them to be logged is no more reasonable than it is to require that every face-to-face conversation a person has also be logged. (It's simply easier to log the electronic conversations.)
This is why I think that data retention laws are ridiculous in most cases. The main accomplishment of such laws is to make email and phone calls much less useful.
Unfortunately... I can't give it too you or even describe how I did it... that would be breaking our American DMCA law...
I said no... but I missed and it came out yes.
Now before I start IANAA (I Am Not An Anthropologist) but I did read a bit on the topic at one point, to try to understand how people work, so to speak.
One thing that stuck in my head was that there's a relatively large disconnect between what people say in surveys and what they actually do. What people as in surveys isn't as much deliberately lying, or even being aware that they lie, but basically describing an ideal "self" that they'd like to be or were taught to be. They describe someone who's more socially acceptable. E.g.,
- A (formerly) hunter-gatherer tribe had traditionally a martial culture glorifying brave hunters and warriors. So in a survey almost all males described themselves as hunters and warriors. The problem? They had actually gradually switched to agriculture some time ago. Most of them didn't even have a weapon, and hadn't hunted or fought in their life.
- A community prided themselves in helping each other and doing stuff together and things like that. So in a survey they said that, yeah, verily, they work the fields together and help each other build a barn, etc. Except in practice the last time either actually happened was some half a century ago.
- At one point where meat prices went up, they asked people whether they eat more or less meat. Most said, basically, "screw this, I'll eat less of that until the prices come down. That'll show 'em." Except they also looked at sales data, and actually rummaged through that town's garbage to see what packaging people throw away. Meat consumption had actually gone _up_.
It turns out that you might be better off observing them, whenever possible, than asking people to describe themselves.
What I'm getting at here is, basically, yes, the same applies to "I have nothing to hide" declarations in survey. If people are under the impression that a nice person wouldn't do stuff they need to hide from their neighbours, they'll adjust their perceptions of themselves to think they are (closer to) that ideal nice person.
Additionally, I'd say that a lot of such behaviour changing is probably subconscious anyway. Probably the 89% just didn't spend much time analyzing and second guessing their own actions and conversations, nor asked themselves "exactly why am I not calling my old pal Mohammed Abd Jihad any more?" They just don't, and don't spend time navel-gazing and wondering about it.
For some probably cognitive dissonance kicked in a long time ago, and manufactured an acceptable model and an explanation anyway.
A polar bear is a cartesian bear after a coordinate transform.
So yes, you can control your software. The only pre-existing system you have to rely on is the one that produced the raw materials for the hardware. (And if you distrust dead stars...)
I just read Slashdot for the articles.
You asked ~are you going to read every line?~, as if he'd argued "if, and only if, you read every line, you can enforce your privacy and security."
Which he hadn't.
You refuted a flawed argument that he didn't make.
As always, all IMO. Insert "I think" everywhere grammatically possible.
I believe surveillance, when universal, and when the feeds are available to all, can be an extremely good thing. This essentially emulates small town life, but with the benefit that you have so many people out there, that odds are excellent that you're going to find lots of other people engaging in your behavior, and even better, people will see the context in which your behavior is marinating.
I think this creates a glass house society where you quickly realize that everyone is human, can much more easily sympathize with the poor, and the rich and powerful cannot get away with quite as much.
There are lots of other benefits of doing this, from law enforcement (in a non-Orwellian way) automation, to the relaxation of the executive branch, to having perfect forensic details of all kinds of events that would teach us about human society much faster than we've ever been able to learn about it before, to providing a vast source of entertainment and education.
The only issue with surveillance is when it is not universal and when the feeds are not available to all.
but as long as SOME people CAN do that we're OK. Look at how the DMCA works where even the tools to look at something like De-CSS would be considered illegal. Consider the FCC really wanted to pass the broadcast flag that would REQUIRE all TV decoding software to be locked against the user for public broadcasts! That means no end Users could record the nightly news... the start of re-writing history every few years with nobody to even legally defend against it.
but to enforce DRM they are dependent on government guns! Once there is DRM everywhere backed by the shut-up power of the DMCA there's no legal way to even SAY (because it's illegal to distribute and use tools to even look!) that a piece of software has a backdoor. It only took the FCC goons about 5 minutes to realize they could use that to start locking "entertainment" down... public safety LOVES the combination that's eliminated public scanners of police frequencies.
"If you have nothing to hide, you won't mind me loooking."
"If I have nothing to hide, you have no reason to look. GTFO."
Those 11% of people should be simply shot dead. They're terrorists anyway so why risking wasting resources for example on court cases where some of them try to sue the state for the surveliance using stupid arguments like free speech, privacy and so on.
Of course I'm joking.
Of course some people did take measures. There were cases IIRC where americans were spying on Airbus in order to give Boeing some advantage in contracts where they were bidding against each other. (surely they have reason for spying, they said that Airbus was bribing ... blah blah blah; I mean bribing should be solved by other means than by the other side simply using different dirty trick as countermeasure but that's for other discussion).
And I guess that yes, there is a difference between big multinational corporation and small enterpreneurs and private citizens but still - I think a person does not consider itsef unworthy or something and feels threatened in similar ways by say mentioned data retention. This person's life and business is threatened. Yes, smaller sums of money are involved then in case of Airbus and Boeing. But when in proportion to that persons scale, they are much more important. And additionally, money is not everything.
hany
But more encryption,
I dropped debian and installed OpenBSD :)
According to the Slashdot story...
> "A new survey shows that data retention laws indeed do influence the
> behavior of citizens (at least in Germany). 11% had already abstained from
> using phone, cell phone or e-mail in certain occasions and 52% > would not
> use phone or e-mail for confidential contacts.
According to ABC News Go.com story about the downfall of Elliot Spitzer
at http://abcnews.go.com/Blotter/story?id=4424507&page=1
> Prosecutors reportedly have a series of e-mails and wiretapped phone conversations of Spitzer.
> In a interview two years ago, Spitzer, then-attorney general, told ABC News
> he had some advice for people who break the law. "Never talk when you can
> nod, and never nod when you can wink, and never write an e-mail because it's
> death. You're giving prosecutors all the evidence we need," he said.
What he did miss was not to shuffle money around in a manner that raises the
suspicion of the authorities. It was his financial maneuvering to get money to
the prostitute that was his downfall.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Long story short, the coding error reduced the randomness of the "strong" random number generator so that there were only 32767*3 distinct random number streams. Any application that used OpenSSL's random number generator, for key generation, key exchange or otherwise, got an entropy stream that was predictable based solely on the process ID and processor architecture! SSL and SSH connections made with weak keys could potentially be very easily compromised.
/. -- the Free Republic of technology.
I know that already. That's why it could have easily led to a high profile compromise. A lot of web sites can be modified just by logging in via SSH, which you'd be able to do if you hit the right key for the right user. And with a search space of that many keys, it's easier than a brute force password search.
Ironically it's exactly the people who were careful about using only private keys (myself included) that were affected, and password-only users were much less affected. Of course everyone is affected to some degree, but you wouldn't have to regenerate a password.
Hey, is there any word if diffie hellman key generation was also weak? That could potentially be much much worse than the private key problem because that means ephemeral keys aren't ephemeral after all, and old tcpdump archives could be decrypted.
Sam ty sig.
11% of fuckers are terrorists! We sure need more counter-measures if we are facing such a big threat!
Do I read every line? No. Do I randomly, check submitted patches? Yes. Not all the time, not really that often, but enough that, with enough people like me, the "many eyes" system will work. Not everyone has to check everything, just a bunch of independent people have to check a bunch of things.
Not a sentence!
Sorry about AC ...
.. you're flagged for attention.
.. "doesn't matter" he answered. I've since got the distinct impression that he doesn't trust "blessed" companies like Skype, either.
A very good friend of mine used to be in the Australian Navy, Intelligence division. We rarely live in the same city, or even country, and so have a long history of lengthy phone calls discussing all sorts of things. Much of it pre-voip.
At least 5 or 6 times he's cut short a conversation, saying "shouldn't talk about this kind of thing over the phone". A couple of times he's even cut me off mid sentence. I know I can't ask him too much, but I once questioned him about it a little.
"You just can't say certain things over the phone too many times. Once or twice is fine. Just not too many times" was his reply.
The impression I got from him, and reinforced by my own research afterwards, is that there's a list of words and phrases that are flagged. As he said, once or twice is fine. But mention them again and again, especially on different phone calls
I also once replied "but this is a mobile!"
Has this knowledge changed my behaviour when speaking over the telephone? You bet your fucking ass it has.
He may mean Open Source rather than Free Software.
In open source it is at least possible to look at what the code you are using is actually doing. While it may not be practical for most, the possibility is still there so that if a major problem is found someone can go back and find the culprit.
There is a famous court decision from 1983 where germanys constitutional court applied a new fundamental right not explicitely stated in the constitution.
http://de.wikipedia.org/wiki/Volksz%C3%A4hlungsurteil
One of the important observations of the court was, that even the possibility of beeing wiretapped infringess on citizen rights, because you have to change your behaviour to protect your privacy.
The court stated that every citizen has the right to control what personal data is stored by the government. Each storage of personal data requires a justification.
Yea, can we at least agree that having the source doesn't guarantee security or privacy?
:D), but because Microsoft liked to ignore security concerns in the past, and built a consumer operating system on a platform that wasn't ever intended to operate outside of a closed network.
True, eyes on the code is a good thing, but the debian bug was there since September 2006, so this isn't a shining example of security holes being found and fixed quickly due to having more eyes on the code. I'm not even sure they considered it a bug, someone commented out code on purpose.
I'm making a leap here, but I would have hoped someone in the Debian project was reviewing such HUGE decisions to change the code before pushing it out, but apparently not. I would also hope the same is true of commercial software developers.
BTW, Windows isn't insecure because of mistakes or intentional crippling (most of the time
Question is: Do you trust your government?
If yes, then there is really no bad point in what you wrote.
Even if it is legal for me as a person to learn your secrets, I guess it would be still illegal to abuse them and get your money without your permission. So if I do so, you can fight me. And it would quite fair fight, man against man, some people on my side, some (I believe more) on yours, plus state justice will be helping you.
But if state takes your money, they can "rule" and "redefine" the nature of that act so it wont be a fair fight - you against government.
I guess that if you trust your government and this trust is justified, such data retention is still dangerous to you. Because it broadens the possibilities for criminal elements to do you harm. Criminal maybe wont be able to corrupt some clerk or official to get your data, but he can simply break into some computer. If the data is not there, no harm to you. But if the data exists ...
But if you do not trust your government ... because there are corrupt and/or incompetent people then it's much bigger problem. There is still this alredy mentioned criminal. But he has broader spectrum of means of getting to the data about you. Plus there are those corrupt and/or incompetent government officials which will (either by purpose or simply by accident) use tha data about you to cause you harm.
So to sum it: Trustworthy government should present some good argument for data retention which should outweight the risk I mentioned. Untrustworthy one ... can do whatever they can, we simply have to oppose them. If for nothing else than for our own selfishess - we do not what them to cause us harm.
And I for one do not trust my government. Based on what I know they do. Based on what I hard/red them saying. Based on what I see on the streets and in the country. Simply, based on what I see/hear/feel/..., based on my experience in my country.
hany
I don't see how your comment is insightful. It is pretty obvious that if you are willing to accept any kind of hypothesis then you will never be safe. After all, evil hackers from the government could hack into your computer and plant a backdoor. But on a basic level, if you want to have a greater amount of certainty that your conversation won't be "retained" in order to comply with your local (or with USA) legislations, don't use commercial software. On a medium level, you can google every open source software you are using and do some research, communicate to developers and people from the community to have a better idea on what are you dealing with. As your paranoia increases, you'll need more resources to make sure you aren't "being watched". But the level of certainty you can achieve with open source software is far greater than the level of certainty you can achieve with closed source software. Again, open source isn't a guarantee of anything. But what is anyway?
....outcome.
Sound familiar?
its quantum physics. I forget the name of the experiment that proves this, but on the other hand we have other examples of which we can better understand the why behind it.
Perhaps there is a clue here for quantum physics to understand.
Conscious awareness does influence physical reality.
The "nothing to hide" argument was always a way to shut up opposition by intimidating it with the suggestion that opposing totalitarian information policies was equivalent to admission of being guilty of some undiscovered crime.
Obviously, people DO have things to hide, and it's not always something illegal. Sometimes, it's stuff that's not the government's business, period. Of course, anywhere the government can't look is potentially a "dark corner" for a criminal or threat to the state to hide. But that doesn't mean that the government should try to shine a light from all directions to eradicate all shadows.
It's sufficient to illuminate public space well enough that illegal activities cannot be carried out effectively at a large enough scale to seriously destabilize civil order.
That, and making sure that the government is reasonable about what it makes illegal, and rules by consent of the people, is what is, and has always been, called for.
You see? You see? Your stupid minds! Stupid! Stupid!
... it's a long story, so please be patient:
;-) (j/k)
...
Germany didn't have a proper immigration law for decades, so people who wanted to immigrate had two choices: 1. Either prove they are related to a German, however remote, or 2. Prove they're political refugees in their own country and seek political asylum. Former federal chancellor Helmut Kohl always said "Germany is no immigration country." -- The SPD government that followed after Kohl finally changed the laws. The political asylum law of course has its good implications: People who are pursued by their government because they uttered a word of criticism can find a refuge; but it also means that people who are rightfully persecuted for politically motivated violence, like terrorists, can find a refuge. How can you tell if a political refugee is a terrorist? You can't, until they expose particular behavior.
People with criminal intent used to enjoy various freedoms in Germany. With the introduction of telecommunication law and the "Grosser Lauschangriff" (huge listening attack), that was implemented already by the Kohl government in the mid-90ies, people were alerted to be more careful in what they're doing.
The German Verfassungschutz (constitution protection) tries to watch the movements of suspicious people. Often those people don't even know what's going on until they're caught on their way to a terrorist attack for instance. We have a history of terrorism that reaches as far back as the 1970ies, when the Red Army faction was orchestrating attacks against industry figureheads. So, we had to live with terrorism for almost 40 years. This influenced the way law enforcement operates, and most people know that many operations are basically covert, because if criminals knew they're being watched, they could change their behavior and be harder to observe.
The Constitution Protection also tries to infiltrate suspicious organizations; one noteworthy scandal was when Constitution Protection officials were discovered occupying the highest ranks of the NPD party (nationalist, neo-nazi party).
True terrorists are suspicious of everybody. They don't use phone or e-mail. They personally meet other people and talk things over. Those laws for data caching (Vorratsdatenspeicherung) won't help much against terrorism, except to catch a few of the minor folk who happen to be dumb enough to use public telecommication systems. The only thing these laws achieve is to catch people who think that the internet or the phone system are anonymous, like teens who copy music and computer software that they cannot afford, or immigrants that are oblivious to German law.
I knew some Muslim extremists, and as far as I can tell, they're organized well enough to avoid scrutiny by the government. A former friend of mine got a job at the Frankfurt airport just weeks before the 2001 attack happened, so when I met him after the attacks, I asked him, half-jokingly, "man, where have you been, you terrorist, have you helped with the attacks?" -- This guy used to be not very conformist with Islamic traditions, he loved alcohol, for instance; but after 2001, he changed, and became conformist, like out of the blue. He told me he wouldn't drink alcohol anymore. Some years later, there's no trace left of his family. They moved elsewhere. I only know he's got a job now that takes him around the world as a salesman (he's got talent for that).
Living door-to-door with terrorists, that's what Germany's all about!
As far as I've gathered, they're so paranoid, they meet up in person, they would never use phone or e-mail to communicate important information. "Ah, I'm visiting a friend in (insert remote city)" -- how you can tell what's behind such a thing? It could be entirely innocent after all. And still, I guess the Constitution Protection has to wade through a lot of such phone calls like "hey, buddy, may I visit you in couple of days?"
Also, I noticed that a few people lie about their country of origin, "I'm from country XYZ", and a few weeks later say "I'm from country ABC". You really never know who you are dealing with. I guess, Germany is still a heavenly place for unlawful conduct
I don't think the GP's arguments are as flawed as you claim.
A freedom is only worth as much as what you can do because of it. Since most people lack the resources to audit source code and change anything they don't like, the only advantage open source software offers them from the perspective under discussion is that they are trusting an anonymous group of people who talk up freedom a lot rather than trusting a group of people working for a company who have commercial interests.
This most certainly does undermine the original argument, because it contradicts the claims about all the things you can do just because you're using "free" software.
In short, you could make an argument that open source is a necessary condition for the personal control under discussion, but that is not the same as demonstrating that it is sufficient for the same. And realistically, you ultimately get a "who watches the watchers" problem either way, so I'm not convinced that even the necessity argument is a particularly strong one in practice.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Comment #1 says it all, but none the less ... it still holds true. Just what we need, another study that will help more companies retain data for longer. Oi!
I'll try, but all I have are these rusty, blunt metal tools...
Everyone has SOMETHING to hide.
http://www.answers.com/topic/hawthorne-effect?cat=health/
"This behavior was documented by a research team led by Elton Mayo in the 1920s at the Western Electric Company Hawthorne plant. In studying the effect of lighting on productivity, the researchers found that, regardless of the lighting conditions introduced, productivity improved."
I used to carry a knife with me every time I flew. That's a crime now. When I was in high school I dated someone two years my junior. That's a crime now. When I was sixteen I drove a car at night on the highway with two passengers. That's a crime now. Last night I used the Internet to see pictures of one nekkid girl spanking another nekkid girl. In England, that's a crime now -- or may soon be, and if my ISP has been retaining records on me, hell, I've basically told the police to please come take my computer and maybe even my children, you know, just in case.
Over and over again I read stories about how another government has become something to avoid, conceal from, lie to, be ashamed of. It's more and more necessary for citizens to hide their actions, because at any moment their government will change its mind about what's right and what's wrong.
This is not my sandwich.
I heard once that at Google there are displays in the lunch room and such that show, in real time, the words that people are searching for.
I know I think about this fact every time I do a Google search.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
I like your argument - freedom to enforce your own privacy and security is something made easier when you have the source code.
But, you assume that the existence of closed-source software lets corporations and governments "control" our tools. We can still always write our own; commercial software is just yet another option should a person want it. ("Tools for jobs", etc.)
Corporations want money, not necessarily control. Freedom is valuable; software that gives more freedoms than others is more valuable. People will pay more for it. The Amazon MP3 store is a good example of this - adequate competition within a market will eventually lead to a superior (no DRM!) product.
Since more powerful software makes more money than crippleware, someone will eventually take the "good" route - even if it's just for simple greed. Then again, even if the software exists to control our media, it requires legislation to enforce and maintain that control.
I guess I'm trying to say that while free software definitely makes it (massively) easier to "enforce your own privacy and security", commercial software doesn't necessarily take it away. Something like that requires a market with zero competition and government cooperation.
DATABASE WOW WOW
These spammers who spam me sure don't know my penis size ... so ..
... My wife will say otherwise..
I'm sure not having to worry about that privacy bit myself!
Woohoo! I knew there was a reason to live !
"Increase your penis size now" or "Your penis is too short"
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
A freedom is only worth as much as what you can do because of it.
That is not true. Even if a freedom is no particular use to you directly, you may benefit by other people exercising their freedom. I may never modify a single line of open source code, but I benefit immensely from all the people who have. Without them I wouldn't have a desktop with a powerful command line and virtual desktops.
Give me Classic Slashdot or give me death!
Damn those pesky terrorists
Surveillance and data retention policies that are over the top will and do create a panopticon society where behaviors change to those expected of the implementers. It just drives everything offline and underground.
Of course, at that point you can't access DRM-protected content, but err... that's kind of the point.
Microsoft even makes it easy to disable the DRM-protected data path in Vista. Just install a non-signed driver.
Actually, the explanation may be a bit less dramatic than that. German taxes are very high—and avoiding them is a widely practiced art. For example, there's a large black market in skilled labor. If you have in a plumber, carpenter or painter to do some fix-up work, you generally call someone recommended by a friend, and you pay cash. There's a substantial discount for cash transactions between people who trust each other. Inheritance taxes are quite high, so a lot of Germans hold gold or other valuables, and simply tell their heirs where the keys are.
Naturally, you are not going to want to talk about this stuff over the phone when you know that the government is listening. My 75 year old aunt who lives in Germany recently hung up on me when I innocently brooked one of these subjects during a phone conversation recently.
She later casually mentioned that there's a new German law that all phone conversations will be recorded and retained for a certain period of time...to deter the terrorists, of course. I thought I was paranoid, but I guess I still have something to learn from the old lady.
Great men are almost always bad men--Lord Acton's Corollary
It was intended as a generic "you", i.e., "A freedom is only worth as much as one can do because of it."
Your point about others being able to do things even if you personally can't is valid, but this is where my trust argument comes in: just because some hypothetical other person could check the source code, that doesn't help you unless you trust the other person. In practice, just as it is unlikely that any individual has the resources to fully audit and fix the code, so it is unlikely that any individual will have a contact they personally know well enough to trust on this who is able to do the auditing and fixing. Instead, some sort of organisation with more resources would have to do it. But then how do you know you can trust that auditing organisation any more than you trusted the people who supplied the software in the first place? And so the cycle continues, ad infinitum.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
make sure we keep talking", as Pink Floyd so nicely put it.
Also, it makes the assumption that opensource programmers are inherently more ethical than closedsource programmers. And this is not necessarily so, since there are good and bad people everywhere, in every field of endeavour.
[flamebait]If anything, my observations of the slashdot herd mentality lead me to believe it's probably the other way around.[/flamebait]
~REZ~ #43301. Who'd fake being me anyway?
On the face of it, the obvious answer is "hell yes." People should be allowed to make whatever private arrangements they want to, provided it doesn't interfere with the rights of others. That is a very fundamental aspect of liberty, and I doubt anyone can make a good argument that mom'n'pop have a right to some sort of minimum network speed (if they do have that right, then please tell me what everyone's minimum bandwidth right is, because I don't think I'm getting my share of it).
There's a catch, though. We're not talking about networks in general. We're talking about Comcast, AT&T, etc. These companies have government-granted monopolies, and already exist in a regulated environment. If they don't want that regulation, they're free to give up their government-given preferential treatment and build a truly private network. That network would (and should) be just as unregulated as your own (I'm talking to you, Slashdot reader) personal LAN, which you can use or resell or lease however you desire.
That they choose to retain their privileges, things that you and I and any new competitor would not have, signals that they have traded some liberty for those perks. There's nothing unfair about public policy restricting how they use their "private" networks, because we're not really talking about truly private networks. We can't take a "hands off" approach to this one aspect of their networks, because so much else about it is already not "hands off."
When you're talking about government-granted monopolies, there's no such thing as laissez faire. It just doesn't make sense. Laissez faire is for everyone else, who isn't obtaining special perks from government. There's just no question about fairness and liberty, when we're talking about Comcast and AT&T. The question is merely what quid-pro-quo deal maximizes public interests while still being acceptable to someone who is willing to take the deal. If Comcast and AT&T don't like our offer, they are free to Just Say No, and take their ball and go home. Their liberty is not at stake.
So, with that in mind, on to a few choice quotes:
Is there any iota of a hint, that Comcast isn't making enough profit already? Has Comcast said that if their profit isn't increased, they will opt to not renew their franchises with local governments?
Think about how absurd and unlikely and unsupported that is. We should be negotiating as hard as possible, and marginalizing their profit as much as we can. That's free market conservatism, asshole. Their profit is their problem.
"..invite the government?" What planet are yo
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
That's such a beautifully framed piece of paranoia that I don't know whether to laugh, cry or do both.
It's complete horseshit, of course, but still funny.
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
"I understand your whole argument except the 'free software' implication. I don't see how paying for software, or getting it for free, has anything to do with one's ability to preserve privacy and political security..."
"Free" has two meaning (1) "Free beer" means you don't have to pay and (2) "Free Speach" means you are no t trestricted or "free" as in non-slave
When we say "free software" we mean the second kind, software that is free is restrictions. Many times this software is also given away at no cost. but the no-cost part is only a side effect.
That said very, very few people care about "freedon", "rights" and all that rubish. Money matters more to most people. So when they hear "free software" all they care is that they don't have to pay.
"Since most people lack the resources to audit source code..."
While that's true, it's false within context.
It's true that most people lack the resources to audit source code since it's true that most people (as in 2 out of 3) lack resources beyond bare survival.
It's false within context since you were obviously talking about first world people and they do not lack resources to audit source code as long as there are those funny colored paper notes within their wallets: they pay really big mortages for their homes, for their cars, for their plasma TVs... What they are lacking is interest to expend resources towards such a goal. Not to say this is good or bad, it's free market after all, but please don't tell they lack the resources.
And if they spend the resources, how do they know they can trust what the person they pay tells them? After all, this entire discussion is predicated on the fact that they already can't trust other people who are being paid for their services and software.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
But then how do you know you can trust that auditing organisation any more than you trusted the people who supplied the software in the first place? And so the cycle continues, ad infinitum.
You raise a valid question, and I'd answer it this way: You have to place your trust based on the results.
Thus far, the results coming out of some commercial companies —I'm looking at you MS, Sony— indicate that they in fact do underhanded things. They do in fact incorporate 'features' that serve only their interests and are in direct detriment of the owner of the box.
On the other hand, the results thus far indicate that free-source software does not for the largest part.
In either case you can choose whom to trust, and there are good solid commercial companies trying to compete in the basis of sturdy and useful products just as there are shady groups of internet thugs releasing trojan-infested apps. It all comes down to education, one can perfectly and often does run systems with combination of FOSS and commercial software.
Again, some people can't be bothered, and some others would but don't even know they should. Those who do know and do care are a very small subset of the population and they are already choosing their providers based on similar criteria to what I just described, so it really isn't a serpent eating it's tail, there are some checks and balances that are fed back into the cycle.
+Raider of the lost BBS
"And if they spend the resources, how do they know they can trust what the person they pay tells them?"
I wonder how is it possible to be so lacking on common sense whenever these "new technologies" are involved.
How can you know? Exactly like in *everything* else. How can you be confident about press, about science or about an airplane? In fact, take an airliner for an example: there are exactly *zero* persons in the whole world able to build a multijet civil airplane on their own, even if given a (theoretical) infinite amount of time and money, from the rubber composition of the tires, to the blueprints, controlling software, metal alloys, etc. still we know those things do flight (because we see them) and we are (and certainly can be) quite confident about the flying conditions of a new model once they reach civil aviation companies: peer review, proper auditable techniques and even ethic track records are available just the same about source code than about everything else.
If not the only, maybe the most important reason (within limits) to be confident about the audit given by a proven proffesional is that *both* you and him do know there's nothing that prevents you to contact a second unrelated auditor to check his results quite akind the so known "panoptic effect".
"After all, this entire discussion is predicated on the fact that they already can't trust other people who are being paid for their services and software."
Not at all. Regarding privative software is not that you can't trust *anybody* but that you can't trust any party when said party is confident about his cheating going unnoticed. In other words, this is not about software, but about the fact that you can't trust everybody to pay respect to Kant's cathegorical imperative.
The source being available deosn't make it perfect, but it does give you perfect control over it, which is the big difference versus proprietary software. You can use that control to assert privacy and security, if you have the technical means. I really don't understand how people can misunderstand my original post so badly.
Sam ty sig.
No I agree, having source is important, but here we do have an example of an open source project suffering from a self inflicted vulnerability due entirely to the fact that the code COULD be modified by the maintainers, and then we have a 1+ year period where all the eyes on the code failed to find the problem.
So, source is important, but I would strongly disagree that having the source of a program guarantees you anything at all, in fact it doesn't even guarantee that most people running the program have matching source for their binaries in the first place, most people don't check or can't read C.
Once again, "if you have the technical means". It's exhausting repeating the same thing over and over while you're arguing with something I didn't even say.
Sam ty sig.
this as well as the fact that no matter how secure your software or OS is you also need to take into account hardware- all it itakes is one jackass to write a few lines into silicon and there isn't much that you can do about it- and you can guarantee that if people like M$ don't have the ability to monitor and control the OS that they will push collusion to intel or broadcomm to do it for them
Seeing as how this mess started out with somebody who had the effrontery to cover the breasts of a marble statue of Lady Justice, I'm willing to wager that all kinds of people have changed their behavior since "Wiretaps'R'U.S.".
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
I love how he replied to the same post with two socks, kinda like a Dr. Jekill and Mr. Hyde thing. The man has some serious issues.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
/. -- the Free Republic of technology.