How can you even know if the code you download off the manufacturers' web sites hasn't been tainted during production?
You can't, but you can be quite sure that the manufacturer will take serious measures to make sure this doesn't happen. This protection against tampering to compromise computers just piggybacks on more general protections to keep firmware sound, such as tests to make sure there are no bugs in the firmware that cause data loss, and that software published on the web site is the software the company intends to publish.
This for the simple reason that one mistake here may result in bankruptcy, as people may lose trust in the whole company. Without trust in its products by its customers, a company can't survive - especially when it's about storing valuable data.
Most likely there are no such tools as no-one thought it could be a vector of infection. Just like the BIOS; which used to be a non-reprogrammable ROM chip. I for one didn't know current hard drives even had firmware that can be replaced by the user, let alone that it may be a potential attack vector for malware.
Depending on how hard it is to read the installed firmware from a hard drive (is this even possible in the first place?) it shouldn't be too hard to write a tool that can read the firmware, and calculate a checksum for verification. The hard part is going to be, how do you know that your software gets the actually installed firmware - or just a known good but inactive piece of code provided by a compromised firmware, pretending that this is the software that's installed? The moment a firmware is installed, you probably need to call onto that very firmware to get a copy of it from the drive. Unless this read-firmware routine is provided by a special, hard coded circuit.
Exactly. What people also forget is that it's not just about the whiteboard, it's at least as much about the beers afterwards. Getting to know your colleagues in person helps a lot in getting cooperation going (it helps you interpret the writing in their e-mails properly, for example).
There is no real substitute for in-person meetings. And considering the problem at hand has already the budget of flying people around to get it solved, you'd better make use of it.
I'm coding alone at the moment, and because I have no-one to bounce ideas off, I frequently find myself heading into dead-ends because the problem domain I'm dealing with is very large, and as there's no-one to discuss things with, I need to prototype to find my mistakes. Then I have to go back and rewrite.
Start with a partner or friends. If it's about UI issues or related things, they don't need to be programmers or versed deep into the problem at hand. People that know nothing about it actually can at times give you the best ideas, exactly because they know nothing about it and haven't yet restricted their minds by thinking about it. The programmatic implementation itself of course you have to do yourself, but that's generally the straightforward part (after you properly defined the problem, and the solution you want to work towards).
Part of the problem this is not that big news may be that it's about the US, where power outages and the like are the order of the day. Just ask around on/.: how many of you Americans routinely install a UPS in your home? How many have a generator on hand? Now compare this to the non-Americans that live in what we commonly call the "developed world".
Even emergency services were affected. Something that many Americans find so important that it's always used as a major argument against banning/jamming mobile phones in movie theatres and so, or as key reason primary school kids must carry a phone on them at all times. Even this major service was disrupted. So no matter what, something was terribly wrong here, and some company did not get their redundancies and automatic rerouting right.
Good chance the thieves found out the pipe didn't contain any copper the moment they cut it through. This is supported by the observation that, according to TFS, the pipe was just cut at one place, and nothing had been removed.
So all those important communication lines went trough a single pipe, with no backup, and that pipe was fully exposed to boot? That's just asking for trouble.
Lots and lots of minor fixes and changes add up to serious architectural rework. Ground-breaking new features are added when ready - one by one - every few months it seems I read about another major change to the kernel - so after a while you have several such major features added, it's unreasonable to add a major number every time.
So while I agree with your general ideas, it's certainly not that easy in the "release early, release fast" world of open source software, as with the fairly rapid addition of many bigger and smaller features to the kernel, and the fairly frequent release of new versions. Alternatively you may just have stick to major versions, like recently Firefox (currently my Firefox is at version 35) and Chrome (no idea what number they're at now) are doing, and as a result indeed the numbers are big enough that you can't really distinguish them. Which is bound to happen sooner or later to any piece of software that's under active development for a prolonged time.
Not sure about this, but the SCMP (local HK news paper) reported about people sending cheques to this company. That's real money, not BTC, that they gave that company. Details are thin, but it seems that this company asked for payment for to-be-mined BTC. At least they were running a BTC mining operation as well.
Maybe they bought a flat in 2003 (end of the SARS period), and sold it recently. They'd have easily tripled their money in that period of time (the housing market has gone up by that much, and it still going up fast - Hong Kong property prices are currently between ridiculous and simply out of this world). If they bought a $2M flat in 2008, they could sell it for like $6M now. That'd be $4M cash profit in hand, plus whatever they have left after paying off the original mortgage. Or take out a new mortgage based on the current value, mortgage interests are around 3% with banks all too happy to sell you mortgages.
Why would they have the right to "preferential treatment" compared to, say, the parents of the children killed at Sandy Hook?
That perpetrator was not considered "terrorist". Yet his victims were children (who did nothing to him), while this Jordanian pilot was a fighter himself, who knowingly and willingly put himself in harms way.
With click-through rates in the ppm range nowadays, that's probably not worth the effort.
Lots of advertising on the Internet is probably going back to basics: designed as non-interactive, like in newspapers or magazines, just making sure people see a brand name again and again and that way when they are in a shop making a decision to buy a phone, they go for the brand that they know so well from the advertising.
I'm not particularly interested in the 'sustainability' of the Internet. Google and a couple of other companies that have more money than the Catholic Church can worry about that. I'm interested in my privacy and peace of mind.
I am not going to cry if the commercial ventures on the Internet die. IMHO, the Internet was better back in 1994-5 anyway when it largely was NOT commercial!
Define "commercial".
I have a web site that I pay for and maintain myself. It's a purely commercial web site, yet it's free and there are no ads: this as it's the front of my company. It's advertising my tour business, and is visited by people that are interested in my tours, and allows them to book tickets to tours. I also add general information on hiking in Hong Kong, which people may use to set out by themselves. It's set up for purely commercial reasons, and I think such commercial sites are by and large a great addition to the Internet. I'm using such sites myself: to find information on products, to order stuff from. The Internet would lose a lot of its value if such commercial sites would all disappear and we would have to resort to calling companies, visiting their shops (which may be the other side of the world) to get a catalogue, etc.
For my business it is a great help to have this site, I sell a lot through it. It makes the whole ticket sales easier as well (very little manual interaction from my side needed). I wouldn't want to do without - people can't find me nor can they easily get the information about my tours that they need to make a decision on whether to join, ticket sales would become cumbersome; basically I'd have to close this part of my business.
What would be great if lots of this "targeted advertising" and collection of personal information goes. So I'm still running AdBlock Plus and Flashblock, and recently installed Self Destruct Cookies - an add-on that destroys cookies moments after you leave the site. Sure you have to re-login all the time, which LastPass makes dead easy, it does take care of most of the tracking across sites by outfits like Google and Facebook. This is just one aspect of the commercialisation of the Internet, something that my commercial use of the network can perfectly do without. I'm even collecting only the most basic information of my clients: name (I don't care if it's their real name - they just have to give me that name when they show up at the start), telephone and e-mail. All I need to be able to contact them, and for them to claim their place on the tour.
I think the problem in labelling every cyber criminal a terrorist is that it dilutes the whole importance of the label when you're dealing with actual terrorsts.
I'd call that an advantage.
At the moment, the governments of various countries (the UK and the US most notably, but there are more) can take away many civil liberties and civil rights from people just by labelling them "terror suspect". No actual evidence is needed, just a suspicion. This can block you from flying, for example. They can throw you in jail, possibly for years without charge (see Guantanamo Bay for example). Can't do that with even rape or murder suspects: you can't keep them in jail indefinitely without charge and without trial. You're possibly better off suspected being the director of a snuff movie which shows how to prepare and cook a human child, than you are after talking to your long lost uncle who happened to have made a small donation to a Muslim organisation which is affiliated to a mosque which is attended by a suspected Al Quaeda sympathiser.
Terrorists should be dealt with the same way other criminals are dealt with. They're criminals, plain and simple. They may do it for political, ideological or even religious reasons - they're still criminals: murderers, extortionists, computer hackers, whatever. That are the more appropriate labels.
Encrypted e-mail is to this day not straightforward, if possible at all. I just checked my e-mail client, Claws Mail. It doesn't have an option to encrypt e-mail. Maybe in an extension; it's not in the client itself. Using encryption securely is hard, really hard. So many ways it can go wrong, so easy to make a mistake and compromise your key making the whole thing moot.
Furthermore, I don't know of any current standard for e-mail encryption that is widely supported. No idea on how to create a key - let alone how to securely and easily exchange keys with random recipients (like a client who calls me asking me to send them some information by e-mail).
Now imagine e-mail encryption is commonplace. The obvious way to send an encrypted mail to someone would be to pull their public key from some kind of repository (which as yet doesn't exist but let's just imagine it does and that every e-mail address that's in use has a key pair) - the one that belongs to their e-mail address - the e-mail address you're going to send the information to - and which may be someone else's entirely as I wrote it down incorrectly. So while anyone in transit can not read it, the recipient of the e-mail will have the private key (after all, it's the public key that belongs to that e-mail address). So this doesn't solve the problem at hand!
I won't say e-mail encryption is useless, it does help snooping on the way, but it is also definitely not the one all end all.
When you eat properly, there is no need for any vitamin supplement, period. You can get all vitamins and minerals and whatnot from your food - people have done just that for thousands upon thousands of years. There's no reason why we suddenly can't do that any more.
Food science is just crazy. Too much pseudo-science. All those fancy diets, not mixing carbs, fats and proteins in one meal, the current superfoods ("it's all you need!") - it just doesn't make sense.
I've never limited the amount of food I take, though I generally try to go for natural and avoid processed food. I cook my own dinners at home (most days), and make sure there's vegetable included as well. Snacks are often fruit (fresh or dried), rather than crisps or biscuits. Another thing is that I try to keep my diet varied, eating many different things. All this should ensure I get all I need, in sufficient quantities, and in the meantime I can really enjoy what I'm eating. It seems to work really well, without much thought (or worries) about it I do keep myself in shape. I've lost quite some of my waistline over the past year, in part due to my current job as tourist guide which means I'm walking a lot - easily 8 hours a day on my feet, for several days a week.
The problem for most people nowadays is most likely 1) lack of movement, and 2) lots of processed foods (high nutrient density - doesn't make you feel full nearly as fast as natural food does).
Many people nowadays sit in their office all day, then sit in the car going home, pass by a drive-through restaurant to pick up junk food and sit in the car eating it (this part for the Americans typically), and sit on the couch most of the evening watching TV before going to bed. No walking. Not even the walk to the train station, no sports, no physical exertion ever. That's asking for problems. People are designed to be active, to walk around all day, construct things with their hands. We're designed to handle natural food sources which by nature are unprocessed and very varied: there's simply a lot of edible things around in this world.
This is why I got to my rather simple philosophy of remaining active, eating varied, and basically eating as much as you like when it comes to unprocessed foods.
In that case, they would be allowed to block any robocalls originating from their network (because those customers are violating their contract); not the ones entering their network. That'd be a legal quagmire: how do they know for sure it's a robocall until it's answered and listened in to? They're not legally allowed to listen in to calls, a warrant is needed for that.
NSA et.al. work in secret, outside the law. Formally they're covered by the law, but the problem is that this includes many secret laws giving them lots of leeway, and if the law gets in the way they'll ignore it anyway.
The FCC and phone companies however work more in the open, and are bound by the law. One such laws says that the phone company must do their best to make all phone calls come through, no matter the content. This is typical part of being a common carrier (like the postal service): they can not discriminate against content, they have to put through the message, and also are not liable for any content of the message.
While technically easy, it's legally not so. The phone company must put through those calls, even if they know this are robocalls and the customer doesn't like robocalls. The customer however is free to install blockers on their phone, or to have their calls rerouted through a third party which helps them filtering the calls. This is exactly how it's done now.
Finally, you should really equate this with Internet filters. They're hated here - yet phone filters are asked for. Phone filters can also be used to block political rivals and let your own calls go through, for example. That will give your party an edge at the next elections.
Who's ever going to listen to voice mail, knowing that the ten voice mail messages the system has waiting for you are recordings of a robocall, because thanks to the white list all robocalls are automatically sent to voicemail?
Technically, I'm sure is totally doable. Myself I have an app called "SudioKuma Call Filter" installed, this is a blacklist for Hong Kong local junk calls. Also I am on a government do-not-call list, which blocks robocalls, but allows calls made by humans - the call filter takes care of that one. They have a blacklist of some 20k numbers, and a whitelist of some 162k numbers, so far less than what this company is dealing with. The size of that blacklist (TFA mentions 850,000 numbers, and hundreds of changes a day) may be an issue for a regular phone, particularly the database lookups may be too slow for it to work well.
More of an issue is that most land line phones (at least the ones that I used when I still had a land line, this may have changed) do not have any significant computing power in them. They may have a small memory for some fast calls or a simple address book; nothing near the computing power of a mobile phone - which is comparable to that of desktop computers less than a decade older.
Actually, no. In order to do the more involved things, "physical observation, bugging rooms, and breaking into phones or computers", they have to get a warrant.
No need for that. They only have to get a warrant if they want to use the evidence in a court of law - most intelligence gathered by the secret services (which is what this is about, not about police investigations) never makes it to the court, and is not even intended for that purpose. Only when they want to actually go and catch someone they start to play by the books - that moment it's getting simple as they know everything already, just have to redo bits of their work the proper way.
"Allow us to break encryption, or we go back to the methods we've been using for decades, if not centuries!" Because that's exactly what they say they have to "start using": methods that have been used for a very long time. Methods that overall worked quite well.
One serious issue with that one - the same issue with WhatsApp:
It's free forever. No ads, no subscription fees.
Now how're they going to pay their developers, their (cloud) servers, etc? These apps don't come into existence by themselves. They don't maintain themselves. Those servers also cost real money to run and maintain. Doesn't sound sustainable to me.
WhatsApp was supposed to be free for a year, after which you were to start paying a small yearly fee. Apparently even that part they dropped, as I'm using it for well over a year and have never had to pay anything. Now how WhatsApp is paying for the service they provide me I don't know - they don't sell ads on the platform, and they claim at least they don't sell my personal information (message content, whatever) to third parties.
Slashdot Mirror
How can you even know if the code you download off the manufacturers' web sites hasn't been tainted during production?
You can't, but you can be quite sure that the manufacturer will take serious measures to make sure this doesn't happen. This protection against tampering to compromise computers just piggybacks on more general protections to keep firmware sound, such as tests to make sure there are no bugs in the firmware that cause data loss, and that software published on the web site is the software the company intends to publish.
This for the simple reason that one mistake here may result in bankruptcy, as people may lose trust in the whole company. Without trust in its products by its customers, a company can't survive - especially when it's about storing valuable data.
Most likely there are no such tools as no-one thought it could be a vector of infection. Just like the BIOS; which used to be a non-reprogrammable ROM chip. I for one didn't know current hard drives even had firmware that can be replaced by the user, let alone that it may be a potential attack vector for malware.
Depending on how hard it is to read the installed firmware from a hard drive (is this even possible in the first place?) it shouldn't be too hard to write a tool that can read the firmware, and calculate a checksum for verification. The hard part is going to be, how do you know that your software gets the actually installed firmware - or just a known good but inactive piece of code provided by a compromised firmware, pretending that this is the software that's installed? The moment a firmware is installed, you probably need to call onto that very firmware to get a copy of it from the drive. Unless this read-firmware routine is provided by a special, hard coded circuit.
Exactly. What people also forget is that it's not just about the whiteboard, it's at least as much about the beers afterwards. Getting to know your colleagues in person helps a lot in getting cooperation going (it helps you interpret the writing in their e-mails properly, for example).
There is no real substitute for in-person meetings. And considering the problem at hand has already the budget of flying people around to get it solved, you'd better make use of it.
I'm coding alone at the moment, and because I have no-one to bounce ideas off, I frequently find myself heading into dead-ends because the problem domain I'm dealing with is very large, and as there's no-one to discuss things with, I need to prototype to find my mistakes. Then I have to go back and rewrite.
Start with a partner or friends. If it's about UI issues or related things, they don't need to be programmers or versed deep into the problem at hand. People that know nothing about it actually can at times give you the best ideas, exactly because they know nothing about it and haven't yet restricted their minds by thinking about it. The programmatic implementation itself of course you have to do yourself, but that's generally the straightforward part (after you properly defined the problem, and the solution you want to work towards).
Part of the problem this is not that big news may be that it's about the US, where power outages and the like are the order of the day. Just ask around on /.: how many of you Americans routinely install a UPS in your home? How many have a generator on hand? Now compare this to the non-Americans that live in what we commonly call the "developed world".
Even emergency services were affected. Something that many Americans find so important that it's always used as a major argument against banning/jamming mobile phones in movie theatres and so, or as key reason primary school kids must carry a phone on them at all times. Even this major service was disrupted. So no matter what, something was terribly wrong here, and some company did not get their redundancies and automatic rerouting right.
Good chance the thieves found out the pipe didn't contain any copper the moment they cut it through. This is supported by the observation that, according to TFS, the pipe was just cut at one place, and nothing had been removed.
So all those important communication lines went trough a single pipe, with no backup, and that pipe was fully exposed to boot? That's just asking for trouble.
Lots and lots of minor fixes and changes add up to serious architectural rework. Ground-breaking new features are added when ready - one by one - every few months it seems I read about another major change to the kernel - so after a while you have several such major features added, it's unreasonable to add a major number every time.
So while I agree with your general ideas, it's certainly not that easy in the "release early, release fast" world of open source software, as with the fairly rapid addition of many bigger and smaller features to the kernel, and the fairly frequent release of new versions. Alternatively you may just have stick to major versions, like recently Firefox (currently my Firefox is at version 35) and Chrome (no idea what number they're at now) are doing, and as a result indeed the numbers are big enough that you can't really distinguish them. Which is bound to happen sooner or later to any piece of software that's under active development for a prolonged time.
Not sure about this, but the SCMP (local HK news paper) reported about people sending cheques to this company. That's real money, not BTC, that they gave that company. Details are thin, but it seems that this company asked for payment for to-be-mined BTC. At least they were running a BTC mining operation as well.
Maybe they bought a flat in 2003 (end of the SARS period), and sold it recently. They'd have easily tripled their money in that period of time (the housing market has gone up by that much, and it still going up fast - Hong Kong property prices are currently between ridiculous and simply out of this world). If they bought a $2M flat in 2008, they could sell it for like $6M now. That'd be $4M cash profit in hand, plus whatever they have left after paying off the original mortgage. Or take out a new mortgage based on the current value, mortgage interests are around 3% with banks all too happy to sell you mortgages.
Why would they have the right to "preferential treatment" compared to, say, the parents of the children killed at Sandy Hook?
That perpetrator was not considered "terrorist". Yet his victims were children (who did nothing to him), while this Jordanian pilot was a fighter himself, who knowingly and willingly put himself in harms way.
With click-through rates in the ppm range nowadays, that's probably not worth the effort.
Lots of advertising on the Internet is probably going back to basics: designed as non-interactive, like in newspapers or magazines, just making sure people see a brand name again and again and that way when they are in a shop making a decision to buy a phone, they go for the brand that they know so well from the advertising.
I am not going to cry if the commercial ventures on the Internet die. IMHO, the Internet was better back in 1994-5 anyway when it largely was NOT commercial!
Define "commercial".
I have a web site that I pay for and maintain myself. It's a purely commercial web site, yet it's free and there are no ads: this as it's the front of my company. It's advertising my tour business, and is visited by people that are interested in my tours, and allows them to book tickets to tours. I also add general information on hiking in Hong Kong, which people may use to set out by themselves. It's set up for purely commercial reasons, and I think such commercial sites are by and large a great addition to the Internet. I'm using such sites myself: to find information on products, to order stuff from. The Internet would lose a lot of its value if such commercial sites would all disappear and we would have to resort to calling companies, visiting their shops (which may be the other side of the world) to get a catalogue, etc.
For my business it is a great help to have this site, I sell a lot through it. It makes the whole ticket sales easier as well (very little manual interaction from my side needed). I wouldn't want to do without - people can't find me nor can they easily get the information about my tours that they need to make a decision on whether to join, ticket sales would become cumbersome; basically I'd have to close this part of my business.
What would be great if lots of this "targeted advertising" and collection of personal information goes. So I'm still running AdBlock Plus and Flashblock, and recently installed Self Destruct Cookies - an add-on that destroys cookies moments after you leave the site. Sure you have to re-login all the time, which LastPass makes dead easy, it does take care of most of the tracking across sites by outfits like Google and Facebook. This is just one aspect of the commercialisation of the Internet, something that my commercial use of the network can perfectly do without. I'm even collecting only the most basic information of my clients: name (I don't care if it's their real name - they just have to give me that name when they show up at the start), telephone and e-mail. All I need to be able to contact them, and for them to claim their place on the tour.
I think the problem in labelling every cyber criminal a terrorist is that it dilutes the whole importance of the label when you're dealing with actual terrorsts.
I'd call that an advantage.
At the moment, the governments of various countries (the UK and the US most notably, but there are more) can take away many civil liberties and civil rights from people just by labelling them "terror suspect". No actual evidence is needed, just a suspicion. This can block you from flying, for example. They can throw you in jail, possibly for years without charge (see Guantanamo Bay for example). Can't do that with even rape or murder suspects: you can't keep them in jail indefinitely without charge and without trial. You're possibly better off suspected being the director of a snuff movie which shows how to prepare and cook a human child, than you are after talking to your long lost uncle who happened to have made a small donation to a Muslim organisation which is affiliated to a mosque which is attended by a suspected Al Quaeda sympathiser.
Terrorists should be dealt with the same way other criminals are dealt with. They're criminals, plain and simple. They may do it for political, ideological or even religious reasons - they're still criminals: murderers, extortionists, computer hackers, whatever. That are the more appropriate labels.
Encrypted e-mail is to this day not straightforward, if possible at all. I just checked my e-mail client, Claws Mail. It doesn't have an option to encrypt e-mail. Maybe in an extension; it's not in the client itself. Using encryption securely is hard, really hard. So many ways it can go wrong, so easy to make a mistake and compromise your key making the whole thing moot.
Furthermore, I don't know of any current standard for e-mail encryption that is widely supported. No idea on how to create a key - let alone how to securely and easily exchange keys with random recipients (like a client who calls me asking me to send them some information by e-mail).
Now imagine e-mail encryption is commonplace. The obvious way to send an encrypted mail to someone would be to pull their public key from some kind of repository (which as yet doesn't exist but let's just imagine it does and that every e-mail address that's in use has a key pair) - the one that belongs to their e-mail address - the e-mail address you're going to send the information to - and which may be someone else's entirely as I wrote it down incorrectly. So while anyone in transit can not read it, the recipient of the e-mail will have the private key (after all, it's the public key that belongs to that e-mail address). So this doesn't solve the problem at hand!
I won't say e-mail encryption is useless, it does help snooping on the way, but it is also definitely not the one all end all.
The problem is that it's often really hard to distinguish between the two for those who are not deeply involved in the field.
When you eat properly, there is no need for any vitamin supplement, period. You can get all vitamins and minerals and whatnot from your food - people have done just that for thousands upon thousands of years. There's no reason why we suddenly can't do that any more.
Food science is just crazy. Too much pseudo-science. All those fancy diets, not mixing carbs, fats and proteins in one meal, the current superfoods ("it's all you need!") - it just doesn't make sense.
I've never limited the amount of food I take, though I generally try to go for natural and avoid processed food. I cook my own dinners at home (most days), and make sure there's vegetable included as well. Snacks are often fruit (fresh or dried), rather than crisps or biscuits. Another thing is that I try to keep my diet varied, eating many different things. All this should ensure I get all I need, in sufficient quantities, and in the meantime I can really enjoy what I'm eating. It seems to work really well, without much thought (or worries) about it I do keep myself in shape. I've lost quite some of my waistline over the past year, in part due to my current job as tourist guide which means I'm walking a lot - easily 8 hours a day on my feet, for several days a week.
The problem for most people nowadays is most likely 1) lack of movement, and 2) lots of processed foods (high nutrient density - doesn't make you feel full nearly as fast as natural food does).
Many people nowadays sit in their office all day, then sit in the car going home, pass by a drive-through restaurant to pick up junk food and sit in the car eating it (this part for the Americans typically), and sit on the couch most of the evening watching TV before going to bed. No walking. Not even the walk to the train station, no sports, no physical exertion ever. That's asking for problems. People are designed to be active, to walk around all day, construct things with their hands. We're designed to handle natural food sources which by nature are unprocessed and very varied: there's simply a lot of edible things around in this world.
This is why I got to my rather simple philosophy of remaining active, eating varied, and basically eating as much as you like when it comes to unprocessed foods.
In that case, they would be allowed to block any robocalls originating from their network (because those customers are violating their contract); not the ones entering their network. That'd be a legal quagmire: how do they know for sure it's a robocall until it's answered and listened in to? They're not legally allowed to listen in to calls, a warrant is needed for that.
NSA et.al. work in secret, outside the law. Formally they're covered by the law, but the problem is that this includes many secret laws giving them lots of leeway, and if the law gets in the way they'll ignore it anyway.
The FCC and phone companies however work more in the open, and are bound by the law. One such laws says that the phone company must do their best to make all phone calls come through, no matter the content. This is typical part of being a common carrier (like the postal service): they can not discriminate against content, they have to put through the message, and also are not liable for any content of the message.
While technically easy, it's legally not so. The phone company must put through those calls, even if they know this are robocalls and the customer doesn't like robocalls. The customer however is free to install blockers on their phone, or to have their calls rerouted through a third party which helps them filtering the calls. This is exactly how it's done now.
Finally, you should really equate this with Internet filters. They're hated here - yet phone filters are asked for. Phone filters can also be used to block political rivals and let your own calls go through, for example. That will give your party an edge at the next elections.
Who's ever going to listen to voice mail, knowing that the ten voice mail messages the system has waiting for you are recordings of a robocall, because thanks to the white list all robocalls are automatically sent to voicemail?
Technically, I'm sure is totally doable. Myself I have an app called "SudioKuma Call Filter" installed, this is a blacklist for Hong Kong local junk calls. Also I am on a government do-not-call list, which blocks robocalls, but allows calls made by humans - the call filter takes care of that one. They have a blacklist of some 20k numbers, and a whitelist of some 162k numbers, so far less than what this company is dealing with. The size of that blacklist (TFA mentions 850,000 numbers, and hundreds of changes a day) may be an issue for a regular phone, particularly the database lookups may be too slow for it to work well.
More of an issue is that most land line phones (at least the ones that I used when I still had a land line, this may have changed) do not have any significant computing power in them. They may have a small memory for some fast calls or a simple address book; nothing near the computing power of a mobile phone - which is comparable to that of desktop computers less than a decade older.
Actually, no. In order to do the more involved things, "physical observation, bugging rooms, and breaking into phones or computers", they have to get a warrant.
No need for that. They only have to get a warrant if they want to use the evidence in a court of law - most intelligence gathered by the secret services (which is what this is about, not about police investigations) never makes it to the court, and is not even intended for that purpose. Only when they want to actually go and catch someone they start to play by the books - that moment it's getting simple as they know everything already, just have to redo bits of their work the proper way.
Wrong translation. It's much simpler.
"Allow us to break encryption, or we go back to the methods we've been using for decades, if not centuries!" Because that's exactly what they say they have to "start using": methods that have been used for a very long time. Methods that overall worked quite well.
One serious issue with that one - the same issue with WhatsApp:
It's free forever. No ads, no subscription fees.
Now how're they going to pay their developers, their (cloud) servers, etc? These apps don't come into existence by themselves. They don't maintain themselves. Those servers also cost real money to run and maintain. Doesn't sound sustainable to me.
WhatsApp was supposed to be free for a year, after which you were to start paying a small yearly fee. Apparently even that part they dropped, as I'm using it for well over a year and have never had to pay anything. Now how WhatsApp is paying for the service they provide me I don't know - they don't sell ads on the platform, and they claim at least they don't sell my personal information (message content, whatever) to third parties.