Stealing cable is more like stealing a DVD because you are directly utilizing a physical product that the cable company provides without their consent. Piracy is actually more like asking your neighbor (who has cable) to record a show for you and bring you the tape.
Also, if 70% of a cable company's under-30 customers admit to stealing cable at some point in your lives, that is a pretty clear indication that cable prices are way, way too high, or that there is inadequate competition. As long as we're talking about just a few people stealing cable, it's not really a fair comparison. When only a few people pirate content, chances are good that they can actually afford it, and are just being cheap. When the majority pirate content, the conclusion changes.
Finally, stealing cable is significantly different because it is easily detectable. The risk of getting caught is high. Therefore, the lower cost is an illusion. This is not the case with software piracy, or at least not to the same degree. If software companies want to make it easier to catch people who pirate their software, more power to them. That's a reasonable response. Whining that piracy is destroying their sales isn't.
That's a completely absurd argument. By your argument, the value of a "free, take me" couch covered with bed bugs is equal to the value of a new couch from a furniture store. This is true only if you cannot afford the new couch and absolutely have to have the couch.
In the real world, there are always alternatives, whether it is a low-end version of a program, a similar program at a lower cost, a different movie at a lower cost, watching videos on YouTube, or piracy. The utility of a particular product depends not only on whether someone plans to actually use something, but also on how much better it is than the alternatives.
For the couch example, the person might already have a chair. A free couch would be nice, but might not be worth the cost of fumigating it. A couch for a few hundred dollars from the furniture store also might not be worth the cost. However, a free couch that does not require fumigation would be worth taking because the cost associated with it is less than the utility associated with having a couch.
Thus, value is not defined based on utility alone, but on how much the marginal utility of acquiring a new good exceeds its cost. It is therefore quite possible for a free download to have positive value and for a paid download of the same product to have negative value, assuming you consider the probability of getting caught to be low, and therefore the financial risk of getting caught to be similarly low.
To give a concrete example in software, you might decide to pirate Photoshop because it makes it easier to do what you're trying to do than Gimp. If you plan to use it for a week to design a flyer that you won't make money on, the value to you is fairly small. Someone else who decides to buy Photoshop might plan to regularly use the product for commercial purposes. The value to such a person is clearly much higher. Thus, claims that the value to downloaders and buyers is the same are ludicrous. The value is not defined based on what the product is, but rather is based on what you get out of the product—something that varies widely from person to person.
Perhaps it had not occurred to such people that people who consider the work to be too expensive were outside of the demographic for which the work was targetted in the first place? Never mind the notion that the creators might make more money if they widened their demographic, the fact that they might be still choosing to market it only to a particular one that is willing to pay for the work is still their full right to do.
That's perfectly reasonable, so long as the creators accept that many people outside that demographic—the people who cannot afford it—are going to pirate it because it still has utility, but not enough to justify the cost. This is the way things used to work before the content industry got a huge hair up its ass.
The problem is that the content industry has started making false claims that the lost sales caused by piracy are beyond their control, when in fact, those lost sales are entirely within their control. They are then using that argument to try to stop the piracy so that they can squeeze those same unrealistically high prices not only out of the target demographic—the ones who can afford that price—but also out of the folks who are not in its target demographic and can't afford it.
In short, the content industry is forgetting the first law of commerce—high margins or high volume: choose one. It is within their right to choose high margins; however, that is their choice, and they must live with the consequences. High rates of piracy are a direct consequence of pricing a product outside the range of the average consumer.
Want to stop piracy? Sell first-run movies at the same $5 price point as ten-year-old movies. Piracy will drop like a rock, just as it did with music when folks got the ability to buy single tracks for 99 cents. It's that simple. The fact that they aren't willing to do that is their problem, not the government's problem, and it isn't the government's responsibility to prop them up because they failed first-semester business 101.
Couldn't you just migrate your number to Google Voice temporarily? This should have the effect of canceling the existing T-Mobile account. Then create a new pre-pad account, transferring the number back. You'll have no cell phone for a couple of days, of course, but....
The music and movie industries have blatantly twisted word to their advantage for far too long. The only reason they are "surprised" and "shocked" now is that after decades of the general public just rolling over, the industries finally woke the sleeping giant, which they expected to remain asleep despite their incessant poking.
I guess it depends on how much detail they care about inside the car, but it certainly seems counterintuitive that an X-ray scan that can pass through potentially several feet of random cargo sufficient to usefully identify its contents could possibly use a lower dose than several medical X-ray scans. And if it does use a much lower dose, I would expect it to not provide enough detail to be useful.
If that isn't the case, then our medical X-ray systems are using way too much power and we should dramatically reduce their output. Given that the medical establishment isn't jumping up and down screaming for order-of-magnitude reduction in X-ray dose (as far as I know), this seems to be the less likely assumption.
In my mind, the assumption that a full car X-ray scanner could possibly be safe is an extraordinary claim that requires extraordinary proof, not the other way around.
This further ignores the question of whether they have the right to such an incredibly invasive search in the absence of probable cause, the question of whether this actually prevents any realistically plausible threat against the United States, and the question of whether there are better, less invasive methods that could achieve the same goals without the same risks or privacy invasion, but those are arguments for another day, ideally in front of the SCOTUS.
Enough of the US didn't want to fight the war that that worked, if the circumstances were different, then that would have accomplished nothing.
Then again, if the military took up arms against even a small subset of the American populace, odds are good that enough of the U.S. wouldn't want to fight that war, either.... Just saying.
There's a fine line between freedom fighter and terrorist insurgent. As far as I can tell, the primary distinguishing factors are whether the person talking about you agrees with you and whether your side won or not. Neither one is a very good thing to be unless there are no other options remaining for securing liberty from your oppressors. Thankfully, at least in the U.S., we're nowhere near that far down the slippery slope in our descent into hegemony yet.
It's like the rail companies that cried foul when regulations required that they install safe coupling mechanisms in the 1800's. The railroads cried foul at the new expenses until they discovered that the regulations ended up saving more in labor than they can cost in parts.
It's not at all like the rail companies. The rail companies didn't have teams of people all over the world looking for new and interesting ways to cause their coupling mechanisms to fail.
IT, and IT security in particular, is a very rapidly changing field. Ignoring the most inane, overly general best practices (which nearly every company already follows), I have a hard time believing that any IT regulation passed today will be useful in a year, much less the decade that will pass between iterations on an actual piece of legislation.
No, continuous reeducation of IT staff is the only way to significantly improve things. If all of your staff have to get recertified by a university accredited in IT security every ten years, on the average, all of your staff will have at least a couple of people who are fairly up-to-date in the latest security threats. And unlike a spook organization like DHS, our nation's higher education system is generally considered apolitical and focuses predominantly on teaching what people actually need to know instead of using paranoid propaganda to create draconian rules that in the long run inevitably weaken security rather than strengthen it.
For example, our government seems to think that password aging is a good idea. In reality, in every organization that I've ever seen, when password aging is implemented, the response has been one of two things:
Writing the password down on a sticky note beside the monitor.
Choosing a pattern of trivially obvious numbers and letters that meet the strict criteria and change only by a single letter or number each time, e.g. a.1234567890, then b.1234567890, etc.
Invariably. Every. Single. Time.
Based on this, I can say fairly conclusively that this is one of the worst security policies a company can choose to implement, and that it inevitably reduces the overall security of the system.
Further, from a mathematical standpoint, it is provable that password aging cannot improve security. Even if someone has deliberately given out his/her password to someone else, nothing prevents that person from doing the same with the new password. And when it comes to random password guessing, the probability of the new password being guessed later than the previous password is equal to the probability of if being guessed sooner, so there is no change there, either.
Yet these are the sorts of rules that our government pushes on their own IT people—not just rules that provably do not increase security, but rules that provably and reliably diminish it. And these are the people that Congress is considering putting in charge of even more of our nation's IT infrastructure. This is what happens when we leave control of our nations to people who do not understand technology. This is why we need a Technocrat party.
Next time, instead of not voting, could all the disenchanted Americans please go to the polls anyway, then choose the write-in option and write in the words "None of the above"? It won't have any real effect on the election, but it might at least change people's opinions of it.
Laws that set policy will invariably result in the problems you describe, if only because Congress does not understand technology. Similarly, laws that create government oversight will invariably result in the problems you describe, if only because government regulators are looking for consulting jobs after they retire.
There is only one way to solve problems like this: better education. Mandatory education. Give the DHS the authority not to set IT policy, but rather to certify schools' IT security curricula.
Then require that all IT staff spend a certain number of hours every ten years (at their employers' expense) for recertification. Carefully craft the law so that employers cannot get out of paying for the recertification by canning the employees early.
Neither of which would help. There's no evidence that the politicians that replaced them would be any better. Short of something on the scale of a Bolshevik revolution where a new government rounds up all the existing politicians and executes them en masse, killing politicians won't solve anything. Politicians are like cockroaches. If you miss even one or two, you/re gonna have a whole nest of them a few weeks later. And miraculously, they'll publicly take whatever position is necessary to get elected, avoid execution, etc. while privately taking whatever position is necessary to get bribed, get elected, avoid execution, etc.
No, the only real way to fix the U.S. government is for a bunch of very smart people to win the lottery, then decide that they can afford to quit their jobs and run for office. Unfortunately, most very smart people don't play the lottery, which makes this unlikely. Maybe if a few of the Facebook millionaires decided to run for political office, we might see some change. Hard to say.
That's really what it comes down to. The people who are intellectually and ethically qualified to run for office can't afford to do so, and vice versa. The problem is that people with significantly more to lose than the average American tend to do whatever it takes to protect what they have. And when given power, they tend to do whatever it takes to maintain that power so that they can continue to protect what they have. When taken to an extreme, these two factors—wealth and power—explain pretty much every government abuse, from the full body scanners in airports to the Middle East wars, and even some insane economic policies like Reaganomics....
I guess the real solution is to form a tech party. Convince millions of Slashdotters to contribute money to a single campaign, use that as a springboard to expand into other campaigns, and eventually create a party limited exclusively to people who are independent thinkers, creative, and intelligent. It's a long, uphill battle, but it needs to be done.
The amount of X-ray energy needed to usefully scan a vehicle can't possibly be safe for its occupants. It really is high time that the citizens of the U.S. hold its lawmakers accountable for the cost of their actions. And by that, I mean, drain their personal bank accounts to pay for their victims' cancer treatments. Only with strict civil liability can we fix such absolute stupidity.
Ditto. Joined the list of countries I won't visit over privacy concerns, right after US and UK.
I'm going on a trip to Europe next year, and I'm already taking steps to ensure that I do not have to pass through any UK airports, for precisely this reason.
Unfortunately, I can't avoid flying out of a U.S. airport, since I live here. Well, I suppose I could drive to Mexico first, but that's a little extreme. At least the U.S. does still offer the pat-down option, uncomfortable as those might be.
Whether it is or not is irrelevant. The fact is that it could be. Thus, this does nothing to "allay concerns" except perhaps among people who don't know anything at all about how technology works.
Either way, I've just added a country to my list of places I will never have the opportunity to visit as a tourist. Because you could not pay me enough money to walk through those things. Ever. Period. No alternative = no visit. End of story, end of discussion, end of my tourism dollars going to your country.
It's a shame, too. Australia was fairly high on my list of places to visit. I just marked it off the list.
I said nothing about income or education with respect to terrorism. I said that many perceive themselves to be marginalized, with nothing left to lose. That's not the same thing.
Terrorists, as best I can tell, generally fall into one (or more) of three camps: members of actual terrorist organizations (who are to some extent shunned because of that membership), the mentally unstable (who are marginalized because of their disorders), and the clinically depressed who decide to kill other people on their way out (whether by suicide bombing, going postal, murder-suicide, or whatever).
All of those folks are marginalized. Not all are marginalized in the same way or to the same degree, and some choose to marginalize themselves, but either way, further marginalization can only make things worse.
Do you have evidence that complexity in the law is a direct and necessary consequence of writing a just and reasonable law? That may be the case, but I have a gnawing suspicion that complexity in the law is more often because politicians have a hard time agreeing about anything, so when they finally reach agreement on something, the law that they come up with is a mish-mash of hundreds of different hands and opposed ideas. After reaching agreement, the politicians are unlikely to spend a large amount of time trying to come up with a simpler version of the law that they could also agree on - there is no benefit to them from doing so. I suspect that is the main reason that laws are complicated - there is no incentive for politicians to do anything about it and it would requires a lot of effort from them to fix the issue.
You're half right. The main reason laws are so complicated is that everyone agrees on a general founding principle, but then a bunch of people with special interests all decide that they need the right to violate that principle with impunity, so they petition for exceptions to the law. And instead of crafting the exceptions broadly based on intent, they instead craft exceptions narrowly based on circumstances. Over time, like programmers, everyone grafts on their own little hack to carve out a narrow little exception because it takes too much work to rewrite it from scratch with proper overall design.
For example, Title 17 (my favorite, copyright law) contains section 110. 'nuff said. Almost all of those exceptions are insanely specific niches carved in copyright law that could almost all be simplified into a few simple buckets (non-commercial performance of a non-dramatic work, performance by commercial venues in which the venue does not charge an admission fee and the use of the work is incidental to the venue's primary activity at the time, etc.) without dramatically breaking things, and such simplification would seriously improve understandability.
Worse, most of the language, at least in that section, is very poorly organized, with long, rambling, run-on sentences that even highly educated people have to read multiple times just to understand them. That's just sad, and mostly results, again, from repeated patches without fixing the underlying architectural problems that made those patches necessary.
Put bluntly, what the U.S. needs to do is start over from scratch. Our legal code was a great prototype/1.0 release. Now, it's time to throw it away and write version 2.0 without using one single line of the original code. That's the only way we can possibly get a legal code that is realistically maintainable going forward. It has simply become too complicated, too sprawled, too filled with multiple copies of the same code that are inconsistently patched, too chock-full of pointer aliasing, and too generally reminiscent of spaghetti code, with long jumps all over the place....
If I had an unknown intrusion at a CA, first thing I'd be doing is generating a new root key, getting that into all the Web browsers, then revoking and generating new keys in the hierarchy.
And causing millions of IE6 users to no longer be able to access their online banking. For a service of this size, the revocation costs are huge.
Besides, if they designed their systems in even a halfway competent manner, stealing the private key through a hack should be essentially impossible. A properly designed key signing service involves a standalone signing server that runs no services other than the signing service. The signing service accepts incoming connections, reads data in a byte at a time until either an EOF marker is reached or a certain number of bytes have been read, then sends back a signed copy of that data, then closes the connection. There is basically no way that such a service can be hacked (barring incredibly stupid programming) because it has essentially zero attack surface. Therefore, there should be essentially zero possibility of the private key being compromised (theoretical timing attacks on the key notwithstanding).
The worst case scenario is that they signed some things that they shouldn't have. However, even if they did, the CA should have an offline log that cannot feasibly be compromised (on the signing server itself), which means that the bogus keys can be revoked individually instead of revoking the master key that signed them.
Stealing customer data is somewhat more plausible—email addresses, mailing addresses, phone numbers, billing data, etc. Stealing the private key is pretty unlikely unless the CA is incompetent.
Yeah, the latest OWS chaos is making me start to wonder if the American public might have more of a stomach than we give them credit for. We live in interesting times.
Then you can run around being all up tight and paranoid.
Yeah. Which means the government meets the textbook definition of a terrorist organization:
Terrorism is the systematic use of terror, especially as a means of coercion.
Where terror is further defined as fear. Roosevelt had it right when he said that the only thing we have to fear is fear itself. It is unfortunate, then, that our government is quickly becoming fear itself.
Terrorists (at least the bottom-rank terrorists who commit the actual attacks) are almost always people marginalized by society who feel that they have nothing left to lose. The continued erosion of someone's basic rights quite literally can turn them into a terrorist, or at least a criminal (of which a terrorist is simply one type). This is why people getting out of prison in the U.S. have such a high recidivism rate. They've lost everything—job, family, community—and have basically nothing more to lose.
And, of course, the government predictably tries to stop recidivism and terrorism by tightening their control over the relevant population. Unfortunately, trying to prevent people from taking control of their lives in an undesirable way by passing laws that further reduce their control over their lives is like trying to stop a fire by pouring gasoline on it. It is doomed to fail in the most spectacular way possible.
The funny thing is that if everyone felt the way Eric Schmidt did, or for that matter, the TSA, we wouldn't have the iPhone. You want to talk about things developed in secret by people taking borderline insane measures to keep other people from reading their screens.... So is he saying that such products should not have been created in the first place?
In fact, what's interesting is that the people most strongly in favor of privacy are the ones most likely to change things—for better or worse—because they're the ones who see things differently. They look at a piece of wood and see a table, or look at an old car bumper and see a sculpture. They see things not for what they are, but for what they could be. But they know that their ideas must be fully baked before they are unleashed into the wild, or else the public will not understand them—will not accept them—will not appreciate them.
This scares those who have vested interests in the status quo. They call them names like terrorist, radical, or crazy to diminish their standing, further isolating them from society. Eventually this actually drives them inevitably to take some extreme action that changes things anyway, in spite of the establishment's desire to avoid that.
What that action is depends on the person. It might be blowing up an airplane, or it might be releasing the most amazing new piece of technology the world has ever seen. It's the same fundamental way of operating, but with vastly different goals. The problem is that there is no good way to tell the difference as an outsider. The only real option is to accept that there will always be a few people who will try to change the world for the worse—blow stuff up, kill people, etc.—and accept that we can't feasibly stop them all without also stopping those who would change the world for the better.
BBSes were long distance for me, too, which was why I connected using a trunk connection from one state university's dialup pool to another state university's dial-out pool.
My point about minutes was that CompuServe got slaughtered by AOL's unlimited plans, which in turn got slaughtered by unlimited high speed DSL connections that didn't require a separate phone line (or tying up your voice line for hours at a time). In every case, it was price competition that killed the previous service, not features.
By contrast, these days, services like Facebook tend to be free, which means that they can't compete on price; they can only compete on features and service. This is much less likely to kill an Internet service outright, particularly once that service reaches critical mass.
BTW, upon further checking, CompuServe is also still in operation as a wholly owned and operated division of AOL.
First, you do not have the 'right' to make a backup copy of a movie. So that example is invalid.
To the best of my knowledge, the courts have consistently ruled that personal archival copies of movies (even when the DMCA gets involved) are legal to make and keep. If you can find a citation that contradicts that, I'd be interested in seeing it.
The 'material' is the contents of the file (song, movie, whatever), not a URL. The law does not say 'remove a single link to the material', or 'remove one copy of the material', it says 'remove the material'.
No, the copyright violation is a single copy of the content, which in a deduplicated world, is the URL plus the relationship between that URL and the deduplicated backing data. To the extent that this causes any deduplicated blocks to no longer be referenced by any other file, it includes those blocks, but does not include any blocks that are shared with other references.
Because a movie is simply arbitrary data at a block level, it's theoretically possible for a deduplicated data block to be shared among two completely unrelated files. You can't just blindly destroy the backing data. Your upload of a movie might happen to share a block with my compressed upload of the floor plan for my house.
More to the point, it is not the data that infringes. It is the instance of that data. If I'm posting my original content on a shared server that is deduplicated with another user's uploads, I have the right to redistribute my original content, but that other user does not. Therefore, if I file a DMCA violation, I expect that user's illegal redistribution of that content to go away, but I damn well don't expect my licensed distribution of that content to go with it. It is impossible for the serving company to determine what is and is not a violation. That's why the DMCA take-down request must list exactly what is to be taken down in a way that is sufficient to allow them to identify it.
The same law which protects the host from liability to the copyright holder also protects them from liability in the case of improper takedowns, so your 'tortious interference' does not apply.
It protects them if someone specifically asked them to take down my copy of the content. It does not protect them if they overreach and destroy similar copies of similar content that were not listed in the original DMCA request.
More to the point, if these companies performed no deduplication, you would not be arguing that they need to search every file on every hard drive for any file that happens to checksum to the same value, then hand verify whether each of those is actually an infringing copy of the file or some other unrelated file that happens to have the same checksum. The amount of effort needed to achieve such a task would be Herculean. Therefore, the fact that they may in some cases be able to achieve a similar effect through simpler means is purely an implementation detail, and certainly does not shift the burden of identifying offending content from the copyright holder to the ISP. An incomplete DMCA take-down request that fails to identify all of the URLs of the offending content should be executed exactly as-is. The URLs identified should be taken down. Anything more is exceeding what was requested, and to the best of my knowledge, ISPs are not protected from liability if they take down something that was not actually listed in the request.
Stealing cable is more like stealing a DVD because you are directly utilizing a physical product that the cable company provides without their consent. Piracy is actually more like asking your neighbor (who has cable) to record a show for you and bring you the tape.
Also, if 70% of a cable company's under-30 customers admit to stealing cable at some point in your lives, that is a pretty clear indication that cable prices are way, way too high, or that there is inadequate competition. As long as we're talking about just a few people stealing cable, it's not really a fair comparison. When only a few people pirate content, chances are good that they can actually afford it, and are just being cheap. When the majority pirate content, the conclusion changes.
Finally, stealing cable is significantly different because it is easily detectable. The risk of getting caught is high. Therefore, the lower cost is an illusion. This is not the case with software piracy, or at least not to the same degree. If software companies want to make it easier to catch people who pirate their software, more power to them. That's a reasonable response. Whining that piracy is destroying their sales isn't.
That's a completely absurd argument. By your argument, the value of a "free, take me" couch covered with bed bugs is equal to the value of a new couch from a furniture store. This is true only if you cannot afford the new couch and absolutely have to have the couch.
In the real world, there are always alternatives, whether it is a low-end version of a program, a similar program at a lower cost, a different movie at a lower cost, watching videos on YouTube, or piracy. The utility of a particular product depends not only on whether someone plans to actually use something, but also on how much better it is than the alternatives.
For the couch example, the person might already have a chair. A free couch would be nice, but might not be worth the cost of fumigating it. A couch for a few hundred dollars from the furniture store also might not be worth the cost. However, a free couch that does not require fumigation would be worth taking because the cost associated with it is less than the utility associated with having a couch.
Thus, value is not defined based on utility alone, but on how much the marginal utility of acquiring a new good exceeds its cost. It is therefore quite possible for a free download to have positive value and for a paid download of the same product to have negative value, assuming you consider the probability of getting caught to be low, and therefore the financial risk of getting caught to be similarly low.
To give a concrete example in software, you might decide to pirate Photoshop because it makes it easier to do what you're trying to do than Gimp. If you plan to use it for a week to design a flyer that you won't make money on, the value to you is fairly small. Someone else who decides to buy Photoshop might plan to regularly use the product for commercial purposes. The value to such a person is clearly much higher. Thus, claims that the value to downloaders and buyers is the same are ludicrous. The value is not defined based on what the product is, but rather is based on what you get out of the product—something that varies widely from person to person.
That's perfectly reasonable, so long as the creators accept that many people outside that demographic—the people who cannot afford it—are going to pirate it because it still has utility, but not enough to justify the cost. This is the way things used to work before the content industry got a huge hair up its ass.
The problem is that the content industry has started making false claims that the lost sales caused by piracy are beyond their control, when in fact, those lost sales are entirely within their control. They are then using that argument to try to stop the piracy so that they can squeeze those same unrealistically high prices not only out of the target demographic—the ones who can afford that price—but also out of the folks who are not in its target demographic and can't afford it.
In short, the content industry is forgetting the first law of commerce—high margins or high volume: choose one. It is within their right to choose high margins; however, that is their choice, and they must live with the consequences. High rates of piracy are a direct consequence of pricing a product outside the range of the average consumer.
Want to stop piracy? Sell first-run movies at the same $5 price point as ten-year-old movies. Piracy will drop like a rock, just as it did with music when folks got the ability to buy single tracks for 99 cents. It's that simple. The fact that they aren't willing to do that is their problem, not the government's problem, and it isn't the government's responsibility to prop them up because they failed first-semester business 101.
According to Google, you can. Is there some bug that we should know about?
Couldn't you just migrate your number to Google Voice temporarily? This should have the effect of canceling the existing T-Mobile account. Then create a new pre-pad account, transferring the number back. You'll have no cell phone for a couple of days, of course, but....
Or "steal". You wouldn't steal a car....
The music and movie industries have blatantly twisted word to their advantage for far too long. The only reason they are "surprised" and "shocked" now is that after decades of the general public just rolling over, the industries finally woke the sleeping giant, which they expected to remain asleep despite their incessant poking.
I guess it depends on how much detail they care about inside the car, but it certainly seems counterintuitive that an X-ray scan that can pass through potentially several feet of random cargo sufficient to usefully identify its contents could possibly use a lower dose than several medical X-ray scans. And if it does use a much lower dose, I would expect it to not provide enough detail to be useful.
If that isn't the case, then our medical X-ray systems are using way too much power and we should dramatically reduce their output. Given that the medical establishment isn't jumping up and down screaming for order-of-magnitude reduction in X-ray dose (as far as I know), this seems to be the less likely assumption.
In my mind, the assumption that a full car X-ray scanner could possibly be safe is an extraordinary claim that requires extraordinary proof, not the other way around.
This further ignores the question of whether they have the right to such an incredibly invasive search in the absence of probable cause, the question of whether this actually prevents any realistically plausible threat against the United States, and the question of whether there are better, less invasive methods that could achieve the same goals without the same risks or privacy invasion, but those are arguments for another day, ideally in front of the SCOTUS.
Then again, if the military took up arms against even a small subset of the American populace, odds are good that enough of the U.S. wouldn't want to fight that war, either.... Just saying.
There's a fine line between freedom fighter and terrorist insurgent. As far as I can tell, the primary distinguishing factors are whether the person talking about you agrees with you and whether your side won or not. Neither one is a very good thing to be unless there are no other options remaining for securing liberty from your oppressors. Thankfully, at least in the U.S., we're nowhere near that far down the slippery slope in our descent into hegemony yet.
It's not at all like the rail companies. The rail companies didn't have teams of people all over the world looking for new and interesting ways to cause their coupling mechanisms to fail.
IT, and IT security in particular, is a very rapidly changing field. Ignoring the most inane, overly general best practices (which nearly every company already follows), I have a hard time believing that any IT regulation passed today will be useful in a year, much less the decade that will pass between iterations on an actual piece of legislation.
No, continuous reeducation of IT staff is the only way to significantly improve things. If all of your staff have to get recertified by a university accredited in IT security every ten years, on the average, all of your staff will have at least a couple of people who are fairly up-to-date in the latest security threats. And unlike a spook organization like DHS, our nation's higher education system is generally considered apolitical and focuses predominantly on teaching what people actually need to know instead of using paranoid propaganda to create draconian rules that in the long run inevitably weaken security rather than strengthen it.
For example, our government seems to think that password aging is a good idea. In reality, in every organization that I've ever seen, when password aging is implemented, the response has been one of two things:
Invariably. Every. Single. Time.
Based on this, I can say fairly conclusively that this is one of the worst security policies a company can choose to implement, and that it inevitably reduces the overall security of the system.
Further, from a mathematical standpoint, it is provable that password aging cannot improve security. Even if someone has deliberately given out his/her password to someone else, nothing prevents that person from doing the same with the new password. And when it comes to random password guessing, the probability of the new password being guessed later than the previous password is equal to the probability of if being guessed sooner, so there is no change there, either.
Yet these are the sorts of rules that our government pushes on their own IT people—not just rules that provably do not increase security, but rules that provably and reliably diminish it. And these are the people that Congress is considering putting in charge of even more of our nation's IT infrastructure. This is what happens when we leave control of our nations to people who do not understand technology. This is why we need a Technocrat party.
Next time, instead of not voting, could all the disenchanted Americans please go to the polls anyway, then choose the write-in option and write in the words "None of the above"? It won't have any real effect on the election, but it might at least change people's opinions of it.
Laws that set policy will invariably result in the problems you describe, if only because Congress does not understand technology. Similarly, laws that create government oversight will invariably result in the problems you describe, if only because government regulators are looking for consulting jobs after they retire.
There is only one way to solve problems like this: better education. Mandatory education. Give the DHS the authority not to set IT policy, but rather to certify schools' IT security curricula.
Then require that all IT staff spend a certain number of hours every ten years (at their employers' expense) for recertification. Carefully craft the law so that employers cannot get out of paying for the recertification by canning the employees early.
Or perhaps he's a suicide bomber.
Neither of which would help. There's no evidence that the politicians that replaced them would be any better. Short of something on the scale of a Bolshevik revolution where a new government rounds up all the existing politicians and executes them en masse, killing politicians won't solve anything. Politicians are like cockroaches. If you miss even one or two, you/re gonna have a whole nest of them a few weeks later. And miraculously, they'll publicly take whatever position is necessary to get elected, avoid execution, etc. while privately taking whatever position is necessary to get bribed, get elected, avoid execution, etc.
No, the only real way to fix the U.S. government is for a bunch of very smart people to win the lottery, then decide that they can afford to quit their jobs and run for office. Unfortunately, most very smart people don't play the lottery, which makes this unlikely. Maybe if a few of the Facebook millionaires decided to run for political office, we might see some change. Hard to say.
That's really what it comes down to. The people who are intellectually and ethically qualified to run for office can't afford to do so, and vice versa. The problem is that people with significantly more to lose than the average American tend to do whatever it takes to protect what they have. And when given power, they tend to do whatever it takes to maintain that power so that they can continue to protect what they have. When taken to an extreme, these two factors—wealth and power—explain pretty much every government abuse, from the full body scanners in airports to the Middle East wars, and even some insane economic policies like Reaganomics....
I guess the real solution is to form a tech party. Convince millions of Slashdotters to contribute money to a single campaign, use that as a springboard to expand into other campaigns, and eventually create a party limited exclusively to people who are independent thinkers, creative, and intelligent. It's a long, uphill battle, but it needs to be done.
Yes. The fifth amendment was repealed by the Patriot Act, along with the first and the fourth. Haven't you been paying attention?
Vinyl has a maximum dynamic range of some twenty-odd dB less than CDs do. Frequency response isn't everything.
The amount of X-ray energy needed to usefully scan a vehicle can't possibly be safe for its occupants. It really is high time that the citizens of the U.S. hold its lawmakers accountable for the cost of their actions. And by that, I mean, drain their personal bank accounts to pay for their victims' cancer treatments. Only with strict civil liability can we fix such absolute stupidity.
I'm going on a trip to Europe next year, and I'm already taking steps to ensure that I do not have to pass through any UK airports, for precisely this reason.
Unfortunately, I can't avoid flying out of a U.S. airport, since I live here. Well, I suppose I could drive to Mexico first, but that's a little extreme. At least the U.S. does still offer the pat-down option, uncomfortable as those might be.
Whether it is or not is irrelevant. The fact is that it could be. Thus, this does nothing to "allay concerns" except perhaps among people who don't know anything at all about how technology works.
Either way, I've just added a country to my list of places I will never have the opportunity to visit as a tourist. Because you could not pay me enough money to walk through those things. Ever. Period. No alternative = no visit. End of story, end of discussion, end of my tourism dollars going to your country.
It's a shame, too. Australia was fairly high on my list of places to visit. I just marked it off the list.
I said nothing about income or education with respect to terrorism. I said that many perceive themselves to be marginalized, with nothing left to lose. That's not the same thing.
Terrorists, as best I can tell, generally fall into one (or more) of three camps: members of actual terrorist organizations (who are to some extent shunned because of that membership), the mentally unstable (who are marginalized because of their disorders), and the clinically depressed who decide to kill other people on their way out (whether by suicide bombing, going postal, murder-suicide, or whatever).
All of those folks are marginalized. Not all are marginalized in the same way or to the same degree, and some choose to marginalize themselves, but either way, further marginalization can only make things worse.
You're half right. The main reason laws are so complicated is that everyone agrees on a general founding principle, but then a bunch of people with special interests all decide that they need the right to violate that principle with impunity, so they petition for exceptions to the law. And instead of crafting the exceptions broadly based on intent, they instead craft exceptions narrowly based on circumstances. Over time, like programmers, everyone grafts on their own little hack to carve out a narrow little exception because it takes too much work to rewrite it from scratch with proper overall design.
For example, Title 17 (my favorite, copyright law) contains section 110. 'nuff said. Almost all of those exceptions are insanely specific niches carved in copyright law that could almost all be simplified into a few simple buckets (non-commercial performance of a non-dramatic work, performance by commercial venues in which the venue does not charge an admission fee and the use of the work is incidental to the venue's primary activity at the time, etc.) without dramatically breaking things, and such simplification would seriously improve understandability.
Worse, most of the language, at least in that section, is very poorly organized, with long, rambling, run-on sentences that even highly educated people have to read multiple times just to understand them. That's just sad, and mostly results, again, from repeated patches without fixing the underlying architectural problems that made those patches necessary.
Put bluntly, what the U.S. needs to do is start over from scratch. Our legal code was a great prototype/1.0 release. Now, it's time to throw it away and write version 2.0 without using one single line of the original code. That's the only way we can possibly get a legal code that is realistically maintainable going forward. It has simply become too complicated, too sprawled, too filled with multiple copies of the same code that are inconsistently patched, too chock-full of pointer aliasing, and too generally reminiscent of spaghetti code, with long jumps all over the place....
And causing millions of IE6 users to no longer be able to access their online banking. For a service of this size, the revocation costs are huge.
Besides, if they designed their systems in even a halfway competent manner, stealing the private key through a hack should be essentially impossible. A properly designed key signing service involves a standalone signing server that runs no services other than the signing service. The signing service accepts incoming connections, reads data in a byte at a time until either an EOF marker is reached or a certain number of bytes have been read, then sends back a signed copy of that data, then closes the connection. There is basically no way that such a service can be hacked (barring incredibly stupid programming) because it has essentially zero attack surface. Therefore, there should be essentially zero possibility of the private key being compromised (theoretical timing attacks on the key notwithstanding).
The worst case scenario is that they signed some things that they shouldn't have. However, even if they did, the CA should have an offline log that cannot feasibly be compromised (on the signing server itself), which means that the bogus keys can be revoked individually instead of revoking the master key that signed them.
Stealing customer data is somewhat more plausible—email addresses, mailing addresses, phone numbers, billing data, etc. Stealing the private key is pretty unlikely unless the CA is incompetent.
Yeah, the latest OWS chaos is making me start to wonder if the American public might have more of a stomach than we give them credit for. We live in interesting times.
Yeah. Which means the government meets the textbook definition of a terrorist organization:
Where terror is further defined as fear. Roosevelt had it right when he said that the only thing we have to fear is fear itself. It is unfortunate, then, that our government is quickly becoming fear itself.
Mod parent up. Anonymous Coward speaks truth.
Terrorists (at least the bottom-rank terrorists who commit the actual attacks) are almost always people marginalized by society who feel that they have nothing left to lose. The continued erosion of someone's basic rights quite literally can turn them into a terrorist, or at least a criminal (of which a terrorist is simply one type). This is why people getting out of prison in the U.S. have such a high recidivism rate. They've lost everything—job, family, community—and have basically nothing more to lose.
And, of course, the government predictably tries to stop recidivism and terrorism by tightening their control over the relevant population. Unfortunately, trying to prevent people from taking control of their lives in an undesirable way by passing laws that further reduce their control over their lives is like trying to stop a fire by pouring gasoline on it. It is doomed to fail in the most spectacular way possible.
The funny thing is that if everyone felt the way Eric Schmidt did, or for that matter, the TSA, we wouldn't have the iPhone. You want to talk about things developed in secret by people taking borderline insane measures to keep other people from reading their screens.... So is he saying that such products should not have been created in the first place?
In fact, what's interesting is that the people most strongly in favor of privacy are the ones most likely to change things—for better or worse—because they're the ones who see things differently. They look at a piece of wood and see a table, or look at an old car bumper and see a sculpture. They see things not for what they are, but for what they could be. But they know that their ideas must be fully baked before they are unleashed into the wild, or else the public will not understand them—will not accept them—will not appreciate them.
This scares those who have vested interests in the status quo. They call them names like terrorist, radical, or crazy to diminish their standing, further isolating them from society. Eventually this actually drives them inevitably to take some extreme action that changes things anyway, in spite of the establishment's desire to avoid that.
What that action is depends on the person. It might be blowing up an airplane, or it might be releasing the most amazing new piece of technology the world has ever seen. It's the same fundamental way of operating, but with vastly different goals. The problem is that there is no good way to tell the difference as an outsider. The only real option is to accept that there will always be a few people who will try to change the world for the worse—blow stuff up, kill people, etc.—and accept that we can't feasibly stop them all without also stopping those who would change the world for the better.
Food for thought.
BBSes were long distance for me, too, which was why I connected using a trunk connection from one state university's dialup pool to another state university's dial-out pool.
My point about minutes was that CompuServe got slaughtered by AOL's unlimited plans, which in turn got slaughtered by unlimited high speed DSL connections that didn't require a separate phone line (or tying up your voice line for hours at a time). In every case, it was price competition that killed the previous service, not features.
By contrast, these days, services like Facebook tend to be free, which means that they can't compete on price; they can only compete on features and service. This is much less likely to kill an Internet service outright, particularly once that service reaches critical mass.
BTW, upon further checking, CompuServe is also still in operation as a wholly owned and operated division of AOL.
To the best of my knowledge, the courts have consistently ruled that personal archival copies of movies (even when the DMCA gets involved) are legal to make and keep. If you can find a citation that contradicts that, I'd be interested in seeing it.
No, the copyright violation is a single copy of the content, which in a deduplicated world, is the URL plus the relationship between that URL and the deduplicated backing data. To the extent that this causes any deduplicated blocks to no longer be referenced by any other file, it includes those blocks, but does not include any blocks that are shared with other references.
Because a movie is simply arbitrary data at a block level, it's theoretically possible for a deduplicated data block to be shared among two completely unrelated files. You can't just blindly destroy the backing data. Your upload of a movie might happen to share a block with my compressed upload of the floor plan for my house.
More to the point, it is not the data that infringes. It is the instance of that data. If I'm posting my original content on a shared server that is deduplicated with another user's uploads, I have the right to redistribute my original content, but that other user does not. Therefore, if I file a DMCA violation, I expect that user's illegal redistribution of that content to go away, but I damn well don't expect my licensed distribution of that content to go with it. It is impossible for the serving company to determine what is and is not a violation. That's why the DMCA take-down request must list exactly what is to be taken down in a way that is sufficient to allow them to identify it.
It protects them if someone specifically asked them to take down my copy of the content. It does not protect them if they overreach and destroy similar copies of similar content that were not listed in the original DMCA request.
More to the point, if these companies performed no deduplication, you would not be arguing that they need to search every file on every hard drive for any file that happens to checksum to the same value, then hand verify whether each of those is actually an infringing copy of the file or some other unrelated file that happens to have the same checksum. The amount of effort needed to achieve such a task would be Herculean. Therefore, the fact that they may in some cases be able to achieve a similar effect through simpler means is purely an implementation detail, and certainly does not shift the burden of identifying offending content from the copyright holder to the ISP. An incomplete DMCA take-down request that fails to identify all of the URLs of the offending content should be executed exactly as-is. The URLs identified should be taken down. Anything more is exceeding what was requested, and to the best of my knowledge, ISPs are not protected from liability if they take down something that was not actually listed in the request.