So what's up with all the innocent people sitting in jail who could be proven innocent by DNS testing?
Your locale obviously has issues with the professionalism of the police force. That's not a universal problem by any stretch of the imagination, at least not the to extent you're describing.
Do you actually work in anything even closely related to law enforcement or criminal defense matters? I think you've watched a little too much CSI.
You can collect whatever you want at a crime scene. You still can't forcibly obtain a new DNA sample from anyone unless you establish probable cause, which requires a judge or grand jury to sign an order. I'm proposing the same restrictions on admissibility of samples maintained in a national database. Law enforcement can't provide probable cause for a warrant? You're in the clear. They can provide probable cause? Guess what, they were going to get your DNA anyhow with a court order.
That's why you don't just let a number sequence convict anyone. You're completely ignoring the ocean of procedural, probably cause, and evidence admission factors that would play alongside this.
I'm keenly aware of the state of the world. I'm a little on the young side (29), but I pay attention. I've also spent 15 years in the work force, including several in the Navy. Moaning about how bad things are doesn't fix them. Action does. What have you done to make your views heard outside of Slashdot?
How does your case get to the jury without following applicable law for proper procedure with respect to probable cause determination for allowing the use of the DNS fingerprint in the first place?
Virtually everything you've listed here is covered conceptually by his proposal. The implementation is left as an exercise to the reader, and it's noted that nothing is perfectly secure.
You are the government. If you don't like the way you're operating, work to change it. This isn't just idealism talking, and it sure as hell isn't easy most of the time. That doesn't change the fact that it's true.
Have a look at the statistics on any of that junk actually standing a chance of correlating to something meaningful. As for "if it is destroyed," it will be or the individuals charged with that duty should face serious charges.
No naivetette here; I share your concerns. I dispute that it's naive to say "punish those who break the law." In contrast, I feel this be taken as an invitation to engage in meaningful dialogue on how we can architect a governmental framework that includes strong protections against such abuses, beginning with a high level of transparency into the daily workings of the process.
I'll solve the primary dilemma with a direct quote of the reply I gave somebody else:
This is assuming, of course, that we'd be allowing a DNA match to serve as the sole means of establishing probable cause for arrest and charging. I'd argue for the ability to keep the fingerprints, but still require as much burden of proof as would have been previously required to obtain the sample independently before using a fingerprint in court.
This is assuming, of course, that we'd be allowing a DNA match to serve as the sole means of establishing probable cause for arrest and charging. I'd argue for the ability to keep the fingerprints, but still require as much burden of proof as would have been previously required to obtain the sample independently before using a fingerprint in court.
I'll admit it's commonplace for folks to comment before reading an article, but did you honestly miss the story summary?
A DNA profile distills a person’s complex genomic information down to a set of 26 numerical values, each characterizing the length of a certain repeated sequence of 'junk' DNA that differs from person to person. Although these genetic differences are biologically meaningless — they don’t correlate with any observable characteristics — tabulating the number of repeats creates a unique identifier, a DNA 'fingerprint.' The genetic privacy risk from such profiling is virtually nil, because these records include none of the health and biological data present in one’s genome as a whole.
The assertion made regarding correlation with observable characteristics is easily verifiable. This isn't anything close to Gattaca, which happens to be one of my favorite movies.
What part of "Assume now that we have a detection algorithm that runs in kernel mode, and that swaps out everything in RAM. Everything except itself." is so difficult to understand?
I don't normally quote huge chunks of articles, but I'm making an exception on grounds that I don't believe you RTFA before replying:
Assume now that we have a detection algorithm that runs in kernel mode, and that swaps out everything in RAM. Everything except itself. Well, malware may interfere, of course, as it often does, and remain in RAM. But if we know how big RAM is, we know how much space should be free. Assume we write pseudo-random bits over all this supposedly free space. Again, a malware agent could refuse to be overwritten. It could store those random bits somewhere else instead... like in secondary storage.
Then, let us compute a keyed hash of the entire memory contents -- both our detection program and all the random bits. Here is what could happen: If there is no malware in RAM, the results will be the expected result. An external verifier checks this, and tells us that the scanned device is clean. Or there could be malware in RAM, and the checksum will be wrong. The external verifier would notice and conclude that the device must be infected. Or malware could divert the read requests directed at the place it is stored to the place in secondary storage where it stored the random bits meant for the space it occupies. That would result in the right checksum... but a delay. This delay would be detected by the external verifier, which would conclude that the device is infected.
Why a delay, you ask? Because secondary storage is slower than RAM. Especially if the order of the reads and writes are done in a manner that intentionally causes huge delays if diverted to flash, hard drives, etc.
Loser pays actually helps a lot more than you're describing. It makes it enormously more feasible for attorneys to take cases on contingency, especially obviously ridiculous ones. This has a large impact on the effectiveness of the typical corporate "let's throw attorneys at this guy and see if we can break him" approach, and it greatly reduces the financial liability incurred by the defendant in the event the case is lost.
Now, if you can't find an attorney to take your case in an environment that favors such arrangements, it may just be that what you've done is indefensible under the law. In that event, you'd be screwed, but you probably shouldn't have acted as you did.
Slashdot Mirror
I can accept that response. I just get really sick of people who bitch constantly but never take any real action.
So what's up with all the innocent people sitting in jail who could be proven innocent by DNS testing? Your locale obviously has issues with the professionalism of the police force. That's not a universal problem by any stretch of the imagination, at least not the to extent you're describing.
Do you actually work in anything even closely related to law enforcement or criminal defense matters? I think you've watched a little too much CSI.
You can collect whatever you want at a crime scene. You still can't forcibly obtain a new DNA sample from anyone unless you establish probable cause, which requires a judge or grand jury to sign an order. I'm proposing the same restrictions on admissibility of samples maintained in a national database. Law enforcement can't provide probable cause for a warrant? You're in the clear. They can provide probable cause? Guess what, they were going to get your DNA anyhow with a court order.
So, what exactly are you trying argue?
This sounds like an enforcement problem, not a statutory one. What are you doing to have your desire for tougher punishment heard?
That's why you don't just let a number sequence convict anyone. You're completely ignoring the ocean of procedural, probably cause, and evidence admission factors that would play alongside this.
I'm keenly aware of the state of the world. I'm a little on the young side (29), but I pay attention. I've also spent 15 years in the work force, including several in the Navy. Moaning about how bad things are doesn't fix them. Action does. What have you done to make your views heard outside of Slashdot?
How does your case get to the jury without following applicable law for proper procedure with respect to probable cause determination for allowing the use of the DNS fingerprint in the first place?
I'll save keystrokes and refer you to my other reply on this topic.
Virtually everything you've listed here is covered conceptually by his proposal. The implementation is left as an exercise to the reader, and it's noted that nothing is perfectly secure.
You are the government. If you don't like the way you're operating, work to change it. This isn't just idealism talking, and it sure as hell isn't easy most of the time. That doesn't change the fact that it's true.
The same burden of proof that is required today to obtain a DNA sample should be required before being permitted to use an existing sample. Simple.
Have a look at the statistics on any of that junk actually standing a chance of correlating to something meaningful. As for "if it is destroyed," it will be or the individuals charged with that duty should face serious charges.
No naivetette here; I share your concerns. I dispute that it's naive to say "punish those who break the law." In contrast, I feel this be taken as an invitation to engage in meaningful dialogue on how we can architect a governmental framework that includes strong protections against such abuses, beginning with a high level of transparency into the daily workings of the process.
This is assuming, of course, that we'd be allowing a DNA match to serve as the sole means of establishing probable cause for arrest and charging. I'd argue for the ability to keep the fingerprints, but still require as much burden of proof as would have been previously required to obtain the sample independently before using a fingerprint in court.
Punish those that violate the law. This is a poor argument against the idea of keeping a fingerprint.
This is assuming, of course, that we'd be allowing a DNA match to serve as the sole means of establishing probable cause for arrest and charging. I'd argue for the ability to keep the fingerprints, but still require as much burden of proof as would have been previously required to obtain the sample independently before using a fingerprint in court.
Please explain how a DNA fingerprint (note that this is not a copy of your entire genome kept on file) represents a problem.
A DNA profile distills a person’s complex genomic information down to a set of 26 numerical values, each characterizing the length of a certain repeated sequence of 'junk' DNA that differs from person to person. Although these genetic differences are biologically meaningless — they don’t correlate with any observable characteristics — tabulating the number of repeats creates a unique identifier, a DNA 'fingerprint.' The genetic privacy risk from such profiling is virtually nil, because these records include none of the health and biological data present in one’s genome as a whole.
The assertion made regarding correlation with observable characteristics is easily verifiable. This isn't anything close to Gattaca, which happens to be one of my favorite movies.
If the malware gets swapped out it won't be detected in the scan.
Wrong again. Please go read the article.
What part of "Assume now that we have a detection algorithm that runs in kernel mode, and that swaps out everything in RAM. Everything except itself." is so difficult to understand?
Assume now that we have a detection algorithm that runs in kernel mode, and that swaps out everything in RAM. Everything except itself. Well, malware may interfere, of course, as it often does, and remain in RAM. But if we know how big RAM is, we know how much space should be free. Assume we write pseudo-random bits over all this supposedly free space. Again, a malware agent could refuse to be overwritten. It could store those random bits somewhere else instead... like in secondary storage.
Then, let us compute a keyed hash of the entire memory contents -- both our detection program and all the random bits. Here is what could happen: If there is no malware in RAM, the results will be the expected result. An external verifier checks this, and tells us that the scanned device is clean. Or there could be malware in RAM, and the checksum will be wrong. The external verifier would notice and conclude that the device must be infected. Or malware could divert the read requests directed at the place it is stored to the place in secondary storage where it stored the random bits meant for the space it occupies. That would result in the right checksum... but a delay. This delay would be detected by the external verifier, which would conclude that the device is infected.
Why a delay, you ask? Because secondary storage is slower than RAM. Especially if the order of the reads and writes are done in a manner that intentionally causes huge delays if diverted to flash, hard drives, etc.
There's more details in RTFA.
although if you were decently skilled I'm sure you could write one liner to translate your perl source into any one of the accepted list
Not necessary, just do this:
:)
#!/usr/bin/python
import os
lulz = os.system('perl myprogram.pl')
Look, it's in Python!
Jesus, both of you need to just stop.
Loser pays actually helps a lot more than you're describing. It makes it enormously more feasible for attorneys to take cases on contingency, especially obviously ridiculous ones. This has a large impact on the effectiveness of the typical corporate "let's throw attorneys at this guy and see if we can break him" approach, and it greatly reduces the financial liability incurred by the defendant in the event the case is lost.
Now, if you can't find an attorney to take your case in an environment that favors such arrangements, it may just be that what you've done is indefensible under the law. In that event, you'd be screwed, but you probably shouldn't have acted as you did.
Microsoft is already far behind Google in the ad market.