The First Amendment protects us from prosecution by the government. It doesn't protect us from civil matters with private companies. This Pérez guy should know that.
The distinction is not, in practice, as clear cut as that: Who sets the bounds of what can and cannot be contracted? The state. Who provides the force behind a contract if one party fails to comply? The state. Who decides what constitutes sufficiently informed and consensual 'agreement' for the purposes of contractual validity? The state.
It is true that a civil suit for breach of the no-saying-mean-things clause is not the same as the state passing a no-saying-mean-things law; but if the state permits contract law to drift in the direction of nigh-unavoidable contracts of adhesion with such clauses, they are effectively putting state force behind a very similar restriction, simply 'laundered' through third parties who independently; but predictably, enforce what amounts to the same restriction.
For all practical purposes, permitting and enforcing certain arrangments of contract law has the same effect as directly curtailing First Amendment rights(except that it's more likely to pass higher court scrutiny). It isn't strictly a First Amendment matter (which is why California is considering an additional law, if it were First Amendment any state level action would be pure symbolic handwaving); but it directly affects whether or not one's First Amendment rights will be of practical utility or not.
For mysterious reasons that will be 'explained' only by spokesweasels emitting word salad, this will become the Big Bad Scary antitrust issue of the day, while the rapid consolidation of physical network infrastructure (despite the radically higher barriers to entry) will quietly recede into the background.
Those are both true, it just seems that (in my admittedly unsystematic sample) underground sites also tend to rot pretty quickly, fast enough that you have to guarantee for maintenance unless you don't care about it leaking actively within 20-50 years, often rather less, and that the construction standards for most underground storage, short of Cheyenne Mountain type stuff, are minimally protective, a few meters of earth at most, open lagoons 'lined' with sheet plastic alarmingly common.
If you were serious about doing the job right, underground probably would be it (in that dry, geologically stable, location that they've been fighting over for decades now); it's just that such standards of underground storage seem never to actually happen, they add just enough dirt to keep you from getting a good look at the stuff inside and call it a day.
What are your standards for 'just fine'? Sure, even DSL beats the atavistic barbarisms of the backwoods; but the majority of 'civilization' scrapes by on overpriced and underimpressive cable offerings, or incrementally superior and equally spendy FIOS, with just a few pockets of anything better than that, unless you live inside a colo or something.
Why is it that, when faced with especially unpleasant materials, we always seem to end up burying them? That's the strategy that makes it hard to check for leaks, puts them close to groundwater, and makes it quite difficult to do any sort of repairs to the containment without heroic burrowing around, which is difficult and expensive at best, and liable to cause further damage at worst.
Shouldn't the really dreadful stuff be stored above ground, ideally with the ground floor left open to make detecting leaks a trivial matter? Are underground tanks just that much cheaper, or do we just feel that much better with everything neatly buried and out of sight, out of mind?
So I'll take it that it could be done, even with the apparatus one might have, not merely in principle; but that my intuitions drawn from macroscale dessication are basically 100% irrelevant to the scale of the problem here.
It doesn't help that The Last of Us (for reasons that probably have to do with being published by Sony Computer Entertainment; but may go further, I don't know) was 100% PS3 exclusive, and apparently not built with the expectation that portability would be a consideration.
There are plenty of ways (either through better software design that game development and release timelines probably don't allow) or through heavier use of licensed engines and middleware that do abstraction for you, at a cost in money and potentially quality, to improve portability; but you are less likely to use them if time is short and 'portable' isn't on the list of objectives.
Had this been a cross platform title, they presumably would have just thrown the PS3 version away and worked from pretty much anything else.
How difficult would it be to re-run the same procedure with fully dehydrated particles? Is this a 'just bake them under a modest vacuum for a bit' situation, or are these values of 'small' and 'adsorbed' the sort of thing where getting the water out would be a moderately heroic endeavor?
It's too common, perhaps even universal, a cognitive bias to describe it as insanity; but it's still unfortunate. One can only imagine the improvement if we put our resources where our desires actually suggest they should go, rather than where we feel that they need to be.
Especially curious because desire for tech toys is one of the major justifications for embarking on the major PITA that is a DIY security system...
Sure, if you work with expensive gear on the 'fancy jeweler' or 'datacenter' scale, that makes security part of your job, or at least something you have to actively outsource. At smaller scales, some off-the-shelf alarm system might pay for itself by making your insurance company happy and lowering your premiums.
Rolling your own, though, is unlikely to be a task that pays off. It can be useful if what you want are data, a few remote cameras are just the ticket for settling any nagging doubts about whether the neighbors are in fact feeding the cat; but you will probably be underwhelmed by the police response to your footage, and doing retrieval on your own is just asking to either get fucked up, or spend months in court (possibly) avoiding being convicted for whatever you did to the other guy.
We are less likely to be attacked on our own soil right now than we were at any point in the preceding two centuries. That likelihood hit a plateau in the 1970s. The World Trade Center collapse was a statistical anomaly.
It looks even worse if you consider mortality generally not just the (admittedly emotionally salient; but still just another way of dying) flavor caused by overt enemy action. Even if you entirely disregard the corrosive effects of having a wildly unaccountable intelligence apparatus, which are massive, the NSA's case is pretty tepid even in purely financial terms. If you want to allocate a given dollar to reducing American morbidity and mortality, or increasing American prosperity, you have a pretty strong list of contenders ahead of the various black budgets.
If you had as little to show for your handiwork as he did, and what you did have was as dire as it is, you'd be speaking as vaguely as possible as well...
The results that the NSA has achieved, apparently a hilarious variety of diplomatically touchy shenanigans extending throughout our alleged allies, are the ones that they just dig the hole deeper by talking about. They blew the pretense that they were playing defense for us and offense only against commie-nazi-fascists ages ago, so any talk about actual examples of competent work just makes them look creepy (and, unfortunately, they are pretty good at mass spying; but they apparently can't turn that into useful results, and their only plan is even more massive mass spying...)
In the area where they could earn back some PR karma, they basically have fuck all to show, only vague handwaving about how their surveillance could have been so super effective that it stopped attacks before they even became visible, even as it repelled elephants. Unfalsifiabile; but even less satisfying than the assorted 3rd-string idiots the FBI has managed to perp-walk after foiling some pitiful little scheme that they had to be coached through.
What the agency is good at are mostly things that they would just dig the hole deeper by talking about, and it's what they aren't good at that people would actually want to hear. So, we get vacuous nonsense.
They should be able to work the rest out from that.
Actually, you can't make such a generalized determination. Surely some of them will halt.
The ones that halt, you fire or reassign to the help desk. The number of halting systems tends to drop at that point. It's one of the poorly understood aspects of computability theory; but the empirical evidence is compelling.
Whether or not I happen to agree with the idea (and I don't really feel like getting bogged down in that argument) I'm extremely puzzled by one aspect of this 'right to be forgotten' concept:
If some piece of information is almost entirely held(at least for public purposes, the court probably isn't worried about the guy's neighbors' memory of the incident) by a single entity then the notion of compelling that entity to purge the data after some period of time is perfectly cogent. Just generic data-retention policy stuff.
However, especially outside of their own services, much of what Google 'knows' is just stuff it scraped from the web and put together in a useful way. Once Google scrapes something, and munches it down into their special-sauce search format, they do 'remember' it, in a sense; but they aren't the main remembering party, just a convenient avenue to that party. If a court orders them to purge a piece of such information, does that also mean that they aren't allowed to 're-learn' it when they next scrape the archives of a newspaper that covered the story, or a trial's documentation on PACER, or anything of that nature? Do they have to remember who they've forgotten, to ensure that they never learn about them again?
I can understand the motivation behind these 'right to be forgotten' measures, but they seem to miss an important point: not only do individual organizations have disturbingly long and comprehensive memories, there tend to be clusters of aggregators who get paid to make obscure data easier to find (same thing with the data brokers who send intern-peons to grovel through whatever physical records local law allows you to access by going to the dusty ass-end of the county court records division between the hours of 2 and 4:30 on Wednesdays, which nobody cared about until they suddenly became available easily and in bulk). Hell, any decent library (at least university style, probably not the local public kiddie branch) probably has archives of multiple newspapers, on nigh-unkillable microfilm, dating back to approximately their origin as newspapers.
What they really seem to want; but not have any cogent way of asking for, is not a right to be forgotten (if you noted that 'to do that, we'd basically have to redact every past printed publication, exactly like 1984', they'd protest that that isn't what they had in mind); but a right to not be aggregated and easily discoverable. That's a much more reasonable request in some ways (to demand that history be altered for your betterment is colossal arrogance; to ask that the top hit for your name not be the stupid and dramatic thing you did at age 17 30 years ago is something that used to be taken for granted); but architecturally it's harder: what was aggregated once can always be aggregated again.
"We actually think that mass surveillance is pretty neat. Just think of all the advances we've made just trying to protect Alice and Bob from Eve and Mallory... If we can extend surveillance to the entire human population, and the number of eavesdroppers to the hundreds of thousands, just think of the pace of cryptographic discovery!"
An arbitrarily long strip of tape, divided into sections on which there appear symbols drawn from some finite alphabet. They should be able to work the rest out from that.
There are a fair few military bases, dubiously sensible mines, and generic industrial sites; but California's Superfund site list has plenty of silicon notables. Santa Clara, in particular, would not be my choice for delicious well water.
Oh, there are definitely some very interesting voting system designs (mostly cryptographic flavors) out there, though I'm definitely not expert enough to say much of use about them. My point was merely that lots of the really obvious verification systems (the ones that don't need crypto-fu) tend to assume a that total or near-total knowledge of the system by trusted insiders is OK, and that there are (mostly) trusted insiders, worst case not-entirely-trusted-but-know-they-are-being-watched-and-we-know-where-they-live insiders.
With voting, total knowledge is almost always explicitly forbidden (even making it possible for 3rd parties to verify what an individual did in the polling booth is generally considered an issue) and insiders are barely trusted to transport sealed ballot boxes, much less refrain from drawing up death-lists based on who voted how. Doesn't make the problem impossible; but does eliminate most of the obvious direct borrows from banking and the like.
It doesn't help that voting is an inherently trickier problem: a lot of the easy and obvious ways of detecting tampering go out the window if you aren't supposed to be watching the behavior of the users in detail. You are also monitoring something that happens infrequently, for relatively high stakes, rather than something (like credit card transactions) that happens all the time, usually for relatively low stakes, which makes statistical detection of anomalies less useful. Cloning a mag-stripe card, or just getting the number, is trivial; but the bank can watch its behavior, freeze it if that behavior changes, and as long as they get it right fast enough and often enough, the cost of the fraud is probably lower than the cost of doing something more architecturally sensible.
I suspect that people would be...less pleased... if they received a call from the government "Your apparent voting patterns have shifted unusually recently, your ballot has been deactivated for security reasons until we complete the verification process...", and since elections are relatively rare, the freeze would almost never be fast enough,
"Numerous safeguards and failsafe mechanisms to detect attacks"
In practice, doesn't that end up being an ass-covering official equivalent to "We're pretty sure that Norton hasn't expired and we probably ran Windows Update pretty recently unless the junior admin was out that day" fairly frequently?
Why would allowing others to use the APIs, rather than keeping them super-secret as a rent extraction strategy, 'kill' their specialness?
Presumably the same management options as before will still exist, you'll just be able to use other software to actually set those options, should it please you. If the actual security of the management process depended on the APIs being secret than it was horribly broken long ago (reverse-engineering a proprietary system well enough to build a competing application is either superior or you can profitably sell for less is hard, especially if the vendor is willing to mess with you; reverse engineering just enough of it that basing its security on the assumption of its secrecy is substantially easier). If BES remains superior, you can still use it. If you don't elect to, your blackberries are now not nearly unmanageable bricks(and, hopefully, won't suffer the shit that is BIS...)
Maybe it does not, in fact, take one to know (about) one?
Also, since when exactly does Google do free security consulting for every last two-bit malware farm on the internet? They give you a handy warning in the course of assisting their users; but that's sort of the extent of it.
Slashdot Mirror
The First Amendment protects us from prosecution by the government. It doesn't protect us from civil matters with private companies. This Pérez guy should know that.
The distinction is not, in practice, as clear cut as that: Who sets the bounds of what can and cannot be contracted? The state. Who provides the force behind a contract if one party fails to comply? The state. Who decides what constitutes sufficiently informed and consensual 'agreement' for the purposes of contractual validity? The state.
It is true that a civil suit for breach of the no-saying-mean-things clause is not the same as the state passing a no-saying-mean-things law; but if the state permits contract law to drift in the direction of nigh-unavoidable contracts of adhesion with such clauses, they are effectively putting state force behind a very similar restriction, simply 'laundered' through third parties who independently; but predictably, enforce what amounts to the same restriction.
For all practical purposes, permitting and enforcing certain arrangments of contract law has the same effect as directly curtailing First Amendment rights(except that it's more likely to pass higher court scrutiny). It isn't strictly a First Amendment matter (which is why California is considering an additional law, if it were First Amendment any state level action would be pure symbolic handwaving); but it directly affects whether or not one's First Amendment rights will be of practical utility or not.
For mysterious reasons that will be 'explained' only by spokesweasels emitting word salad, this will become the Big Bad Scary antitrust issue of the day, while the rapid consolidation of physical network infrastructure (despite the radically higher barriers to entry) will quietly recede into the background.
Those are both true, it just seems that (in my admittedly unsystematic sample) underground sites also tend to rot pretty quickly, fast enough that you have to guarantee for maintenance unless you don't care about it leaking actively within 20-50 years, often rather less, and that the construction standards for most underground storage, short of Cheyenne Mountain type stuff, are minimally protective, a few meters of earth at most, open lagoons 'lined' with sheet plastic alarmingly common.
If you were serious about doing the job right, underground probably would be it (in that dry, geologically stable, location that they've been fighting over for decades now); it's just that such standards of underground storage seem never to actually happen, they add just enough dirt to keep you from getting a good look at the stuff inside and call it a day.
What are your standards for 'just fine'? Sure, even DSL beats the atavistic barbarisms of the backwoods; but the majority of 'civilization' scrapes by on overpriced and underimpressive cable offerings, or incrementally superior and equally spendy FIOS, with just a few pockets of anything better than that, unless you live inside a colo or something.
Why is it that, when faced with especially unpleasant materials, we always seem to end up burying them? That's the strategy that makes it hard to check for leaks, puts them close to groundwater, and makes it quite difficult to do any sort of repairs to the containment without heroic burrowing around, which is difficult and expensive at best, and liable to cause further damage at worst.
Shouldn't the really dreadful stuff be stored above ground, ideally with the ground floor left open to make detecting leaks a trivial matter? Are underground tanks just that much cheaper, or do we just feel that much better with everything neatly buried and out of sight, out of mind?
So I'll take it that it could be done, even with the apparatus one might have, not merely in principle; but that my intuitions drawn from macroscale dessication are basically 100% irrelevant to the scale of the problem here.
It doesn't help that The Last of Us (for reasons that probably have to do with being published by Sony Computer Entertainment; but may go further, I don't know) was 100% PS3 exclusive, and apparently not built with the expectation that portability would be a consideration.
There are plenty of ways (either through better software design that game development and release timelines probably don't allow) or through heavier use of licensed engines and middleware that do abstraction for you, at a cost in money and potentially quality, to improve portability; but you are less likely to use them if time is short and 'portable' isn't on the list of objectives.
Had this been a cross platform title, they presumably would have just thrown the PS3 version away and worked from pretty much anything else.
How difficult would it be to re-run the same procedure with fully dehydrated particles? Is this a 'just bake them under a modest vacuum for a bit' situation, or are these values of 'small' and 'adsorbed' the sort of thing where getting the water out would be a moderately heroic endeavor?
The poster meant what could possibly go wrong for the rest of the population.
Oh, in that case, zombieism and ideopathic super-AIDS.
The neat thing about terminal cancer patients is that the answer is "Not much that would be worse than the alternative."
It's...very liberating.
It's too common, perhaps even universal, a cognitive bias to describe it as insanity; but it's still unfortunate. One can only imagine the improvement if we put our resources where our desires actually suggest they should go, rather than where we feel that they need to be.
Especially curious because desire for tech toys is one of the major justifications for embarking on the major PITA that is a DIY security system...
Sure, if you work with expensive gear on the 'fancy jeweler' or 'datacenter' scale, that makes security part of your job, or at least something you have to actively outsource. At smaller scales, some off-the-shelf alarm system might pay for itself by making your insurance company happy and lowering your premiums.
Rolling your own, though, is unlikely to be a task that pays off. It can be useful if what you want are data, a few remote cameras are just the ticket for settling any nagging doubts about whether the neighbors are in fact feeding the cat; but you will probably be underwhelmed by the police response to your footage, and doing retrieval on your own is just asking to either get fucked up, or spend months in court (possibly) avoiding being convicted for whatever you did to the other guy.
We are less likely to be attacked on our own soil right now than we were at any point in the preceding two centuries. That likelihood hit a plateau in the 1970s. The World Trade Center collapse was a statistical anomaly.
It looks even worse if you consider mortality generally not just the (admittedly emotionally salient; but still just another way of dying) flavor caused by overt enemy action. Even if you entirely disregard the corrosive effects of having a wildly unaccountable intelligence apparatus, which are massive, the NSA's case is pretty tepid even in purely financial terms. If you want to allocate a given dollar to reducing American morbidity and mortality, or increasing American prosperity, you have a pretty strong list of contenders ahead of the various black budgets.
If you had as little to show for your handiwork as he did, and what you did have was as dire as it is, you'd be speaking as vaguely as possible as well...
The results that the NSA has achieved, apparently a hilarious variety of diplomatically touchy shenanigans extending throughout our alleged allies, are the ones that they just dig the hole deeper by talking about. They blew the pretense that they were playing defense for us and offense only against commie-nazi-fascists ages ago, so any talk about actual examples of competent work just makes them look creepy (and, unfortunately, they are pretty good at mass spying; but they apparently can't turn that into useful results, and their only plan is even more massive mass spying...)
In the area where they could earn back some PR karma, they basically have fuck all to show, only vague handwaving about how their surveillance could have been so super effective that it stopped attacks before they even became visible, even as it repelled elephants. Unfalsifiabile; but even less satisfying than the assorted 3rd-string idiots the FBI has managed to perp-walk after foiling some pitiful little scheme that they had to be coached through.
What the agency is good at are mostly things that they would just dig the hole deeper by talking about, and it's what they aren't good at that people would actually want to hear. So, we get vacuous nonsense.
They should be able to work the rest out from that.
Actually, you can't make such a generalized determination. Surely some of them will halt.
The ones that halt, you fire or reassign to the help desk. The number of halting systems tends to drop at that point. It's one of the poorly understood aspects of computability theory; but the empirical evidence is compelling.
Whether or not I happen to agree with the idea (and I don't really feel like getting bogged down in that argument) I'm extremely puzzled by one aspect of this 'right to be forgotten' concept:
If some piece of information is almost entirely held(at least for public purposes, the court probably isn't worried about the guy's neighbors' memory of the incident) by a single entity then the notion of compelling that entity to purge the data after some period of time is perfectly cogent. Just generic data-retention policy stuff.
However, especially outside of their own services, much of what Google 'knows' is just stuff it scraped from the web and put together in a useful way. Once Google scrapes something, and munches it down into their special-sauce search format, they do 'remember' it, in a sense; but they aren't the main remembering party, just a convenient avenue to that party. If a court orders them to purge a piece of such information, does that also mean that they aren't allowed to 're-learn' it when they next scrape the archives of a newspaper that covered the story, or a trial's documentation on PACER, or anything of that nature? Do they have to remember who they've forgotten, to ensure that they never learn about them again?
I can understand the motivation behind these 'right to be forgotten' measures, but they seem to miss an important point: not only do individual organizations have disturbingly long and comprehensive memories, there tend to be clusters of aggregators who get paid to make obscure data easier to find (same thing with the data brokers who send intern-peons to grovel through whatever physical records local law allows you to access by going to the dusty ass-end of the county court records division between the hours of 2 and 4:30 on Wednesdays, which nobody cared about until they suddenly became available easily and in bulk). Hell, any decent library (at least university style, probably not the local public kiddie branch) probably has archives of multiple newspapers, on nigh-unkillable microfilm, dating back to approximately their origin as newspapers.
What they really seem to want; but not have any cogent way of asking for, is not a right to be forgotten (if you noted that 'to do that, we'd basically have to redact every past printed publication, exactly like 1984', they'd protest that that isn't what they had in mind); but a right to not be aggregated and easily discoverable. That's a much more reasonable request in some ways (to demand that history be altered for your betterment is colossal arrogance; to ask that the top hit for your name not be the stupid and dramatic thing you did at age 17 30 years ago is something that used to be taken for granted); but architecturally it's harder: what was aggregated once can always be aggregated again.
"We actually think that mass surveillance is pretty neat. Just think of all the advances we've made just trying to protect Alice and Bob from Eve and Mallory... If we can extend surveillance to the entire human population, and the number of eavesdroppers to the hundreds of thousands, just think of the pace of cryptographic discovery!"
An arbitrarily long strip of tape, divided into sections on which there appear symbols drawn from some finite alphabet. They should be able to work the rest out from that.
There are a fair few military bases, dubiously sensible mines, and generic industrial sites; but California's Superfund site list has plenty of silicon notables. Santa Clara, in particular, would not be my choice for delicious well water.
Oh, there are definitely some very interesting voting system designs (mostly cryptographic flavors) out there, though I'm definitely not expert enough to say much of use about them. My point was merely that lots of the really obvious verification systems (the ones that don't need crypto-fu) tend to assume a that total or near-total knowledge of the system by trusted insiders is OK, and that there are (mostly) trusted insiders, worst case not-entirely-trusted-but-know-they-are-being-watched-and-we-know-where-they-live insiders.
With voting, total knowledge is almost always explicitly forbidden (even making it possible for 3rd parties to verify what an individual did in the polling booth is generally considered an issue) and insiders are barely trusted to transport sealed ballot boxes, much less refrain from drawing up death-lists based on who voted how. Doesn't make the problem impossible; but does eliminate most of the obvious direct borrows from banking and the like.
It doesn't help that voting is an inherently trickier problem: a lot of the easy and obvious ways of detecting tampering go out the window if you aren't supposed to be watching the behavior of the users in detail. You are also monitoring something that happens infrequently, for relatively high stakes, rather than something (like credit card transactions) that happens all the time, usually for relatively low stakes, which makes statistical detection of anomalies less useful. Cloning a mag-stripe card, or just getting the number, is trivial; but the bank can watch its behavior, freeze it if that behavior changes, and as long as they get it right fast enough and often enough, the cost of the fraud is probably lower than the cost of doing something more architecturally sensible.
I suspect that people would be...less pleased... if they received a call from the government "Your apparent voting patterns have shifted unusually recently, your ballot has been deactivated for security reasons until we complete the verification process...", and since elections are relatively rare, the freeze would almost never be fast enough,
Installation of blackhats as society's new ruling class would count as a 'transformation' of democracy, I suppose...
"Numerous safeguards and failsafe mechanisms to detect attacks"
In practice, doesn't that end up being an ass-covering official equivalent to "We're pretty sure that Norton hasn't expired and we probably ran Windows Update pretty recently unless the junior admin was out that day" fairly frequently?
Why would allowing others to use the APIs, rather than keeping them super-secret as a rent extraction strategy, 'kill' their specialness?
Presumably the same management options as before will still exist, you'll just be able to use other software to actually set those options, should it please you. If the actual security of the management process depended on the APIs being secret than it was horribly broken long ago (reverse-engineering a proprietary system well enough to build a competing application is either superior or you can profitably sell for less is hard, especially if the vendor is willing to mess with you; reverse engineering just enough of it that basing its security on the assumption of its secrecy is substantially easier). If BES remains superior, you can still use it. If you don't elect to, your blackberries are now not nearly unmanageable bricks(and, hopefully, won't suffer the shit that is BIS...)
Maybe it does not, in fact, take one to know (about) one?
Also, since when exactly does Google do free security consulting for every last two-bit malware farm on the internet? They give you a handy warning in the course of assisting their users; but that's sort of the extent of it.