In actual fact they differ on rather a lot, most importantly the issue of whether Congress should perform oversight of the executive or simply rubber stamp their demands.
Sure, because one party controls both the executive and congress. Obviously the minority party wants to challenge their (admittedly dangerous) uncontested power. If the roles were reversed the exact opposite would apply, it happens all the time.
I'll give you an example, 10 years ago (as you well know), Clinton & Gore were heavily pushing the Clipper initiative as an effective means of domestic spying. In a true example of how messed up this world is, one of the most outspoken opponents (on the grounds of privacy, liberty, and freedom from government spying) was none other than John Ashcroft. The party in power picks the issues, the minority party takes the contrary position. Whoever is not in the Whitehouse at the moment will always be against executive power.
This is rather important if you as a US soldier sent to Iraq in insufficient force, lacking essential equipment and having your efforts sabotaged by a civilian leadership whose incompetence is only matched by their mendacity.
Touche, but I find it hard to believe the Democrats would do any better (they had their chance to fix Vietnam and failed to do so as well).
They might not (in fact probably would not) have gone in to begin with, but right now I do not know they would make the situation any better. It seems withdraw is their M.O., and frankly the only thing that would fix this is go in with force and really take control. Sadly this would still be a poor outcome compared to not going in to begin with, but withdrawing now would leave the remaining troops (and Iraq as a whole) in even worse shape.
This is the first US administration to have embraced torture.
Oh I am sure others have privately, this is certainly the first to express public pride in it though.
I also distinguish between the Republicans and Bush's cabal. The Republicans are Democrats are not all that different. Bush and Co. are often at odds with Republicans (who are too spineless to stand up for the most part), and so far from Republicans ideals that they might as well go off and found a new Insane Party or somesuch.
Hmm, your home page shows a series of animated cartoons and games.
I'm flattered, but I did not create homestarrunner.
In contrast I am a pretty well known security specialist and specialize in methods of stopping phishing. If you were active in the area you would know me.
I do, you work for Verisign, and I have your blog in my rss feeds. We met and spoke a bit at the First Annual PKI R&D workshop at NIST, but I am not that memorable or really important in the industry (despite having a lower slashdot number than you). I might be going this year as well (missed the last two) so if I do, and you are there I'll buy you a drink at the hotel.
You don't know me, I used to work with SAML, XACML, federated identity management and that sort of thing. Anymore I just do consulting for Oracle's Identity Management software.
Security is the process of risk management. The law represents a significant area of risk. In this case it is an unnecessary and counter-productive risk.
If people rely on my argument and I am wrong they have lost very little. If people rely on your argument and you are wrong you have lost little, they end up in jail.
I think you are placing way to much importance on my comments on slashdot. I'm not advising anyone of anything, just pointing out that what this guy did is not legal equivalent to trying to pass off counterfeit money, and really would not be prosecuted the same way (if at all). I would also make the argument that anyone taking legal advice from someone who thought "finkployd" was a clever nick name probably belongs in jail.
No, intent is absolutely not required here. There are several possible strict liability offenses here. For example possession of a device for creating fake credit cards is a strict liability offense, no intent required. Possession of a stolen access device (stolen credit card numbers, logins etc) is strict liability.
Those are excellent examples that are in fact illegal, under certain circumstances. Read up on US Code - Title 18, Part I, Chapter 47, 1029, you will find lots of wording to the effect of "intent to defraud" used as conditions. For some reason you will also find a stipulation that having 15 or more is illegal. I would love to know the rational behind that specific number.
You will not find that it applies to airline tickets, at least not specifically. Obviously attempting to pass one off would count as some kind of theft or fraud though.
Congress has made similar acts illegal in the past they will undoubtedly make this illegal in the near future.
You hit the nail on the head here. Their response will likely be to declare this very act illegal. I assume this because it would be the most effective way to grandstand and pretend to address the issue without doing anything meaningful. I do not think they would go as far as making it retroactively illegal and charge this guy under the new law. As for existing law, I am not a lawyer but I can read. It seems pretty clear that (1) intent is an issue with possession of counterfeiting devices, and (2) counter fitting devices do not include airplane ticket machines unless you REALLY stretch the existing terminology in the law.
Having said that I will concede that a relevant question would be if case law ever established a precedent that boarding passes qualify under (E)(1) of the above mentioned law. Still seems a stretch to me since you could make a similar argument that anything that could be possibly traded for some value or service qualifies.
I am not a lawyer but I deal with Internet crime issues, law enforcement, prosecutors on a regular basis.
As do I, you have absolutely no idea who I am in real life and assumptions are unwarranted. Granted "successfully prosecuted" would have been a better term, since you can pretty much be prosecuted for anything as long as a judge can be found to go along with it.
You are completely sidestepping the question of intent, but more important is the question of use. You are free to print up all the flight tickets and Amex travellers cheques you desire. The illegal action is attempting to pass them off as real. Again, US currency is a different story. Don't even talk about printing them, the secret service takes it very seriously.
In this case we have a person who provided a php script to aid in the manufacture of forged plane tickets. This is completely outside of the realm of currency and into the area of homeland security (which is the only reason it is getting notice). In this case, the person's intent (which is clearly to raise awareness of major flaws in the system, not to blackmarket tickets to terrorists) would come into play. Obviously they may try to prosecute him, but any defense attorney with half a brain would shoot down the "terrorist" accusation. You also have to look into the political aspect of this. Clearly the feds are a bit pissed at him for pointing out major weaknesses in the air traffic system that they have spent billions trying to convince the public is secure (without actually doing anything meaningful or even competent to actually secure it). However, do you really think they would want to draw even more attention to this by going after him? The website will likely get shut down (if not already, I haven't checked) but I highly doubt he will face prosecution. Frankly, they actually want to pretend they care (or know anything) about security, thanking him would be in order. As I said elsewhere though, the emperor generally does not like his nudity pointed out. And as I am sure you well know, the law enforcement community does not like some of the more absurd aspects of what they do thrown in their face, so I'm sure there will be some saber rattling.
No, you can be prosecuted for attempting to pass these off as real, but not just printing them (well, in the case of money that may not be true). Obviously, this guy was not encouraging people to print them and break the law and threaten national security, he was attempting to make a point about how silly our pseudo-security efforts regarding airlines are. In the collective mind of the federal government, educating the public just how ineffective most security measures are is probably the more more dangerous scenario though.
Clearly you do not understand that we are at war. Anything that the Whitehouse defines as terrorism related or critical to our war effort is off limits to your constitutional whining. to suggest otherwise indicates that you clearly need some waterboarding, you filthy enemy combatant.
The emperor generally does not like having his nudity pointed out. Many in government know they are bit players in a pointless security theater, but react violently when told that. I suppose they like to feel that what they do is important and useful (read TSA agents, pretty much the entire DHS, etc). After all, how would you like it if your entire job consisted of going through a dance routine designed to make the clueless public feel as though the government is doing something to keep them safe?
I suppose Congress is a bit different, I have no problem believing most of the genuinely are clueless and believe wholeheartedly that keeping lighters, tweezers, and bottles of water off airlines is critical to our national security. That also seem to really believe that torture and massive surveillance is an effective way to combat terrorism, further displaying a total lack if understanding. The Republicans (at least those loyal to the Whitehouse) are in a unique position where they have to pretend all of this fluff is important, but somehow selling the ports to Middle East companies, looking the other way on illegal aliens, and ignoring Bin Laden to focus on the mess we created in Iraq are perfectly acceptable.
in theory, if you try to contest the charge they have the option to pull up that signature and compare it to your real one. in actuality they never do that (unless the contested charge happens at a place you frequent and they really think it was you).
I suppose the real answer (just like pretty much everything TSA and homeland security related) is that it does nothing really, but makes people think that something is being done in the name of security. I imagine some focus study was done which showed that people feel better about signing something and imagining that it is part of a magical security system that ensures nobody else uses their card.
Anything over $50 you are not liable for under US law (and most credit card companies waive that in the event of fraud). The signature is not an authentication step, it is you saying you agree to the credit card payment terms and amount of money being credited. The credit card companies have long since decided it is more cost effective to eat any fraud themselves than set up some kind of proper authentication system (of which comparing signatures is not). Maybe someday that will change, but for now credit card companies (and Americans in general) prefer convenience, simplicity and quickness over proper authentication, security, and validation. Witness how easy it is to get a same day loan over the net...
You honestly think a minimum wage counter jockey at the 7/11 is going to perform a proper signature analysis on your credit card slip? Why would they check your signature? They are in no position to validate it against the one on the card anyway. The only reason you sign it is so that there is a record in case you contest the charge later. It gives the CC company a way to try to prove you DID buy something.
The really ironic thing is that living paper trail free probably attracts their attention even more. "Hey, this guy does not have a checking account an credit cards like all other Amercians, he is trying to hide something"
Everytime I see that quote, I picture Dubya, can of Coors in one hand, heavy metal horns upraised in other, rocking out to The Who...
I would vote for ANY presidental candidate who does this. If only because it really does not matter so much which of the two gets into power anymore, it really ought to be the one who don't NEED no instructions on how to rock.
Cardinal Richelieu was stating that he could basically manufacture evidence, but you can't really contend that the US is doing that.
I do not have the security clearence to know what the US is doing. Neither do the courts and most of Congress. They are not answerable.
The US held 425,000 enemy prisoners inside its borders during WW2 under the terms of the Geneva Conventions. Where exactly are the almost half million trial records that you must think exist?
I know they don't exist, and such action was despicable. Like most of what is going on now, it is the frantic effots of people with little to no clue regarding security struggling to do something, ANYTHING that might be perceived be the public as "making us safer".
For the same reason the do no fly list has thousands of names of dead people, common names with no other identifiers, and people who are otherwise clearly not a threat (although it has been confirmed that actual terror suspects are not on the list because the CIA feels it is to widely distributed and could get into the wrong hands).
because that is not what the Law of War requires. We are at war with Al Qaeda and its associates, and no, it doesn't take a ritual formal Declaration of War
We are also at war on drugs, carbs, and mildew (all of which kill more Americans yearly than terrorists btw).
Since I think we can safely assume that we will never NOT be at war with terrorists, why screw with the whole consitution thing anyway? We as a country have placed total trust in the executive branch to identify terrorists (since they are the only people who show up on the do not fly list, get wiretapped, and get sent to gitmo), and they have shown time and again they deserve that trust having never once made a mistake. The checks and ballances thing, the court oversight thing, all those "innocent until proven guilty" issues are for little internal US matters. When it comes to terrorists, we need streamlined and secret procedures to keep us all safe. Anyone the executive branch considers a terrorist is a terrorist, and I sure do not want to mistaken for a terrorist sympathizer, so I will not at ALL question the ability of a few people at the top of the government to identity terrorists with 100% accuracy and 0 false positives.
Also, Iraq had WMDs, Terri Schiavo was just about to make a full recovery, Foley was just joking around, and Vista is so much more than just XP with pretty graphics and DRM.
Slashdot Mirror
Phil -
:)
Will you be at the APWG meeting on 14-15 Nov? If so, I'll buy you a beer - I liked your response.
(This is Ian from CMU, we met at the APWG meeting Nov 05 and also at the W3C meeting in NYC back in March.)
Maybe we should all just discuss this over beer. I am down the road a bit from you (North Hills area)
Finkployd
The current White House is out there defending this country (and others) against terrorists.
According to Pentagon and intelligence agency reports, they are succeeding primarily in making new ones.
Finkployd
I honesty do not know how to make that comment any more "tongue-in-cheek". I thought calling for "waterboarding" would have done it, but nope.
It was a joke, it was silly, laugh.
Finkployd
In actual fact they differ on rather a lot, most importantly the issue of whether Congress should perform oversight of the executive or simply rubber stamp their demands.
Sure, because one party controls both the executive and congress. Obviously the minority party wants to challenge their (admittedly dangerous) uncontested power. If the roles were reversed the exact opposite would apply, it happens all the time.
I'll give you an example, 10 years ago (as you well know), Clinton & Gore were heavily pushing the Clipper initiative as an effective means of domestic spying. In a true example of how messed up this world is, one of the most outspoken opponents (on the grounds of privacy, liberty, and freedom from government spying) was none other than John Ashcroft. The party in power picks the issues, the minority party takes the contrary position. Whoever is not in the Whitehouse at the moment will always be against executive power.
This is rather important if you as a US soldier sent to Iraq in insufficient force, lacking essential equipment and having your efforts sabotaged by a civilian leadership whose incompetence is only matched by their mendacity.
Touche, but I find it hard to believe the Democrats would do any better (they had their chance to fix Vietnam and failed to do so as well).
They might not (in fact probably would not) have gone in to begin with, but right now I do not know they would make the situation any better. It seems withdraw is their M.O., and frankly the only thing that would fix this is go in with force and really take control. Sadly this would still be a poor outcome compared to not going in to begin with, but withdrawing now would leave the remaining troops (and Iraq as a whole) in even worse shape.
This is the first US administration to have embraced torture.
Oh I am sure others have privately, this is certainly the first to express public pride in it though.
I also distinguish between the Republicans and Bush's cabal. The Republicans are Democrats are not all that different. Bush and Co. are often at odds with Republicans (who are too spineless to stand up for the most part), and so far from Republicans ideals that they might as well go off and found a new Insane Party or somesuch.
Finkployd
Hmm, your home page shows a series of animated cartoons and games.
u sc_sec_18_00001029----000-.html
I'm flattered, but I did not create homestarrunner.
In contrast I am a pretty well known security specialist and specialize in methods of stopping phishing. If you were active in the area you would know me.
I do, you work for Verisign, and I have your blog in my rss feeds. We met and spoke a bit at the First Annual PKI R&D workshop at NIST, but I am not that memorable or really important in the industry (despite having a lower slashdot number than you). I might be going this year as well (missed the last two) so if I do, and you are there I'll buy you a drink at the hotel.
You don't know me, I used to work with SAML, XACML, federated identity management and that sort of thing. Anymore I just do consulting for Oracle's Identity Management software.
Security is the process of risk management. The law represents a significant area of risk. In this case it is an unnecessary and counter-productive risk.
If people rely on my argument and I am wrong they have lost very little. If people rely on your argument and you are wrong you have lost little, they end up in jail.
I think you are placing way to much importance on my comments on slashdot. I'm not advising anyone of anything, just pointing out that what this guy did is not legal equivalent to trying to pass off counterfeit money, and really would not be prosecuted the same way (if at all). I would also make the argument that anyone taking legal advice from someone who thought "finkployd" was a clever nick name probably belongs in jail.
No, intent is absolutely not required here. There are several possible strict liability offenses here. For example possession of a device for creating fake credit cards is a strict liability offense, no intent required. Possession of a stolen access device (stolen credit card numbers, logins etc) is strict liability.
Those are excellent examples that are in fact illegal, under certain circumstances. Read up on US Code - Title 18, Part I, Chapter 47, 1029, you will find lots of wording to the effect of "intent to defraud" used as conditions. For some reason you will also find a stipulation that having 15 or more is illegal. I would love to know the rational behind that specific number.
You will not find that it applies to airline tickets, at least not specifically. Obviously attempting to pass one off would count as some kind of theft or fraud though.
I goggled for you:
http://www4.law.cornell.edu/uscode/html/uscode18/
Congress has made similar acts illegal in the past they will undoubtedly make this illegal in the near future.
You hit the nail on the head here. Their response will likely be to declare this very act illegal. I assume this because it would be the most effective way to grandstand and pretend to address the issue without doing anything meaningful. I do not think they would go as far as making it retroactively illegal and charge this guy under the new law. As for existing law, I am not a lawyer but I can read. It seems pretty clear that (1) intent is an issue with possession of counterfeiting devices, and (2) counter fitting devices do not include airplane ticket machines unless you REALLY stretch the existing terminology in the law.
Having said that I will concede that a relevant question would be if case law ever established a precedent that boarding passes qualify under (E)(1) of the above mentioned law. Still seems a stretch to me since you could make a similar argument that anything that could be possibly traded for some value or service qualifies.
Finkployd
I am no fan of the Iraq war (or any war on abstract concepts), but this is not the simple black and white issue many try to make it. Some fun reading: http://en.wikipedia.org/wiki/Declaration_of_war_by _the_United_States
Finkployd
It is being reported today that he has been visited by the FBI and the site is down. . The FBI will only confirm that he has not been arrested.
I am not a lawyer but I deal with Internet crime issues, law enforcement, prosecutors on a regular basis.
As do I, you have absolutely no idea who I am in real life and assumptions are unwarranted. Granted "successfully prosecuted" would have been a better term, since you can pretty much be prosecuted for anything as long as a judge can be found to go along with it.
You are completely sidestepping the question of intent, but more important is the question of use. You are free to print up all the flight tickets and Amex travellers cheques you desire. The illegal action is attempting to pass them off as real. Again, US currency is a different story. Don't even talk about printing them, the secret service takes it very seriously.
In this case we have a person who provided a php script to aid in the manufacture of forged plane tickets. This is completely outside of the realm of currency and into the area of homeland security (which is the only reason it is getting notice). In this case, the person's intent (which is clearly to raise awareness of major flaws in the system, not to blackmarket tickets to terrorists) would come into play. Obviously they may try to prosecute him, but any defense attorney with half a brain would shoot down the "terrorist" accusation. You also have to look into the political aspect of this. Clearly the feds are a bit pissed at him for pointing out major weaknesses in the air traffic system that they have spent billions trying to convince the public is secure (without actually doing anything meaningful or even competent to actually secure it). However, do you really think they would want to draw even more attention to this by going after him? The website will likely get shut down (if not already, I haven't checked) but I highly doubt he will face prosecution. Frankly, they actually want to pretend they care (or know anything) about security, thanking him would be in order. As I said elsewhere though, the emperor generally does not like his nudity pointed out. And as I am sure you well know, the law enforcement community does not like some of the more absurd aspects of what they do thrown in their face, so I'm sure there will be some saber rattling.
Finkployd
Seriously why? It really makes no difference. They differ on abortion, gay marriage, and gun control, that is about it.
Finkployd
No, you can be prosecuted for attempting to pass these off as real, but not just printing them (well, in the case of money that may not be true). Obviously, this guy was not encouraging people to print them and break the law and threaten national security, he was attempting to make a point about how silly our pseudo-security efforts regarding airlines are. In the collective mind of the federal government, educating the public just how ineffective most security measures are is probably the more more dangerous scenario though.
Finkployd
Clearly you do not understand that we are at war. Anything that the Whitehouse defines as terrorism related or critical to our war effort is off limits to your constitutional whining. to suggest otherwise indicates that you clearly need some waterboarding, you filthy enemy combatant.
Finkployd
The emperor generally does not like having his nudity pointed out. Many in government know they are bit players in a pointless security theater, but react violently when told that. I suppose they like to feel that what they do is important and useful (read TSA agents, pretty much the entire DHS, etc). After all, how would you like it if your entire job consisted of going through a dance routine designed to make the clueless public feel as though the government is doing something to keep them safe?
I suppose Congress is a bit different, I have no problem believing most of the genuinely are clueless and believe wholeheartedly that keeping lighters, tweezers, and bottles of water off airlines is critical to our national security. That also seem to really believe that torture and massive surveillance is an effective way to combat terrorism, further displaying a total lack if understanding. The Republicans (at least those loyal to the Whitehouse) are in a unique position where they have to pretend all of this fluff is important, but somehow selling the ports to Middle East companies, looking the other way on illegal aliens, and ignoring Bin Laden to focus on the mess we created in Iraq are perfectly acceptable.
Finkployd
I don't know, I have played around with it a lot and to me it seems like SecondLife v0.0.1
Finkployd
Any colour you like
Finkployd
in theory, if you try to contest the charge they have the option to pull up that signature and compare it to your real one. in actuality they never do that (unless the contested charge happens at a place you frequent and they really think it was you).
I suppose the real answer (just like pretty much everything TSA and homeland security related) is that it does nothing really, but makes people think that something is being done in the name of security. I imagine some focus study was done which showed that people feel better about signing something and imagining that it is part of a magical security system that ensures nobody else uses their card.
Finkployd
Anything over $50 you are not liable for under US law (and most credit card companies waive that in the event of fraud). The signature is not an authentication step, it is you saying you agree to the credit card payment terms and amount of money being credited. The credit card companies have long since decided it is more cost effective to eat any fraud themselves than set up some kind of proper authentication system (of which comparing signatures is not). Maybe someday that will change, but for now credit card companies (and Americans in general) prefer convenience, simplicity and quickness over proper authentication, security, and validation. Witness how easy it is to get a same day loan over the net...
Finkployd
You honestly think a minimum wage counter jockey at the 7/11 is going to perform a proper signature analysis on your credit card slip? Why would they check your signature? They are in no position to validate it against the one on the card anyway. The only reason you sign it is so that there is a record in case you contest the charge later. It gives the CC company a way to try to prove you DID buy something.
Finkployd
I was going for an obscure aqua teen hunger force reference, but you took it to a whole new level. Zing! :)
Finkployd
The really ironic thing is that living paper trail free probably attracts their attention even more. "Hey, this guy does not have a checking account an credit cards like all other Amercians, he is trying to hide something"
Finkployd
Everytime I see that quote, I picture Dubya, can of Coors in one hand, heavy metal horns upraised in other, rocking out to The Who...
I would vote for ANY presidental candidate who does this. If only because it really does not matter so much which of the two gets into power anymore, it really ought to be the one who don't NEED no instructions on how to rock.
Finkployd
Cardinal Richelieu was stating that he could basically manufacture evidence, but you can't really contend that the US is doing that.
I do not have the security clearence to know what the US is doing. Neither do the courts and most of Congress. They are not answerable.
The US held 425,000 enemy prisoners inside its borders during WW2 under the terms of the Geneva Conventions. Where exactly are the almost half million trial records that you must think exist?
I know they don't exist, and such action was despicable. Like most of what is going on now, it is the frantic effots of people with little to no clue regarding security struggling to do something, ANYTHING that might be perceived be the public as "making us safer".
For the same reason the do no fly list has thousands of names of dead people, common names with no other identifiers, and people who are otherwise clearly not a threat (although it has been confirmed that actual terror suspects are not on the list because the CIA feels it is to widely distributed and could get into the wrong hands).
because that is not what the Law of War requires. We are at war with Al Qaeda and its associates, and no, it doesn't take a ritual formal Declaration of War
We are also at war on drugs, carbs, and mildew (all of which kill more Americans yearly than terrorists btw).
Since I think we can safely assume that we will never NOT be at war with terrorists, why screw with the whole consitution thing anyway? We as a country have placed total trust in the executive branch to identify terrorists (since they are the only people who show up on the do not fly list, get wiretapped, and get sent to gitmo), and they have shown time and again they deserve that trust having never once made a mistake. The checks and ballances thing, the court oversight thing, all those "innocent until proven guilty" issues are for little internal US matters. When it comes to terrorists, we need streamlined and secret procedures to keep us all safe. Anyone the executive branch considers a terrorist is a terrorist, and I sure do not want to mistaken for a terrorist sympathizer, so I will not at ALL question the ability of a few people at the top of the government to identity terrorists with 100% accuracy and 0 false positives.
Finkployd
I.....I don't know what to say.
Finkployd
LIES!
Also, Iraq had WMDs, Terri Schiavo was just about to make a full recovery, Foley was just joking around, and Vista is so much more than just XP with pretty graphics and DRM.
Finkployd
Is it just me or has Gartner become a shill for certain companies that would like to see Apple and Linux fail?
Become? The US middle east intelligence folks have a better track record than Gartner for crying out loud.
Finkployd
If Apple allows independent licensees at all, it should be a Japanese company line Sony or Panasonic. Even then there are many dangers.
The dangers are quite real too, if you consider Sony's steller track record with battery design and quality control.
Finkployd