I just read a great essay (PDF format) by Phillip Rogaway which strongly argues exactly that we need to develop new kinds of cryptography which are aimed squarely at making mass surveillance impossible. Once mass surveillance has been shut down completely, then maybe we can talk about ways for law enforcement to "work around" encryption in very limited and controlled ways[1]. But as long as mass surveillance is feasible, this is a complete non-starter, because any mechanism for bypassing cryptographic security will be used to increase the penetration of mass surveillance. And at this point I don't think we can settle for purely political means of shutting down mass surveillance. Political restrictions on surveillance are necessary, but not sufficient. We also need technology that makes it difficult and expensive, because if it's cheap and easy it can always be done on the sly.
[1] Once mass surveillance is out of the way, then we can talk about "workarounds". But it's crucial that the workarounds not compromise the security of the result. At present, I don't think we have any cryptographic technology that enables controlled, limited access without compromising security in normal operation. Further, I don't think any such technology is possible. But until mass surveillance is shut down we can't even discuss it.
Agreed on the "Troll". As for whether my statement is "optimistic", read Google's privacy disclosure. Unless you think Google is willing to take the risk of flat out lying, that's that. Lying to customers is pretty risky for public corporations, and dramatically more so when the corporation in question is already working under an FTC consent decree regarding the exact topic, and subject to regular audits by the FTC.
FWIW, as an employee, with a much better view than the public, I see absolutely no evidence of any dissembling, or even any wish to dissemble about privacy within Google.
Nope, that suffix should not be added. What I said is just what Google's own public privacy policies state. And given that Google is already being audited regularly by the FTC for potential privacy violations (pursuant to the 20-year consent decree that came out of the Buzz investigation), people at Google would have to be really stupid to blatantly fail to comply with those public statements.
Or to spell it out for the dense, the idea that a company as large as Google can't have it's security infiltrated and defeated by the CIA and NSA is a hoot.
No one made that claim. I certainly wouldn't. And we were talking about "direct access", not full-on espionage. No organization is secure against that.
I design and build security systems at Google. These days I work on Android, but before that I worked on Google's internal security systems. And before that I was a security consultant for 15 years, working with banks, government agencies, even military organizations. So, I have some context when I say: Google's internal security is really excellent, with deeply layered interlocking defenses, both technological and procedural. And the defenses are designed specifically to prevent and/or detect internal attacks, because it's insiders who have the best opportunities for attack.
I would never claim that it's impossible that Google's systems have been infiltrated. But I will say that it would require a high level of sophistication to do it, because you'd have to place multiple people in appropriate roles in multiple systems, and those people would have to collaborate very carefully... and there would still be a non-trivial risk that they'd be caught.
If I had to put money on it, I'd bet that government agencies do have people in a few positions, and that they're able to get some stuff, but I'd also bet they have to be circumspect and keep their take very limited to avoid getting caught. My guess is that the government gets nearly all of what it gets from Google through the front door, with legal demands that are scrutinized by Google's lawyers, and met only when they comply with all relevant legal requirements.
Part of the dynamic here is that the PKI is so fragile that TOFU simply works better.
Cite? I seriously doubt that TOFU would actually work better if it were used on a large scale (SSH is *not* large scale). Key rotation is particularly problematic; by default TOFU just says "no" to key rotation, which is also bad. PKI + TOFU has interesting properties, but key rotation is still a problem.
IMO, what would be best is PKI + Certificate Transparency + Convergence + (limited) TOFU. Marlinspike touts Convergence as an alternative to PKI, but I think it would work better as an additional layer. PKI works beautifully in the common case where CAs behave correctly and don't lose their keys. Adding Certificate Transparency covers the poor key management case (and would have identified these Symantec problems immediately), and Convergence provides further defense against MITM attacks. CT and Convergence server certs should be pinned, of course.
And note that in most cases there's no reason your browser needs to delay the connection while it checks the additional layers. It can go ahead and establish the connection and begin downloading content while it checks with the CT and Convergence servers. It probably should defer rendering until it completes the additional checks, to protect against malicious content... unless it has already visited this site, and seen and checked this certificate (i.e. TOFU), in which case it can proceed with rendering. Though it should probably still check CT and Convergence in the background.
It may seem like I'm suggesting just piling on layers, but each one of them addresses specific problems and each has specific tradeoffs.
Except this isn't "nature", this is due directly to massive barfing out of carbon through the use of fossil fuels.
Meh. While true, even if we managed (somehow) to have no effect on the climate, it's not stable. It will get hotter and colder. The reason why it's getting hotter (or colder) doesn't matter as much as the fact that it is, and that we need to either fix it or adapt to it.
However, I disagree with the GP. I think rather than adapting to the changes, we should learn how to engineer the planet for climactic stability, to stop/reverse the climactic changes that occur. We've already proven that we can make the planet hotter, which means that we've made progress on acquiring the ability to prevent another ice age. Now we just need to figure out how to cool the planet.
The "shall" would have made it a treaty. Then the U.S. Senate would have had to ratify it. Obama's playing games, doing his best to evade constitutional limits on his authority, in this case by making non-binding "executive agreements".
This is wrong in several ways (and the summary was wrong, too):
1. "Shall" vs "should" wouldn't change the status of the document as a "treaty". We could certainly have a treaty that didn't actually contain any non-advisory language. I'll bet we have many like that, actually.
2. The US Senate would almost certainly never have ratified it anyway, because they never do. We don't really use the constitutionally-defined treaty process. What we actually do is no less constitutional, it's just not that process. The US normally makes "congressional-executive agreements" rather than treaties, which means that the executive branch negotiates the agreement with foreign powers then comes back and asks Congress to pass laws enacting the terms of the agreement. Same result, different process -- and it only requires a majority vote in both houses rather than a 2/3 vote in the Senate.
3. Obama isn't "playing games" any more or less than any other president does. Congressional-executive agreements are the norm, not an approach in any way unique to Obama. I'll mention here that there's a third type of international agreement, the "sole-executive agreement". These are agreements made solely by the executive branch without Congressional involvement because the terms of the agreements are already within the powers of the executive branch to carry out. A very common example is a Status Of Forces Agreement (SOFA) which defines how the US military will interact with a specific foreign ally.
4. "Shall" vs "should" wouldn't have made the agreement "legally enforceable. Who would have the power to enforce it anyway? What it would have meant is that if the US signed the "shall" document and then didn't live up to its requirements, the US would have been in breach of the agreement, the effect of which would have been nil, except perhaps to make other countries less trusting of future agreements. By changing it to "should", the US won't run the risk of violating the terms, since there aren't any, actually.
I think Google do not understand how the UK legal system works. It is negative rather than positive in that it says what is not allowed rather than what is allowed.
Is there a legal system in the world which is not this way? The US system certainly is.
Google is an advertising company. Add companies are their customers, and the people using their software are the product to be sold. The purpose of a corporation is to make money, selling our communications makes them money.
Google does make money from advertising. It does not sell your communications. To the degree it makes money from your communications, it does that by scanning your communications to decide what ads would most likely be of interest to you, and then showing you those ads.
In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.
FWIW, David Drummond, chief legal counsel for Google, denied that Google has ever given access, direct or indirect, to the NSA. Snowden's documents made clear that the NSA was tapping communications links between Google data centers, which may have been the basis for the "direct access" claim. Google quickly moved to encrypt all of those communications links, though, so if that was the "direct access", it's been shut off.
Once the capability is there, the corporate lawyers will simply have us agree in the "end user license" (that we negotiate with them by clicking "I agree") that Google et al. can read and sell ALL our communications regardless of any court order.
Google doesn't sell user communications, to the government or to anyone else, and Google doesn't provide any data to government that it's not legally compelled to provide.
(Disclaimer: I work for Google, but I don't speak for Google.)
Searching to see if there are more terrorists engaged in a coordinated attack? Seems like a reasonable and responsible thing to do.
Maybe. Obviously it wasn't actually successful because there weren't any others to find. But do we have any reason to believe it would have found them if there were? And what was done with all of the data that was gathered?
And perhaps even more important: What was this plane and equipment doing the day before the attack? And the day after? And the previous month? Etc. Why was this resource so readily available and what else is it used for?
All this is going to do is make crap secret - not because of some unwillingness to prove how stupid it is but because of direct action by those claiming to oppose it.
Could you elaborate? I think this sounds like something I'd agree with, and think important, but I don't understand what you're trying to say. What is the "this" you're referring to? Trump, or the "Anonymous" action against him? And how will it increase secrecy?
Obama is doing a better job of removing illegals than Bush ever did.
This is actually normal. Republicans complain about illegals but don't actually want to keep them out. Democrats speak supportively of illegals, but deport them. From a political perspective, illegals are good for Republicans to use to rally their base, while Democrats get more mileage from speaking supportively to rally the minority voters who identify with the illegals... but Democrats don't actually benefit from having illegals in the country because they can't vote, and deporting them helps to take the issue away from the Republicans.
This is one of a few areas in which both parties make a habit of saying one thing and doing the opposite.
I find it interesting that when I see people on the right talking about these sort of 'solutions' - which I'm not implying I support - I see language like "Use in this order: Voting Box, Soap Box, Ammo Box", yet I see this type of post in reaction when the left suggests using the same 'solution'.
Min
"There are four boxes to be used in the defense of liberty: soap, ballot, jury and ammo. Please use in that order." It's intended to make clear that violence the last resort, and the assumption is that the previous boxes have failed not because the majority disagrees but because democracy has broken down and the government is no longer listening to the people at all. It's pretty obvious that if the majority decides against liberty the ammo box isn't going to be any more successful than the other three.
I could get behind actions against ISIS because ISIS is a violent organization. The KKK isn't (except in very rare cases) and Donald Trump certainly isn't.
Right, because Trump's vision of how to handle Muslims wouldn't require any force or violence.
Gradual climate change isn't a problem. By dumping all this CO2 in the atmosphere, we're causing rapid climate change. That's the problem.
There's ice core evidence that "natural" climate change can also be very rapid. Much faster than what we're seeing now, actually.
The completely effective ones don't do any harm but are also so rare as to be nonexistent.
I'm not sure how this fits with the governmental analogy, but I think there are "completely effective" users... but they don't call tech support.
I just read a great essay (PDF format) by Phillip Rogaway which strongly argues exactly that we need to develop new kinds of cryptography which are aimed squarely at making mass surveillance impossible. Once mass surveillance has been shut down completely, then maybe we can talk about ways for law enforcement to "work around" encryption in very limited and controlled ways[1]. But as long as mass surveillance is feasible, this is a complete non-starter, because any mechanism for bypassing cryptographic security will be used to increase the penetration of mass surveillance. And at this point I don't think we can settle for purely political means of shutting down mass surveillance. Political restrictions on surveillance are necessary, but not sufficient. We also need technology that makes it difficult and expensive, because if it's cheap and easy it can always be done on the sly.
[1] Once mass surveillance is out of the way, then we can talk about "workarounds". But it's crucial that the workarounds not compromise the security of the result. At present, I don't think we have any cryptographic technology that enables controlled, limited access without compromising security in normal operation. Further, I don't think any such technology is possible. But until mass surveillance is shut down we can't even discuss it.
Agreed on the "Troll". As for whether my statement is "optimistic", read Google's privacy disclosure. Unless you think Google is willing to take the risk of flat out lying, that's that. Lying to customers is pretty risky for public corporations, and dramatically more so when the corporation in question is already working under an FTC consent decree regarding the exact topic, and subject to regular audits by the FTC.
FWIW, as an employee, with a much better view than the public, I see absolutely no evidence of any dissembling, or even any wish to dissemble about privacy within Google.
implied suffix - 'that you know of'
Nope, that suffix should not be added. What I said is just what Google's own public privacy policies state. And given that Google is already being audited regularly by the FTC for potential privacy violations (pursuant to the 20-year consent decree that came out of the Buzz investigation), people at Google would have to be really stupid to blatantly fail to comply with those public statements.
Or to spell it out for the dense, the idea that a company as large as Google can't have it's security infiltrated and defeated by the CIA and NSA is a hoot.
No one made that claim. I certainly wouldn't. And we were talking about "direct access", not full-on espionage. No organization is secure against that.
I design and build security systems at Google. These days I work on Android, but before that I worked on Google's internal security systems. And before that I was a security consultant for 15 years, working with banks, government agencies, even military organizations. So, I have some context when I say: Google's internal security is really excellent, with deeply layered interlocking defenses, both technological and procedural. And the defenses are designed specifically to prevent and/or detect internal attacks, because it's insiders who have the best opportunities for attack.
I would never claim that it's impossible that Google's systems have been infiltrated. But I will say that it would require a high level of sophistication to do it, because you'd have to place multiple people in appropriate roles in multiple systems, and those people would have to collaborate very carefully... and there would still be a non-trivial risk that they'd be caught.
If I had to put money on it, I'd bet that government agencies do have people in a few positions, and that they're able to get some stuff, but I'd also bet they have to be circumspect and keep their take very limited to avoid getting caught. My guess is that the government gets nearly all of what it gets from Google through the front door, with legal demands that are scrutinized by Google's lawyers, and met only when they comply with all relevant legal requirements.
Now I think you need to read your own previous comment :-)
Part of the dynamic here is that the PKI is so fragile that TOFU simply works better.
Cite? I seriously doubt that TOFU would actually work better if it were used on a large scale (SSH is *not* large scale). Key rotation is particularly problematic; by default TOFU just says "no" to key rotation, which is also bad. PKI + TOFU has interesting properties, but key rotation is still a problem.
IMO, what would be best is PKI + Certificate Transparency + Convergence + (limited) TOFU. Marlinspike touts Convergence as an alternative to PKI, but I think it would work better as an additional layer. PKI works beautifully in the common case where CAs behave correctly and don't lose their keys. Adding Certificate Transparency covers the poor key management case (and would have identified these Symantec problems immediately), and Convergence provides further defense against MITM attacks. CT and Convergence server certs should be pinned, of course.
And note that in most cases there's no reason your browser needs to delay the connection while it checks the additional layers. It can go ahead and establish the connection and begin downloading content while it checks with the CT and Convergence servers. It probably should defer rendering until it completes the additional checks, to protect against malicious content... unless it has already visited this site, and seen and checked this certificate (i.e. TOFU), in which case it can proceed with rendering. Though it should probably still check CT and Convergence in the background.
It may seem like I'm suggesting just piling on layers, but each one of them addresses specific problems and each has specific tradeoffs.
I wish Google would just buy them and then shut them down. Its a much better outcome.
Symantec's shareholders and all of Symantec's competitors wholeheartedly agree.
It's less clear that it would do the world any good, and very clear that it would do Google none.
Except this isn't "nature", this is due directly to massive barfing out of carbon through the use of fossil fuels.
Meh. While true, even if we managed (somehow) to have no effect on the climate, it's not stable. It will get hotter and colder. The reason why it's getting hotter (or colder) doesn't matter as much as the fact that it is, and that we need to either fix it or adapt to it.
However, I disagree with the GP. I think rather than adapting to the changes, we should learn how to engineer the planet for climactic stability, to stop/reverse the climactic changes that occur. We've already proven that we can make the planet hotter, which means that we've made progress on acquiring the ability to prevent another ice age. Now we just need to figure out how to cool the planet.
You should have read the paragraph after the one you quoted.
The "shall" would have made it a treaty. Then the U.S. Senate would have had to ratify it. Obama's playing games, doing his best to evade constitutional limits on his authority, in this case by making non-binding "executive agreements".
This is wrong in several ways (and the summary was wrong, too):
1. "Shall" vs "should" wouldn't change the status of the document as a "treaty". We could certainly have a treaty that didn't actually contain any non-advisory language. I'll bet we have many like that, actually.
2. The US Senate would almost certainly never have ratified it anyway, because they never do. We don't really use the constitutionally-defined treaty process. What we actually do is no less constitutional, it's just not that process. The US normally makes "congressional-executive agreements" rather than treaties, which means that the executive branch negotiates the agreement with foreign powers then comes back and asks Congress to pass laws enacting the terms of the agreement. Same result, different process -- and it only requires a majority vote in both houses rather than a 2/3 vote in the Senate.
3. Obama isn't "playing games" any more or less than any other president does. Congressional-executive agreements are the norm, not an approach in any way unique to Obama. I'll mention here that there's a third type of international agreement, the "sole-executive agreement". These are agreements made solely by the executive branch without Congressional involvement because the terms of the agreements are already within the powers of the executive branch to carry out. A very common example is a Status Of Forces Agreement (SOFA) which defines how the US military will interact with a specific foreign ally.
4. "Shall" vs "should" wouldn't have made the agreement "legally enforceable. Who would have the power to enforce it anyway? What it would have meant is that if the US signed the "shall" document and then didn't live up to its requirements, the US would have been in breach of the agreement, the effect of which would have been nil, except perhaps to make other countries less trusting of future agreements. By changing it to "should", the US won't run the risk of violating the terms, since there aren't any, actually.
I think Google do not understand how the UK legal system works. It is negative rather than positive in that it says what is not allowed rather than what is allowed.
Is there a legal system in the world which is not this way? The US system certainly is.
Alternatively, if the self-driving car can handle those situations well it will demonstrate that it's very much ready for "prime time use".
You missed the point where OP said: "Once the capability is there..." OP was not implying it already happens.
Which Google services involve encryption which prevents Google from seeing the data? The capability is already there, and yet it does not happen.
Google is an advertising company. Add companies are their customers, and the people using their software are the product to be sold. The purpose of a corporation is to make money, selling our communications makes them money.
Google does make money from advertising. It does not sell your communications. To the degree it makes money from your communications, it does that by scanning your communications to decide what ads would most likely be of interest to you, and then showing you those ads.
In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.
FWIW, David Drummond, chief legal counsel for Google, denied that Google has ever given access, direct or indirect, to the NSA. Snowden's documents made clear that the NSA was tapping communications links between Google data centers, which may have been the basis for the "direct access" claim. Google quickly moved to encrypt all of those communications links, though, so if that was the "direct access", it's been shut off.
Once the capability is there, the corporate lawyers will simply have us agree in the "end user license" (that we negotiate with them by clicking "I agree") that Google et al. can read and sell ALL our communications regardless of any court order.
Google doesn't sell user communications, to the government or to anyone else, and Google doesn't provide any data to government that it's not legally compelled to provide.
(Disclaimer: I work for Google, but I don't speak for Google.)
You're right - denying a visa is an incredibly violent thing..
You apparently haven't been listening to Trump.
Searching to see if there are more terrorists engaged in a coordinated attack? Seems like a reasonable and responsible thing to do.
Maybe. Obviously it wasn't actually successful because there weren't any others to find. But do we have any reason to believe it would have found them if there were? And what was done with all of the data that was gathered?
And perhaps even more important: What was this plane and equipment doing the day before the attack? And the day after? And the previous month? Etc. Why was this resource so readily available and what else is it used for?
All this is going to do is make crap secret - not because of some unwillingness to prove how stupid it is but because of direct action by those claiming to oppose it.
Could you elaborate? I think this sounds like something I'd agree with, and think important, but I don't understand what you're trying to say. What is the "this" you're referring to? Trump, or the "Anonymous" action against him? And how will it increase secrecy?
much less force than the gang rapes going on all over Europe by muslim immigrants, which is part of what trump is trying to stop.
Because restricting Muslims in the US is going to do something about that. I can't figure out how people like you think.
#muslims4trump
Cool story, bro.
Obama is doing a better job of removing illegals than Bush ever did.
This is actually normal. Republicans complain about illegals but don't actually want to keep them out. Democrats speak supportively of illegals, but deport them. From a political perspective, illegals are good for Republicans to use to rally their base, while Democrats get more mileage from speaking supportively to rally the minority voters who identify with the illegals... but Democrats don't actually benefit from having illegals in the country because they can't vote, and deporting them helps to take the issue away from the Republicans.
This is one of a few areas in which both parties make a habit of saying one thing and doing the opposite.
I find it interesting that when I see people on the right talking about these sort of 'solutions' - which I'm not implying I support - I see language like "Use in this order: Voting Box, Soap Box, Ammo Box", yet I see this type of post in reaction when the left suggests using the same 'solution'.
Min
"There are four boxes to be used in the defense of liberty: soap, ballot, jury and ammo. Please use in that order." It's intended to make clear that violence the last resort, and the assumption is that the previous boxes have failed not because the majority disagrees but because democracy has broken down and the government is no longer listening to the people at all. It's pretty obvious that if the majority decides against liberty the ammo box isn't going to be any more successful than the other three.
I could get behind actions against ISIS because ISIS is a violent organization. The KKK isn't (except in very rare cases) and Donald Trump certainly isn't.
Right, because Trump's vision of how to handle Muslims wouldn't require any force or violence.
And your comment about the KKK needs no reply.