I wonder if anyone in Congress realizes the IT staff probably includes the IRS in house security team. Cue the IRS suffering a breach at the height of tax season.
While I haven't looked at the court documents, I can't help but think that someone needs to get charged with perjury for providing false testimony for the original story they were pushing.
Yes, but will the Judge in the trial let him present classified documents as evidence even if they're already available in the press? I suspect not. I vaguely something like this happening in Manning's case.
Possibly. The scandal surrounding the interception of packages did mention the NSA partnering with the CIA. How difficult would it be to get a CIA operative inside of a mailing facility? I wouldn't imagine post offices would do detailed background checks on those involved in mail sorting or monitor their back accounts for bribes.
It's inserted during shipping. There was a big deal about the NSA intercepted packages being mailed a while ago. I'm not sure how they actually insert the bugs into the USB jacks, but this is all done as the device is on the way to the customer.
If an official from Russian, China, or Iran were to step forward saying that they had found one of the devices inserted into their machine... would anyone believe them? There's incentives for both the NSA and likely targets of the NSA to lie about this issue.
This is speculation, but I bet this is some variant on the Cottonmouth model bug we saw a couple of weeks ago. How many people - even organizations like the Chinese military - are going to disassemble their USB cables and ports? If you're going to go to that far, you might as well build the device yourself out of off the shelf parts.
The argument against this is that, to be guilty, one must have committed a crime. While Turing did break a law, breaking laws doesn't and shouldn't equate with committing crimes. People break laws all the time doing things that should not be considered a crime. There are all sorts of mitigating factors, including the mental state of the individual breaking the law and the justness of the law itself.
Imagine that you see a disoriented, elderly person in the street with a large truck inbound. You can break the law and save the elderly person by not making use of a cross walk, or you could let the elderly person get hit by a truck. What are you going to do? Probably save the person. Should you receive a ticket from the officer far enough away to see what happened but not to save the person himself? No, of course not. Despite the fact that you broke the law by not using a cross walk, you didn't commit any crime.
I think it's important to remember that, in order for this movement to be successful, the entire surveillance apparatus needs to be dismantled - not just the US component of it. The US is a terrible offender when it comes to mass surveillance, but the UK is just as bad. If we also don't restrict the actions of the GCHQ and other entities, it would be pretty easy for the US to farm the intelligence work out to foreign countries by making sure that all communications are being routed overseas. It's easy to imagine a deal where the US and UK only collect metadata about foreign communications (which include UK communications rerouted through the US to make them foreign and US communications rerouted through the UK) with the intent of sharing that data in an intelligence partnership.
So... why am I not rioting? Well, I live in the middle of no where and there aren't enough of us TO riot. If I could have attended the anti-NSA protests in Washington, I would have... and I think this is a general problem with US protests. Our country is too large for large protests to be easy from a logistical prospective and the current protest movement hasn't addressed the logistics in the same way that former protest movements have.
Beyond that, I also think that the system fundamentally works. Call me crazy - and there are plenty that do - but I believe that voters still have the power to cause change. I can vote for leaders that will restrict the NSA's actions. Unfortunately, believing in the system means that there isn't much I can do when it comes to restricting the actions of the GCHQ. The best I can do is not give the UK my tourism, despite a life long dream of visiting London.
I think there's real problem here when it comes to understanding the subject matter. I suspect the those pesky real journalists probably don't enough about the tech side of things to ask the questions they really need to be asking in order to debunk this.
Well, there's a couple of technical problems with that. While I'm certainly not a lawyer, I have informally discussed the issue with a friend of mine that is a lawyer. He raised a few of the following points, which I've supplemented.
First, it's not clear that this is actually theft. The crime of theft typically denies the owner of the property access to the property, which isn't the case with electronic documents. Rather, it's more likely to be a violation of the No Electronic Theft (NET) act. NET criminalizes copyright infringement. This may not be a bad approach given what kind of punishments one sees for copyright infringement Massachusetts. More often, the punishment for copyright infringement is fines and I think the prosecutor was looking for jail time.
As far as breaking and entering goes, that seems doubtful. The networking closet he accessed was unlocked. In fact, a homeless man used the area to store belongings. Again, I'm not a lawyer, but it seems to me that breaking and entering would be difficult to argue. Trespassing might be a more successful charge. Trespassing, though, is a relatively minor offense that's unlikely to produce a lengthy jail sentence.
I wonder how long it will be before a company attempts to make a DoS case against someone for visiting a site once. I could see the prosecutor in the Aaron Swartz case trying this. He was conducting a denial of service attack simply by visiting the download site for those academic journal articles. It just wasn't a very good DoS attack.
First: While he may have some assaults on his record, he wasn't arrested for doing some kind of violent hacking. In fact, with the exception of the insulin and pacemaker hacks, it's hard to see what a violent hack would actually be.
Third: I agree that a second offense should be punished more harshly. That being said, 10 years is way too harsh even for a second offense. His first sentence was also too harsh. You don't see these kinds of punishments for other white collar crimes, do you?
You might want to read my post a little more carefully. I realize that it's easy to skip over the first sentence, where I stated that "I don't see anyone saying that hackers aren't criminals or that Jeremy Hammond doesn't deserve to go to prison."
The claim that I was making was that the prison sentence was excessive (probably because the Judge's husband was a victim of the crime). Somewhere in the 2-4 year range would probably make more sense.
I'm certainly no expert in the history of South Africa, but didn't Mandela consistently deny ever being a part of the organization involved in those bombing and violent acts? Of course, I'm sure the 1960s South African government would never have dreamed of fabricating evidence.
I don't see anyone saying that hackers aren't criminals or that Jeremy Hammond didn't deserve to go to prison. What they're saying is that criminals and dangerous people are sets that overlap, but that don't totally overlap. Or, another way to put it: Criminals aren't dangerous. Dangerous criminals are dangerous. Some hackers might be dangerous. Some hackers might not be dangerous. For hackers that are dangerous, 10 years in prison might be appropriate. For hackers that aren't dangerous, like those engaged in political protest, 10 years in prison is overkill.
In the academic world it is perfectly acceptable to use carefully selected or crafted inputs (facial images in this case) to develop and evaluate your algorithms. You may have separate date sets for development and evaluation, however careful selection or crafting is OK to simplify the project and avoid issues/variables outside of the project's scope.
As a CompSci academic, I am consistently shocked by the fact that we don't really consider the ethics our research. Some of the research, like the folks that are still interested in Chess playing algorithms, is pretty benign. Other research, like facial recognition, data mining, etc.... not so much. Case and point, there's a great Ted Talk by a researcher from Carnegie Mellon in which he demos an iPhone app (paired with some server-side software) his team wrote for using facial recognition to predict social security numbers in seconds. For those with experience on the academic side, how often have you or your colleagues stopped to consider that your research may be used unethically? Unless you're working in security, I suspect that it's probably infrequently despite the fact that advances in just about every major CS research area could be misused.
To be fair, I don't really know what to do about this problem. Someone is going to do the research. If it isn't me, or you, it'll be someone working in a government research facility... perhaps working for a government that isn't so friendly. All I suppose I'm really saying is that we really need to start thinking about the fact that there's a digital arms race going on... and we're the ones making the weapons.
It'd be nice if we could have advice from some of the researchers from the dawn of the last arms race, like Oppenheimer. This time, the race isn't about becoming omnipotent, it's about becoming omniscient.
This is a comment that I hear frequently from my friends that are teachers; most standardized tests don't actually test the skill they're intending to evaluate.
I'm *GUESSING* here, but they might be trying to focus on the relationship between mathematics and language. Since you can't exactly teach context-free grammars to young children, this might be the first step (comparing mathematical expressions to sentences) of a half-assed attempt at going down that route.
On the other hand, the authors of the curriculum may also just be idiots.
Wouldn't the NSA design a system where they already knew how the student would do by observing classroom behavior? This kind of responsive ("predictive") system was exactly the sort of thing that researchers wanted to develop when I was at EDM 2013 in July, by the way.
This sounds like a pretty cool video game. I've always an RTS where you can drop drones with lasers into the battlefield... and they're probably stealthed, too! Thankfully, no military in the world would ever make something this crazy, though.
Why are you telling me that I need to reread the original post?
Slashdot Mirror
I wonder if anyone in Congress realizes the IT staff probably includes the IRS in house security team. Cue the IRS suffering a breach at the height of tax season.
While I haven't looked at the court documents, I can't help but think that someone needs to get charged with perjury for providing false testimony for the original story they were pushing.
Yes, but will the Judge in the trial let him present classified documents as evidence even if they're already available in the press? I suspect not. I vaguely something like this happening in Manning's case.
They key words being "public hearings"... something that people charged with espionage have a difficult time getting.
Possibly. The scandal surrounding the interception of packages did mention the NSA partnering with the CIA. How difficult would it be to get a CIA operative inside of a mailing facility? I wouldn't imagine post offices would do detailed background checks on those involved in mail sorting or monitor their back accounts for bribes.
It's inserted during shipping. There was a big deal about the NSA intercepted packages being mailed a while ago. I'm not sure how they actually insert the bugs into the USB jacks, but this is all done as the device is on the way to the customer.
1. Tiny transceivers are built into USB plugs and inserted into target computers. Small circuit boards may be placed in the computers themselves.
If an official from Russian, China, or Iran were to step forward saying that they had found one of the devices inserted into their machine... would anyone believe them? There's incentives for both the NSA and likely targets of the NSA to lie about this issue.
This is speculation, but I bet this is some variant on the Cottonmouth model bug we saw a couple of weeks ago. How many people - even organizations like the Chinese military - are going to disassemble their USB cables and ports? If you're going to go to that far, you might as well build the device yourself out of off the shelf parts.
The argument against this is that, to be guilty, one must have committed a crime. While Turing did break a law, breaking laws doesn't and shouldn't equate with committing crimes. People break laws all the time doing things that should not be considered a crime. There are all sorts of mitigating factors, including the mental state of the individual breaking the law and the justness of the law itself.
Imagine that you see a disoriented, elderly person in the street with a large truck inbound. You can break the law and save the elderly person by not making use of a cross walk, or you could let the elderly person get hit by a truck. What are you going to do? Probably save the person. Should you receive a ticket from the officer far enough away to see what happened but not to save the person himself? No, of course not. Despite the fact that you broke the law by not using a cross walk, you didn't commit any crime.
I think it's important to remember that, in order for this movement to be successful, the entire surveillance apparatus needs to be dismantled - not just the US component of it. The US is a terrible offender when it comes to mass surveillance, but the UK is just as bad. If we also don't restrict the actions of the GCHQ and other entities, it would be pretty easy for the US to farm the intelligence work out to foreign countries by making sure that all communications are being routed overseas. It's easy to imagine a deal where the US and UK only collect metadata about foreign communications (which include UK communications rerouted through the US to make them foreign and US communications rerouted through the UK) with the intent of sharing that data in an intelligence partnership.
So... why am I not rioting? Well, I live in the middle of no where and there aren't enough of us TO riot. If I could have attended the anti-NSA protests in Washington, I would have... and I think this is a general problem with US protests. Our country is too large for large protests to be easy from a logistical prospective and the current protest movement hasn't addressed the logistics in the same way that former protest movements have.
Beyond that, I also think that the system fundamentally works. Call me crazy - and there are plenty that do - but I believe that voters still have the power to cause change. I can vote for leaders that will restrict the NSA's actions. Unfortunately, believing in the system means that there isn't much I can do when it comes to restricting the actions of the GCHQ. The best I can do is not give the UK my tourism, despite a life long dream of visiting London.
I think there's real problem here when it comes to understanding the subject matter. I suspect the those pesky real journalists probably don't enough about the tech side of things to ask the questions they really need to be asking in order to debunk this.
Well, there's a couple of technical problems with that. While I'm certainly not a lawyer, I have informally discussed the issue with a friend of mine that is a lawyer. He raised a few of the following points, which I've supplemented.
First, it's not clear that this is actually theft. The crime of theft typically denies the owner of the property access to the property, which isn't the case with electronic documents. Rather, it's more likely to be a violation of the No Electronic Theft (NET) act. NET criminalizes copyright infringement. This may not be a bad approach given what kind of punishments one sees for copyright infringement Massachusetts. More often, the punishment for copyright infringement is fines and I think the prosecutor was looking for jail time.
As far as breaking and entering goes, that seems doubtful. The networking closet he accessed was unlocked. In fact, a homeless man used the area to store belongings. Again, I'm not a lawyer, but it seems to me that breaking and entering would be difficult to argue. Trespassing might be a more successful charge. Trespassing, though, is a relatively minor offense that's unlikely to produce a lengthy jail sentence.
I wonder how long it will be before a company attempts to make a DoS case against someone for visiting a site once. I could see the prosecutor in the Aaron Swartz case trying this. He was conducting a denial of service attack simply by visiting the download site for those academic journal articles. It just wasn't a very good DoS attack.
That's definitely fair response.
First: While he may have some assaults on his record, he wasn't arrested for doing some kind of violent hacking. In fact, with the exception of the insulin and pacemaker hacks, it's hard to see what a violent hack would actually be.
Second: He actually did uncover some government wrongdoing.
Third: I agree that a second offense should be punished more harshly. That being said, 10 years is way too harsh even for a second offense. His first sentence was also too harsh. You don't see these kinds of punishments for other white collar crimes, do you?
You might want to read my post a little more carefully. I realize that it's easy to skip over the first sentence, where I stated that "I don't see anyone saying that hackers aren't criminals or that Jeremy Hammond doesn't deserve to go to prison."
The claim that I was making was that the prison sentence was excessive (probably because the Judge's husband was a victim of the crime). Somewhere in the 2-4 year range would probably make more sense.
I'm certainly no expert in the history of South Africa, but didn't Mandela consistently deny ever being a part of the organization involved in those bombing and violent acts? Of course, I'm sure the 1960s South African government would never have dreamed of fabricating evidence.
I don't see anyone saying that hackers aren't criminals or that Jeremy Hammond didn't deserve to go to prison. What they're saying is that criminals and dangerous people are sets that overlap, but that don't totally overlap. Or, another way to put it: Criminals aren't dangerous. Dangerous criminals are dangerous. Some hackers might be dangerous. Some hackers might not be dangerous. For hackers that are dangerous, 10 years in prison might be appropriate. For hackers that aren't dangerous, like those engaged in political protest, 10 years in prison is overkill.
Tyranny? No way. This is 'murica, the land of the free. The government was just exercising the freedom it has to seize his stuff.
In the academic world it is perfectly acceptable to use carefully selected or crafted inputs (facial images in this case) to develop and evaluate your algorithms. You may have separate date sets for development and evaluation, however careful selection or crafting is OK to simplify the project and avoid issues/variables outside of the project's scope.
As a CompSci academic, I am consistently shocked by the fact that we don't really consider the ethics our research. Some of the research, like the folks that are still interested in Chess playing algorithms, is pretty benign. Other research, like facial recognition, data mining, etc.... not so much. Case and point, there's a great Ted Talk by a researcher from Carnegie Mellon in which he demos an iPhone app (paired with some server-side software) his team wrote for using facial recognition to predict social security numbers in seconds. For those with experience on the academic side, how often have you or your colleagues stopped to consider that your research may be used unethically? Unless you're working in security, I suspect that it's probably infrequently despite the fact that advances in just about every major CS research area could be misused.
To be fair, I don't really know what to do about this problem. Someone is going to do the research. If it isn't me, or you, it'll be someone working in a government research facility... perhaps working for a government that isn't so friendly. All I suppose I'm really saying is that we really need to start thinking about the fact that there's a digital arms race going on... and we're the ones making the weapons.
It'd be nice if we could have advice from some of the researchers from the dawn of the last arms race, like Oppenheimer. This time, the race isn't about becoming omnipotent, it's about becoming omniscient.
This is a comment that I hear frequently from my friends that are teachers; most standardized tests don't actually test the skill they're intending to evaluate.
I'm *GUESSING* here, but they might be trying to focus on the relationship between mathematics and language. Since you can't exactly teach context-free grammars to young children, this might be the first step (comparing mathematical expressions to sentences) of a half-assed attempt at going down that route.
On the other hand, the authors of the curriculum may also just be idiots.
Wouldn't the NSA design a system where they already knew how the student would do by observing classroom behavior? This kind of responsive ("predictive") system was exactly the sort of thing that researchers wanted to develop when I was at EDM 2013 in July, by the way.
This sounds like a pretty cool video game. I've always an RTS where you can drop drones with lasers into the battlefield... and they're probably stealthed, too! Thankfully, no military in the world would ever make something this crazy, though.
Why are you telling me that I need to reread the original post?
We're not torturing anyone anymore? I'm pretty sure the United Nations disagrees.