If we simply forced content delivery and connectivity to always be performed by entirely separate, independent companies then we wouldn't have this problem.
Instead there would probably be different problems:)
Is it just me or does anyone else see a push to use the national ID AND your bank card in tandem on ATMs? It would make spoofing them a tad more difficult AND it would further the perceived need for a national ID card.
Actually it is likely to make things easier for the "bad guys". Governments are typically worst at keeping information on their citizens secure than commercial businesses are at keeping information on their customers secure.
The trouble with biometrics is that it can't be changed.
But they can change in unpredictable ways.
Additionally, the various ways have bad flaws:
* Fingerprints are a terrible idea because you leave a copy of your private key on everything you touch.
* Voice recognition is a terrible idea because everyone within earshot can hear your private key.
* Retinal scanning would fail if someone was in an accident or had surgery or something.
People's fingerprints and voices can be affected by fairly minor injuries and illnesses. A fingerprint reader isn't going to be able to read a bandaged finger and is likely to get confused by a healing finger. Using voice recognition would also probably be a non starter for paying dentists:)
What difference is the PIN going to make when the way they were acquired in the first place was by breaking into a database?
Why were they being stored in plain text in the database in the first place? Even using something akin to/etc/passwd (without/etc/shadow) would have been more secure.
They are offering to exchange them to any owner who is offended, they aren't recalling them.
In which case maybe the owner should be paying for it.
Lots of 3 letter combos aren't issued, wtf got added to the list, and anyone who currently has it can have it exchanged without having to pay the usual fees for new plates.
This is a non-issue.
The latter part is the issue. It's both unreasonable that taxpayers' money should be used in this way and if it is it's unfair that this "service" not be available to anyone who's offended in such a way. e.g. by combinations such as "DRM".
They are going to use taxpayer dollars for this? If I lived in NC *I* would be the one shouting 'WTF?' for real!
Especially as the criteria includes the owner of the vehicle in question being offended. Most likely there are several other combinations which could offend someone.
Satellite is an option for anyone that doesn't mind round trip times of 1 second that creep up to 3 seconds in high-usage time,
Also in order to use this you need a large antenna which has line of sight to the satellite. In some cases this might be physically impossible. In other cases landlords/local government may make the installation difficult.
Couldn't you use this feature to make the camera turn away. Have somebody make a big ruckus, so the camera turns away, then go in and do the actual crime while the camera is focused somewhere else.
Or maybe there will be a special feature built into the AI such that the camera will be incapable of recording the likes of a gang of police gunning down an innocent commuter...
There is a big difference between knowing who I'm talking to and knowing that I'm talking to the same person I talked to last time. Most of the time I don't care about the former. Do I care that an author is who they say they are? Or do I care that they wrote a specific book?
Most of the time relationships (especially on the internet) are not dependent upon the actual identity of the person I'm talking to. They rely on the history that I've had with that person. And there are many times when I might want to have a secure conversation with someone, knowing that they are the person I talked to the day before. But I usually don't care what their identity is.
Many of the same issues come up with the issue of personal identity. As Bruce Schneier has mentioned frequently there is often a confusion of identity with intent.
In the case of a sales transaction, I agree that knowing the identity of the person is useful (i.e., I know who to chase if the sale goes wrong). But to say that there are no cases where I want to have continued secure conversations with someone without knowing their identity is just plain wrong.
Even with a sales transaction knowlage of actual identity may not be that important. Or if it does matter it can be discovered "out of band". What matters to the customer is that they get what they have ordered when and for the price they expected. It would not be good if their credit card details were to be misused. What matters to the vendor is that they get paid. If would not be good if the credit card details they were supplied were bogus or belonging to a card reported lost or stolen. However it probably isn't important that the vendor know if several customer accounts actually relate to the same "person", even if they are all paid by the same credit card or out of the same bank account.
The economic interest of a CA is diametrically opposed to their purpose. They maximize their profit margins by _not_ doing what they should be doing; hence I have no more reason for trusting Verisign (the guy in the truck next to him) than the guy himself.
Indeed what do Verisign do to validate the whatever in question? In many cases what can they do?
In fact, I'd be better off establishing my trust once with the guy in the truck, then accepting that trust in the future; trusting the CA merely means I've opened myself up to being blindly tricked coercion of the CA.
Or if you needed the equivalent of a CA wouldn't it make more sense for that to be the guy at the truck depot. Who actually has some chance of verifying that the driver is who they say they are. If a truck turns up to a bank to collect cash and it isn't who they expect they will ring the trucking company. They are unlikely to ring some entity unconnected with either the trucking company or the bank on the other side of the planet.
I don't like the implication that because bad people like privacy so they don't get caught doing bad things, everyone who likes their privacy is doing bad things. There's a name for that particular fallacy, I think, but I don't remember.
It's a variation on the "(most) bad people do X therefore people doing X must be bad."
Thing is that X may be a very common activity. It may even be the case that bad people are statistically less likely to do X than the general population.
It's really quite similar to the argument that law-abiding citizens shouldn't mind the ever-present CCTV surveillance of public areas, since it will only affect criminals.
As well as those who claim "If it helps catch criminals then it's worth it", even after it's shown that they arn't actually much use. They are also unlikely to understand that there may be an optimal level of CCTV for catching criminals, adding "more" may even make it less useful. IMHO it's a great pity it generally dosn't work to have such people drink themselves to death after being told that "alcohol in moderation can be good for you".
What do you guys think would happen if you were to, say, wrap your laptop in clingfilm with a copy of that amendment affixed on top of it?
Why, I hear Cuba is lovely this time of year...
How do the Cuban authorities treat visitors with laptops? Remember that all non US citizens are free to visit there (and the Canadians might be prepared to help out any one with a US passport. why do you think that Air Transat plane returned to Cuba when its rudder fell off rather than make an emergency landing in the US???)
What's really the goal? why is this an issue? If the government is really looking for something specific in laptops there should be an automated process where they plug in a thumb drive on EVERYONE's laptop and sort through all your stuff, not some schmo rambling through your files who doesn't have a clue. That doesn't do squat and serves no meaningful purpose.
The only thing it does is discourage people from wanting to travel to the US for lawful reasons. Especially business and conference people who might otherwise spend money in the US. Which is bad news for hotels, resturaunts, car rental, etc.
Really, what the hell are they looking for? This almost seems like the government equivalent of a governmental Mt Everest. They do it "because they can". It seems to me the same as giving everyone a drug test as they cross the border and then arresting those who test positive.
Arresting non citizens would be especially daft, deporting them is likely to cost less. Though things could turn out expensive if these were false positives caused by something the airline had served.
There's nothing that is getting "smuggled" across our border on laptops that isn't going across in 1000x more massive streams over the internet.
Or by physical smuggling of media. How hard is it to conceal a 7cm plastic disk? Especially in shipping container full of similar disks. Considerably less hard than 20 human beings, yet people appear to manage the latter regularly.
The idea that the fear of terrorism is involved is simply ludicrous. What's the thought here, that someone was writing their terrorist memorandum in MS word while on the plane and the border agent is going to turn on the laptop and see it???
This is mindbogglingly stupid.
Just about anything to do with the "war on terror" is. Terrorists in general are rare. Those who travel long distances to commit terrorist acts are even rarer. The entire Al Quada conspiracy theory would be laughed at if it were advocated by the average member of the public, even if they produced considerably more evidence than the US Government has been able to come up with.
So having top_secret_nuke_plans.pdf on your computer is okay, while having a binder with Top Secret Nuke Plans in your luggage is not ?
What if the folder is labled "Tube Alloys" and the file is "Tube_Alloys.pdf"? Though it's unlikely that a terrorist would be using the US codename from WWII for nuclear weapons...
I can see whole new lines of products designed to sanitize laptop hard drives before arriving at the border checkpoints and encrypted restore CD's that will bring a laptop back up on the corporate network and access to secure file systems.
How long before US ISPs start complaining about the proportion of their traffic to the rest of the planet being VPNs (of various types). Since not having sensitive data on the laptop in the first place would deal with both this kind of snooping and theft/confiscation risks.
Anybody else hear the terrorists (and other criminals) laughing hysterically?
When they stop laughing the "CEOs" of criminal businesses would probably be looking at how to get their hands on lots of useful data. That "screeners" apparently get paid well whilst requiring few qualifications means they won't be short of people for any infiltration.
The "rights" of non-citizens is of only secondary concern. I'm not sure why you think if you come as a guest to another country that you expect the same rights and privileges you enjoy in your home country?
But you probably should be able to expect the same rights and privileges as residents. Especially since you are expected to obey the same laws. Note that the US Constitution rarely mentions "citizens" as opposed to "people".
What stops me setting up my own radio link across a border? I could make it mobile, I could use frequency hopping, spread spectrum, directional antenna, encryption, everything and anything available. Do I have to tell anyone I've done this? Nope, I might break a few laws, but the chance of getting caught is so slim it really doesn't factor very high.
It might make more sense to operate like a regular pirate radio station. Your operatives won't be suspicious carrying a regular radio or using one in their rented car.
If I enter the US with the intention of downloading my data after crossing the border I will need to being a secret of some kind with me. Any encryption simple enough for me to carry the secret in my head can be cracked by brute force.
You can probably manage to carry arround a secret which will tell you where the key is in your head. e.g. the title and page number of a book. You could probably exchange this information in out of band plaintext, email or phone call.
The issue here is retaining the data by making a copy of it. I am pretty liberal in my views in that I'd not be at all offended (I'd be annoyed with the time it took if they were going to bother doing it right) to have my laptop searched when crossing. I'll be right friggen pissed off if they want to clone my drives to inspect it later. I'm from the school of, "You got a problem or question for me then you ask me, to my face, and we'll deal with it there." The idea of them taking a copy, stealing if you will
Rather copyright infringement. Wonder what would happen if you were to try to set the BSA, RIAA and MPAA onto the TSA.
Seriously. I like my privacy right that way. Private. I prefer privacy to security.
It's something of a false dichotomy in the first place. Giving up privacy, especially to the state, rarely results in increased security to the public. If history is any guide it's more likely to reduce it, since previously private information is not available to dodgy (if not outright criminal) people. Remember that Governments can't even keep criminals (and foreign spies) out of their law enforcement and places which require "background checks". It may also be the case that more privacy equates to greater security. As well as random snooping being a rather ineffective way to catch the "bad guys". If there is little oversight or accountability the senario of "the fox guarding the henhouse" is a serious risk.
Wrong, it is not uncommmon and a transfer to be marched off the plane,
Unless the airline in question is a US one then "they" can't march anyone off the plane without either the captain's (or the appropriate embassy's) approval in the first place.
AFAIK as long as you don't leave the "international" part of the airport, you are not subject to any searches.
As long as you don't leave the "international" part of the airport at most airports outside the US (and especially if you are intending leaving on the same plane you arrived on), you are not subject to any searches. There fixed it for you...
Slashdot Mirror
If we simply forced content delivery and connectivity to always be performed by entirely separate, independent companies then we wouldn't have this problem.
:)
Instead there would probably be different problems
Is it just me or does anyone else see a push to use the national ID AND your bank card in tandem on ATMs? It would make spoofing them a tad more difficult AND it would further the perceived need for a national ID card.
Actually it is likely to make things easier for the "bad guys". Governments are typically worst at keeping information on their citizens secure than commercial businesses are at keeping information on their customers secure.
The trouble with biometrics is that it can't be changed.
:)
But they can change in unpredictable ways.
Additionally, the various ways have bad flaws:
* Fingerprints are a terrible idea because you leave a copy of your private key on everything you touch.
* Voice recognition is a terrible idea because everyone within earshot can hear your private key.
* Retinal scanning would fail if someone was in an accident or had surgery or something.
People's fingerprints and voices can be affected by fairly minor injuries and illnesses. A fingerprint reader isn't going to be able to read a bandaged finger and is likely to get confused by a healing finger. Using voice recognition would also probably be a non starter for paying dentists
What difference is the PIN going to make when the way they were acquired in the first place was by breaking into a database?
/etc/passwd (without /etc/shadow) would have been more secure.
Why were they being stored in plain text in the database in the first place? Even using something akin to
They are offering to exchange them to any owner who is offended, they aren't recalling them.
In which case maybe the owner should be paying for it.
Lots of 3 letter combos aren't issued, wtf got added to the list, and anyone who currently has it can have it exchanged without having to pay the usual fees for new plates.
This is a non-issue.
The latter part is the issue. It's both unreasonable that taxpayers' money should be used in this way and if it is it's unfair that this "service" not be available to anyone who's offended in such a way. e.g. by combinations such as "DRM".
They are going to use taxpayer dollars for this? If I lived in NC *I* would be the one shouting 'WTF?' for real!
Especially as the criteria includes the owner of the vehicle in question being offended. Most likely there are several other combinations which could offend someone.
Satellite is an option for anyone that doesn't mind round trip times of 1 second that creep up to 3 seconds in high-usage time,
Also in order to use this you need a large antenna which has line of sight to the satellite. In some cases this might be physically impossible. In other cases landlords/local government may make the installation difficult.
They are cameras that good. They just cost more. People are cheap,
Actually people are expensive. Otherwise there would be no need for cameras in the first place.
Couldn't you use this feature to make the camera turn away. Have somebody make a big ruckus, so the camera turns away, then go in and do the actual crime while the camera is focused somewhere else.
Or maybe there will be a special feature built into the AI such that the camera will be incapable of recording the likes of a gang of police gunning down an innocent commuter...
That's a good point. Or what about breakdancing? Could the cameras tell the difference between breakdancing and fighting?
:)
Or people making music videos
There is a big difference between knowing who I'm talking to and knowing that I'm talking to the same person I talked to last time. Most of the time I don't care about the former. Do I care that an author is who they say they are? Or do I care that they wrote a specific book?
Most of the time relationships (especially on the internet) are not dependent upon the actual identity of the person I'm talking to. They rely on the history that I've had with that person. And there are many times when I might want to have a secure conversation with someone, knowing that they are the person I talked to the day before. But I usually don't care what their identity is.
Many of the same issues come up with the issue of personal identity. As Bruce Schneier has mentioned frequently there is often a confusion of identity with intent.
In the case of a sales transaction, I agree that knowing the identity of the person is useful (i.e., I know who to chase if the sale goes wrong). But to say that there are no cases where I want to have continued secure conversations with someone without knowing their identity is just plain wrong.
Even with a sales transaction knowlage of actual identity may not be that important. Or if it does matter it can be discovered "out of band". What matters to the customer is that they get what they have ordered when and for the price they expected. It would not be good if their credit card details were to be misused.
What matters to the vendor is that they get paid. If would not be good if the credit card details they were supplied were bogus or belonging to a card reported lost or stolen. However it probably isn't important that the vendor know if several customer accounts actually relate to the same "person", even if they are all paid by the same credit card or out of the same bank account.
The economic interest of a CA is diametrically opposed to their purpose. They maximize their profit margins by _not_ doing what they should be doing; hence I have no more reason for trusting Verisign (the guy in the truck next to him) than the guy himself.
Indeed what do Verisign do to validate the whatever in question? In many cases what can they do?
In fact, I'd be better off establishing my trust once with the guy in the truck, then accepting that trust in the future; trusting the CA merely means I've opened myself up to being blindly tricked coercion of the CA.
Or if you needed the equivalent of a CA wouldn't it make more sense for that to be the guy at the truck depot. Who actually has some chance of verifying that the driver is who they say they are. If a truck turns up to a bank to collect cash and it isn't who they expect they will ring the trucking company. They are unlikely to ring some entity unconnected with either the trucking company or the bank on the other side of the planet.
I don't like the implication that because bad people like privacy so they don't get caught doing bad things, everyone who likes their privacy is doing bad things. There's a name for that particular fallacy, I think, but I don't remember.
It's a variation on the "(most) bad people do X therefore people doing X must be bad." Thing is that X may be a very common activity. It may even be the case that bad people are statistically less likely to do X than the general population.
It's really quite similar to the argument that law-abiding citizens shouldn't mind the ever-present CCTV surveillance of public areas, since it will only affect criminals.
As well as those who claim "If it helps catch criminals then it's worth it", even after it's shown that they arn't actually much use. They are also unlikely to understand that there may be an optimal level of CCTV for catching criminals, adding "more" may even make it less useful.
IMHO it's a great pity it generally dosn't work to have such people drink themselves to death after being told that "alcohol in moderation can be good for you".
What do you guys think would happen if you were to, say, wrap your laptop in clingfilm with a copy of that amendment affixed on top of it?
Why, I hear Cuba is lovely this time of year...
How do the Cuban authorities treat visitors with laptops? Remember that all non US citizens are free to visit there (and the Canadians might be prepared to help out any one with a US passport. why do you think that Air Transat plane returned to Cuba when its rudder fell off rather than make an emergency landing in the US???)
What's really the goal? why is this an issue? If the government is really looking for something specific in laptops there should be an automated process where they plug in a thumb drive on EVERYONE's laptop and sort through all your stuff, not some schmo rambling through your files who doesn't have a clue. That doesn't do squat and serves no meaningful purpose.
The only thing it does is discourage people from wanting to travel to the US for lawful reasons. Especially business and conference people who might otherwise spend money in the US. Which is bad news for hotels, resturaunts, car rental, etc.
Really, what the hell are they looking for? This almost seems like the government equivalent of a governmental Mt Everest. They do it "because they can". It seems to me the same as giving everyone a drug test as they cross the border and then arresting those who test positive.
Arresting non citizens would be especially daft, deporting them is likely to cost less. Though things could turn out expensive if these were false positives caused by something the airline had served.
There's nothing that is getting "smuggled" across our border on laptops that isn't going across in 1000x more massive streams over the internet.
Or by physical smuggling of media. How hard is it to conceal a 7cm plastic disk? Especially in shipping container full of similar disks. Considerably less hard than 20 human beings, yet people appear to manage the latter regularly.
The idea that the fear of terrorism is involved is simply ludicrous. What's the thought here, that someone was writing their terrorist memorandum in MS word while on the plane and the border agent is going to turn on the laptop and see it???
This is mindbogglingly stupid.
Just about anything to do with the "war on terror" is. Terrorists in general are rare. Those who travel long distances to commit terrorist acts are even rarer. The entire Al Quada conspiracy theory would be laughed at if it were advocated by the average member of the public, even if they produced considerably more evidence than the US Government has been able to come up with.
So having top_secret_nuke_plans.pdf on your computer is okay, while having a binder with Top Secret Nuke Plans in your luggage is not ?
What if the folder is labled "Tube Alloys" and the file is "Tube_Alloys.pdf"? Though it's unlikely that a terrorist would be using the US codename from WWII for nuclear weapons...
I can see whole new lines of products designed to sanitize laptop hard drives before arriving at the border checkpoints and encrypted restore CD's that will bring a laptop back up on the corporate network and access to secure file systems.
How long before US ISPs start complaining about the proportion of their traffic to the rest of the planet being VPNs (of various types). Since not having sensitive data on the laptop in the first place would deal with both this kind of snooping and theft/confiscation risks.
Anybody else hear the terrorists (and other criminals) laughing hysterically?
When they stop laughing the "CEOs" of criminal businesses would probably be looking at how to get their hands on lots of useful data. That "screeners" apparently get paid well whilst requiring few qualifications means they won't be short of people for any infiltration.
The "rights" of non-citizens is of only secondary concern. I'm not sure why you think if you come as a guest to another country that you expect the same rights and privileges you enjoy in your home country?
But you probably should be able to expect the same rights and privileges as residents. Especially since you are expected to obey the same laws. Note that the US Constitution rarely mentions "citizens" as opposed to "people".
I did not know that airports are considered embassies.
Airports may not be, but aircraft certainly could be.
What stops me setting up my own radio link across a border? I could make it mobile, I could use frequency hopping, spread spectrum, directional antenna, encryption, everything and anything available. Do I have to tell anyone I've done this? Nope, I might break a few laws, but the chance of getting caught is so slim it really doesn't factor very high.
It might make more sense to operate like a regular pirate radio station. Your operatives won't be suspicious carrying a regular radio or using one in their rented car.
If I enter the US with the intention of downloading my data after crossing the border I will need to being a secret of some kind with me. Any encryption simple enough for me to carry the secret in my head can be cracked by brute force.
You can probably manage to carry arround a secret which will tell you where the key is in your head. e.g. the title and page number of a book. You could probably exchange this information in out of band plaintext, email or phone call.
The issue here is retaining the data by making a copy of it. I am pretty liberal in my views in that I'd not be at all offended (I'd be annoyed with the time it took if they were going to bother doing it right) to have my laptop searched when crossing. I'll be right friggen pissed off if they want to clone my drives to inspect it later. I'm from the school of, "You got a problem or question for me then you ask me, to my face, and we'll deal with it there." The idea of them taking a copy, stealing if you will
Rather copyright infringement. Wonder what would happen if you were to try to set the BSA, RIAA and MPAA onto the TSA.
Seriously. I like my privacy right that way. Private. I prefer privacy to security.
It's something of a false dichotomy in the first place. Giving up privacy, especially to the state, rarely results in increased security to the public. If history is any guide it's more likely to reduce it, since previously private information is not available to dodgy (if not outright criminal) people. Remember that Governments can't even keep criminals (and foreign spies) out of their law enforcement and places which require "background checks".
It may also be the case that more privacy equates to greater security. As well as random snooping being a rather ineffective way to catch the "bad guys". If there is little oversight or accountability the senario of "the fox guarding the henhouse" is a serious risk.
Wrong, it is not uncommmon and a transfer to be marched off the plane,
Unless the airline in question is a US one then "they" can't march anyone off the plane without either the captain's (or the appropriate embassy's) approval in the first place.
AFAIK as long as you don't leave the "international" part of the airport, you are not subject to any searches.
As long as you don't leave the "international" part of the airport at most airports outside the US (and especially if you are intending leaving on the same plane you arrived on), you are not subject to any searches.
There fixed it for you...