A fundemental personal privacy/personal data concept that should be the basis of all laws governing how businesses and governments handle and are responsible for personal data should be liability for PD loss/leakage is directly proportional to the amount of PD per individual.
For example, your company leaks:
1) Addresses
2) SSN
3) Email addresses
That will give you three times the liability of a company that leaks:
1) Address
Assuming that there is a linear relationship between the number of fields leaked and the potential damage. Maybe the damages should be more along the lines of X cubed in the example. Even that assumes that all of the fields are equally damaging if leaked, which is not the case.
Have you TRIED to do this? I'm working on a project which uses SSNs as user identifiers in automatic biometric door locks. We know that it is way too insecure, but there's no other good way (no, we can't use smart cards for access control).
Dosn't sound like the biometrics are especially good if you need an identifier.
Users either too stupid to use something else or just plainly REFUSE something different from SSN. We tried to use phone numbers as IDs, and we still get tons of support calls from users who change their phone number and expect our system to magically pick up this change.
Have you tried printing the number on a card? If they are really that stupid how do they manage to make "support calls"?
SSNs should be public info, not a closely guarded secrets.
In practice they already are...
It's quite a good identifier but SUCKS as authenticator.
So stop using them as an authenticator.
Something like government-issued smart cards would be MUCH better.
You'd still have the same problem. Actually you'd probably have a worst problem, due to a combination of government both wanting to abuse such a system whilst being completly incompetent.
I don't think people would go for that. Most people wouldn't want a different number for:
1) Their "normal" bank
So is it impossible in the US for people to have more than one bank account? (Including with the same bank.) Do married couples get a special SSN for a joint account. What about power of attorney, executors of wills, etc?
2) Their mortgage lender
Ditto
3) Each of their credit cards (if they have any)
AFAIK even US credit cards use standard 16 digit numbers.
4) Their employer
How common is employer deduction of income tax in the US.
And the credit report companies wouldn't want that confusion either, nor would the government. It'd be too confusing to figure things out.
Odd how credit reporting companies appear to work fine without this. As do most of the world's governments...
Having said that, if they wouldn't charge so much it would kill piracy overnight - if I recall correctly that was proven in one country where they did just that. Literally overnight the market for pirated works collapsed.
Which is what used to be called "good business sense".
Oh, and the MPAA should shut up that one participant that still wants region limiting. I've heard of quite a few execs themselves that region limiting is stupid. Typically, people that travel (i.e. with money to spend) buy a lot of movies on the fly, but only the ones they buy legitimately won't play when they get home from another region. How stupid is that?
DRM, even of this basic kind means that the value of the product is lower to any potential customer. Increasing the potential market to pirates.
Actually I think they do care. One of their tactics has been to drag things out to where people settle simply because it's cheaper. This decision hurts that tactic two ways. First, it calls into question the RIAA's assertion that merely being the registered owner of the IP address they claim was involved is sufficient. And second, it provides precedent a defendant can cite in future cases for making the RIAA pay defendant's attorney's fees if the RIAA can't prevail.
Possibly only in the case of the RIAA dropping the case. Which changes the rules somewhat. Thus the RIAA may need to restrict itself to cases it thinks it can actually win.
Completely off-topic and this has been covered time and time again, but Clinton wasn't impeached for porking his intern. He was impeached for committing perjury
But didn't he still serve out the rest of his term as President? Impeaching an official is rather pointless if it dosn't result in their immediate removal from office...
I'm not familiar with that aspect of the Microsoft strategy. Aren't they *always* being accused of stealing other platforms' features? Big bad copycat, that's how people seem to view them.
All too often when Microsoft "copies" something they attempt to add some additional bells and whistles which can easily negativly impact functionality.
But then why don't they allow you legally to run ONE copy of Vista in a VM, if that's really their worry?
Assuming that EULAs actually have any legal basis in the first place. Even if that was the case the specific clause in question would have to have a legal basis. It isn't unknown for such documents to be stuffed full of questionable (even bogus) claims.
It seems everyone these days are too eager to throw people in jail. Two years in jail for a non-violent crime? Two years of your life is a very long time. It's longer than you may think, and spending it in jail doesn't help society very much.
That's probably more of a reason for reviewing exactly who is jailed in general.
Yes, I know it's suppose to be a deterrent, but I think a better deterrent would be a much larger fine, probation, and maybe your email address along with your crime made publicly known.
Maybe if they spammed ED drugs (or porn) they should go on the sex offenders register.
"Will result in" or "can result in"? A maximum sentence isn't always passed - and is in fact probably the exception rather than the norm.
Especially given that the existing law allows for a fine "per incident". Which could mean that selling 2,000 emails would equate to up to one million pounds of fine. There can't be many email addresses which will sell in the several thousand pounds range. Doubt the title "UK to jail privacy violators" means that Blair and co will be heading to jail soon over their crackpot ID card scheme either...
Thinking about it, it requires a couple of hours running on diesel to prime itself - so a rough guess, assuming its engine is similar to that of a small car, would be that it takes half a dozen to a dozen gallons of diesel to prime it.
Whilst doing this it may well still produce useful mechanical work. Sounds like it's using the waste heat from the engine to "cook" the stuff up.
The unit's described as about the size of a small van. Except it's likely denser so let's guess around five tons and it's cumbersome as all hell.
The major gimic of this device is that it is "portable".
And what does DRM have to do with serving up a web page???
No doubt with Vista Server (when it comes out) the DRM "rootkit" will want perform some checks on the content you might want your webserver to serve up...
Giving users "sudo" instead of "su" will help quite a lot, but you're right. It's tough to find a happy medium between too much notification (Vista) and not enough (XP).
No doubt Microsoft would be reluctant to employ a sudo type approach because of "Not Invented Here".
What really bugs me is that of the three men they arrested, one of them, David Beavan, was a vigilante trying to stop child abuse who told the police about the plot.
Being a vigilante can be rather dangerous.
This man was also sentanced to 8 years for conspiracy to commit rape.
You need to be an undercover police office to get a "get out of jail free card" when it comes to conspiring with criminals.
have no problem with them arresting him for some other charge- what he was doing was questionable, and I'm sure violates laws about entrapment, child porn distribution, etc. I think it's pretty clear, though, that he wasn't going to rape little girls like the others were planning to.
Why would this be a bad thing? I doubt that it is even possible,
Because the "trying" wastes a lot of money which could be used for something worthwhile. e.g. Actual law enforcement.
You cannot just say whatever you want in a newspaper or in a public forum without people knowing who you are.
Newspapers certainly publish articles and letters with names and addresses withheld. Even when they public a name and town/city you'd often have to work hard to identify the person concerned. Also people speaking in public rarely give their home address out... The whole concept of "identity" can be quite complex. Often with people having multiple identities which don't always overlap. Someone in a public forum could be "That woman who always goes on about XYZ topic". Or someone's identity could be "The man who always buys a daily paper at a certain newsagents". You even have commuters who would recognise each other by sight, but have never spoken to each other.
No, I'm using the rational argument that our inept government doesn't really have the clue most of the time to chase actual perverts, let alone real menaces like terrorists.
Thus if they want to "look good" they'll find some "soft targets" to arrest.
You are using the old "if you don't have anything to hide you need not hide anything" fallacy. I guess since you don't want watched in the bathroom we can assume you are producing kiddy porn or making meth in there...
Or maybe they should post all of their banking details to Slashdot. The problem is that governments frequently contain untrustworthy people, may well be untrustworthy as a corporate entity and vitually always trust some very questionable entities. (The latter including both other governments and commercial entities.) The US Government is in no way different here, hence also Mark Twain's comment about American criminal classes and Congress.
Really though, I'd say Bitlocker is probably adequate for most purposes. If you're concerned about siblings, co-workers, rival companies, etc. it will hide your data. If you're trying to hide something from legal authorities, you'd best find another way to hide your data.
If "legal authorities" can recover the plaintext then it won't be too long before "rival companies" and "criminal gangs" will have the same ability. It's just a matter of how insecure the least secure police department is.
A real bomb is never designed to make itself presentable/noticable. Only a dickhead terrorist would invite attention to a bomb.
Not quite the same thing. But a tactic used by the IRA was to put a big bomb and a little one near to each other. The little bomb being the one which went off first to "attract attention".
Even if Scientology was a legitimate religion, why is it illegal for someone to interfere with a religion, but it's completely acceptable for religions to interfere with everyone elses lifes.
Especially if this allegedly happened in the USA...
Face it: The buildings are there, you can't blur them out in real life. If you want security through obscurity then disguise their real purpose and don't partake in silly exercises such as this that actually draw more attention to them.
An idea popular in fiction, but also with real world examples such as the Green Brier Hotel.
The DMCA is about copyrights. You cannot issue a takedown notice for material for which you do not own the copyright.
Of course you can you simply need to claim to represent the copyright holder. People have put this to the test using public domain material.
My understanding is that your DMCA takedown notice requires that you swear under penalties of purjury that you won the copyright in question.
Which in practice tends to be not much of a penalty. Even people caught lying under oath in criminal courts often get away with it. Who's going to come after someone lying in a letter they sent?
A fundemental personal privacy/personal data concept that should be the basis of all laws governing how businesses and governments handle and are responsible for personal data should be liability for PD loss/leakage is directly proportional to the amount of PD per individual.
For example, your company leaks:
1) Addresses
2) SSN
3) Email addresses
That will give you three times the liability of a company that leaks:
1) Address
Assuming that there is a linear relationship between the number of fields leaked and the potential damage. Maybe the damages should be more along the lines of X cubed in the example. Even that assumes that all of the fields are equally damaging if leaked, which is not the case.
Have you TRIED to do this? I'm working on a project which uses SSNs as user identifiers in automatic biometric door locks. We know that it is way too insecure, but there's no other good way (no, we can't use smart cards for access control).
Dosn't sound like the biometrics are especially good if you need an identifier.
Users either too stupid to use something else or just plainly REFUSE something different from SSN. We tried to use phone numbers as IDs, and we still get tons of support calls from users who change their phone number and expect our system to magically pick up this change.
Have you tried printing the number on a card? If they are really that stupid how do they manage to make "support calls"?
SSNs should be public info, not a closely guarded secrets.
In practice they already are...
It's quite a good identifier but SUCKS as authenticator.
So stop using them as an authenticator.
Something like government-issued smart cards would be MUCH better.
You'd still have the same problem. Actually you'd probably have a worst problem, due to a combination of government both wanting to abuse such a system whilst being completly incompetent.
I don't think people would go for that. Most people wouldn't want a different number for:
1) Their "normal" bank
So is it impossible in the US for people to have more than one bank account? (Including with the same bank.) Do married couples get a special SSN for a joint account. What about power of attorney, executors of wills, etc?
2) Their mortgage lender
Ditto
3) Each of their credit cards (if they have any)
AFAIK even US credit cards use standard 16 digit numbers.
4) Their employer
How common is employer deduction of income tax in the US.
And the credit report companies wouldn't want that confusion either, nor would the government. It'd be too confusing to figure things out.
Odd how credit reporting companies appear to work fine without this. As do most of the world's governments...
Having said that, if they wouldn't charge so much it would kill piracy overnight - if I recall correctly that was proven in one country where they did just that. Literally overnight the market for pirated works collapsed.
Which is what used to be called "good business sense".
Oh, and the MPAA should shut up that one participant that still wants region limiting. I've heard of quite a few execs themselves that region limiting is stupid. Typically, people that travel (i.e. with money to spend) buy a lot of movies on the fly, but only the ones they buy legitimately won't play when they get home from another region. How stupid is that?
DRM, even of this basic kind means that the value of the product is lower to any potential customer. Increasing the potential market to pirates.
Actually I think they do care. One of their tactics has been to drag things out to where people settle simply because it's cheaper. This decision hurts that tactic two ways. First, it calls into question the RIAA's assertion that merely being the registered owner of the IP address they claim was involved is sufficient. And second, it provides precedent a defendant can cite in future cases for making the RIAA pay defendant's attorney's fees if the RIAA can't prevail.
Possibly only in the case of the RIAA dropping the case. Which changes the rules somewhat. Thus the RIAA may need to restrict itself to cases it thinks it can actually win.
Completely off-topic and this has been covered time and time again, but Clinton wasn't impeached for porking his intern. He was impeached for committing perjury
But didn't he still serve out the rest of his term as President? Impeaching an official is rather pointless if it dosn't result in their immediate removal from office...
I'm not familiar with that aspect of the Microsoft strategy. Aren't they *always* being accused of stealing other platforms' features? Big bad copycat, that's how people seem to view them.
All too often when Microsoft "copies" something they attempt to add some additional bells and whistles which can easily negativly impact functionality.
But then why don't they allow you legally to run ONE copy of Vista in a VM, if that's really their worry?
Assuming that EULAs actually have any legal basis in the first place. Even if that was the case the specific clause in question would have to have a legal basis. It isn't unknown for such documents to be stuffed full of questionable (even bogus) claims.
It seems everyone these days are too eager to throw people in jail. Two years in jail for a non-violent crime? Two years of your life is a very long time. It's longer than you may think, and spending it in jail doesn't help society very much.
That's probably more of a reason for reviewing exactly who is jailed in general.
Yes, I know it's suppose to be a deterrent, but I think a better deterrent would be a much larger fine, probation, and maybe your email address along with your crime made publicly known.
Maybe if they spammed ED drugs (or porn) they should go on the sex offenders register.
"Will result in" or "can result in"? A maximum sentence isn't always passed - and is in fact probably the exception rather than the norm.
Especially given that the existing law allows for a fine "per incident". Which could mean that selling 2,000 emails would equate to up to one million pounds of fine. There can't be many email addresses which will sell in the several thousand pounds range.
Doubt the title "UK to jail privacy violators" means that Blair and co will be heading to jail soon over their crackpot ID card scheme either...
Thinking about it, it requires a couple of hours running on diesel to prime itself - so a rough guess, assuming its engine is similar to that of a small car, would be that it takes half a dozen to a dozen gallons of diesel to prime it.
Whilst doing this it may well still produce useful mechanical work. Sounds like it's using the waste heat from the engine to "cook" the stuff up.
The unit's described as about the size of a small van. Except it's likely denser so let's guess around five tons and it's cumbersome as all hell.
The major gimic of this device is that it is "portable".
And what does DRM have to do with serving up a web page???
No doubt with Vista Server (when it comes out) the DRM "rootkit" will want perform some checks on the content you might want your webserver to serve up...
Giving users "sudo" instead of "su" will help quite a lot, but you're right. It's tough to find a happy medium between too much notification (Vista) and not enough (XP).
No doubt Microsoft would be reluctant to employ a sudo type approach because of "Not Invented Here".
What really bugs me is that of the three men they arrested, one of them, David Beavan, was a vigilante trying to stop child abuse who told the police about the plot.
Being a vigilante can be rather dangerous.
This man was also sentanced to 8 years for conspiracy to commit rape.
You need to be an undercover police office to get a "get out of jail free card" when it comes to conspiring with criminals.
have no problem with them arresting him for some other charge- what he was doing was questionable, and I'm sure violates laws about entrapment, child porn distribution, etc. I think it's pretty clear, though, that he wasn't going to rape little girls like the others were planning to.
Obviously the jury were not convinced.
Why would this be a bad thing? I doubt that it is even possible,
Because the "trying" wastes a lot of money which could be used for something worthwhile. e.g. Actual law enforcement.
You cannot just say whatever you want in a newspaper or in a public forum without people knowing who you are.
Newspapers certainly publish articles and letters with names and addresses withheld. Even when they public a name and town/city you'd often have to work hard to identify the person concerned. Also people speaking in public rarely give their home address out...
The whole concept of "identity" can be quite complex. Often with people having multiple identities which don't always overlap. Someone in a public forum could be "That woman who always goes on about XYZ topic". Or someone's identity could be "The man who always buys a daily paper at a certain newsagents". You even have commuters who would recognise each other by sight, but have never spoken to each other.
No, I'm using the rational argument that our inept government doesn't really have the clue most of the time to chase actual perverts, let alone real menaces like terrorists.
Thus if they want to "look good" they'll find some "soft targets" to arrest.
You are using the old "if you don't have anything to hide you need not hide anything" fallacy. I guess since you don't want watched in the bathroom we can assume you are producing kiddy porn or making meth in there...
Or maybe they should post all of their banking details to Slashdot.
The problem is that governments frequently contain untrustworthy people, may well be untrustworthy as a corporate entity and vitually always trust some very questionable entities. (The latter including both other governments and commercial entities.) The US Government is in no way different here, hence also Mark Twain's comment about American criminal classes and Congress.
Really though, I'd say Bitlocker is probably adequate for most purposes. If you're concerned about siblings, co-workers, rival companies, etc. it will hide your data. If you're trying to hide something from legal authorities, you'd best find another way to hide your data.
If "legal authorities" can recover the plaintext then it won't be too long before "rival companies" and "criminal gangs" will have the same ability. It's just a matter of how insecure the least secure police department is.
A real bomb is never designed to make itself presentable/noticable. Only a dickhead terrorist would invite attention to a bomb.
Not quite the same thing. But a tactic used by the IRA was to put a big bomb and a little one near to each other. The little bomb being the one which went off first to "attract attention".
So what's your definition of a "legitimate religion," and why doesn't Scientology fit it?
One useful metric would be if the "scriptures" and other religious texts are freely available.
Even if Scientology was a legitimate religion, why is it illegal for someone to interfere with a religion, but it's completely acceptable for religions to interfere with everyone elses lifes.
Especially if this allegedly happened in the USA...
Face it: The buildings are there, you can't blur them out in real life. If you want security through obscurity then disguise their real purpose and don't partake in silly exercises such as this that actually draw more attention to them.
An idea popular in fiction, but also with real world examples such as the Green Brier Hotel.
I can see a US defense powerpoint presentation with "proof" of wrongdoing of India, arrows pointing towards blurred sites...
More probably would be a Pakistani general pointing out the blurred bits of India and an Indian general pointing out the blurred bits of Pakistan.
This isn't about security. It's about being able to say that you've done something about something.
If anything it's counter security. Since by doing this you help out any potential terrorists with "target selection".
The DMCA is about copyrights. You cannot issue a takedown notice for material for which you do not own the copyright.
Of course you can you simply need to claim to represent the copyright holder. People have put this to the test using public domain material.
My understanding is that your DMCA takedown notice requires that you swear under penalties of purjury that you won the copyright in question.
Which in practice tends to be not much of a penalty. Even people caught lying under oath in criminal courts often get away with it. Who's going to come after someone lying in a letter they sent?