The minute I find an applicable law (The fact that I have requested that they refrain from contacting me and contact continues means I may have a harassment case) I am taking those bozos to court.
Harassment is already illegal. Go ahead and sue.
Personally I don't have the time and energy to waste on such lawsuits. In fact, I once received over 10,000 bounces from a spammer who forged my address in the From:. I can show you the case law which definitively allows me to sue that spammer for trespass of chattel. If you want to pay for my lawyer, I'll give you 50% of the award or settlement. Besides, if a law against spam ever does get into place, it'll become much harder to find out the identity of the spammer.
Yes, until they send spam with them. Then the accounts stop being anonymous and the ISP turns over the contact information for the responsible party. The key is who has the originating IP address, not the e-mail address.
I don't think you understand the question. My account is not anonymous if my ISP knows who I am.
Merely requiring that someone "provide reasonable proof that the headers are legit" is not due process.
I really thought you understood the law better than that. You are not entitled to "due process" except in a legal proceeding.
Bullshit. I am entitled to due process whenever my life, liberty, or property is being taken from me. Forcing the ISP to divulge information which it has promised not to divulge violates both my liberty and the liberty of the ISP. Further, it violates the ISP's right to not be unreasonably searched.
To use an analogy, if you get into a traffic accident, you cannot refuse to give out your name and address because you have not been given "due process."
Refuse to give out my name and address to whom? I can certainly refuse to give out my name and address to the person with whom I got into an accident. As for whether or not I can refuse to give the police officer my name and address without a warrant being aquired or an arrest being made, I'm not completely sure of the law. I suggest you show it to me before you make such a statement. IN any case, there is probable cause that you were involved in an accident.
No, I want to make anonymous spam (commercial) e-mail illegal.
Can people have anonymous email accounts or not? If they can, they'll just use those accounts to send their spam.
There is no reason for a legitimate business advertising their goods or services should do so anonymously by spamming people.
But there is a reason that a person would want to get an anonymous email account. My information shouldn't be given out without probable cause that I am committing a crime. If a judge decides that there is probable cause to believe that I've sent spam, that's one thing, but that requires a subpeona. Merely requiring that someone "provide reasonable proof that the headers are legit" is not due process.
The laws should require that ISPs provide you with any and all contact information for the person assigned the IP address from where the spam originated (provided that you can provide reasonable proof that the headers are legit).
So you want to make anonymous email illegal? Sorry, I'm not up for that. It will be abused.
My problem with this, is the credit card companies should be given a copy of the digital signature, the vendor should not retain it. Why? Because only the credit card company can verify it isn't a duplicate...
The signature isn't for verification, it's for non-repudiation. Since the person who has to lose from repudiation is the merchant, that's who should keep the signature.
This is completely wrong. Those pads don't record an image of your signature, they recorde the movements you make with the pen when signing.
I'll assume you're correct, but still, how does this facilitate fraud?
This way, algorithms checking the validity of a signature will detect counterfeits, because even someone who learned to produce a signature which looks exatly the same visually can't reproduce the original.
I don't buy that these devices check any such algorithms. I'd like you to back that one up.
An exact (digital) copy of a previously stored signature would also fail the test.
How so? If you store the motions, rather than the signature, it seems that a replay attack would work perfectly well.
In other words, while a single line of what I said may have been technically incorrect, what are you getting at? My main thesis (that using these devices does not facilitate fraud any more than a regular pen and paper signature) seems to still hold up.
If the unauthorized charges are due to my own negligence (I lose the card, or the card is stolen and I do not report it in a timely manner), then maybe I'm liable for $50. But as long as I make a reasonable effort to maintain the security of my card and account information, I'm liable for $0.
as under US law, you'd only be liable for up to $50 of the purchases the retailer would make without your actual signature
Bull. I've never agreed to that. To quote the discover card agreement, "You agree to pay us in U.S. Dollars for all purchases, cash advances, and balance transfers including applicable Finance Charges and other charges or fees, incurred by you or anyone you authorize or permit to use your Account or a Card, even if you do not notify us that others are using your Account or a Card."
If they can't convince a judge that I authorized or permitted the purchase, I'm liable for $0, not $50.
Being a typical paranoid Slashdotter I offered to sign off of the pad but refused to sign on the pad.
What's the point? Now all they need is a half-decent scanner and they get the same result - a digital copy of your signature.
Was I over reacting or can someone back up my paranoia with some facts?"
You were overreacting.
Think about it, some deceitful vendor has one of these, sells you something, gets your signature, and can then ring up loads of charges on your card using a digital copy of said signature over, and over, and over...
How is this something which can't be done with a photocopying machine and some scissors? And why would the person "ringing up loads of charges" care if the signature matches or not? It's not like vendors have a central database of signatures that they check against. At best they check against the signature on the back of your card, which they can only do if you're in person, in which case you can't use a digital signature anyway.
Do the current crop of signature pads prevent against this and other similar kind of deceit?
Maybe your misconception is what the signature pad does? Signature pads merely record your signature. They don't check it against a central database or anything. Even if they did, this wouldn't be subject to defeat as long as you witnessed the person making the signature.
Or maybe your misconception is over who is responsible for fraudulent charges? A credit card purchase is simply a contractual agreement to pay. If the purchase is fraudulent, the merchant loses. Not the credit card company, and not the owner of the credit card (except for up to about $50 in some cases where the credit card was stolen). If your credit card wasn't stolen and the charge wasn't made with your permission, you're not responsible for the charges. Period.
So what does a signature do to protect the merchant? It does two things. One, it allows the merchant to check the signature against the back of the card. Two, it gives the merchant a record of the contractual agreement.
Will a judge render a judgement for the merchant in the case of the merchant forging a signature? It's possible, but there are a number of things against it. One major reason is that when a merchant gets too many chargebacks, they are generally dropped by the merchant bank. So the amount of money you can steal before you get caught is relatively low. Then, on top of that, a judge would generally take a digitally scanned signature as lesser weight than a regular one. Finally, if you can subpeona the original signature from which the copy is made and show that they are identical, then you have a slam dunk case, and the merchant will probably wind up in jail. Besides, a signature can be forged just as easily with a handy dandy photocopying machine.
So, if anyone loses from digital signature pads, it's the merchant.
Bob Lentine, assistant commissioner of the county health department, said he thinks the stuff might be industrial pollutants or fuel discharge from the jets that fly directly overhead from nearby Philadelphia. In any case, it's probably nothing to worry about, he said.
Even better, maybe we can get someone to sue someone else for breathing, and use the DMCA. That'll certainly get the DMCA deemed unconstitutional, because I obviously have a right to breathe!
But, again, phone theives are already committing several crimes; the fact that one of the tools they need is only available illegally isn't likely to make them think twice. Unless you're talking about economic cost; $14.95 (plus dealing with the idiot on commission behind the counter) vs. >$100(?) (or £, since we are talking about the UK). But still, I think that would just make them steal more phones to make up the cost. It's just a greater initial outlay, not really a liability.
Presumably phone thieves are already stealing at an optimal rate. If you raise the economic cost of getting into the phone theft business, you're going to have fewer phone thieves by simple supply and demand. Phone thieves will move to other, less costly forms of thievery, or even to legitimate businesses, if you raise the economic costs sufficiently.
$15 -> $100 is a reasonable price increase if all that's done is the device is made illegal. But if technological barriers are put into place to make it even harder, the price is going to go up even more. Organized crime doesn't have a very efficient or cost effective R&D department.
I just don't know that higher penalties are effective.
But this isn't about higher penalties, this is about whether or not to have any penalty at all. I agree with you that it's questionable whether or not raising the penalties for say possession of nuclear weapons from 20 years to life makes a difference. But if you eliminated the penalties altogether, that likely would make a difference.
I have to wonder how much of a deterrent this specific law would be, too; especially since, as lots of people have mentioned, it's already illegal to do most of the things that criminals would do before and after changing the IMEI number.
But in order to change the IMEI number, you need tools, and expertise. It seems much more likely that without a law a thief can just go to the local Radio Shack (or whatever the Brit equivalent is) and get the number changed. With this law in place, the theif has to buy an illegal tool on the black market. That definately increases the cost of stealing phones, at the very least.
Stealing things is against the law. Handling stolen goods is against the law. Passing off stolen goods as not stolen is against the law. There looks to be plenty of applicable criminal law here.
It's much easier to prove possession of tools to change the ID than it is to prove that the phone was stolen.
Indeed the text of the bill specifically states "There will be minimal resource implications for the criminal justice agencies - the police, the Crown Prosecution Service, the courts and the Prison Service - to investigate, enforce, prosecute and process the cases through the courts and to accommodate convicted offenders given a custodial sentence. The number of cases prosecuted under this new offence are likely to be relatively small in number," In which case the whole thing starts to look like a waste of time.
Are you saying that the only affect of this law is going to be to allow people to be arrested? Surely there is a deterrant effect, especially in the legitimate business community.
The new legislation applies to all phones, not just stolen ones.
Yes, but the goal of the law is to reduce the number of stolen phones.
And in any case if someone has already broken the law by stealing the phone, what makes you think they won't also break this new law?
Because there won't be that many tools available to allow them to break this new law. They won't be able to take it to a legitimate store to get it changed. Plus, if they get caught, it'll be much easier to prosecute, because you won't have to prove that the phone was stolen, only that the ID was changed, or that the thief possessed the tools to change the ID.
Maybe we should protect the individual's freedom to change the ID, but we're doing so at the expense of making it easier to steal phones and use them.
All are very strong Go players, and it takes a strong Go player to write even a weak Go program.
I think that line captures the problem I have with the article. The purpose of AI is to produce a computer where the programmer doesn't even have to know that the game of Go exists. Yes, an intelligent computer can play Go half-decently, but a computer which can play Go half-decently isn't necessarily showing any intelligence.
So yes, writing a good Go program is challenging, but I wouldn't exactly call it research, unless you're using a method completely different from all the successful ones out there (basically a pruned tree search).
Defrauding telephone companies is already illegal. If some the telephone companies don't want this heppening then they should put it in their contracts.
That wouldn't help since these are stolen phones, and people who steal phones rarely go to the phone company and sign a contract.
But this is just government in general. I would *not* want the US government in control of the internet, because they would certainly abuse their power.
Ideally, no one would be in control of the internet. But as it is now, big corporations are in control of the internet, and they don't have to obey nearly as many laws as the federal government. Corporations don't have to follow the First Amendment, for example. They're free to shut down anyone whose speech they don't like without due process or anything. At least with government control of the infrastructure, we each have an equal vote for our representatives.
So, yeah, I'm against government control of the internet, but I don't have a problem with government control of the infrastructure.
But I still believe it's wrong for the government to prevent OTHER people/businesses from offering e-mail if they wanted to.
I agree. I think it'd be better than what we currently have, but ideally the government would merely provide an alternative, and others would be free to compete as long as they don't engage in predatory pricing or anything.
The post office is nothing but another example of failed socialism [cato.org], and should be phased out and replaced with market solutions which offer an incentive to deliver (pardon the pun;).
While I do agree that the USPS monopoly has outlived its usefulness, I think that back when the USPS was formed, it was a natural monopoly, and I believe that natural monopolies should be run as nonprofit charities, such as the USPS.
So if they came out with e-mail in 1970, it would be illegal today to write software based on TCP/IP to send text messages? Or would TCP/IP be illegal altogether.
Not necessarily, but if the US Government provided us all with TCP/IP connections, instead of WorldCom and AOL, why would that be a bad thing?
We're not children, we're adults, and are therefore supposedly capable of choosing for ourselves what software we want to use.
Heh, that was funny... Now let's go back to the real world where the federal government decides for us what software we can buy.
The minute I find an applicable law (The fact that I have requested that they refrain from contacting me and contact continues means I may have a harassment case) I am taking those bozos to court.
Harassment is already illegal. Go ahead and sue.
Personally I don't have the time and energy to waste on such lawsuits. In fact, I once received over 10,000 bounces from a spammer who forged my address in the From:. I can show you the case law which definitively allows me to sue that spammer for trespass of chattel. If you want to pay for my lawyer, I'll give you 50% of the award or settlement. Besides, if a law against spam ever does get into place, it'll become much harder to find out the identity of the spammer.
Can people have anonymous email accounts or not?
Yes, until they send spam with them. Then the accounts stop being anonymous and the ISP turns over the contact information for the responsible party. The key is who has the originating IP address, not the e-mail address.
I don't think you understand the question. My account is not anonymous if my ISP knows who I am.
Merely requiring that someone "provide reasonable proof that the headers are legit" is not due process.
I really thought you understood the law better than that. You are not entitled to "due process" except in a legal proceeding.
Bullshit. I am entitled to due process whenever my life, liberty, or property is being taken from me. Forcing the ISP to divulge information which it has promised not to divulge violates both my liberty and the liberty of the ISP. Further, it violates the ISP's right to not be unreasonably searched.
To use an analogy, if you get into a traffic accident, you cannot refuse to give out your name and address because you have not been given "due process."
Refuse to give out my name and address to whom? I can certainly refuse to give out my name and address to the person with whom I got into an accident. As for whether or not I can refuse to give the police officer my name and address without a warrant being aquired or an arrest being made, I'm not completely sure of the law. I suggest you show it to me before you make such a statement. IN any case, there is probable cause that you were involved in an accident.
No, I want to make anonymous spam (commercial) e-mail illegal.
Can people have anonymous email accounts or not? If they can, they'll just use those accounts to send their spam.
There is no reason for a legitimate business advertising their goods or services should do so anonymously by spamming people.
But there is a reason that a person would want to get an anonymous email account. My information shouldn't be given out without probable cause that I am committing a crime. If a judge decides that there is probable cause to believe that I've sent spam, that's one thing, but that requires a subpeona. Merely requiring that someone "provide reasonable proof that the headers are legit" is not due process.
The laws should require that ISPs provide you with any and all contact information for the person assigned the IP address from where the spam originated (provided that you can provide reasonable proof that the headers are legit).
So you want to make anonymous email illegal? Sorry, I'm not up for that. It will be abused.
So I think it's time that we hit them where it hurts. Pass -strong- laws. Pass laws that permit individuals to sue in certain circumstances.
What good is that going to do? Do you actually know the identity of the person spamming you? You can't sue John Doe defendants in Small Claims Court.
My problem with this, is the credit card companies should be given a copy of the digital signature, the vendor should not retain it. Why? Because only the credit card company can verify it isn't a duplicate...
The signature isn't for verification, it's for non-repudiation. Since the person who has to lose from repudiation is the merchant, that's who should keep the signature.
This is completely wrong. Those pads don't record an image of your signature, they recorde the movements you make with the pen when signing.
I'll assume you're correct, but still, how does this facilitate fraud?
This way, algorithms checking the validity of a signature will detect counterfeits, because even someone who learned to produce a signature which looks exatly the same visually can't reproduce the original.
I don't buy that these devices check any such algorithms. I'd like you to back that one up.
An exact (digital) copy of a previously stored signature would also fail the test.
How so? If you store the motions, rather than the signature, it seems that a replay attack would work perfectly well.
In other words, while a single line of what I said may have been technically incorrect, what are you getting at? My main thesis (that using these devices does not facilitate fraud any more than a regular pen and paper signature) seems to still hold up.
If the unauthorized charges are due to my own negligence (I lose the card, or the card is stolen and I do not report it in a timely manner), then maybe I'm liable for $50. But as long as I make a reasonable effort to maintain the security of my card and account information, I'm liable for $0.
as under US law, you'd only be liable for up to $50 of the purchases the retailer would make without your actual signature
Bull. I've never agreed to that. To quote the discover card agreement, "You agree to pay us in U.S. Dollars for all purchases, cash advances, and balance transfers including applicable Finance Charges and other charges or fees, incurred by you or anyone you authorize or permit to use your Account or a Card, even if you do not notify us that others are using your Account or a Card."
If they can't convince a judge that I authorized or permitted the purchase, I'm liable for $0, not $50.
Being a typical paranoid Slashdotter I offered to sign off of the pad but refused to sign on the pad.
What's the point? Now all they need is a half-decent scanner and they get the same result - a digital copy of your signature.
Was I over reacting or can someone back up my paranoia with some facts?"
You were overreacting.
Think about it, some deceitful vendor has one of these, sells you something, gets your signature, and can then ring up loads of charges on your card using a digital copy of said signature over, and over, and over...
How is this something which can't be done with a photocopying machine and some scissors? And why would the person "ringing up loads of charges" care if the signature matches or not? It's not like vendors have a central database of signatures that they check against. At best they check against the signature on the back of your card, which they can only do if you're in person, in which case you can't use a digital signature anyway.
Do the current crop of signature pads prevent against this and other similar kind of deceit?
Maybe your misconception is what the signature pad does? Signature pads merely record your signature. They don't check it against a central database or anything. Even if they did, this wouldn't be subject to defeat as long as you witnessed the person making the signature.
Or maybe your misconception is over who is responsible for fraudulent charges? A credit card purchase is simply a contractual agreement to pay. If the purchase is fraudulent, the merchant loses. Not the credit card company, and not the owner of the credit card (except for up to about $50 in some cases where the credit card was stolen). If your credit card wasn't stolen and the charge wasn't made with your permission, you're not responsible for the charges. Period.
So what does a signature do to protect the merchant? It does two things. One, it allows the merchant to check the signature against the back of the card. Two, it gives the merchant a record of the contractual agreement.
Will a judge render a judgement for the merchant in the case of the merchant forging a signature? It's possible, but there are a number of things against it. One major reason is that when a merchant gets too many chargebacks, they are generally dropped by the merchant bank. So the amount of money you can steal before you get caught is relatively low. Then, on top of that, a judge would generally take a digitally scanned signature as lesser weight than a regular one. Finally, if you can subpeona the original signature from which the copy is made and show that they are identical, then you have a slam dunk case, and the merchant will probably wind up in jail. Besides, a signature can be forged just as easily with a handy dandy photocopying machine.
So, if anyone loses from digital signature pads, it's the merchant.
Boy, that makes me feel a lot better.
Even better, maybe we can get someone to sue someone else for breathing, and use the DMCA. That'll certainly get the DMCA deemed unconstitutional, because I obviously have a right to breathe!
But, again, phone theives are already committing several crimes; the fact that one of the tools they need is only available illegally isn't likely to make them think twice. Unless you're talking about economic cost; $14.95 (plus dealing with the idiot on commission behind the counter) vs. >$100(?) (or £, since we are talking about the UK). But still, I think that would just make them steal more phones to make up the cost. It's just a greater initial outlay, not really a liability.
Presumably phone thieves are already stealing at an optimal rate. If you raise the economic cost of getting into the phone theft business, you're going to have fewer phone thieves by simple supply and demand. Phone thieves will move to other, less costly forms of thievery, or even to legitimate businesses, if you raise the economic costs sufficiently.
$15 -> $100 is a reasonable price increase if all that's done is the device is made illegal. But if technological barriers are put into place to make it even harder, the price is going to go up even more. Organized crime doesn't have a very efficient or cost effective R&D department.
I just don't know that higher penalties are effective.
But this isn't about higher penalties, this is about whether or not to have any penalty at all. I agree with you that it's questionable whether or not raising the penalties for say possession of nuclear weapons from 20 years to life makes a difference. But if you eliminated the penalties altogether, that likely would make a difference.
I have to wonder how much of a deterrent this specific law would be, too; especially since, as lots of people have mentioned, it's already illegal to do most of the things that criminals would do before and after changing the IMEI number.
But in order to change the IMEI number, you need tools, and expertise. It seems much more likely that without a law a thief can just go to the local Radio Shack (or whatever the Brit equivalent is) and get the number changed. With this law in place, the theif has to buy an illegal tool on the black market. That definately increases the cost of stealing phones, at the very least.
Fine, if you don't want help, don't take my help.
Stealing things is against the law. Handling stolen goods is against the law. Passing off stolen goods as not stolen is against the law. There looks to be plenty of applicable criminal law here.
It's much easier to prove possession of tools to change the ID than it is to prove that the phone was stolen.
Indeed the text of the bill specifically states "There will be minimal resource implications for the criminal justice agencies - the police, the Crown Prosecution Service, the courts and the Prison Service - to investigate, enforce, prosecute and process the cases through the courts and to accommodate convicted offenders given a custodial sentence. The number of cases prosecuted under this new offence are likely to be relatively small in number," In which case the whole thing starts to look like a waste of time.
Are you saying that the only affect of this law is going to be to allow people to be arrested? Surely there is a deterrant effect, especially in the legitimate business community.
The new legislation applies to all phones, not just stolen ones.
Yes, but the goal of the law is to reduce the number of stolen phones.
And in any case if someone has already broken the law by stealing the phone, what makes you think they won't also break this new law?
Because there won't be that many tools available to allow them to break this new law. They won't be able to take it to a legitimate store to get it changed. Plus, if they get caught, it'll be much easier to prosecute, because you won't have to prove that the phone was stolen, only that the ID was changed, or that the thief possessed the tools to change the ID.
Maybe we should protect the individual's freedom to change the ID, but we're doing so at the expense of making it easier to steal phones and use them.
All are very strong Go players, and it takes a strong Go player to write even a weak Go program.
I think that line captures the problem I have with the article. The purpose of AI is to produce a computer where the programmer doesn't even have to know that the game of Go exists. Yes, an intelligent computer can play Go half-decently, but a computer which can play Go half-decently isn't necessarily showing any intelligence.
So yes, writing a good Go program is challenging, but I wouldn't exactly call it research, unless you're using a method completely different from all the successful ones out there (basically a pruned tree search).
You shouldn't
Defrauding telephone companies is already illegal. If some the telephone companies don't want this heppening then they should put it in their contracts.
That wouldn't help since these are stolen phones, and people who steal phones rarely go to the phone company and sign a contract.
But this is just government in general. I would *not* want the US government in control of the internet, because they would certainly abuse their power.
Ideally, no one would be in control of the internet. But as it is now, big corporations are in control of the internet, and they don't have to obey nearly as many laws as the federal government. Corporations don't have to follow the First Amendment, for example. They're free to shut down anyone whose speech they don't like without due process or anything. At least with government control of the infrastructure, we each have an equal vote for our representatives.
So, yeah, I'm against government control of the internet, but I don't have a problem with government control of the infrastructure.
But I still believe it's wrong for the government to prevent OTHER people/businesses from offering e-mail if they wanted to.
I agree. I think it'd be better than what we currently have, but ideally the government would merely provide an alternative, and others would be free to compete as long as they don't engage in predatory pricing or anything.
Alright, so give me a password and shit.
The post office is nothing but another example of failed socialism [cato.org], and should be phased out and replaced with market solutions which offer an incentive to deliver (pardon the pun ;).
While I do agree that the USPS monopoly has outlived its usefulness, I think that back when the USPS was formed, it was a natural monopoly, and I believe that natural monopolies should be run as nonprofit charities, such as the USPS.
So if they came out with e-mail in 1970, it would be illegal today to write software based on TCP/IP to send text messages? Or would TCP/IP be illegal altogether.
Not necessarily, but if the US Government provided us all with TCP/IP connections, instead of WorldCom and AOL, why would that be a bad thing?