Nevermind there will ALWAYS be vulnerabilities. Or maybe I go to jail because some worker brought in an infected USB photo frame. The only way you can really secure the desktop computer completely from the user is to cut the power cable and give them a pad of paper and a pen.
That, frankly is the MS mindset: you can't make it 100% secure, so let's not try to make it more secure than it is today. The disclosure requirements should have provided "encouragement" to companies to try harder to protect data. Clearly, it has not been successful.
The photo frame example is a very good case -- those frames only presented a threat to operating systems that automatically execute programs found on disks that are inserted/connected to the computer. That is a choice of the OS manufacturer and the administrator (since it can be disabled). Companies have to take responsibilities for those choices instead of just saying "it's impossible".
You have a choice, allow organizations to report the data breach, or have them cover it up to avoid the penalty.
What value is there in the reporting these days? Is there anyone in the USA today who has not received a letter saying that their personal data has been compromised? I suspect that those reports are about as valuable as California's cancer warnings that appear everywhere.
Anyway, I think that your original question presents a false dichotomy. It's quite possible to provide anonymous means to allow employees to report the data breach and to provide much harsher penalties for unreported data breaches.
I think it is entirely appropriate to investigate a company when large ammounts of personal information ends up being 'stolen'... If it turns out that the company did not take the necessary steps to protect people's personal information they should face some consequences.
The problem with this is defining the "necessary steps". Definitions could be abused both ways to the advantage or detriment of the company that lost the data. Also, what if the company chooses to use software that has a history of vulnerabilities (including zero-day vulns) and performs all updates on schedule? Did the company perform the "necessary steps" when the problem was really the original choice of s/w? Does "necessary steps" allow for a delay before installing the new patches from MS on patch-Tuesday to allow testing and making sure that the patches don't screw something up, or would "necessary steps" require installing all new patches a few minutes after MS releases them?
I think that the "necessary steps" test is likely to allow companies to select insecure software and then, as long as it is kept up-to-date, avoid any responsibility for that original poor choice.
But Premier spokesman Chris Riggall said the programming problem had gone undetected after years of use and both federal and state testing. He stressed that the systems are secure in conjunction with other election safeguards in place.
So they have been malfunctioning for years and this is supposed to be a good thing?
"Secure" is not the same as "counts correctly". Besides which, anyone who reads Ed Felten's blog knows that the "other election safeguards" are frequently not implemented properly.
Because it would cost much more than that to fix the damn thing.
Exactly: Ballmer's and Gates' egos.
Or, to put it another way, Baller would have to admit the he was dissembling when he made all those claims about Vista. Customers might not like this -- as
Gerald Ratner found out, insulting your customers can have unpleasant results.
From TFA:"Orin Kerr, a former Justice Department prosecutor who's now a law professor at George Washington University, shares this view. Kerr acknowledges that it's a tough call, but says, "I tend to think Judge Niedermeier was wrong given the specific facts of this case." "
The phrase "given the specific facts of this case" gives me chills in this context.
I think Kerr's reasoning is reasonable, based on the facts as he explains them, but I think there is another possiblity which is possible.
Kerr's argument is that the fact the the defendent showed the files to the customs agents already proved that he knew the key. Thus, it becomes like somone being compelled to hand over a physical key -- since there is indisputable evidence that the defendent knew the key, having him provide it says nothing about his state of mind.
On the other hand, it's not 100% clear if he actually entered the key to show the files to the customs agents? What if the PC had been continuously booted and he merely showed the contents? Someone else could have earlier entered the key. I realize that this is an unlikely circumstance, but the facts given on the Volokh Conspiracy page don't explicitly rule out this possiblity.
The European Union does not have a common penal code. So Wikipedia is sort of misleading on this point.
While the EU does not have a common penal code, it does guarantee rights to all EU citizens. Countries cannot make someting illegal if it is a right that the EU guarantees citizens of EU countries. However, it seems highly unlikely that this would be a right that the EU would guarantee, thus allowing individual countres (such as Germany) to criminalize it.
NBC provided streaming video for only a small proportion of Internet-connected computers: Those running more expensive versions of Vista -- what proportion of all the desktop computers connected to the Internet is this?
There are a number of isses with this. One of the first is that most exports are pure junk. They typically burn a LOT of energy.
I don't think this is true. Apart from recent innovations, PCs have used more and more power. Perhaps you might remember that CPUs used to all have passive coolers? The idea of a cooler on the graphics chip would have been laughable ~15 years ago. Power supplies have increased in output to 1kW. Unless you buy an expensive power supply, I don't think that efficiency has increased sufficiently to compensate for the increased output demand.
There is only one component in a new PC (Atom and other low power models excepted) -- the monitor. Changing from CRT to LCD results in a significant reduction in power usage.
including without limitation by using the internet or any online media distribution system to reproduce (i.e., download) any of Plaintiffs' Recordings,
This looks like an injunction against the use of iTMS or any other online music store. Am I reading this correctly?
Working in the health care field as an IT admin exposes me to lots of HIPAA crap. One thing you learn on day one is that EMAIL IS NOT SECURE. And if it is not secure then considered public.
I think such generalizations are dangerous. If I send an email to one of my kids, it is sent over an SSL-encrypted link to a private machine. When My kids download it, they do so over an SSL-encrypted session. The email might also be sent onto Gmail. Again, to connection from my mailserver to Gmail is protected by SSL/TLS. Finally, reading emails on Gmail is normally done (by me at least) over an SSL-encrypted session. Why should I not expect these emails to be private?
I'm surprised you mentioned Ma Bell, as AT&T seems to have almost all its pieces back together again
I'm sure that you posted the revionist history tha the current AT&T managment would like to see, but it simply isn't true. The present AT&T is not the same as the old one. Another company assembled the pieces, not the old AT&T.
If sovereign immunity is real, why does any government agency (such as a state university) waste tax money on liability insurance? It's completely unnecessary if they can't be sued.
Because there are laws in various states that provide a right to sue the government over various issues -- in other words, the state has consented to being sued over those specific issues.
The relevant question the court would ask is "Did you know it was Josh Grobin when you made the copy for him?".
Would a court ask this? I don't recall seeing intent in any copyright statues that I have read (not that I claim to be an expert on the subject of copyright). Essentially, what you are suggesting is that the court should say: "in the hypothetical case that the person requesting the file did not have permission, the defendant would have violated copyright". The problem is that courts don't make awards (or, should not) on the basis of hypothetical violations.
To use a car analogy, it's like being given a speeding ticket by a cop who states "had the defendant not seen me, he would have been speeding down this stretch of road, so we can presume that he is guilty".
If I'm handing out copies of the latest Josh Grobin CD and I hand one to Josh Grobin himself (he's probably the only one who would take it) that doesn't suddenly make it okay for me to be handing them out, even to him. He didn't give me permission to distribute, I just happened to hand it to the one person who could give me permission.
I don't think your example is applicable. To make it closer to the real event: imagine that I offer to make copies of Josh Grobin's CD and the only person who asks for a copy is Josh Grobin. I stress "asks", because that is what happens with P2P. There is no evidence that anyone else received a copy, so a court has to assume that no-one else did receive a copy. Now, do you think that the copy that Josh asked for was unauthorized?
I don't think that's going to stand up. Undercover cops buy drugs and the state doesn't have to prosecute them for buying them.
You missed the point. The problem for the RIAA is that when they downloaded the files, they were authorized to download the files (as representatives of the copyright holders) and thus, because this was an authorized download it does not provide evidence of a copyright violation. It's really a catch-22 situation for the copyright holders.
Personally, I dont think this is at all feasible. The labor of laying down that one line could be better spent laying down 20 lines at the same time and getting everyone on your block.
RTFA. The fiber is already installed. Now the plan is to sell the existing fiber to the homeowners.
Real men don't need a computer or even a projector. Real men just memorise the presentation and then just wave a laser pointer around fast enough to draw pictures (using vision persistence).
So have I. I have also seen a lot of "connection lost after DATA" lines in my mail server logs. Is anyone else seeing this?
You don't plan on ever buying a house? Or are you just planning on winning the lottery so that you can buy a house with cash?
That, frankly is the MS mindset: you can't make it 100% secure, so let's not try to make it more secure than it is today. The disclosure requirements should have provided "encouragement" to companies to try harder to protect data. Clearly, it has not been successful.
The photo frame example is a very good case -- those frames only presented a threat to operating systems that automatically execute programs found on disks that are inserted/connected to the computer. That is a choice of the OS manufacturer and the administrator (since it can be disabled). Companies have to take responsibilities for those choices instead of just saying "it's impossible".
The death penalty could be implemented by transferring all the corporation's assets to the non-executive employees.
What value is there in the reporting these days? Is there anyone in the USA today who has not received a letter saying that their personal data has been compromised? I suspect that those reports are about as valuable as California's cancer warnings that appear everywhere.
Anyway, I think that your original question presents a false dichotomy. It's quite possible to provide anonymous means to allow employees to report the data breach and to provide much harsher penalties for unreported data breaches.
The problem with this is defining the "necessary steps". Definitions could be abused both ways to the advantage or detriment of the company that lost the data. Also, what if the company chooses to use software that has a history of vulnerabilities (including zero-day vulns) and performs all updates on schedule? Did the company perform the "necessary steps" when the problem was really the original choice of s/w? Does "necessary steps" allow for a delay before installing the new patches from MS on patch-Tuesday to allow testing and making sure that the patches don't screw something up, or would "necessary steps" require installing all new patches a few minutes after MS releases them?
I think that the "necessary steps" test is likely to allow companies to select insecure software and then, as long as it is kept up-to-date, avoid any responsibility for that original poor choice.
So they have been malfunctioning for years and this is supposed to be a good thing?
"Secure" is not the same as "counts correctly". Besides which, anyone who reads Ed Felten's blog knows that the "other election safeguards" are frequently not implemented properly.
Exactly: Ballmer's and Gates' egos.
Or, to put it another way, Baller would have to admit the he was dissembling when he made all those claims about Vista. Customers might not like this -- as Gerald Ratner found out, insulting your customers can have unpleasant results.
I think Kerr's reasoning is reasonable, based on the facts as he explains them, but I think there is another possiblity which is possible.
Kerr's argument is that the fact the the defendent showed the files to the customs agents already proved that he knew the key. Thus, it becomes like somone being compelled to hand over a physical key -- since there is indisputable evidence that the defendent knew the key, having him provide it says nothing about his state of mind.
On the other hand, it's not 100% clear if he actually entered the key to show the files to the customs agents? What if the PC had been continuously booted and he merely showed the contents? Someone else could have earlier entered the key. I realize that this is an unlikely circumstance, but the facts given on the Volokh Conspiracy page don't explicitly rule out this possiblity.
While the EU does not have a common penal code, it does guarantee rights to all EU citizens. Countries cannot make someting illegal if it is a right that the EU guarantees citizens of EU countries. However, it seems highly unlikely that this would be a right that the EU would guarantee, thus allowing individual countres (such as Germany) to criminalize it.
The capability to access Gmail over SSL is not new. Perhaps not too many people know about it, but that does not make it new.
NBC provided streaming video for only a small proportion of Internet-connected computers: Those running more expensive versions of Vista -- what proportion of all the desktop computers connected to the Internet is this?
I don't think this is true. Apart from recent innovations, PCs have used more and more power. Perhaps you might remember that CPUs used to all have passive coolers? The idea of a cooler on the graphics chip would have been laughable ~15 years ago. Power supplies have increased in output to 1kW. Unless you buy an expensive power supply, I don't think that efficiency has increased sufficiently to compensate for the increased output demand.
There is only one component in a new PC (Atom and other low power models excepted) -- the monitor. Changing from CRT to LCD results in a significant reduction in power usage.
This looks like an injunction against the use of iTMS or any other online music store. Am I reading this correctly?
Which is exactly why an injunction should never have been granted.
I think such generalizations are dangerous. If I send an email to one of my kids, it is sent over an SSL-encrypted link to a private machine. When My kids download it, they do so over an SSL-encrypted session. The email might also be sent onto Gmail. Again, to connection from my mailserver to Gmail is protected by SSL/TLS. Finally, reading emails on Gmail is normally done (by me at least) over an SSL-encrypted session. Why should I not expect these emails to be private?
Because the original point was discussing companies surviving (or not). AT&T did not survive. A similar, but different, company exists in its space.
I'm sure that you posted the revionist history tha the current AT&T managment would like to see, but it simply isn't true. The present AT&T is not the same as the old one. Another company assembled the pieces, not the old AT&T.
You forgot theft -- where did the cart come from?
Because there are laws in various states that provide a right to sue the government over various issues -- in other words, the state has consented to being sued over those specific issues.
Would a court ask this? I don't recall seeing intent in any copyright statues that I have read (not that I claim to be an expert on the subject of copyright). Essentially, what you are suggesting is that the court should say: "in the hypothetical case that the person requesting the file did not have permission, the defendant would have violated copyright". The problem is that courts don't make awards (or, should not) on the basis of hypothetical violations.
To use a car analogy, it's like being given a speeding ticket by a cop who states "had the defendant not seen me, he would have been speeding down this stretch of road, so we can presume that he is guilty".
I don't think your example is applicable. To make it closer to the real event: imagine that I offer to make copies of Josh Grobin's CD and the only person who asks for a copy is Josh Grobin. I stress "asks", because that is what happens with P2P. There is no evidence that anyone else received a copy, so a court has to assume that no-one else did receive a copy. Now, do you think that the copy that Josh asked for was unauthorized?
You missed the point. The problem for the RIAA is that when they downloaded the files, they were authorized to download the files (as representatives of the copyright holders) and thus, because this was an authorized download it does not provide evidence of a copyright violation. It's really a catch-22 situation for the copyright holders.
RTFA. The fiber is already installed. Now the plan is to sell the existing fiber to the homeowners.
Real men don't need a computer or even a projector. Real men just memorise the presentation and then just wave a laser pointer around fast enough to draw pictures (using vision persistence).