I'm for eliminating state-sponsored marriage. Marriage is two things - a document that giving religious people permission to have sex without feeling guilty, and a set of legal rights. These two parts were given to the state back when the state and church were intertwined. However, the state has an important role in the set of legal rights, but should not have any role in granting permission to have guilt-free sex. Separating the two functions shouldn't eliminate the benefits gays want and would not force the religious to recognize **** relationships as marriages.
The state should create standardized domestic contracts for consenting adults which give the standard rights of marriage with the standard ways out of the contract (a divorce process with normal characteristics, like an obligation to pay child support for any children in common, equal division of assets, etc). These rights would inhere automatically to long-term relationships, as common-law marriages do now. This takes care of the rights function of marriages. The other function can be taken care of by churches. Churches can bless any contract or relationship they deem appropriate with the title of "marriage" and thus bestow guilt-free sex for religious individuals.
This is win-win. Gay people get the rights they want. Religious people still get permission to have sex.
People in gay relationships wouldn't object unless what they really want is for the government to force the religious to recognize their relationships as legitimate. Religious people could only object because they don't want gay people to have the same rights which straight people enjoy, not because they want to define marriage in a particular way. Religious individuals can still believe gay relationships are wrong, and pretend churches which marry these individuals don't have authority to do so. Gay individuals can get the rights they need and the title they want.
Tremulous has been my favorite linux FPS for a long time. You can play as aliens or humans, and your performance gives you certain upgrades - either through evolution or gear. It is quite good.
No statistician with a brain think you can predict criminality with the type of information the FBI is collecting. The National Academy of Sciences issued a report recently saying just that - datamining doesn't work in criminal contexts. From the report:
Little is known about which patterns are linked to terrorism. As a result, programs that scan databases looking for any unusual patterns are apt to turn up far too many false leads to be useful, the report notes. No one should be arrested, searched, or have their rights denied simply because an automated data-mining program has identified them as suspicious.
As if that wasn't enough, the National Research Council datamining report said the same thing. From the summary:
Regarding data mining, the book concludes that although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism because so little is known about what patterns indicate terrorist activity. Regarding behavioral surveillance in a counterterrorist context, the book concludes that although research and development on certain aspects of this topic are warranted, there is no scientific consensus on whether these techniques are ready for operational use at all in counterterrorism.
The FBI obviously has seen these studies and knows what they say. So I can't help but assume their real motivation isn't to catch terrorists. Whether they're doing it to get information to blackmail/defame political opponents, to look like they're trying to catch terrorists, or something else - I don't know. But they're not dumb and they know this doesn't work for its stated purposes.
A few months ago I found an old computer, which wasn't attached to our network, running pre-SP XP with 256mb RAM. I found it was much faster than its counterparts running XP SP3, even though they had double the memory and much faster processors.
The point of that story is to say that the system requirements have grown for XP over the years along with the hardware. In 2001 you could run XP on 128mb ram. You just can't do that with XP SP3.
I know the increased demand is generally because of security patches and other goodness, but calling XP an 8-year-old OS isn't really fair - either from performance point of view or for calling it obsolete.
What about a cloud which becomes stifling only after your data is loaded/generated within it? What legal actions could you take if they use a standard "we-guarantee-nothing" EULA?
Requiring users to keep local copies of what they put in the cloud, so that they can switch to a another service later, is tantamount to telling them not to use "the cloud."
Re:Why would you buy into a walled gardin in a clo
on
Lost In the Cloud
·
· Score: 1
Secondly, and more seriously, a smart user will buy a service that gives them a virtual machine or a JVM to run an application on, and control the app and it's storage themselves.
Right, because all "smart" users have the capability to do that. This is mostly consumer stuff, large firms do exactly what you suggest. Most consumers simply don't have the ability to match what the enterprises are doing.
Just because this is within your area of expertise doesn't mean it is within everyone else's expertise as well, nor does it mean it *should* be, or that everyone without this capability is dumb.
That is true, but what is the problem with trying to make "the cloud" more functional (secure, private, portable, whatever) for those who *do* elect to use it? The privacy concerns seem to me to be driven by poor government law/policy (e.g. the "third party exception" to ECPA & the other toothless laws), why shouldn't we try to fix those concerns?
Re:So lets see here...
on
Lost In the Cloud
·
· Score: 5, Insightful
Its trivial for me to switch from Facebook to any number of different social networks.
Really? Is it trivial to transfer all your uploaded pictures/videos, friend list, and history to your new social network provider? Now is it trivial for you, as a tech enthusiast, or trivial for a normal facebook user? Or did you mean that it is trivial to log into some social networking site other than facebook? Unless your data can follow you, or you're willing to recreate/lose that data, you're locked in.
Services not always easy to switch away from. Switching search engines is one thing, changing your email provider is entirely another. Encouraging data portability and compatibility is not a bad thing, especially when the encouragement is relief for liability incurred by making that data portable.
Funny you mention that, I saw an article yesterday which claims to have created an encryption scheme where encrypted data can be modified, written into, queried, and anything "that can be eciently expressed as a circuit" by a person without the decryption key.
If I'm reading the paper correctly, it would mean google could host data, and without having access to the data itself, could still permit user lookups and modifications. Of course that doesn't allay concerns of 3rd party reliability, the encryption scheme is inefficient, and this method may not be robust enough to support the complexity of an sql query, but who knows if it wouldn't be possible in the future.
Someone asked me for a study on this point, so I'll post it here for inquiring minds. I only recall one study off the top of my head, though I know others are out there. You may know this already, but there are several economic journals dedicated to housing, labor, and poverty - they'd be a good start if you wanted to read more.
The article is a bit dated - from 2004 - my apologies on that, I haven't kept up with more current research, if any exists, on this topic. Without further ado, the article is entitled "Public Housing, Housing Vouchers, and Student Achievement: Evidence from Public Housing Demolitions in Chicago" and the primary author is Brian Jacob.
Basically, the city of Chicago demolished some slummy towers and the residents moved to "substantially better neighborhoods" with vouchers. The study follows the educational achievement of the children of those who stayed in public housing (non-demolished towers) as well as the children of those who moved. The study finds performance doesn't differ meaningfully between the two groups in educational attainment or poverty.
The study does have some flaws - for example, the study was big, but looked only at those forced to relocate, taking volunteers might produce better results - though that may just re-enforce the finding that whatever makes most of these kids perform poorly transfers with their family. Anyhow, I think the study is statistically meaningful and the methodology is reasonably sound.
Additionally, re-reading my comment here, I believe I overstated the results - the students here weren't moved to wealthy areas. I'm sure I read a study on that, and I recall that the transplants reduced their peers performance but did no better themselves, but I won't look that up, since it had smaller control & test groups, plus this study is pretty close. Anyhow, here residents were moved to significantly better areas, but not wealthy areas.
Also, if the sponsoring organizations can afford to pay each kid $250-500, where the heck are they getting those funds, and why aren't they giving it to inner-city schools in the first place?
Because throwing money at a problem doesn't automatically solve it. With all the bitching and moaning you hear about how much money wealthy suburban schools have to spend, study after study has shown that a long- or short-term influx of cash into a lousy school doesn't improve results. Ditto for transplanting students from lousy schools to wealthy schools - the students just don't improve that much. Money isn't the problem here, it is culture.
There are definitely some head-in-the-sand people writing for Reason, but occasionally they get things right, even about global warming. I think the interview they did with Bjorn Lomborg, a Danish scientist, was quite good. Basically Bjorn said climate change is real and man-made, but he thinks there are other policies that have more return on the dollar, where return is some measurement of alleviation of human suffering. Of course we can do many things simultaneous, but climate change seems to be where all the attention and dollars are focused.
There is a tendency right now in which global warming has subsumed all other environmental issues. While global warming is definitely an important environmental issue, there's a problem if it takes all of the time to the exclusion of everything else.
Reason definitely has an open bias, but as long as you know that while reading it, you can call them on their BS, but still benefit from a lot of the other really good stuff there.
On the other hand, I think Symantec Corporate is pretty decent A/V. When I got it free in grad school I was pretty happy with it anyway - in my experience it doesn't eat many CPU cycles, it has a low false rate, and lots of nice command line executables & options. According to the AV tests I've seen, it has a reasonable detection rate, not kapersky good, but a lot better than most alternatives (surprisingly - much better than Norton).
I think the very resilience of these p2p networks to seizures (TPB in 2006), shutdowns (from grokster to suprnova), attacks of all kinds (see mediadefender) - speak to their incredible value. I'll bet bittorrent is one of the easier ways to disseminate prohibited information through the great firewall of china.
If I was a policy maker and knew of a communications network that was this easy to setup and this hard to disrupt and shutdown, I'd want to ensure it stayed around, especially when times are less stable. I suppose the legal & technical attacks have the effect of selecting the strongest and most anonymous networks, but I they also have a tendency to filter out the most popular networks, which are often (though not always) the most efficient ones.
Kruger and Dunning examined self-assessment of logical reasoning skills, grammatical skills, and humor. After being shown their test scores, the subjects were again asked to estimate their own rank, whereupon the competent group accurately estimated their rank, while the incompetent group still overestimated their own rank.
Across four studies, the authors found that participants scoring in the bottom quartile on tests of humor, grammar, and logic grossly overestimated their test performance and ability. Although test scores put them in the 12th percentile, they estimated themselves to be in the 62nd.
Right I understand that. But consider the hypothetical situation I proposed. What if instead of targeting poker sites, the law targeted fraud rings? Still a fact of life? If so, what about kiddie porn distributors? How about a how-to on suicide bombing & evading border patrols?
At some point, some service will be offered over the internet that we just won't want around. Then what can a state, or even a country, do to enforce the law on an entity outside its jurisdiction? So far the answer seems like "nothing" which doesn't seem terribly helpful.
Ignoring for the moment that bans on gambling are stupid & this was a purely protectionist move, what should kentucky have done instead? Lets pretend this law was a good one that we wanted to see enforced, how can a state enforce it?
KY doesn't have jurisdiction over the organizations behind the gambling sites (or the domain registrars, another problem with this case) - so they couldn't force location aware IP blocks (which don't work anyway), they couldn't fine the organizations, or impose any normal civil/criminal penalties. In addition, ISP level blocks don't work & are costly, and the servers were also outside KY and couldn't be seized.
I agree this was a stupid stupid order that violated due process, free speech, and commons sense. But if the websites & owners in Antigua (or wherever they're based) were selling US credit card numbers & the accompanying data, from servers in Antigua at http://identity-theft.ag/ for purposes of fraud - what could a state do to enforce anti-fraud laws? (assuming this was a state question) What could the feds do, apart from file a claim with the WTO? (which they have regarding gambling in antigua I believe).
Do you realize that the foundation for the explicit right to privacy is actually an amendment, itself? Specifically, the 4th.
Not trolling here, seriously. On the face of the 4th amendment it seems like it'd cover this, but it has been circumscribed so narrowly by courts (SCOTUS & appellate) that it really only protects your house & parts of your car. Online passwords will be excluded because of the "3rd party doctrine," among other reasons. The 3rd party doctrine says if you hand information over to a 3rd party (e.g. password to a website or email provider), you no longer have a reasonable expectation to privacy that society is willing to accept. This was created in a SOCTUS case where wiretapping was held as not violating the 4th amendment. Feds can already get this information any of a dozen ways - FISC warrant (if intelligence is a "significant purpose"), an NSL (which is by far the most expansive power the feds have now), a 215 order, et cetera - now it looks like Georgia law enforcement will be able to as well.
The Georgia state constitution coudl provide a higher standard of protection, but I wouldn't hold my breath. Hopefully someone can successfully make a 1st amendment case out of this - like the lack of anonymity causes self-censorship or something - but no one is going to win a 4th amendment claim here.
Depends on the state. Some states have strict notification laws - California & Indiana for example - many don't. You can look up your state here. For companies that cover the whole country, they typically comply with the strictest law to which they are subject, so you often get the benefit of the strictest law. Some states often require more than just notice, they may require you get several free credit reports, a free credit freeze, or some other remedial measure. Some states require immediate notification when a breach is discovered, but most permit or require a delay for law enforcement - theoretically so that law enforcement can catch the baddies before the baddies know they're being pursued.
According to InformationWeek, "hard numbers about data breaches are hard to come by . . . [a]ccording to survey of about 300 attendees at this year's RSA Conference, more than 89% of security incidents went unreported in 2007." So who knows how much of it we're actually hearing about. I suppose this website will partially help with under notification.
Good point, but what is a notice supposed to do anyway? If you notify me and I read the document, great what am I expected to do? Notify the credit bureaus to be on alert - or require extra authentication for new lines of credit, if not a new credit freeze itself (I realize some state laws do this). If someone makes fraudulent purchases on my credit card, CC companies are actually really good at catching it, but if not I report it & I new a new piece of plastic and I don't get stuck with the bill (not directly anyway).
A huge business has evolved around hyping identity theft & selling related services. It isn't that common an issue. The studies done by the industry itself (the Javelin studies) show very low actual costs, minimal levels of identity theft, and the "identity theft" identified is overwhelmingly fraudulent credit card purchases by family members.
ID Analytics did an analysis of data leaked through a lost laptop & found 6 months after the breach there was a 0.0% of fraud. The same study looked at fraud rates for data found in a highly sophisticated fraud ring - including name, address, DOB, SSN, etc. They found the fraud rate was 1 in 1020, practically identical to the ambient fraud rate of non-breached data (which was 1 in 1010). The same study found only 11% of breaches are actually reported.
The choicepoint breach - which garnered the largest FTC fine for data breach ever, with 163,000 individuals affected. Fraud rate 3 years later of those people was 1 in 1244 - slightly better than average. Of the $5M set aside for recovery only $140k was ever used. The GAO did a study in 2007 and found of the 24 largest breaches, only 3 had evidence of misuse of an existing account, and only one had evidence of actual identity theft.
I've made my point. I don't mean to say everything is hunky dory in computer land. Synthetic identity fraud is a big issue - where some real & some fake data is used, so there's no real person to discover the fraud. Botnets & spyware are huge problems. State sponsored technological attacks are worrisome. I just mean to say identity theft is exceptionally rare, and doesn't deserve all the attention it gets. Don't buy the hype, lets look at real issues.
It really depends on the state & court, there's not much in common among all of them. This is mostly enforced via norms - most universities don't try to claim their professor's work - but several judges have refused to grant work done by professors as a "work for hire" owned by the university.
If bountyquest couldn't get enough high quality prior art submissions by offering 10k, what makes IBM think they'll get better submissions without offering anything? Bountyquest's failure to bust the 1-click patent was quite telling of its patent-busting power. Salon.com's postmortem explained "BountyQuest tried to overcome the inability to build momentum [from a few big patent busts] by cold-calling patent lawyers and trying to sell them on the idea of running a contest for one of their cases [b]ut few have proved willing to bite." "There just didn't appear to be a market for its service." O'Reilly (one of the sponsors of the project) said in his postmortem of the project, "the patent mess is a thorny thicket that doesn't lend itself well to penetration by amateurs."
Apart from paying less to hunters and charging less to clients, how is IBM addressing these problems?
There is a common law & norm-based "academic exception" to the work-for-hire rule that generally covers university professors & researchers (example: 847 F.2d 412). Of course you can contract that exception away. The guy needs to get a lawyer to look into the matter.
I know it is too late for anyone to see this, but so it goes. Even though I think Nesson is on the right side of the issue, I think he's got a hard row to hoe with his argument. And the results, if he wins, could be even worse. Let me explain.
Nesson argues that the [act] is unconstitutional because it effectively lets a private group . . . carry out civil enforcement of a criminal law. Source.
So why is it a criminal law rather than a civil law if it provides for 3rd party, rather than government enforcement?
Nesson charges that the federal law is essentially a criminal statute in that it seeks to punish violators with minimum statutory penalties far in excess of actual damages. Source.
So he's arguing that steep penalties convert civil law into criminal law based on the 5th and 8th Amendments. The 8th amendment argument will be based around excessive fines. Maybe a judge will look at the piracy "loss" figures, and realize they're garbage and buy the argument.
Converting the statute into a criminal one will trigger the 5th amendment to ensure due process - meaning substantive rights for accused infringers. That'd be things like public defenders, a heavier burden of proof on the prosecution, and some other goodies. All of which are good.
Perhaps it'll work. He is a brilliant law professor. Maybe he'll get an appellate court, or maybe even SCOTUS to go along with it. So lets say he wins and SCOTUS overturns the statutory damage statute. What will be the remedy congress comes up with?
If Congress wants to do anything (and the lobbyists will make sure they do), Congress has two choices. Either reduce the fines to return to civil law OR put in place federal enforcement of copyright infringement. Any guesses which way congress will go? I've got one. Free federal enforcement for the RIAA, MPAA, BSA, and others - this time with all the power of the federal government.
Yuck. Lets just hope federal prosecutors don't think charging a pimply faced youth with copying Star Wars is worth their time.
Slashdot Mirror
I'm for eliminating state-sponsored marriage. Marriage is two things - a document that giving religious people permission to have sex without feeling guilty, and a set of legal rights. These two parts were given to the state back when the state and church were intertwined. However, the state has an important role in the set of legal rights, but should not have any role in granting permission to have guilt-free sex. Separating the two functions shouldn't eliminate the benefits gays want and would not force the religious to recognize **** relationships as marriages.
The state should create standardized domestic contracts for consenting adults which give the standard rights of marriage with the standard ways out of the contract (a divorce process with normal characteristics, like an obligation to pay child support for any children in common, equal division of assets, etc). These rights would inhere automatically to long-term relationships, as common-law marriages do now. This takes care of the rights function of marriages. The other function can be taken care of by churches. Churches can bless any contract or relationship they deem appropriate with the title of "marriage" and thus bestow guilt-free sex for religious individuals.
This is win-win. Gay people get the rights they want. Religious people still get permission to have sex.
People in gay relationships wouldn't object unless what they really want is for the government to force the religious to recognize their relationships as legitimate. Religious people could only object because they don't want gay people to have the same rights which straight people enjoy, not because they want to define marriage in a particular way. Religious individuals can still believe gay relationships are wrong, and pretend churches which marry these individuals don't have authority to do so. Gay individuals can get the rights they need and the title they want.
Tremulous has been my favorite linux FPS for a long time. You can play as aliens or humans, and your performance gives you certain upgrades - either through evolution or gear. It is quite good.
As if that wasn't enough, the National Research Council datamining report said the same thing. From the summary:
The FBI obviously has seen these studies and knows what they say. So I can't help but assume their real motivation isn't to catch terrorists. Whether they're doing it to get information to blackmail/defame political opponents, to look like they're trying to catch terrorists, or something else - I don't know. But they're not dumb and they know this doesn't work for its stated purposes.
A few months ago I found an old computer, which wasn't attached to our network, running pre-SP XP with 256mb RAM. I found it was much faster than its counterparts running XP SP3, even though they had double the memory and much faster processors.
The point of that story is to say that the system requirements have grown for XP over the years along with the hardware. In 2001 you could run XP on 128mb ram. You just can't do that with XP SP3.
I know the increased demand is generally because of security patches and other goodness, but calling XP an 8-year-old OS isn't really fair - either from performance point of view or for calling it obsolete.
What about a cloud which becomes stifling only after your data is loaded/generated within it? What legal actions could you take if they use a standard "we-guarantee-nothing" EULA?
Requiring users to keep local copies of what they put in the cloud, so that they can switch to a another service later, is tantamount to telling them not to use "the cloud."
Right, because all "smart" users have the capability to do that. This is mostly consumer stuff, large firms do exactly what you suggest. Most consumers simply don't have the ability to match what the enterprises are doing.
Just because this is within your area of expertise doesn't mean it is within everyone else's expertise as well, nor does it mean it *should* be, or that everyone without this capability is dumb.
That is true, but what is the problem with trying to make "the cloud" more functional (secure, private, portable, whatever) for those who *do* elect to use it? The privacy concerns seem to me to be driven by poor government law/policy (e.g. the "third party exception" to ECPA & the other toothless laws), why shouldn't we try to fix those concerns?
Its trivial for me to switch from Facebook to any number of different social networks.
Really? Is it trivial to transfer all your uploaded pictures/videos, friend list, and history to your new social network provider? Now is it trivial for you, as a tech enthusiast, or trivial for a normal facebook user? Or did you mean that it is trivial to log into some social networking site other than facebook? Unless your data can follow you, or you're willing to recreate/lose that data, you're locked in.
Services not always easy to switch away from. Switching search engines is one thing, changing your email provider is entirely another. Encouraging data portability and compatibility is not a bad thing, especially when the encouragement is relief for liability incurred by making that data portable.
Funny you mention that, I saw an article yesterday which claims to have created an encryption scheme where encrypted data can be modified, written into, queried, and anything "that can be eciently expressed as a circuit" by a person without the decryption key.
If I'm reading the paper correctly, it would mean google could host data, and without having access to the data itself, could still permit user lookups and modifications. Of course that doesn't allay concerns of 3rd party reliability, the encryption scheme is inefficient, and this method may not be robust enough to support the complexity of an sql query, but who knows if it wouldn't be possible in the future.
Someone asked me for a study on this point, so I'll post it here for inquiring minds. I only recall one study off the top of my head, though I know others are out there. You may know this already, but there are several economic journals dedicated to housing, labor, and poverty - they'd be a good start if you wanted to read more.
The article is a bit dated - from 2004 - my apologies on that, I haven't kept up with more current research, if any exists, on this topic. Without further ado, the article is entitled "Public Housing, Housing Vouchers, and Student Achievement: Evidence from Public Housing Demolitions in Chicago" and the primary author is Brian Jacob.
Basically, the city of Chicago demolished some slummy towers and the residents moved to "substantially better neighborhoods" with vouchers. The study follows the educational achievement of the children of those who stayed in public housing (non-demolished towers) as well as the children of those who moved. The study finds performance doesn't differ meaningfully between the two groups in educational attainment or poverty.
The study does have some flaws - for example, the study was big, but looked only at those forced to relocate, taking volunteers might produce better results - though that may just re-enforce the finding that whatever makes most of these kids perform poorly transfers with their family. Anyhow, I think the study is statistically meaningful and the methodology is reasonably sound.
Additionally, re-reading my comment here, I believe I overstated the results - the students here weren't moved to wealthy areas. I'm sure I read a study on that, and I recall that the transplants reduced their peers performance but did no better themselves, but I won't look that up, since it had smaller control & test groups, plus this study is pretty close. Anyhow, here residents were moved to significantly better areas, but not wealthy areas.
JSTOR Page & PDF.
Because throwing money at a problem doesn't automatically solve it. With all the bitching and moaning you hear about how much money wealthy suburban schools have to spend, study after study has shown that a long- or short-term influx of cash into a lousy school doesn't improve results. Ditto for transplanting students from lousy schools to wealthy schools - the students just don't improve that much. Money isn't the problem here, it is culture.
Reason definitely has an open bias, but as long as you know that while reading it, you can call them on their BS, but still benefit from a lot of the other really good stuff there.
He did a substantially similar 1-page interview at zdnet.
On the other hand, I think Symantec Corporate is pretty decent A/V. When I got it free in grad school I was pretty happy with it anyway - in my experience it doesn't eat many CPU cycles, it has a low false rate, and lots of nice command line executables & options. According to the AV tests I've seen, it has a reasonable detection rate, not kapersky good, but a lot better than most alternatives (surprisingly - much better than Norton).
I think the very resilience of these p2p networks to seizures (TPB in 2006), shutdowns (from grokster to suprnova), attacks of all kinds (see mediadefender) - speak to their incredible value. I'll bet bittorrent is one of the easier ways to disseminate prohibited information through the great firewall of china.
If I was a policy maker and knew of a communications network that was this easy to setup and this hard to disrupt and shutdown, I'd want to ensure it stayed around, especially when times are less stable. I suppose the legal & technical attacks have the effect of selecting the strongest and most anonymous networks, but I they also have a tendency to filter out the most popular networks, which are often (though not always) the most efficient ones.
Right I understand that. But consider the hypothetical situation I proposed. What if instead of targeting poker sites, the law targeted fraud rings? Still a fact of life? If so, what about kiddie porn distributors? How about a how-to on suicide bombing & evading border patrols?
At some point, some service will be offered over the internet that we just won't want around. Then what can a state, or even a country, do to enforce the law on an entity outside its jurisdiction? So far the answer seems like "nothing" which doesn't seem terribly helpful.
Ignoring for the moment that bans on gambling are stupid & this was a purely protectionist move, what should kentucky have done instead? Lets pretend this law was a good one that we wanted to see enforced, how can a state enforce it?
KY doesn't have jurisdiction over the organizations behind the gambling sites (or the domain registrars, another problem with this case) - so they couldn't force location aware IP blocks (which don't work anyway), they couldn't fine the organizations, or impose any normal civil/criminal penalties. In addition, ISP level blocks don't work & are costly, and the servers were also outside KY and couldn't be seized.
I agree this was a stupid stupid order that violated due process, free speech, and commons sense. But if the websites & owners in Antigua (or wherever they're based) were selling US credit card numbers & the accompanying data, from servers in Antigua at http://identity-theft.ag/ for purposes of fraud - what could a state do to enforce anti-fraud laws? (assuming this was a state question) What could the feds do, apart from file a claim with the WTO? (which they have regarding gambling in antigua I believe).
Not trolling here, seriously. On the face of the 4th amendment it seems like it'd cover this, but it has been circumscribed so narrowly by courts (SCOTUS & appellate) that it really only protects your house & parts of your car. Online passwords will be excluded because of the "3rd party doctrine," among other reasons. The 3rd party doctrine says if you hand information over to a 3rd party (e.g. password to a website or email provider), you no longer have a reasonable expectation to privacy that society is willing to accept. This was created in a SOCTUS case where wiretapping was held as not violating the 4th amendment. Feds can already get this information any of a dozen ways - FISC warrant (if intelligence is a "significant purpose"), an NSL (which is by far the most expansive power the feds have now), a 215 order, et cetera - now it looks like Georgia law enforcement will be able to as well.
The Georgia state constitution coudl provide a higher standard of protection, but I wouldn't hold my breath. Hopefully someone can successfully make a 1st amendment case out of this - like the lack of anonymity causes self-censorship or something - but no one is going to win a 4th amendment claim here.
Depends on the state. Some states have strict notification laws - California & Indiana for example - many don't. You can look up your state here. For companies that cover the whole country, they typically comply with the strictest law to which they are subject, so you often get the benefit of the strictest law. Some states often require more than just notice, they may require you get several free credit reports, a free credit freeze, or some other remedial measure. Some states require immediate notification when a breach is discovered, but most permit or require a delay for law enforcement - theoretically so that law enforcement can catch the baddies before the baddies know they're being pursued. According to InformationWeek, "hard numbers about data breaches are hard to come by . . . [a]ccording to survey of about 300 attendees at this year's RSA Conference, more than 89% of security incidents went unreported in 2007." So who knows how much of it we're actually hearing about. I suppose this website will partially help with under notification.
Good point, but what is a notice supposed to do anyway? If you notify me and I read the document, great what am I expected to do? Notify the credit bureaus to be on alert - or require extra authentication for new lines of credit, if not a new credit freeze itself (I realize some state laws do this). If someone makes fraudulent purchases on my credit card, CC companies are actually really good at catching it, but if not I report it & I new a new piece of plastic and I don't get stuck with the bill (not directly anyway).
A huge business has evolved around hyping identity theft & selling related services. It isn't that common an issue. The studies done by the industry itself (the Javelin studies) show very low actual costs, minimal levels of identity theft, and the "identity theft" identified is overwhelmingly fraudulent credit card purchases by family members.
ID Analytics did an analysis of data leaked through a lost laptop & found 6 months after the breach there was a 0.0% of fraud. The same study looked at fraud rates for data found in a highly sophisticated fraud ring - including name, address, DOB, SSN, etc. They found the fraud rate was 1 in 1020, practically identical to the ambient fraud rate of non-breached data (which was 1 in 1010). The same study found only 11% of breaches are actually reported.
The choicepoint breach - which garnered the largest FTC fine for data breach ever, with 163,000 individuals affected. Fraud rate 3 years later of those people was 1 in 1244 - slightly better than average. Of the $5M set aside for recovery only $140k was ever used. The GAO did a study in 2007 and found of the 24 largest breaches, only 3 had evidence of misuse of an existing account, and only one had evidence of actual identity theft.
I've made my point. I don't mean to say everything is hunky dory in computer land. Synthetic identity fraud is a big issue - where some real & some fake data is used, so there's no real person to discover the fraud. Botnets & spyware are huge problems. State sponsored technological attacks are worrisome. I just mean to say identity theft is exceptionally rare, and doesn't deserve all the attention it gets. Don't buy the hype, lets look at real issues.
It really depends on the state & court, there's not much in common among all of them. This is mostly enforced via norms - most universities don't try to claim their professor's work - but several judges have refused to grant work done by professors as a "work for hire" owned by the university.
If bountyquest couldn't get enough high quality prior art submissions by offering 10k, what makes IBM think they'll get better submissions without offering anything? Bountyquest's failure to bust the 1-click patent was quite telling of its patent-busting power. Salon.com's postmortem explained "BountyQuest tried to overcome the inability to build momentum [from a few big patent busts] by cold-calling patent lawyers and trying to sell them on the idea of running a contest for one of their cases [b]ut few have proved willing to bite." "There just didn't appear to be a market for its service." O'Reilly (one of the sponsors of the project) said in his postmortem of the project, "the patent mess is a thorny thicket that doesn't lend itself well to penetration by amateurs."
Apart from paying less to hunters and charging less to clients, how is IBM addressing these problems?
There is a common law & norm-based "academic exception" to the work-for-hire rule that generally covers university professors & researchers (example: 847 F.2d 412). Of course you can contract that exception away. The guy needs to get a lawyer to look into the matter.
Nesson argues that the [act] is unconstitutional because it effectively lets a private group . . . carry out civil enforcement of a criminal law. Source.
So why is it a criminal law rather than a civil law if it provides for 3rd party, rather than government enforcement?
So he's arguing that steep penalties convert civil law into criminal law based on the 5th and 8th Amendments. The 8th amendment argument will be based around excessive fines. Maybe a judge will look at the piracy "loss" figures, and realize they're garbage and buy the argument.
Converting the statute into a criminal one will trigger the 5th amendment to ensure due process - meaning substantive rights for accused infringers. That'd be things like public defenders, a heavier burden of proof on the prosecution, and some other goodies. All of which are good.
Perhaps it'll work. He is a brilliant law professor. Maybe he'll get an appellate court, or maybe even SCOTUS to go along with it. So lets say he wins and SCOTUS overturns the statutory damage statute. What will be the remedy congress comes up with?
If Congress wants to do anything (and the lobbyists will make sure they do), Congress has two choices. Either reduce the fines to return to civil law OR put in place federal enforcement of copyright infringement. Any guesses which way congress will go? I've got one. Free federal enforcement for the RIAA, MPAA, BSA, and others - this time with all the power of the federal government.
Yuck. Lets just hope federal prosecutors don't think charging a pimply faced youth with copying Star Wars is worth their time.