As I recall, each paying Lavabit customers' email storage was encrypted using a key of the respective customers' choosing. Lavabit did not have these keys and could not, themselves, read customers' email, even if they wanted to.
So, I'm to believe that you can be charged with contempt for not providing something that you don't have?
The encryption key was encrypted by the user's password. Merely intercepting the user's password would decrypt the mailbox. Since they wrote the software, it would be trivial to log the password for any or all user's accounts. It was not much more than 'security by obscurity'.
The contempt part should relate to his all out lack of cooperation, as the original request wasn't even for mailbox data - it was for metadata. He escalated it to requiring SSL keys, because the government didn't trust him. Unless you want the government to charge people with crimes without a proper investigation, there's no reason to ignore a signed metadata request (from a non-FISA court for that matter).
Do you have a source on that? IIRC, they have agreed to install 'pen register' devices in the past. Those provide no useful information for users of their paid accounts because it is all encrypted. They even eventually provided the SSL key, albeit in a very spiteful manner.
You are correct that the details of the whole situation are not all out yet, but when everything comes to light, it's usually the authoritarian governments acting in the shadows that come out as the bad guys. With the given evidence out so far, the level needed to justify everything they've done would have to be that they know of a serious threat to all life on Earth, and said threat could come from anywhere, likely involving leaders of other world governments. Anything short of that would mean that the NSA should be taken down.
It's not reported that way because 'company ignores warrant for user account information' isn't anywhere near as flashy as 'ZOMG GUBERMENT SPYING ON US!'
The NSA isn't even involved in this. This is a company owner refusing to provide BASIC information, and the government taking logical steps in order to attain the information a non-FISA court agreed was needed in their investigation. One particular person is benefiting immensely from media manipulation, and it's the same person who claimed he could encrypt and decrypt data, and not have access to it.
In the case of Lavabit, the government demanded, and was given, a warrant for the HTTPS private key to monitor the online actions of a couple of defendants. This would allow the FBI to monitor not only the specific defendants, but all Lavabit customers.
And I want to be totally clear about this: The government asked to install a pen trap device *and* have the private keys which would have allowed it to monitor all Lavabit customers.
(Unlike phone companies, E-mail providers are under no legal obligation to make surveillance easy, or even possible, by the government.)
Third parties have a duty to assist law enforcement, but that duty does not extend "regardless of the burden involved". The ACLU argument is that giving over the private keys would have completely destroyed the Lavabit business, which was an unreasonable burden to take in assisting law enforcement.
Ladar destroyed his 'business' (Secure storage where the storing party holds the keys? Not possible) by not handing over the requested METADATA in the first place. By not handing over data that a judge deemed was necessary in an ongoing investigation, the government escalated to the point of pentrap / SSL keys.
You do when they have a warrant.
Just saying "You do when they have a warrant" is no longer sufficient. There's ample evidence that judicial oversight has been compromised by the FISA court et al., and this is a particularly strong case of government overreach.
You can't take warrants at face value any more.
There was no FISA court involved in this issue. It was a standard warrant.
Read the first document - there's nothing in that request that should be objected to - unless you want people to be charged with a crime without a proper investigation. Feel free to compare that court with the list of FISA courts at Wikipedia.
Ladar is playing you all - and you're all falling for it. The NSA spying is most definitely an issue, but this has nothing to do with NSA spying.
You don't when that warrant is ethically and Constitutionally wrong...
You are mistaken, there is nothing in the Constitution that says you can pick and choose which warrants issued by a valid court you will obey.
What you are thinking of is called "civil disobedience", and civil disobedience often has a cost. Precisely the sort of thing we are seeing with respect to the contempt charge in this case. Civil disobedience is not an end run around the law nor a get out of trouble free card. What it is is a way to preserve your personal sense of ethics and a way to draw attention to and raise public awareness of an unjust law with the goal of amending or repealing the unjust law.
Right. There was nothing wrong with the initial request Lavabit received. It requested metadata for a single account, and was signed off by a judge. By ignoring that request, Ladar escalated the issue into one of epic proportions. From one perspective, an investigator is requesting the steps that need to be taken in order to fulfill the initial request. From another perspective, the government is taking the 'keys to the kingdom'.
There was no reason for Lavabit to not turn over metadata other than Ladar didn't want to. He should be in jail.
This. What the article doesn't explain is what cyber security usually entails at a defense contractor. I did that kind of work for about a year, and wanted to pull me own fingers off.
It was where they took bright engineers, gave them tedious and excruciatingly boring tasks, burned them out, and replaced them. You'd think cyber security would be somewhat cool, but in reality, it was taking several multi-thousand line spreadsheet checklists, run some scripts, and manually put passes or fails for the things the scripts didn't cover. Do that all day every day for every type of server and every project, repeatedly, till all or almost all checks were passed. And then, do documentation.
I would say that where I worked, the youngest crowd were the only suckers willing to take that work. Everyone else knew better.
*This* I started my career in a bank in the 90s, and being me, I was always seeing holes and problems with how we did things. I started Information Security there, but was left out because I didn't have a college degree. 10 years later, and 4 kids, I landed an infosec job at a Fortune 500 company. It wasn't bad, but after 10 years of being at least 90% in charge at smaller companies, I was now pigeonholed into a single role.
The job was good, the people were good, but sitting in meetings most of the time and doing paperwork didn't give me much of a sense of accomplishment. I'm back to running the show at a small company, for a 20% salary increase.
I hear ya. It's so easy to jump on the anti-NSA bandwagon with this. I feel like I'm screaming into the wind, there's so much misinformation out there about the Lavabit case from Ladar and the media - who are just being led by the nose by Ladar.
Those documents are linked to at the bottom of a Wired article that seemingly pits David against Goliath. How is it that they can reference a source, and still not get the story right?
Screw the 'Faux News' complainers, there is no media outlet that is reporting the real story here.
No, no, no yourself.
Lavabit received a FISA court order, accompanied by a gag order. This is not a "typical" court order at all. One of the things he bemoaned in his public statement about the shutdown was that he was prevented from even speaking about the details. That is anything but "normal". It's the illegal FISA court.
Second, "pen registers" are for telephones, not emails.
Read the documents. The gag order was to prevent the original account holder from becoming aware of the investigation. That's nothing more than Standard Procedure..
What FISA Court? The original request, on page 1, was from the "UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF VIRGINIA" - according to Wikipedia there are no FISA members there.
Did I mention my post in the original thread? I am an 'insider' - of sorts - with first hand knowledge of how these things progress. I was just as suspicious, until I read the document and saw exactly what happened. Unfortunately the 'media' fans the flames by only presenting the last document "We want SSL keys", and completely avoiding the fact that Ladar ignored first document "Please provide metadata for account x".
Lavabit received a 'typical' court order for metadata information. He refused. It escalated to PenTrap devices because the FBI, by court order, is entitled to the information from that ONE ACCOUNT and Ladar refused to provide it. He created the problem, and shut his systems down because his actions forced the escalation to a wiretap.
Nothing to do with the NSA's overreaching monitoring.
But if you prefer the FBI to charge you with crimes without doing a through investigation, then go ahead and believe Ladar. He got himself in over his head, blamed the NSA, and now he's milking it for all it's worth. He's a douche.
It must be encrypted and the only way for the nsa to get it is to have it unencrypted and sent over the wire via ssl!!!
Exactly - cause when it was sent to the server unencrypted, and then encrypted ON the server itself with the password you sent - it's totally secure.
I'll just give my lockbox key to the teller, watch her disappear into the vault, and she should reappear with all my stuff without having looking through it.
One would be hard pressed to argue that a bloodied child in a war zone is not being abused. I'd say thats abuse by definition.
Not hard-pressed: http://www.thefreedictionary.com/abuse
tr.v. abused, abusing, abuses
1. To use wrongly or improperly; misuse: abuse alcohol; abuse a privilege.
2. To hurt or injure by maltreatment; ill-use.
3. To force sexual activity on; rape or molest.
4. To assail with contemptuous, coarse, or insulting words; revile.
5. Obsolete To deceive or trick.
IMHO, Your definition exceeds the actual definition.
Now define piracy in a way that's machine detectable, and what you'll really have is the ultimate DRM.
Are you seriously saying that there is no possible way the lawyers at GM couldn't have come up with a valid waiver for drivers to sign saying that they were buying the cars as-is with no guarantee of servicing or parts availability?
You mean like those pre-nups rich people are always going to court over?
I remember an article in which it discussed that Climate Change denying is an American problem.
Climate change by itself is not under dispute. The question is: what causes climate change. And then there are three sides:
That's why the summary of the article doesn't say 'climate change', but 'human-caused change'.
Much like in the church, apparently repetition makes it true.
We're skeptical because the world is full of self-grandizing bull-shitters who prey on the nieve. Climate Scientists, who tend to NOT be paid through sales of produced materials but through 'squeeky wheel' government budgeting, are far from immune of that skepticism. Just sayin.
I had a very similar boss, a CIO, who was just a complete asshat on a regular basis. An old sales guy with no working knowledge of IT. Just a buddy of the CEO.
After I had an awesome weekend, I had to hear him kicking and screaming about me turning away a video conference installer. Sorry, 'PBX Upgrade' with no information is not 'Video Conferencing Installation' - and oh, did I mention we were a credit card processor and I ran everything including PCI Compliance? We didn't even integrate AD with Corp.
I walked out that day. I do wish I waited until I had another job (I had been interviewing and never planned to work there Full Time, but they 'backdoored' me when they found out my other FT Company was sold). It was 2008 and not 2 weeks later the country took a dump:( But I wasn't about to have that dumbass ruin my InfoSec career and for the rest of my life hear, "Oh you worked for [Company X with public breach]?" No way in hell.
Rand and Ron Paul would not be assassinated. What would happen to them would be far worse.... for us! They would quietly settle into the same patterns that Bush and Obama did. They are politicians, nothing more. They would make grand statements, something large (but not too large) and mostly symbolic would happen ("We're finally closing Gitmo!....... and shipping all prisoners to a Saudi Torture chamber."), and then when the initial fervor died down, and after a few key meetings, they would realize the "necessity" of surveillance on everyone in America and abroad.
I wonder if, at this point, it's expected that Republicans and Democrats will behave the same. If a 3rd party were actually elected, and turned out to be just another puppet, that could royally piss off the population..
Now since Lavabit is based on normal mail protocols, the operator has the ability to see all the data when it comes in, and obviously with a warrant or NSL, the provider can be compelled to provide the information to the feds. But I suspect that the request was not just something mild ("This sleazebag's mail account") but something broader, given the reaction was to close down the service completely.
I own/operate VFEmail.net and consider Lavabit a 'peer' in the email space.
I totally agree with your assessment. I've had to deal with requests and subpoenas, as I'm sure Lavabit has, and I've never been asked for broad access. In fact, the one time I did have to get 'in depth', I was specifically told by the agent in charge when everything initiated, "We are not installing any equipment at your site." In fact, he even offered to get me whatever I needed, and I declined, doing what was necessary to comply in-house. They only received what was requested on a signed subpoena, and were very clear they didn't even WANT anything else.
I have a sinking feeling that sort of mutual cooperation is no longer the norm, and I wonder if I will be similarly backed into a corner. Unfortunately by closing, it forces our user's to seek refuge with providers who don't have any problem installing spy equipment.
There's a huge difference between not wanting to wear a seatbelt and not wanting to be forced to wear a seatbelt. I wear a helmet on my motorcycle, but I'm happy I'm not required to do so by law.
There is a huge difference between being totally responsible for your own actions and placing the burdens of your actions on your community. While you may not be required to wear a helmet (yet), you are free to get emergency medical care regardless of your ability to pay. This usually leads to the hospital having to make up for the expense by charging more to people who are able to afford care.
Now if we lived in a society where you are free to accept the risk of riding without a helmet and your inability to pay resulted in your lifeless corpse being left on the side of the road for garbage collection then I'd say you have a point. I think you will find that having the law require a helmet to be worn while riding a motorcycle at all times would be unnecessary since more people would actually consider their personal risk and the ones that don't would be eliminated by attrition.
I agree. I also I think we should live in a society where someone who can't afford health insurance and the associated deductible shouldn't be afforded a motorcycle either.
But since we're pushing for 'Zero deaths on roads', I don't think what a person contributes to society will ever have affect on their - ahem - welfare.
Do you respect the right to live? Do you believe that society has the right to determine who lives and dies arbitrarily, even if they are innocent of any crime? A social safety net helps those who have been temporarily or permanently rendered helpless through economic or other action to preserve their right to live.
Only a plutocrat or their loyal slave would prefer the right to pay lower taxes more than the right for the disenfranchised to live.
Disenfranchised? If you mean those without their own homes, cars, cable TV, and cell phones, then I agree.
I think where we disagree is the number of truly disenfranchised people in the United States.
"I'll happily put this on my own guns after the police have used it for five years on theirs,"... or all persons protecting the good congressman.
I consider this equivalent to requiring Ignition Interlocks in all cars. Yes, it will do exactly what we want - it will stop people from using those items - but at the most inopportune times. Give it to the legislators, and you'll discover it's only the prohibitionist ones that will accept it.
Imagine if Ignition Interlocks were mandated - they would be hacked so fast. People aren't going to deal with that level of intrusiveness just to potentially 'save lives'. This is a case of security causing too much of an inconvenience to be useful.
Mega needs to balance risk with usability and cost. Once you get beyond a certain point, every additional security layer will either cost more than it will benefit, or increase complexity so much as it make it unfeasible to use for their average user.
Maybe I've read too many KimDotCom tweets, but the referenced articles seem like government astroturfing just trying to keep customers from using the Mega site. If you want your data THAT secure, just freaking host it yourself with your own locks in place behind double biometric VPNs or whatever and shut the hell up. Jeeesus.
They're selling a product, not a theoretical 100% secure system that will never exist.
Imagine the message sent to both parties if Stein, or Johnson handed Obama a loss.
You mean like when Nader handed Gore a loss in 2000?
The lesson the Republicans learned was "we have a mandate" and proceeded to pursue a decade of self-destructive jingoistic policy they still haven't recovered from. The lesson the Democrats learned was "don't get Nadered again."
You must be young - Perot handed the Presidency to Clinton in '92 and '96.
The result of the increasing 3rd party relevance was the only cooperation we could get between the Republicans and Democrats, which was the effective removal of any other party from the election process.
First: Hold onto them until they're actually worth something. Sometime in the middle of the DDR4 lifecycle, it will become nearly impossible to find new 4GB DDR3 sticks, so people will have to turn to used sticks if they want to upgrade their machines from 8GB (4x2GB or 2x4GB) to 16 GB (4x4GB).
History tells us that they will be valued at at least twice the original market rate. So sell now and get ~$7.5k, or wait 2-3 years and likely get $15-20k. I'd wait.
The true fault lies with the lazy citizens. They demand every government agency put their stuff online so they don't have to get off their fat asses and actually do something in person. The fault lies in the citizens always screaming "no taxes to pay for the services I demand". The fault lies with the citizens screaming for "less government" yet expecting government to do everything for them. The fault lies with the citizens who demand lowest bids be accepted for contracts allowing inferior products and services.
Two things come to mind...
Be careful what you wish for. You just may get it!
and
You get what you pay for.
Nope. SC is accepting credit cards. They are under the same requirements (PCI) as all other MERCHANTS who wish to accept credit card payments. They weren't PCI compliant (I'll go out on a limb and 'guess' that's the case), and they got hacked.
They need pay the fine to Visa. That'll be interesting to see how that happens.
I walked out of a company, where I built the IT and PCI Compliance, because exactly what the parent says will happen - does happen. I just got out before the morons in charge let us get hacked and I got fired for their idiocy. I can only imagine what happened to the IT guys at CardSystems.
Slashdot Mirror
As I recall, each paying Lavabit customers' email storage was encrypted using a key of the respective customers' choosing. Lavabit did not have these keys and could not, themselves, read customers' email, even if they wanted to. So, I'm to believe that you can be charged with contempt for not providing something that you don't have?
The encryption key was encrypted by the user's password. Merely intercepting the user's password would decrypt the mailbox. Since they wrote the software, it would be trivial to log the password for any or all user's accounts. It was not much more than 'security by obscurity'.
The contempt part should relate to his all out lack of cooperation, as the original request wasn't even for mailbox data - it was for metadata. He escalated it to requiring SSL keys, because the government didn't trust him. Unless you want the government to charge people with crimes without a proper investigation, there's no reason to ignore a signed metadata request (from a non-FISA court for that matter).
Do you have a source on that? IIRC, they have agreed to install 'pen register' devices in the past. Those provide no useful information for users of their paid accounts because it is all encrypted. They even eventually provided the SSL key, albeit in a very spiteful manner. You are correct that the details of the whole situation are not all out yet, but when everything comes to light, it's usually the authoritarian governments acting in the shadows that come out as the bad guys. With the given evidence out so far, the level needed to justify everything they've done would have to be that they know of a serious threat to all life on Earth, and said threat could come from anywhere, likely involving leaders of other world governments. Anything short of that would mean that the NSA should be taken down.
Read the first document Only metadata was requested, Ladar refused, and the government escalated.
It's not reported that way because 'company ignores warrant for user account information' isn't anywhere near as flashy as 'ZOMG GUBERMENT SPYING ON US!'
The NSA isn't even involved in this. This is a company owner refusing to provide BASIC information, and the government taking logical steps in order to attain the information a non-FISA court agreed was needed in their investigation. One particular person is benefiting immensely from media manipulation, and it's the same person who claimed he could encrypt and decrypt data, and not have access to it.
In the case of Lavabit, the government demanded, and was given, a warrant for the HTTPS private key to monitor the online actions of a couple of defendants. This would allow the FBI to monitor not only the specific defendants, but all Lavabit customers.
And I want to be totally clear about this: The government asked to install a pen trap device *and* have the private keys which would have allowed it to monitor all Lavabit customers.
(Unlike phone companies, E-mail providers are under no legal obligation to make surveillance easy, or even possible, by the government.)
Third parties have a duty to assist law enforcement, but that duty does not extend "regardless of the burden involved". The ACLU argument is that giving over the private keys would have completely destroyed the Lavabit business, which was an unreasonable burden to take in assisting law enforcement.
Ladar destroyed his 'business' (Secure storage where the storing party holds the keys? Not possible) by not handing over the requested METADATA in the first place. By not handing over data that a judge deemed was necessary in an ongoing investigation, the government escalated to the point of pentrap / SSL keys.
You do when they have a warrant.
Just saying "You do when they have a warrant" is no longer sufficient. There's ample evidence that judicial oversight has been compromised by the FISA court et al., and this is a particularly strong case of government overreach.
You can't take warrants at face value any more.
There was no FISA court involved in this issue. It was a standard warrant.
Read the first document - there's nothing in that request that should be objected to - unless you want people to be charged with a crime without a proper investigation. Feel free to compare that court with the list of FISA courts at Wikipedia.
Ladar is playing you all - and you're all falling for it. The NSA spying is most definitely an issue, but this has nothing to do with NSA spying.
You don't when that warrant is ethically and Constitutionally wrong ...
You are mistaken, there is nothing in the Constitution that says you can pick and choose which warrants issued by a valid court you will obey.
What you are thinking of is called "civil disobedience", and civil disobedience often has a cost. Precisely the sort of thing we are seeing with respect to the contempt charge in this case. Civil disobedience is not an end run around the law nor a get out of trouble free card. What it is is a way to preserve your personal sense of ethics and a way to draw attention to and raise public awareness of an unjust law with the goal of amending or repealing the unjust law.
Right. There was nothing wrong with the initial request Lavabit received. It requested metadata for a single account, and was signed off by a judge. By ignoring that request, Ladar escalated the issue into one of epic proportions. From one perspective, an investigator is requesting the steps that need to be taken in order to fulfill the initial request. From another perspective, the government is taking the 'keys to the kingdom'.
There was no reason for Lavabit to not turn over metadata other than Ladar didn't want to. He should be in jail.
This. What the article doesn't explain is what cyber security usually entails at a defense contractor. I did that kind of work for about a year, and wanted to pull me own fingers off. It was where they took bright engineers, gave them tedious and excruciatingly boring tasks, burned them out, and replaced them. You'd think cyber security would be somewhat cool, but in reality, it was taking several multi-thousand line spreadsheet checklists, run some scripts, and manually put passes or fails for the things the scripts didn't cover. Do that all day every day for every type of server and every project, repeatedly, till all or almost all checks were passed. And then, do documentation. I would say that where I worked, the youngest crowd were the only suckers willing to take that work. Everyone else knew better.
*This* I started my career in a bank in the 90s, and being me, I was always seeing holes and problems with how we did things. I started Information Security there, but was left out because I didn't have a college degree. 10 years later, and 4 kids, I landed an infosec job at a Fortune 500 company. It wasn't bad, but after 10 years of being at least 90% in charge at smaller companies, I was now pigeonholed into a single role.
The job was good, the people were good, but sitting in meetings most of the time and doing paperwork didn't give me much of a sense of accomplishment. I'm back to running the show at a small company, for a 20% salary increase.
Those documents are linked to at the bottom of a Wired article that seemingly pits David against Goliath. How is it that they can reference a source, and still not get the story right?
Screw the 'Faux News' complainers, there is no media outlet that is reporting the real story here.
It's a sad sad state of affairs.
"no No NO!"
No, no, no yourself. Lavabit received a FISA court order, accompanied by a gag order. This is not a "typical" court order at all. One of the things he bemoaned in his public statement about the shutdown was that he was prevented from even speaking about the details. That is anything but "normal". It's the illegal FISA court. Second, "pen registers" are for telephones, not emails.
Read the documents. The gag order was to prevent the original account holder from becoming aware of the investigation. That's nothing more than Standard Procedure..
What FISA Court? The original request, on page 1, was from the "UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF VIRGINIA" - according to Wikipedia there are no FISA members there.
Did I mention my post in the original thread? I am an 'insider' - of sorts - with first hand knowledge of how these things progress. I was just as suspicious, until I read the document and saw exactly what happened. Unfortunately the 'media' fans the flames by only presenting the last document "We want SSL keys", and completely avoiding the fact that Ladar ignored first document "Please provide metadata for account x".
no No NO!
Lavabit received a 'typical' court order for metadata information. He refused. It escalated to PenTrap devices because the FBI, by court order, is entitled to the information from that ONE ACCOUNT and Ladar refused to provide it. He created the problem, and shut his systems down because his actions forced the escalation to a wiretap.
Nothing to do with the NSA's overreaching monitoring.
But if you prefer the FBI to charge you with crimes without doing a through investigation, then go ahead and believe Ladar. He got himself in over his head, blamed the NSA, and now he's milking it for all it's worth. He's a douche.
It must be encrypted and the only way for the nsa to get it is to have it unencrypted and sent over the wire via ssl!!!
Exactly - cause when it was sent to the server unencrypted, and then encrypted ON the server itself with the password you sent - it's totally secure.
I'll just give my lockbox key to the teller, watch her disappear into the vault, and she should reappear with all my stuff without having looking through it.
One would be hard pressed to argue that a bloodied child in a war zone is not being abused. I'd say thats abuse by definition.
Not hard-pressed:
http://www.thefreedictionary.com/abuse
tr.v. abused, abusing, abuses
1. To use wrongly or improperly; misuse: abuse alcohol; abuse a privilege.
2. To hurt or injure by maltreatment; ill-use.
3. To force sexual activity on; rape or molest.
4. To assail with contemptuous, coarse, or insulting words; revile.
5. Obsolete To deceive or trick.
IMHO, Your definition exceeds the actual definition.
Now define piracy in a way that's machine detectable, and what you'll really have is the ultimate DRM.
So how does a machine recognize the difference between a war photo of a bloodied child and a photo of civilian child abuse?
I don't think it's recognition, as much as definition.
Are you seriously saying that there is no possible way the lawyers at GM couldn't have come up with a valid waiver for drivers to sign saying that they were buying the cars as-is with no guarantee of servicing or parts availability?
You mean like those pre-nups rich people are always going to court over?
I remember an article in which it discussed that Climate Change denying is an American problem.
Climate change by itself is not under dispute. The question is: what causes climate change. And then there are three sides:
That's why the summary of the article doesn't say 'climate change', but 'human-caused change'.
Much like in the church, apparently repetition makes it true.
We're skeptical because the world is full of self-grandizing bull-shitters who prey on the nieve. Climate Scientists, who tend to NOT be paid through sales of produced materials but through 'squeeky wheel' government budgeting, are far from immune of that skepticism. Just sayin.
I had a very similar boss, a CIO, who was just a complete asshat on a regular basis. An old sales guy with no working knowledge of IT. Just a buddy of the CEO.
After I had an awesome weekend, I had to hear him kicking and screaming about me turning away a video conference installer. Sorry, 'PBX Upgrade' with no information is not 'Video Conferencing Installation' - and oh, did I mention we were a credit card processor and I ran everything including PCI Compliance? We didn't even integrate AD with Corp. :( But I wasn't about to have that dumbass ruin my InfoSec career and for the rest of my life hear, "Oh you worked for [Company X with public breach]?" No way in hell.
I walked out that day. I do wish I waited until I had another job (I had been interviewing and never planned to work there Full Time, but they 'backdoored' me when they found out my other FT Company was sold). It was 2008 and not 2 weeks later the country took a dump
Rand and Ron Paul would not be assassinated. What would happen to them would be far worse.... for us! They would quietly settle into the same patterns that Bush and Obama did. They are politicians, nothing more. They would make grand statements, something large (but not too large) and mostly symbolic would happen ("We're finally closing Gitmo! ....... and shipping all prisoners to a Saudi Torture chamber."), and then when the initial fervor died down, and after a few key meetings, they would realize the "necessity" of surveillance on everyone in America and abroad.
I wonder if, at this point, it's expected that Republicans and Democrats will behave the same. If a 3rd party were actually elected, and turned out to be just another puppet, that could royally piss off the population..
Now since Lavabit is based on normal mail protocols, the operator has the ability to see all the data when it comes in, and obviously with a warrant or NSL, the provider can be compelled to provide the information to the feds. But I suspect that the request was not just something mild ("This sleazebag's mail account") but something broader, given the reaction was to close down the service completely.
I own/operate VFEmail.net and consider Lavabit a 'peer' in the email space.
I totally agree with your assessment. I've had to deal with requests and subpoenas, as I'm sure Lavabit has, and I've never been asked for broad access. In fact, the one time I did have to get 'in depth', I was specifically told by the agent in charge when everything initiated, "We are not installing any equipment at your site." In fact, he even offered to get me whatever I needed, and I declined, doing what was necessary to comply in-house. They only received what was requested on a signed subpoena, and were very clear they didn't even WANT anything else.
I have a sinking feeling that sort of mutual cooperation is no longer the norm, and I wonder if I will be similarly backed into a corner. Unfortunately by closing, it forces our user's to seek refuge with providers who don't have any problem installing spy equipment.
There is a huge difference between being totally responsible for your own actions and placing the burdens of your actions on your community. While you may not be required to wear a helmet (yet), you are free to get emergency medical care regardless of your ability to pay. This usually leads to the hospital having to make up for the expense by charging more to people who are able to afford care.
Now if we lived in a society where you are free to accept the risk of riding without a helmet and your inability to pay resulted in your lifeless corpse being left on the side of the road for garbage collection then I'd say you have a point. I think you will find that having the law require a helmet to be worn while riding a motorcycle at all times would be unnecessary since more people would actually consider their personal risk and the ones that don't would be eliminated by attrition.
I agree. I also I think we should live in a society where someone who can't afford health insurance and the associated deductible shouldn't be afforded a motorcycle either. But since we're pushing for 'Zero deaths on roads', I don't think what a person contributes to society will ever have affect on their - ahem - welfare.
Do you respect the right to live? Do you believe that society has the right to determine who lives and dies arbitrarily, even if they are innocent of any crime? A social safety net helps those who have been temporarily or permanently rendered helpless through economic or other action to preserve their right to live.
Only a plutocrat or their loyal slave would prefer the right to pay lower taxes more than the right for the disenfranchised to live.
Disenfranchised? If you mean those without their own homes, cars, cable TV, and cell phones, then I agree.
I think where we disagree is the number of truly disenfranchised people in the United States.
"I'll happily put this on my own guns after the police have used it for five years on theirs," ... or all persons protecting the good congressman.
I consider this equivalent to requiring Ignition Interlocks in all cars. Yes, it will do exactly what we want - it will stop people from using those items - but at the most inopportune times. Give it to the legislators, and you'll discover it's only the prohibitionist ones that will accept it.
Imagine if Ignition Interlocks were mandated - they would be hacked so fast. People aren't going to deal with that level of intrusiveness just to potentially 'save lives'. This is a case of security causing too much of an inconvenience to be useful.
Mega needs to balance risk with usability and cost. Once you get beyond a certain point, every additional security layer will either cost more than it will benefit, or increase complexity so much as it make it unfeasible to use for their average user.
Maybe I've read too many KimDotCom tweets, but the referenced articles seem like government astroturfing just trying to keep customers from using the Mega site. If you want your data THAT secure, just freaking host it yourself with your own locks in place behind double biometric VPNs or whatever and shut the hell up. Jeeesus.
They're selling a product, not a theoretical 100% secure system that will never exist.
Imagine the message sent to both parties if Stein, or Johnson handed Obama a loss.
You mean like when Nader handed Gore a loss in 2000?
The lesson the Republicans learned was "we have a mandate" and proceeded to pursue a decade of self-destructive jingoistic policy they still haven't recovered from. The lesson the Democrats learned was "don't get Nadered again."
You must be young - Perot handed the Presidency to Clinton in '92 and '96.
The result of the increasing 3rd party relevance was the only cooperation we could get between the Republicans and Democrats, which was the effective removal of any other party from the election process.
Bastards. All of them.
First: Hold onto them until they're actually worth something. Sometime in the middle of the DDR4 lifecycle, it will become nearly impossible to find new 4GB DDR3 sticks, so people will have to turn to used sticks if they want to upgrade their machines from 8GB (4x2GB or 2x4GB) to 16 GB (4x4GB).
History tells us that they will be valued at at least twice the original market rate. So sell now and get ~$7.5k, or wait 2-3 years and likely get $15-20k. I'd wait.
PAINTBALL!
it reached all the way to the Sugar Shack!
I'll play devil's advocate here...
The true fault lies with the lazy citizens. They demand every government agency put their stuff online so they don't have to get off their fat asses and actually do something in person. The fault lies in the citizens always screaming "no taxes to pay for the services I demand". The fault lies with the citizens screaming for "less government" yet expecting government to do everything for them. The fault lies with the citizens who demand lowest bids be accepted for contracts allowing inferior products and services.
Two things come to mind...
Be careful what you wish for. You just may get it! and You get what you pay for.
Nope. SC is accepting credit cards. They are under the same requirements (PCI) as all other MERCHANTS who wish to accept credit card payments. They weren't PCI compliant (I'll go out on a limb and 'guess' that's the case), and they got hacked.
They need pay the fine to Visa. That'll be interesting to see how that happens.
I walked out of a company, where I built the IT and PCI Compliance, because exactly what the parent says will happen - does happen. I just got out before the morons in charge let us get hacked and I got fired for their idiocy. I can only imagine what happened to the IT guys at CardSystems.
Yeah, right. Then lesbian dinosaurs start mating and we're spending the rest of our lives avoiding Pterosaur poo.