It is not just a matter of traffic violations; the legal system in America is so massively complex that it is hard to say who, if anyone, is actually innocent. You might have dug a hole on your property illegally (e.g. while gardening). You might have imported some seeds without filling out the requisite paperwork. You might have disposed of household chemicals or hazardous products in an illegal fashion. Maybe your wireless network is illegal -- did you double check the antenna gain and transmitter power (believe it or not, I have seen people who unknowingly run illegal wifi stations -- 1W with a 9dBi antenna)? Maybe your house is not up to electrical codes -- are you sure that old antennas and satellite dishes are properly grounded? Are you sure you never downloaded software from another country that violates patents in this country? Depending on your age, location, and sexual partners, you may have broken any number of laws prohibiting various sex acts, many of which were still in effect until recently.
There are also laws that were passed for reasons long forgotten, especially state and local laws. In several states, it is illegal to have an ice cream cone in your back pocket (I will be impressed if this is one that you broke); it sounds insane today, but at one time this was a way to steal horses. Can you honestly say that you have never broken some bizarre, antiquated law that nobody could be expected to be aware of?
The problem with laws is that they almost never expire. The legal system only ever expands, as new laws are passed to address today's concerns while old laws remain on the books indefinitely.
Which I am guessing would be the case, as a matter of operational security. If a lieutenant in charge of, say, activities in North Africa decides to defect, it would be bad if he knew about plans for Asia or Europe.
I am just guessing, of course; maybe they are less organized than I am giving them credit for. Failing to encrypt is certainly an indication of that...
What if one of his leutenants had betrayed him? There are a lot of reasons to encrypt sensitive documents even when they are not being sent over a network.
- something you can't get out of by simply going "Gee, I don't know who that driver might be, I guess I don't need to pay the ticket!"
Around me, that is how it is: tickets must be given by a police officer, who physically hands the ticket to the driver of a car. It is perfectly valid to say, "Yes that was my car, no it was not me driving it," and it is perfectly valid to say, "I do not know who was driving it." People lend their cars to others sometimes, and if they lend their car to a group of people, they really cannot know who in the group was driving.
How about something more realistic: one of the numerous computers connected to your LAN might have been infected with malware, and a remote attacker used your connection to break the law. It has happened in the past:
Actually, when they tried to install some red-light cameras near me that automatically sends tickets to people who run red lights, the courts ruled that nobody was obligated to pay those tickets -- a police officer needs to hand the ticket to the driver of the vehicle, who may not be the owner. It is absurd to claim that a license plate identifies a person, just like it is absurd to claim that an IP address does so.
I see no reason why I, as an ISP subscriber, should not be also accountable for what people do with a network connection that I pay for.
Here is a relevant anecdote that a friend of mine in the security research community gave me: the police were investigating a child pornography case, and the determined the address of the person paying for an Internet connection that had come up during that investigation. When the police showed up, a pair of old ladies who were barely able to operate their computer were living there; they did not fit the profile for that crime, and there was no evidence of child pornography in their home.
Down the block, someone had a high-gain antenna mounted on his roof, pointed at the house where the police were.
The reason you do not want to be responsible for what happens over your Internet connection is that there is no guarantee that you are its only user. You think putting a passphrase on your wireless network is enough to protect you? You or a relative might accidentally install some malware; a guest with malware on his laptop might stay overnight; there might be a vulnerability in WPA; your router might be hacked; someone you trust might just do something stupid; etc., etc., etc. There are a lot of ways that your Internet connection could be used by someone else.
I'm just a hard-ass who follows the rules
Are you sure you have not broken any laws over the past 12 months? Why not take a look through some law books and double check that for us...
The law will just have the words "residential" or "consumer" in it, and thus only target the majority of Americans. Even if it did not specifically say that, the law would only be applied to individual people, and never to the wealthy.
I think if someone made bomb threats from an IP address, the FBI would FULLY investigate, because jailing the wrong person means the bomb still goes off,
Judging by how the FBI handled the Pittsburgh bomb threats, I do not give much credit to their ability to "fully" investigate anything online. The FBI's approach to computers is to lobby for backdoors, then point to examples where a lack of a backdoor impeded their investigation when they do not get their way.
Howzabout mirroring the switch port and logging/filtering the traffic thru snort to grab the IP addresses of inbound SMTP connections before the remailer scrubs them
Mixmaster does not use SMTP
Mixmaster is resilient to passive eavesdropping
Those connections would lead them to other remailers in the network
There are a large number of remailer users in the world; the FBI would have narrowed their investigation down to at least thousands of people.
The idea wasn't to stop the threats but to trace them
OK, how about this: Predictably, the remailer kept no logs, the messages were sent through a chain of multiple remailers, and the seizure of the remailer contributed nothing to the FBI's investigation.
If logging wasn't turned off on that server, the FBI would have been able to trace it.
Only if the user was so stupid that they used a single remailer, something which people are routinely warned against and which typical remailer software will not do by default. If the server had logging enable, the FBI would have been led to another remailer; the chances that all the remailers in the chain have logging enabled is small (we hope).
I would be really upset if the FBI said "Well, we could confiscate that server and mildly interrupt e-mail service for 300 people
Actually, there was no interruption in service. The remailer system is resilient to a single remailer being taken offline. The problem with this raid is that it had absolutely no investigative value, and was performed purely to gain access to the private keys. Indeed, if the FBI wanted to catch the person sending the threats, they would have gotten a court order to monitor the activity of the remailer, rather than seizing the equipment.
Big bad FBI, trying to follow the only lead they have
Yes, their only lead being that anyone on Earth might have sent the messages. Solid investigative skills there, FBI.
Sometimes I think law enforcement is damned if they do, damned if they don't.
That has something to do with the fact that they have absolutely no respect for civil rights or basic human dignity. With so many unjust laws on the books, with so many attempts by the FBI to prevent the general public from having access to good cryptography software, it is not hard to understand why people have such a poor opinion of them.
rebrand yourselves and build that brand in a respectable manner
I am not a brand, I am not a commodity, I am not something that is being advertised. Why should I care about what people who would not write a program to compute 2+2 think about the word "hacker?"
Hackers have every right to criticize the media's use of the term and the media's portrayal of "hacking." If ignorance is not criticized, it will propagate.
Why the hell should the designers be the only ones allowed to teach people
This is kind of like asking, "Why the hell should the designers be the only ones allowed to modify a computer or its software?" The answer lies in your philosophy about the computer age and society in general:
Computation as a service, provided by experts who can be trusted to maintain computers.
Personal computers, which can be independently maintained.
Before the PC age, the first point of view was the mainstream view of computers: people would have computer terminals in their homes and offices, which would allow them to use computers that were maintained by computation utilities, and for which they would pay a service fee. Then some hackers came up with the brilliant idea of a personal computer, a complete computer system that could be independently operated, and it caught on like wildfire. These days, we are seeing a shift back to computation as a utility, in the form of web apps and walled gardens.
To put it another way, if you do not want your hand held, you are supposed to get a job as an engineer. There is an element of elitism at play, typical of the conservative world that you will see in professional world: only those who deserve the freedom to not have their hands hand should get it. You are supposed to compete with other smart people for that position in life, and if you are not good enough to get it, well too bad because now your hand will be held by the people who were smart enough. Hackers wanted a different world, but the rest of society is content with elitism and mandatory hand-holding.
What, you think being clever will help you evade the law? If the people who drafted the law were not smart enough to close your loophole, you do not get to exploit it -- unless you are rich or a corporation.
So your parental instincts kick in, and all those little cues the media has given you about the dangers that await your daughter if she so much as leaves your home have come to define your reality.
Here is what I will grant you: pedophiles do exist. Sometimes teachers are pedophiles, and they use their position of power to take advantage of their victims. Fortunately, that is not a very common situation, despite what the news media tells you, and most teachers really do care about their students (in an appropriate way).
Unfortunately, the moral panic of the 1980s -- which resulted in the imprisonment of at least hundreds of innocent people, if not more -- has not entirely subsided.
Seriously, how can an intelligent person equate a meeting in a mall or on the street with a stream of clandestine facebook messages between "dreamy" Mr Larson and your 14 year old daughter?
That is not how I read this situation. I see the city trying to ensure that a common phenomenon in high schools and even middle schools will not be paraded around for all the world to see: teachers who have "fan clubs" of students. My guess is that the city was worried about parents complaining about such things, especially when their perfect angels who are not in the fan club do not get those A+ grades they "deserve."
You know why I think this is not really about students and teachers having sex? The city did not issue rules on text messaging, despite there being more incidents involving cell phones than social networking sites.
When I last read about this type of issue, the proposed law was very clear - is a school district runs a Facebook-like web site that includes the ability to monitor communications between employees (teachers) and customers (students) that was fine.
That does not sound "fine" to me -- it sounds like you are teaching students that there is some grand authority in the world that watches what they do and who they talk to. That is not something I would want my children to be taught in school.
Why do teachers need to 'friend' under-age students of theirs?
Some teachers have "fan clubs" -- I remember seeing that sort of behavior all the time when I was in high school. Telling teachers that they cannot have students friend them on Facebook is basically saying that there cannot be an expression of these fan clubs online.
c) surprised that teachers associating with students on facebook is a big problem, since it seems extremely unprofessional to me.
If you RTFA, you will see that it is not a huge problem -- a couple dozen "incidents," many of which seem to have been entirely online anyway (as opposed to a teacher trying to arrange for sex). On the other hand, teachers and students texting and talking on the phone seems to be a much bigger problem (more incidents and possibly more serious incidents), and the city has not addressed that in this update to the rules.
I guess you could say that these things are not as bad as outright bans on criticisms of the government. Yet we do have a whole lot of restrictions on free speech, both in the law and in practice.
In the US one is subject to such searches if one is going on a plane
This amounts to millions of people subjected to searches, in a systematic and humiliating way.
Any violation of this sort in Pakistan is actually orders of magnitude worse than the US
However, there's one thing that doesn't work with RHEL/CentOS/SL and that's the major upgrade, like the one from 5 to 6.
That is true, but...
That happens once every 7 years; with Fedora you are talking about at least once per year.
Things do not (in my experience) break as hard between major releases of RHEL 'n pals as they do between Fedora releases; there is a bit of friction, but with Fedora I would have to deal with critical things (network, graphics) simply not working after upgrades.
Once you fix the problems that follow a RHEL upgrade, it is unlikely you will need to keep fixing things. With Fedora, I would sometimes see things break after receiving package updates, and once or twice that mean losing networking or other important things.
This is not meant to bash Fedora -- it does a good job of bringing the bleeding edge to the desktop, and for people who do not mind dealing with hiccups, it is a fine distro (I used to be such a person). The reason I switched to SL is that I am just too busy to deal with things breaking, especially when the ways in which they break keeps changing.
No major government body in the US is trying to block fifty million websites
I guess lobbyists from the MPAA and RIAA are not technically part of the government; they only pad the wallets of politicians and draft legislation for them.
the US rejected any form of blasphemy laws as unconstitional quite some time ago
While simultaneously making other classes of speech illegal. Just because we violate free speech rights differently than the Pakistanis would does not mean that we are not violating free speech rights.
As to the matter of grope sessions to fly planes- Pakistan has essentially close to almost no equivalent of Fourth Amendment protections
So on the one hand, Pakistan has no privacy laws, and on the other the US simply ignores its privacy laws and publicly humiliates its citizens. Here is the question you were trying to answer, but failed to: does Pakistan grope its citizens en masse, the way the United States does?
there's no question that human rights have been getting better in Pakistan
Here is what you left out: human rights have been getting worse in the United States, and are worsening at an accelerating pace. Freedom of speech? Only if you do not bother the important people with it. Privacy rights? Only if you never travel or communicate electronically. The right to live a free and happy life? Only if you are not a member of the world's largest prison population, which in case anyone has forgotten is the prison population of the United States.
To put it another way, is it the US or Pakistan that has paramilitary police forces that shoot innocent people with assault rifles and add personal assets to their budgets, with the approval and encouragement of the government?
in the USA they are still stuck at the 'watch him long enough and eventually he'll commit a crime' stage.
FTFY. Here in the US, we get around the "well you can only arrest people who break the law" by creating so many laws and such a complex legal system that almost everyone is guilty of something.
Slashdot Mirror
It is not just a matter of traffic violations; the legal system in America is so massively complex that it is hard to say who, if anyone, is actually innocent. You might have dug a hole on your property illegally (e.g. while gardening). You might have imported some seeds without filling out the requisite paperwork. You might have disposed of household chemicals or hazardous products in an illegal fashion. Maybe your wireless network is illegal -- did you double check the antenna gain and transmitter power (believe it or not, I have seen people who unknowingly run illegal wifi stations -- 1W with a 9dBi antenna)? Maybe your house is not up to electrical codes -- are you sure that old antennas and satellite dishes are properly grounded? Are you sure you never downloaded software from another country that violates patents in this country? Depending on your age, location, and sexual partners, you may have broken any number of laws prohibiting various sex acts, many of which were still in effect until recently.
There are also laws that were passed for reasons long forgotten, especially state and local laws. In several states, it is illegal to have an ice cream cone in your back pocket (I will be impressed if this is one that you broke); it sounds insane today, but at one time this was a way to steal horses. Can you honestly say that you have never broken some bizarre, antiquated law that nobody could be expected to be aware of?
The problem with laws is that they almost never expire. The legal system only ever expands, as new laws are passed to address today's concerns while old laws remain on the books indefinitely.
Which I am guessing would be the case, as a matter of operational security. If a lieutenant in charge of, say, activities in North Africa decides to defect, it would be bad if he knew about plans for Asia or Europe.
I am just guessing, of course; maybe they are less organized than I am giving them credit for. Failing to encrypt is certainly an indication of that...
What if one of his leutenants had betrayed him? There are a lot of reasons to encrypt sensitive documents even when they are not being sent over a network.
- something you can't get out of by simply going "Gee, I don't know who that driver might be, I guess I don't need to pay the ticket!"
Around me, that is how it is: tickets must be given by a police officer, who physically hands the ticket to the driver of a car. It is perfectly valid to say, "Yes that was my car, no it was not me driving it," and it is perfectly valid to say, "I do not know who was driving it." People lend their cars to others sometimes, and if they lend their car to a group of people, they really cannot know who in the group was driving.
How about something more realistic: one of the numerous computers connected to your LAN might have been infected with malware, and a remote attacker used your connection to break the law. It has happened in the past:
http://www.itworld.com/security/84077/child-porn-malwares-ultimate-evil
Actually, when they tried to install some red-light cameras near me that automatically sends tickets to people who run red lights, the courts ruled that nobody was obligated to pay those tickets -- a police officer needs to hand the ticket to the driver of the vehicle, who may not be the owner. It is absurd to claim that a license plate identifies a person, just like it is absurd to claim that an IP address does so.
I see no reason why I, as an ISP subscriber, should not be also accountable for what people do with a network connection that I pay for.
Here is a relevant anecdote that a friend of mine in the security research community gave me: the police were investigating a child pornography case, and the determined the address of the person paying for an Internet connection that had come up during that investigation. When the police showed up, a pair of old ladies who were barely able to operate their computer were living there; they did not fit the profile for that crime, and there was no evidence of child pornography in their home.
Down the block, someone had a high-gain antenna mounted on his roof, pointed at the house where the police were.
The reason you do not want to be responsible for what happens over your Internet connection is that there is no guarantee that you are its only user. You think putting a passphrase on your wireless network is enough to protect you? You or a relative might accidentally install some malware; a guest with malware on his laptop might stay overnight; there might be a vulnerability in WPA; your router might be hacked; someone you trust might just do something stupid; etc., etc., etc. There are a lot of ways that your Internet connection could be used by someone else.
I'm just a hard-ass who follows the rules
Are you sure you have not broken any laws over the past 12 months? Why not take a look through some law books and double check that for us...
The law will just have the words "residential" or "consumer" in it, and thus only target the majority of Americans. Even if it did not specifically say that, the law would only be applied to individual people, and never to the wealthy.
I think if someone made bomb threats from an IP address, the FBI would FULLY investigate, because jailing the wrong person means the bomb still goes off,
Judging by how the FBI handled the Pittsburgh bomb threats, I do not give much credit to their ability to "fully" investigate anything online. The FBI's approach to computers is to lobby for backdoors, then point to examples where a lack of a backdoor impeded their investigation when they do not get their way.
Howzabout mirroring the switch port and logging/filtering the traffic thru snort to grab the IP addresses of inbound SMTP connections before the remailer scrubs them
The idea wasn't to stop the threats but to trace them
OK, how about this: Predictably, the remailer kept no logs, the messages were sent through a chain of multiple remailers, and the seizure of the remailer contributed nothing to the FBI's investigation.
If logging wasn't turned off on that server, the FBI would have been able to trace it.
Only if the user was so stupid that they used a single remailer, something which people are routinely warned against and which typical remailer software will not do by default. If the server had logging enable, the FBI would have been led to another remailer; the chances that all the remailers in the chain have logging enabled is small (we hope).
I would be really upset if the FBI said "Well, we could confiscate that server and mildly interrupt e-mail service for 300 people
Actually, there was no interruption in service. The remailer system is resilient to a single remailer being taken offline. The problem with this raid is that it had absolutely no investigative value, and was performed purely to gain access to the private keys. Indeed, if the FBI wanted to catch the person sending the threats, they would have gotten a court order to monitor the activity of the remailer, rather than seizing the equipment.
Big bad FBI, trying to follow the only lead they have
Yes, their only lead being that anyone on Earth might have sent the messages. Solid investigative skills there, FBI.
Sometimes I think law enforcement is damned if they do, damned if they don't.
That has something to do with the fact that they have absolutely no respect for civil rights or basic human dignity. With so many unjust laws on the books, with so many attempts by the FBI to prevent the general public from having access to good cryptography software, it is not hard to understand why people have such a poor opinion of them.
How about the fact that they took the server in the first place, an action which did nothing to further their investigation?
rebrand yourselves and build that brand in a respectable manner
I am not a brand, I am not a commodity, I am not something that is being advertised. Why should I care about what people who would not write a program to compute 2+2 think about the word "hacker?"
Hackers have every right to criticize the media's use of the term and the media's portrayal of "hacking." If ignorance is not criticized, it will propagate.
Why the hell should the designers be the only ones allowed to teach people
This is kind of like asking, "Why the hell should the designers be the only ones allowed to modify a computer or its software?" The answer lies in your philosophy about the computer age and society in general:
Before the PC age, the first point of view was the mainstream view of computers: people would have computer terminals in their homes and offices, which would allow them to use computers that were maintained by computation utilities, and for which they would pay a service fee. Then some hackers came up with the brilliant idea of a personal computer, a complete computer system that could be independently operated, and it caught on like wildfire. These days, we are seeing a shift back to computation as a utility, in the form of web apps and walled gardens.
To put it another way, if you do not want your hand held, you are supposed to get a job as an engineer. There is an element of elitism at play, typical of the conservative world that you will see in professional world: only those who deserve the freedom to not have their hands hand should get it. You are supposed to compete with other smart people for that position in life, and if you are not good enough to get it, well too bad because now your hand will be held by the people who were smart enough. Hackers wanted a different world, but the rest of society is content with elitism and mandatory hand-holding.
Stop turning my computer programs into children's toys.
A typical view of computer users is that they are children -- toddlers who need their hands held wherever they go.
Chrome is massively popular and eating into Mozilla's "marketshare," that's why.
What, you think being clever will help you evade the law? If the people who drafted the law were not smart enough to close your loophole, you do not get to exploit it -- unless you are rich or a corporation.
So your parental instincts kick in, and all those little cues the media has given you about the dangers that await your daughter if she so much as leaves your home have come to define your reality.
Here is what I will grant you: pedophiles do exist. Sometimes teachers are pedophiles, and they use their position of power to take advantage of their victims. Fortunately, that is not a very common situation, despite what the news media tells you, and most teachers really do care about their students (in an appropriate way).
Unfortunately, the moral panic of the 1980s -- which resulted in the imprisonment of at least hundreds of innocent people, if not more -- has not entirely subsided.
Seriously, how can an intelligent person equate a meeting in a mall or on the street with a stream of clandestine facebook messages between "dreamy" Mr Larson and your 14 year old daughter?
That is not how I read this situation. I see the city trying to ensure that a common phenomenon in high schools and even middle schools will not be paraded around for all the world to see: teachers who have "fan clubs" of students. My guess is that the city was worried about parents complaining about such things, especially when their perfect angels who are not in the fan club do not get those A+ grades they "deserve."
You know why I think this is not really about students and teachers having sex? The city did not issue rules on text messaging, despite there being more incidents involving cell phones than social networking sites.
When I last read about this type of issue, the proposed law was very clear - is a school district runs a Facebook-like web site that includes the ability to monitor communications between employees (teachers) and customers (students) that was fine.
That does not sound "fine" to me -- it sounds like you are teaching students that there is some grand authority in the world that watches what they do and who they talk to. That is not something I would want my children to be taught in school.
Why do teachers need to 'friend' under-age students of theirs?
Some teachers have "fan clubs" -- I remember seeing that sort of behavior all the time when I was in high school. Telling teachers that they cannot have students friend them on Facebook is basically saying that there cannot be an expression of these fan clubs online.
c) surprised that teachers associating with students on facebook is a big problem, since it seems extremely unprofessional to me.
If you RTFA, you will see that it is not a huge problem -- a couple dozen "incidents," many of which seem to have been entirely online anyway (as opposed to a teacher trying to arrange for sex). On the other hand, teachers and students texting and talking on the phone seems to be a much bigger problem (more incidents and possibly more serious incidents), and the city has not addressed that in this update to the rules.
Actually, ISPs in the US don't block copyright infringing websites
Up until the point where the US government seizes domain names.
As to your claim that other areas of free speech are restricted in the US, exactly what speech are you talking about?
How about praising terrorists:
http://www.nytimes.com/2012/04/22/opinion/sunday/a-dangerous-mind.html?ref=terrorism
Or publishing articles with controversial views about terrorism:
http://en.wikipedia.org/wiki/Ward_churchill
Or publishing books about making drugs (note that Shulgin lost his license to do research -- including research on drugs that he discovered):
http://en.wikipedia.org/wiki/Pihkal
Or recording the police:
http://cryptogon.com/?p=22744
Some of these things are illegal; some are legal in theory but restricted in practice. Or publishing information about breaking DRM systems:
http://en.wikipedia.org/wiki/DMCA
Or publishing cartoon descriptions of child abuse:
http://en.wikipedia.org/wiki/PROTECT_Act_of_2003
Or speaking outside of designated free speech zones:
http://en.wikipedia.org/wiki/Free_speech_zone
I guess you could say that these things are not as bad as outright bans on criticisms of the government. Yet we do have a whole lot of restrictions on free speech, both in the law and in practice.
In the US one is subject to such searches if one is going on a plane
This amounts to millions of people subjected to searches, in a systematic and humiliating way.
Any violation of this sort in Pakistan is actually orders of magnitude worse than the US
[citation needed]
However, there's one thing that doesn't work with RHEL/CentOS/SL and that's the major upgrade, like the one from 5 to 6.
That is true, but...
This is not meant to bash Fedora -- it does a good job of bringing the bleeding edge to the desktop, and for people who do not mind dealing with hiccups, it is a fine distro (I used to be such a person). The reason I switched to SL is that I am just too busy to deal with things breaking, especially when the ways in which they break keeps changing.
No major government body in the US is trying to block fifty million websites
I guess lobbyists from the MPAA and RIAA are not technically part of the government; they only pad the wallets of politicians and draft legislation for them.
the US rejected any form of blasphemy laws as unconstitional quite some time ago
While simultaneously making other classes of speech illegal. Just because we violate free speech rights differently than the Pakistanis would does not mean that we are not violating free speech rights.
As to the matter of grope sessions to fly planes- Pakistan has essentially close to almost no equivalent of Fourth Amendment protections
So on the one hand, Pakistan has no privacy laws, and on the other the US simply ignores its privacy laws and publicly humiliates its citizens. Here is the question you were trying to answer, but failed to: does Pakistan grope its citizens en masse, the way the United States does?
there's no question that human rights have been getting better in Pakistan
Here is what you left out: human rights have been getting worse in the United States, and are worsening at an accelerating pace. Freedom of speech? Only if you do not bother the important people with it. Privacy rights? Only if you never travel or communicate electronically. The right to live a free and happy life? Only if you are not a member of the world's largest prison population, which in case anyone has forgotten is the prison population of the United States.
To put it another way, is it the US or Pakistan that has paramilitary police forces that shoot innocent people with assault rifles and add personal assets to their budgets, with the approval and encouragement of the government?
in the USA they are still stuck at the 'watch him long enough and eventually he'll commit a crime' stage.
FTFY. Here in the US, we get around the "well you can only arrest people who break the law" by creating so many laws and such a complex legal system that almost everyone is guilty of something.