The new forums will be named Coin Return (based on the most recent
vote)! You can check on the status and timeline of the transition to the new forums
here.
The Guiding Principles and New Rules
document is now in effect.
The 4th Amendment Thread: Privacy, Search & Seizure, Chain of Custody
Posts
1) I'm pretty sure that selling kiddie porn is a far bigger offense than simply possessing it. And you're still going to need probable cause to go after the seller, so catch-22.
2) So now you're going from "police secretly conduct unknown investigations that no one knows about with no trace of their existence" to straight up "Police straight up criminally vandalize the property Donnie Darko style."
I mean, yeah, I suppose the latter situation is possible. I suppose that it's also possible that police officers dress up like Batman at night so that they can get away with punching bad guys without accusations of police brutality. I suppose it's possible that police will start hiring burglars full time to start ransacking any house they want to get into and then leave the evidence out in the open. The fact that you have to make your conspiracy theories increasingly complex just to get anything accomplished demonstrates a huge stretch in credibility.
Also, you realize that once the house has been broken into, the guy can simply insist that the evidence was planted?
Your entire scenario reminds me of the conspiracy theories from the birthers insisting that Obama took incredibly elaborate lengths to make it look like he was an actual citizen of this country, but he's incapable of faking a birth certificate and that's why he hasn't given us one.
Don't dogs chase down the specific source of the smell? Meaning that you not only have to train your dog to bark, but you also need it to bark at a specific spot where you know the completely unrelated evidence is hidden.
Yes, the people whose job it is to read the military and diplomatic communications of other governments should make it harder to read the military and diplomatic communications of other governments
Not to mention one of the primary reasons why the modern computer industry even exists.
Another main reason? Census employee who decides to start a company to help the government tabulate personal data on US citizens. Goes on to start a company that eventually becomes IBM.
Governments using computers to crack encryption and track data on citizens is not new.
And if all you're concerned about is safety from the scary outside world, doesn't the NSA bring up things like cyberterrorism? Didn't the government claim it was ostensibly supposed to be protecting against things like that? Inserting flaws into encryption methods and creating vulnerabilities would fundamentally be weakening our defenses against that. And most of those harmful actions are directed against people and companies and such, rather than directly at government offices. As a result, whatever level of security the government has, doesn't actually provide much protection to the country. It's only the general level of security available for everyone that would provide any protection.
If you're really so concerned and paranoid that you don't mind making secure communications unsecure for everyone, why go half-way? Why not do it openly? Outlaw private encryption and make all messages go through government centers, using their own encryption for which they hold the key? I mean, what you're talking about allowing is only different quantitatively, not qualitatively. If you're in favor of this, are you in favor of going all the way with it? If not, then what is your argument against it? How is this different? No, I'm saying that compromising the encryption of the general public in an attempt to accomplish that goal, is something that should not be done, it's sacrificing something more important for something less important. We're not talking about breaking the codes on specific messages, we're talking about inserting vulnerabilities into encryption methods themselves, and pushing to make those methods the standard, which would compromise everything encrypted by everyone who used those methods.
In other words, in the debate over online privacy, "government" and "law enforcement" are the absolute least likely entity to raise concerns. Even below "companies who might want payment for files you downloaded."
And it makes perfect sense. According to the survey, 21% of the population has been hacked, 12% has been stalked/harassed, and 4% have been in physical danger as a result of online activities. In other words, people with concerns over privacy are worried about the actual threats that they have actually experienced and seen first hand. And not the purely hypothetical/invisible threats from government that consist of "unknown unknowns" and are impossible to detect.
And the same thing probably applies within the minority community. If you're a minority worried about discrimination, you're most likely to be worried about the actual discrimination that happens every day and impacts actual lives, rather than invisible/hypothetical discrimination that's impossible to detect. I don't see many minorities worried that the NSA is going to specifically target black people. I do see a lot of black people complaining about issues like voter suppression, racial profiling, stop and frisk, job discrimination, etc.
1. "who people have said they've taken steps to hide from" =/= "who people think are a threat" =/= "who are actually a threat". It's addressing a completely different topic.
2. Notice how it has hackers and criminals listed as #1? Those are exactly the people who would be empowered by systemic flaws introduced into encryption systems and companies that the NSA has been doing or attempting to do.
3. "Other governments" Isn't even on the list, do you think that means people are more concerned about the actions of their own government then they are about other countries? If you're trying to use this as evidence, that would seem to undermine the idea that people should are more concerned about our government having access to military and diplomatic communication from other governments, then they are about their own government.
Those graphs really don't apply well at all to the topic at hand.
This one might be more relevant to the topic, percent of people that think these things are very important to control access to. Things that are potentially at risk by the NSA and such:
Then we should stop those things from happening.
How old are you? Because this is the most laughably naive thing I've seen on these boards in a really long time.
When your method of breaking the adversary's communications also compromises your own, there's a bit of a problem.
So, should he just go hang himself now according to you, or what did you have in mind?
Amazingly, some people have a different opinion than masturbatory Cold War-era realpolitik.
EDIT: Seriously, is this how you talk to people in real life, too?
It's like people aren't reading the article or something.
This is not making it easier to read the communications of other governments.
It is making it easier to break into domestic communications. They are implementing security holes that allow anybody who knows how the ability to intercept domestic communications.
The whole "you guys are super naive" posts with little content look even sillier when you can't grasp this very basic thing.
What they are actually doing is making everybody less secure to everybody else. Which I have a huge problem with.
1): The NSA is an organ of the United States government.
2): The NSA is responsible for the data security of the United States government.
3): The NSA has knowingly weakened certain cryptographic methods.
4): Therefore the United States government will not use those methods.
5): Therefore United States government data security is stronger than anyone who uses those methods.
Civilian security is emphatically not the NSA's job. They don't care.
This is what signals intelligence organizations do. All of them, in every nation. Their entire purpose is to crack codes so they can read other people's mail. The only surprising thing is the level of success the NSA has had. Acting as if this has not always been the case is asinine.
1) Generally, people take measures to hide from the people who they are actually worried about. If someone says "I'm buying a gun to keep the government out of my face," that generally implies that he sees the government as the biggest threat to his personal safety.
2) Highly dubious claim, given the hundreds of millions of potential targets with no encryption at all. There's a notion known as "Return on Investment."
3) Why the hell would any average American civilian be worried about the German or Chinese government potentially reading their e-mails?
I think that's precisely the worry. Namely, some people think civilian security is important and wonder if the increased abilities the NSA gains by diminishing it are enough to justify said diminution. If the NSA considers civilian security entirely outside its mission, that's all the more reason to think that they take actions on the basis of a plan which overvalues their own capabilities while undervaluing the security that good encryption provides to all sorts of private, commercial, and otherwise non-spying-related transactions.
If what you're saying is "they didn't do what you said, because technology" then I concede not understanding the technical reasons and having nothing interesting to offer to that discussion. I intended my point to be purely in response to the people saying "they DID do what you said, but it's fine!"
Basically. I mean, their standards and requirements are public information which === nist recommendations for what to use if you are serious about not getting your shit broken.
This must be the case given how many public entities build maintain and access protected information systems.
Either these aren't broken, or it is just low level SSL implementations, which truly serious folk won't use, because it is kinda public info they are less than ideal.
I just really don't get exactly what they've comprised. PKI cert servers? Software implementation that don't phone home to the NSA(which would be obvious) or result in broken weaker encryption (which would not function or sign with other implementations).
I don't actually get what they are really doing.
I remember a number of people in the other thread making the argument that it was imperative that the NSA be able to spy on the German steel industry or whatever when all the allegations came or about that.
When modern war is made via economic policy, civilian targets are "military" targets for the NSA, according to some.
Hand waving away the NSA designing and publishing an intentionally flawed encryption standard as "one noted anomaly" is fucking infuriating.
It is like saying "the NSA only fired ONE giant space death laser, and they missed with it anyway, WHY WORRY? Also nobody has PROVEN that the satellite they designed and launched which fired a giant death laser was SUPPOSED to fire a giant death laser."
Missing does not mitigate the attempt.
Worst. Analogy. Ever.
Do you even know what a backdoor is?
And just because I'm tired of all the bullshit handwaving:
So maybe we can stop pretending like this is the NSA's job or, even if it is, that it's a good thing that we should all be totally grateful for. But go ahead and tell me that Paul Kocher doesn't know anything about internet security.
You should see what he does with reductio ad X-Files.
It would be nice if any of you would be able to refute analogies using the formal conventions of refuting analogies, as opposed to simply "Your analogy is bad because I dislike the implication" or "Your analogy is bad because it isn't an axiom."
purportedly they've done a bunch of things.
They've screwed with implementations of encryption software, reducing randomness and inserting factors. This makes things much easier to crack. They've been collecting keys, which makes some things instant. They've gained access to server infrastructure to grab stuff before it gets encrypted. They released an encryption algorithm with flaws, which means it can be cracked more quickly. They put pressure on folks running public key servers, which sort of lets them crack things better and run Man in the Middle attacks where it should not be possible. They've been collecting large amounts of information, attempting the easy breaks on them and storing what's worked(and hasn't).
Little of this would allow them to gain access to the average users computer system, because authentication is not encryption(though they could probably sidejack/MIM some VPN connections, which... well... could).
edit: relating this to a paper published in the 60s and a hardware backdoor that doesn't exist might not be the best analogies for what it is claimed they actually did when you look at the technology discussed and not broad nontechnical terms like trap/backdoor.
Though... I would be a little concerned about "trusted computing" stuff and wouldn't trust windows8's hardware/software opaque drive authenticating solution thingy. I pretty ardently oppose them anyway though.
If you think that Sensenbrenner, the architect of REAL ID, is saying this for any other reason than "hurt the Democrats", I have a lovely bridge I can sell you cheap.
You're not wrong, but that doesn't mean that he is, either.
Just because somebody has other motives doesn't mean that they aren't also correct.
If we picked apart every single one of your bad analogies, this would be the bad analogy picking apart thread. But it's not, and I think it's ridiculous to expect everybody to tell you why your analogies are bad every time you make a bad analogy.
Nobody here is worried that our personal PCs are being hacked by the same guys that stole Sandra Bullock's identity.
But yes, your post is absolutely correct.
The fact that this is a man who was more than happy to create and push an incredibly invasive program that would have impacted every American directly makes me question the legitimacy of his argument.