That is the part it all rests on, and is demonstrably false. In fact it's proved false all the time. Especially here.
But there's another more subtle fallacy this "argument" rests on:
> You do what it takes to get the bad guy off the street. It's not like the guy wasn't a drug dealer. Would you rather the dealer got away?
Equating drug dealers with "bad guys" without condition. There are some that believe that pot dealers are the scum of the earth, but there are many that do not.
Heading that off is also the assertion "You do what it takes". Our founding fathers realized that there are many things that could be done to stop bad people from doing bad things, but that way lies despotism and a complete abandonment of the rule of law. We may as well forgive the prosecution of any procedural missteps in the pursuit of a conviction. After all, innocent people are never brought before a judge, are they? We may as well forgo warrants and let the police conduct inspections of any thing in any place at any time. After all, the police are only interested in "getting the bad guys off the street" and won't take an interest in anything else.
What is implied by "They're not arresting innocent people" is something that flies in the face of human nature; that there there is no such thing as a bad cop, that there is no such thing as a corrupt judge, that these people who are in positions of power never abuse that power. And furthermore it implies that they are infallible, that they always make the right choice and never make mistakes.
Anyway I have a hard time believing that someone actually thinks this way.
So I believe that it is a parody, but I do fear that it might not be.
unfortunately for us (or perhaps fortunately seeing as how he can't stop spouting easily refuted lies) I'm sure he has the power to authorize himself. You know, like how he is in charge of the report investigating himself.
> Most don't take it that seriously, and rightfully so; needle in the haystack theory plus the fact most of us don't do much that is interesting probably play a role.
And that is entirely the wrong way to look at things. The reason that these programs are dangerous is not because they will catch some small time crimes, because for the most part the theory is right - there is way too much noise. The problem is that we go from a culture of "rule of law" to one of selective enforcement and petty revenge. If for whatever reason you end up on someone's radar, they can go back in time and string together any number of those innocuous needles you dropped over your lifetime to make you look suspicious of anything "horrible" enough to justify putting you on the no fly list, or carting you off to a secret torture camp, or targeting you for a drone strike.
I prefer "The People's Constitutionally Democratic Republic of the Americas" myself. PCDRA just sorta rolls off the tongue and lets the world know that we, like the People's Republic of China and the Democratic People's Republic of Korea, are at least named accurately.
> Even if the original photograph was done "consensually" note that you need consent for that specific disclosure. In other words, if you retweeted that image, you probably violated New Jersey criminal laws.
But it's not just "people", it's "the people", and as others have pointed out "the people" refers to a specific group, namely those that are mentioned in the preamble - "We the people, in order to form a more perfect union..."
But I like the reason for the argument. There are certain rights that we should never abridge. Otherwise you can go back and look at the amendments to start committing atrocities with impunity. For example, an excerpt from the first amendment to highlight the problem of always equating "the people" with citizens:
Congress shall make no law ... abridging ... the right of the people peaceably to assemble....
Foreigners with valid visas having a get-together after mosque (can't break up the religious ceremony itself because that part of the first doesn't mention "the people") or in front of home depot? Gather up a few cop buddies and go hose them down till they depart. Perfectly legal.
tl;dr you can make the argument that "the people" should be broadened in some senses, but I think that for the most part it does clearly mean "citizens".
[snark] For someone trying to use the argument that the founding fathers payed closer attention to language having an education that covered latin and greek, you missed the use of the definite article. [/snark]
I think that would be too difficult - the trick relies on having the light turn on without the victim (*ahem*, excuse me) interviewee being able to define when it came on. If it appears and disappears with any regularity or predictable pattern or in conjunction with other observable events, the ... honored guest can attempt to apply the scientific method to discover when the light appears and disappears. Being able to reason out a causal relationship behind a variation of any aspect of one's environment - no matter how trivial - can help the ... chosen individual regain a sense of some measure of control over one's environment. When breaking someone's will (*cough cough*, pardon me) engaging in an enhanced debate to enlighten someone [ha! puns!], it is important to instill a sense of powerlessness (*eek*, forgiveness, i beg) remove any inducements to irrelevant mental strain that could distract our charge from the topic at hand.
Alternatively, if you could somehow recognize exactly when the ... recipient of our attentive ministrations can begin to see all five lights, begin a new dialogue at some point in the future (after a slightly longer, but not definably so, intermission) arguing that there are only four. It may be necessary to invent some plausible reason to abruptly remove yourself from the conversation and terminate this most recent interview. Have one of your ... employees page you with an urgent matter, appear slightly distracted when you start out, and be sure to leave before the individual can fight through the momentary confusion and challenge you on your apparent reversal. Attempts by the individual to point out any inconsistency in your assertions should always be met with increasingly irritated denials; e.g.: "there have always been four lights". It may also be helpful to, in the few interviews immediately prior to the assertion reversal, be vague about the specific number of lights an focus more on the incorrectness and stubbornness of your interlocutor.
> where we clearly need to revoke a large number of certs "just to be sure"
Try "all of them that were issued in the last two years" (those that are still active anyway). And that doesn't fix the problem - which is the "client's" use of a broken version of encryption software, which is completely out of their hands, and could still happen again if (say) my cert was revoked, i obtain a new one right now, but continue using the broken openssl version! StartSSL has no way of knowing if a client leaked their SSL key.
But they should absolutely revoke it for free, waive the fee if the client acknowledges having used the broken openssl version, or if necessary at least defer the fee until the client requests a reissue. And add a new opt-in checkbox asserting that the client has verified they are no longer vulnerable to heartbleed (and similar issues - i doubt i've seen the last one one of this kind in my lifetime).
But I'm starting to see a whole host of counter arguments and corner cases, so really the only simple and honorable thing to do is not charge for revocation. The real solution, as Moxie Marlinspike pointed out years ago, is to move away from the CA model.
> A quarter-century later, people are still getting hacked by buffer overruns, including Heartbleed....
Heartbleed is worse than a buffer overrun. Actually, from what I understand, it's more of a buffer underrun - the buffer allocated is larger than is needed for the response, and the result is that the buffer contains "extra data" that is or was in memory at that location. The amount of data written to the buffer is not sufficient to wipe all the left over data. If they had done the sensible thing - which is to zero out the buffer - the problem might have been ignorable (who cares if you get an extra 64k of nulls back?) or caught more or less immediately because key portions of memory (such as the encryption key needed for future operations) would no longer be available.