Unfortunately I'm the barer of bad news here, so I'll start off with saying explicitly that I DO NOT CONDONE ANY PART OF WHAT I'M ABOUT TO EXPLAIN. I've been trying for the past few months to get the main stream media to pick up the story, alas with no luck.
A technique that is nicely called "HTTPS Snooping" (or more accurately called Man-In-The-Middle-Attack http://en.wikipedia.org/wiki/Man-in-the-middle_attack), is available from companies like Cisco, and Websense. These solutions are currently deployed at companies that are snooping on their employees.
Most companies fear malware, and corporate espionage, and thus justify snooping on private communications of their employees. More respectable companies limit what they can see to things like GMail, and unknown addresses. Less respectable companies (like I've ran across) snoop all traffic, including banking, and health care. Would you really want your fellow employees to know your bank account balance, or what medications you're currently taking? How about your boss?
All of this happens by terminating the HTTPS connection at at a border, or firewall system. The traffic is then decrypted, scanned, re-encrypted and transferred to the end user. All of this works because the end user's system is told to accept the local certificate from the firewall system. The User doesn't recognize that anything is going on, because to their browser, the certificate is valid, and it's encrypted. So to them, everything is working perfectly, and they have no clue that their traffic is being snooped on. When they transmit back (say their login/password information) all of their communications simply reverse the process. The information is encrypted with the local firewall certificate, transmitted to that firewall, decrypted, scanned, and re-encrypted for the end system using the official certificate from that site.
Right now, these systems are deployed on large, paranoid corporate networks. However, it scales very simply. All an ISP would have to do is deploy a larger system (or array of systems) to do the same thing. They could convince their end users to use this system, by telling them to "Install This Network Acceleration Software," that would install their local certificate, and proxy all the traffic through their systems.
With government assistance, they could force say Network Solutions to issue a certificate that is officially signed for all networks. Then the local ISP wouldn't have to require people to install their own local certificate. They could simply pass the certificate down just like normal, and everyone's system would accept it because it was officially signed.
I'll leave the full ramifications of this process, and the problems with certificate based encryption up to others to discuss. I'll simply say this breaks the Internet, and how it was designed.
If you want a more technical in-depth discussion, this was a recent topic on /. (http://ask.slashdot.org/story/12/06/16/223208/ask-slashdot-whats-your-take-on-https-snooping) including me describing my own run in with these systems.
Siri, Apple's newest twist on artificial intelligence did start directing people who asked "what is the best smartphone ever" to the Nokia Lumia 900 over the weekend. So, apparently even Siri knows that Apple can't compete any more!
From the viewpoint of a photographer, I'd think he'd pursue defamation of character, libel, and probably a few other civil items. The FBI certainly knew (or should have known) who is was, and although he could be considered a celebrity, they definitely knew the situation was false.
This is no different than the National Inquirer publishing a false story. The only way they get away with it on a regular basis, is they buy the stories from people that tell them it's true. Once they know it's false, publishing it would be negligence under the Sullivan rule. (http://en.wikipedia.org/wiki/New_York_Times_Co._v._Sullivan)
I do this day in, and day out. I'm doing it right now. I constantly refresh my news feeds, my Facebook stalker feed, and occasionally my LinkedIn feed all looking for little tidbits of data. Something, anything to give me hope that things are getting better. That somewhere, someplace someone has figured out a plan to straighten things out again.
The worse things get, the worse news I find, the more intense I search. There's got to be a way out of this mess the world is coming to. Now if I could just find it.
As soon as all the corrections which happened to be necessary in any particular number of The Times had been assembled and collated, that number would be reprinted, the original copy destroyed, and the corrected copy placed on the files in its stead. This process of continuous alteration was applied not only to newspapers, but to books, periodicals, pamphlets, posters, leaflets, films, sound-tracks, cartoons, photographs – to every kind of literature or documentation which might conceivably hold any political or ideological significance. Day by day and almost minute by minute the past was brought up to date. In this way every prediction made by the Party could be shown by documentary evidence to have been correct, nor was any item of news, or any expression of opinion, which conflicted with the needs of the moment, ever allowed to remain on record. All history was a palimpsest, scraped clean and reinscribed exactly as often as was necessary. In no case would it have been possible, once the deed was done, to prove that any falsification had taken place.
--George Orwell, "1984"
I understand that the rest of the world deals with airport/airplane security by concentrating on "who is flying" instead of "what they bring on-board." However, in the U.S. that probably won't work as effectively. Specifically because, it will still be a government ran agency making the determination.
For example, would you agree to a credit check before you boarded a plane? The first time it appears that someone who was in "massive debt" (ie: most everyone in America) took payment to bring something on a flight, it will happen. Are you unemployed, and flying to a job interview somewhere? Sorry about you luck, you're now a security risk!
How about your driving record? Get a speeding ticket on the way to the airport? Sorry, you're reckless and distracted. You must be a terrorist!
Taxes? Are you about to be audited? What do you have to live for? You must be a terrorist!
How about medical records? Just diagnosed with a fatal condition, and want to spend your remaining days with family? What do you have to live for? You must be a terrorist!
No, "who" over "what" doesn't solve the problem, as long as the deranged puppet masters of this security theatre are still making the rules.
Government has to solve the problem, that's what government is there for. However, the mentality and approach used to determine who is a threat has to change. Ignoring humanity, and liberty to appease the paranoid will achieve nothing.
My prediction is that one of two things is about to happen. One, Universal is about to roll out an "authenticate your website" program where for a price you can have the privileged of running their advertisements.
Or, they are about to say "Oops! We thought that list was the 'approved list' not the 'disapproved list'," and they'll promptly revert the list for the time being (ie: until the bad press dies down).
Trolls and AC's aside, it was in vogue for many states to implement a three tier system after the end of strict Prohibition. 1) Manufacturer 2) Distributor 3) Retailer
Generally speaking, only in limited circumstances can a those roles blur together. For example, micro-breweries that manufacture, and sell on site, are often (but not always) exempt from the three tier setup. Yes, in some states micro-breweries are required to ship their product to a distributor, get a Federal Tax Stamp, and have it shipped right back to them. As many have said, welcome to the Alcohol Laws in the US.
I make mention of the end of "Strict Prohibition" because in many ways Prohibition has not ended. The US Government did not make Alcohol legal in the same sense that it was legal before Prohibition. Instead, the restrictions on it were loosened, and it was made legal in certain circumstances. Very controlled, and heavily taxed circumstances.
All that being said, many states are considering removing the mandatory three tier system (of course the distributors are fighting this tooth and nail), as it is often viewed as a unnecessarily contrived setup who's functionality has come to pass. (sarcasm) It's nice to know that Wisconsin is stepping up to the early 20th century. (/sarcasm)
And if you think the brewing of beer is bad, you should see the laws surrounding the distillation of liquor.
Something I don't understand, is why someone hasn't brought a lawsuit against anybody who's name is very obviously associated with the seizures. I understand that the parties that are currently associated with the actions, might not be the government entity initiating the action. However, if you sue one entity I would think that their "defense" would be "it's not us, we're just doing this on behalf of so-and-so." THEN you they could go after the "real" department initiating things.
The arguments I've heard so far about them not being able to bring legal action because they "don't know who they're suing," doesn't seem to hold water. Someone's name is on these documents, pick a name and start filing action.
Obviously I'm not a lawyer (and I honestly would love someone with a legal background to explain this to me), but from how I understand the law, the system was setup to prohibit prosecutors from bringing action you couldn't fight. Several of these domains affected have large amounts of $$ and lawyers ready to do it. Why are they just sitting around hoping for the justice department to "allow them" to fight the seizures?
I have to wonder if it will come down to suing VeriSign for illegally reassigning the domains from their appropriate owners to the US Government. That would put pressure on VeriSign to put pressure on ICE to produce the authoritative party for the seizures, would it not?
Suing VeriSign would be a civil lawsuit, thus possibly open to a class action status by all of the effected domain holders.
No I don't think VeriSign is guilty here. They just did what the court ordered them to do. However, they could be used as leverage to get to the real heart of the matter.
It is not at all clear if Mozilla could be held legally liable for its extension, but it is clear that as a group located within the US it is generally not a good idea to get "cutesy" with the DHS and the DOJ.
Mike, et al.,
I think what the AC is referring to here is the likelihood that DHS is seriously wondering if they could get away with "seizing" mozilla.org/com now that Mozilla has publicly pushed back against DHS. Asking questions privately, even though they didn't get a response, allows DHS to forget about it, and brush it under the rug. Making it public puts egg on DHS's collective face, and makes Mozilla a bigger target.
Is it right? NO
Does it change the threat to Mozilla? YES
Granted, making it public MIGHT make it harder for DHS to retaliate against Mozilla. And then again, it might not. So far DHS hasn't appeared to care about public opinion (or legal opinions for that matter) with this little game they are playing. Their egos might just feel they have to power to take down a major internet software company for allowing the circumvention of their highly questionable, yet still in their eyes "legal" seizures.
All in all, I wouldn't be surprised if mafiaafire.com is seized in the next round. It would make DHS look petty, and it appears (from text on the MAFIAAFire site) that not only is MAFIAAFire taunting DHS into doing it, but it looks like they have a backup site ready to go as well. So that seizure would be moot. Nevertheless, DHS still might do it because again, everything they've done so far they believe to be legal.
Part of me really wants to see DHS "seize" mozilla.org/com. That would be a big enough site, with a big enough budget to get this thing finished once and for all.