But I don't think it's either. I think we will be seeing more conflicts between these two interests in the future - a right to privacy, and a right to have a transparent government. In a lot of cases it's probably pretty clear cut as these interests will have little to do with each other, or one can clearly be seen as trumping the other; but there will be some surprising overlaps like this where the two interests sharply conflict with each other.
I think this was a good outcome; arguable not the best. But instead of steamrolling either concern (and both concerns are legitimate in this context I think), they worked with the concerned citizen to continue the bodycam rollout and address the privacy impact.
Now I am anxious to see if this 20-something programmer living with the parents has the technical chops to help the department and the public.
> Put the decryption keys in the hands of a 3rd party who is legally prevented from releasing the necessary keys without a full-blown warrant signed by a judge (not an administrative order signed by a court clerk).
I like where you are going, but we can actually do better; it is better to have technological measures backing up legislative restrictions. Using Shamir's Secret Sharing Scheme, we can split the video encryption key into 3 (or more) pieces, distribute them to a judge, the police department head, and a third party (ALCU or something similar), encrypt it with the recipient's public key (so the recipient has to use a personally assigned private key to decrypt it), and require any 2 to obtain the video encryption key. Now illegal or unethical review of the video requires the collusion of two people, not just one loose cannon.
The only technological weak spot now is preventing the video encryption service from leaking the key before it is wiped (unique key per video). One solution to that is to use public key cryptography so the video encryption service only ever has half the key - the other half is distributed beforehand. The only problem with that is you cannot use a separate key for each video, so one order to unlock one video exposes the key and can be used on any other video. But either solution is better than nothing, and definitely much better than entrusting the key(s) to any one entity.
well first off estimates are closer to a hundred TB, not 1.
second, this is a movie producing outfit, and several prereleases were exfiltrated. consider that it's 2014 and it's reasonable to assume that a lot of the digital touch up work is done at several locations, so pushing a few TB of 4k video edits across the wire every day (or even every couple hours) isn't that uncommon. They shut down the corporate gym in the panic, because they had no idea what machines were compromised. so they might have had a pretty bad infestation of a couple of machines. almost would have to unless they are storing their employee health plans and contract negotiation records on the same servers as the next box office bombs.
> [Stuxnet's] device drivers have been digitally signed with the private keys of two certificates that were stolen from separate well-known companies, JMicron and Realtek, both located at Hsinchu Science Park in Taiwan.
The rest of your post is pretty solid speculation as far as it goes; but I disagree in that I think Regin's usefulness is pretty much done. Doubtless the five-eyes have a completely new strain we haven't heard of yet. Likely several new strains.
it's the "no teeth for enforcement" part that really kills a lot of it's value. take the IRS records for example. everyone knew exactly what was required; the records got destroyed anyway, and no one got punished. as far as i recall.
> Forte claims proprietary software is involved and all documents would need to be printed and scanned before they could be released
That right there is the single most powerful reason to strictly enforce open software and open standards in government. That is such a completely bullshit response. The money spent on licensing proprietary garbage could instead be spent to sponsor development of the tools you need.
I can only see this going one way; the (*ahem*) "logical" conclusion is to require mandatory licensing payments regardless of whether or not google actually shows the content. Just like we pay a mandatory "tax" on hard drives, whether or not we actually rip our CDs to MP3s. And Bing, And Yahoo!, etc ad nauseum amen.
that sounds like too much work. how about a system that automatically deducts micropayments from your account whenever you see, hear, or remember anything? it'll go straight to the collection agency, and we'll figure out who to deliver the collected money to later.
> then you should also be asked to explain why the FBI, DHS or other national agency isn't included on the CC line....
Why, dear Patriot, it's due to ~~parallel~~construction~~ *cough *cough, 'scuze me, "things that we can neither confirm nor deny". National Security, you understand.
Listen, Patriot, your... curiously obsessive interest in this matter could be viewed by some as a desire to try and force the disclosure of highly sensitive operational intelligence to our enemies. Might even be construed as actively aiding enemies of the state. You wouldn't want to be seen as someone who is aligned with terrorist interests, would you?
still no good. i had to take a corporate training thing about ITAR and EAR; it's truly crazy. Some of the things I remember:
- controlled items include but are not limited to hardware, software, services, or instructions pertaining to "arms".
- services rendered: a US citizen cannot assist a foreigner with any controlled item; this also includes open-source, publicly available software or hardware that originated outside the USA and that the foreigner obtained without "going through" the USA.
- re-exportation is also illegal; even if the controlled item originated from outside the USA, if you have it you cannot "export" it. This facet is (from what I remember) unique to the USA's version (ITAR and EAR) of these laws. It makes sense that if (for example) a German national downloads a "munition" from Sweden that is (legally by Sweden's laws) available to anyone else in the world, that the German national would be able to host a mirror site. But if a US national mirrors the same "munition", it is illegal.
there is an exception for clearly dual-use items (must have significant applicability to citizen's lawful commerce), which is how openssl (and other publicly known cryptographic primitives and implementations) is allowed.
which makes me wonder what exactly whisper systems got hit with?
which raises an interesting question; aren't they creating a vast body of effectively public domain works? If you create something, that happened to be exactly what some big corp created before you, which also happened to be exactly something that this algorithm spit out before that, by definition it's not copyrightable, so you are safe, right? all we need is an (incredibly) efficient indexing algorithm!