Arthur Moore’s Techdirt Profile

emperorarthur

About Arthur Moore




Arthur Moore’s Comments comment rss

  • Mar 21st, 2017 @ 11:22am

    Pilots not exempt!

    Fun fact. These days pilots use iPads instead of a 50lb bag of paper charts. Nothing in the current instructions exempts those pilots. While it obviously means airlines and package services (UPS, FedEx) can't fly their pilots out to these places it's actually even worse.

    If the affected airline's own pilots are exempted they will have to start carrying that extra 50lb bag, and go back to old paper charts. So, best case is pilots considering US trips to be crap duty. Worst case is the latest paper charts haven't been sent to the pilots, so they just can't fly the route. There are in between options, but that's a best/worst case scenario if pilots tools are actually banned.

  • Mar 1st, 2017 @ 4:58am

    Re: How to win with such a team...

    Another option is to limit certain voting choices. So, the coach says here's 3 or 5 choices we think will work. Pick one.

    People get points when they pick correctly. That plays in with the possible weighting system, and lets people have a personal score.

    The tricky part is defining what gives points. A goal is obvious, but maybe number of yards traveled?

  • Feb 28th, 2017 @ 11:00am

    Question

    Quick question. Many countries have additional privacy requirements for minors. What's the likelihood that this company is now in breach?

  • Feb 6th, 2017 @ 1:32pm

    USPS

    The USPS can open your mail! Under certain circumstances at least. I haven't been able to find too many articles discussing the issue, but here's one: http://www.rstreet.org/2014/11/19/yes-the-government-can-open-your-mail-without-a-warrant/

  • Feb 6th, 2017 @ 10:24am

    Re: Re: Filing Cabinets

    See my post about distributed filing systems for more information. My analogy was just that, and isn't perfect.

    The problem with this ruling is it's forcing Google to make huge technical changes to their infrastructure. I'm talking Billions of dollars worth here. At best, Google can spend a couple million to put in hacks and treat the person under investigation as a special snowflake. Except, if those hacks do involve moving data out of say the EU, then Google just broke EU law. Especially since, everyone but this judge believes ordering Google to move things so the Feds can get it is a seizure.

    Even ignoring the dubious international legality, the US really doesn't want to be known for having courts that can force company's to completely restructure their internal organization on a whim. The cost to implement the court order means this will be fought as long as possible. If Google loses, then this is additional (not codified) regulation international companies will be wary of when dealing with US markets.

  • Feb 6th, 2017 @ 10:10am

    Distributed File Systems

    I wouldn't be so sure of that.

    Google is a major contributor to distributed file system development. These are things that look like one "disk" to anyone accessing it, but are based on man hard drives running on many different computers.

    These systems are "intelligent". So if I were in Japan, it would see that and slowly move my data over to an Asian data center. Because, that way I'm not waiting for signals to travel halfway across the world and back again every time I want to read an E-mail.

    Here's a more likely example: Someone in Japan sends me (in the US) an E-mail. Google recieves that E-mail at their Asian data center, but knows I'm in the US. So, whenever I read that E-mail, or if the US data center has extra space and Google have spare bandwidth, Google will transfer it over to the US.

    Managing such a system has to be a huge effort. To find where a specific file is, they have to: find all the data blocks, map those blocks to actual disks/machines, and find out where those machines are. The best part is there are multiple copies of each block, so if a machine dies it doesn't take data with it. Then, 5 minutes later the system could shift and move all that data overseas.

    The tools just aren't designed to say that this file must be on this machine. The way Google dealt with China was just setting up an entirely separate network. That is why orders like this, or the possibility of the EU requiring all data to be stored within it's borders scares Google so much. They'd go from one distributed fault tolerant network, to a bunch of small vulnerable networks.

  • Feb 6th, 2017 @ 9:52am

    Filing Cabinets

    The best way to think about this is if Microsoft and Google were letter carriers that store copies in filing cabinets.

    Microsoft keeps their letters all in one place per client. Meanwhile, Google says shipping is cheap and puts the letters wherever they have free space. The court order is telling google to ship the letters to the US so the FBI can then seize it.

    If the filing cabinets are in the US, then the US can easily get to them. If they're in a foreign country, then you need a foreign country's permission to get to their filing cabinets. Countries don't take it lightly when foreigners raid their businesses. It's that whole sovereign nation thing.

    The only time this analogy breaks down is in the US you don't actually need a warrant to get old E-Mails. As far as US law is concerned, if those E-Mails have been sitting in the filing cabinets for long enough they're considered "abandoned." Microsoft and Google aren't exactly going to say that the US can do this though. In addition to the business loss, widely publicizing this government over reach jeopardizes multiple treaties these companies rely on.

  • Jan 25th, 2017 @ 3:09pm

    Re: "Filing cabinet"

    Nope, they'd need an Irish search warrant. It's private customer communications, that are protected by EU law.

    The interesting part about this case is that the EU and US have procedures especially designed for just that scenario. Except, in the US E-Mails are considered "abandoned" after a time so they don't need a warrant to force MS to turn them over. The EU and most of the world see this as crazy, and want to see actual probable cause first.

    Yes, I realize the US law that declares E-Mail to be "abandoned" seems to violates the 4th amendment. Funnily enough, US law enforcement doesn't really care about that...

  • Jan 25th, 2017 @ 12:59pm

    Re:

    > They report to DC government

    Umm, you know that Congress is the DC government right? Every single thing a normal city council or state legislature does is handled by congress.

    The best part is, DC doesn't even get a vote. If you live in DC you don't even get to vote in the US presidential elections. There's a reason why Washington DC has license plates saying "Taxation without representation." It's not a joke, it's a sad reality.

  • Jan 25th, 2017 @ 12:53pm

    Much worse than that

    > If Microsoft were to lose this fight they'd lose much of their overseas cloud hosting business.

    It's much worse than that. Currently most country's (including the EU*) laws lets US companies do business as long as they keep data in country. If Microsoft lost this fight it would be a perfect excuse to kick all US companies out.

    Keep in mind, that cording to Irish/EU data privacy laws Microsoft can not legally share that data with law enforcement without an Irish warrant. Meaning, the US is trying to force Microsoft to violate Irish/EU law.

    *EU has a data sharing agreement that says US companies can keep EU data in the US, but if this court decision went the other way it would probably have been canceled.

  • Jan 23rd, 2017 @ 11:45pm

    Re: If that device breaks and needs replacing at some point, are those emails forever unrecoverable?

    No, because the SSL key is separate from E-Mail encryption.

    SSL keys are used to secure communication between machines. In the case of encrypted E-Mail that's the "To" "From" and "Subject" fields that aren't encrypted. So, the metadata.

    The thing about SSL keys is that they prove that a site is who it says it is. They're the reason we trust the green lock icon in our browser. If a website lost one, they could just get another. It would be a bit of a hassle, but isn't too big of a deal.

    We only worry when an adversary has those keys. Then they can sniff traffic, or even pretend to be the website to get the e-mail encryption key.

  • Jan 12th, 2017 @ 8:14am

    Re: When do pc techs become mandated reporters?

    Whenever they find Child Porn. Just like doctors must inform law enforcement about people who they believe are going to commit self harm, or harm others.

    They're regulations that make sense, but have some nasty side effects. Someone's feeling suicidal and goes to get help. Hope they like being naked in prison, while not being allowed to sleep.

  • Jan 12th, 2017 @ 8:08am

    Re: What has Best Buy had to say about all this?

    That they cooperate with law enforcement as legally required, but don't hire informants.

    At the least I expect them to fire the employee. I also expect them to try whatever legal wrangling they can to ferret out all the other informants and fire them as well.

    It's a huge black eye to the company. They've always been known to be scummy as far as pricing and diagnosing issues goes. If they're also associated with the FBI to this extent they may lose even more business.

    On a minor side note, if the informant's name's been revealed I doubt he'll be able to get work in a technical field outside of law enforcement or government contractor.

  • Dec 21st, 2016 @ 2:05pm

    Re: Re: Surveillance is the biggest threat to security

    The problem is that costs money.

    Plus, the embedded and process control people are still new to this whole "security" thing. Stuxnet and the IOT security disaster should be proof enough of that.

    No really, I'll bet you good money that if you go to any large plant or refinery and hook into a data bus you'll see large amounts of un-encrypted traffic. That's the data keeping machines and tanks from exploding.

  • Dec 21st, 2016 @ 1:54pm

    Re:

    Where's the sad but true vote option.

  • Dec 21st, 2016 @ 1:10pm

    It still matters

    Even with brexit it still matters. The EU has been pretty strong in claiming that want to protect their citizens privacy.[1] Especially from foreign actors.

    If brexit does happen I fully expect banking regulations reinforcing the EUs privacy requirement. All the banks would then be required to move their servers to a country with more privacy protections.

    It would be a huge FU to the UK, for obvious reasons. Heck it might happen anyways if the UK appeal loses and they don't repeal the law.


    [1]If I remember what Germany's doing correctly, also pretty hypocritical too. Everyone here at TD knows what can be done with "just metadata".

  • Dec 20th, 2016 @ 1:07pm

    Re: Re: Re: Government idiocy

    > Example, the Telephone poles and the underground pipes that handle the cabling are public property.

    Umm, the entire fight about the one touch make ready legislation is the telephone poles **are not** public property. They are owned by the telcos. Who make it as difficult as possible for a potential competitor to use them.

    If you're suggesting that the government should use eminent domain to forcibly purchase vital public resources to allow competition, then I agree. Combine that with one touch make ready rules and competition becomes possible.

  • Dec 15th, 2016 @ 2:37pm

    Re: Re:

    > But, do you want to have the government get access to the birth certificate you have stored in your bank safe deposit box because someone who rents one on the other side of the vault MIGHT be storing marijuana in it?

    Perfect analogy of what they're asking for.

  • Dec 13th, 2016 @ 11:25am

    PwC Screaming "Hack Me"

    If I were a company using one of these products I'd be rather unhappy.

    Businesses, especially ones large enough to have this software, tend like stability and abhor risk. Especially in core infrastructure.

    It's why they're willing to pay so much money to Oracle for something that free products do just as well. Corporate inertia means they're not willing to face the possibility of breakage when moving to a new back end.

    PwC is relying on their products being so complicated and integral to companies that no one will switch. Unfortunately, they're probably correct. However, this may prevent new businesses from using their software. Plus, companies will implement stopgap measures, like stopping using the fancy features of the software that requires extra connectivity. Not a good way to keep customers in the long run.

    The trick is to explain to the CFO that hacks to such a system don't just mean theft. If they understand that an SAP system hack means potential securities fraud they start paying attention.

  • Oct 19th, 2016 @ 1:11am

    Re: I'm confused

    See my previous comment.

    These devices are meant to be used by smartphones away from home, but the manufacturers don't want to pay for infrastructure. Home routers have a feature, called UPNP, to allow devices to punch through the Network Address Translation (NAT) layer and become accessible to the public internet. These devices use that feature.

    Turning off UPNP will not protect you if someone is close to your house in person, but will prevent the attacks talked about in the article.

More comments from Arthur Moore >>