Andrew F 's Techdirt Comments

Latest Comments (469) comment rss

  • On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy

    Andrew F ( profile ), 31 Oct, 2013 @ 10:17pm

    Re: Re: Re: Re: Re: A total fantasy.

    Yes, but it only needs to go one-way for the argument to work. If you want to maintain anonymity, you cannot adopt certain security measures like analyzing each packet going in and out of your network. Without adopting those measures, you may be at greater risk of having private information accessed by third parties. That's the point being made by Art Coviello. If the right to anonymity trumps security, then other private information is at risk. Security analysis may be questionable, but the logical chain is fine.

  • On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy

    Andrew F ( profile ), 31 Oct, 2013 @ 03:08pm

    Re: Re:

    Sure it is. Intentionally nixing anonymity alone doesn't increase security, but certain security measures make it harder to be anonymous.

  • On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy

    Andrew F ( profile ), 31 Oct, 2013 @ 03:05pm

    Re: Re: Re: A total fantasy.

    Give up sufficient privacy and you are no longer anonymous.

  • On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy

    Andrew F ( profile ), 31 Oct, 2013 @ 10:29am

    Re:

    To act as devil's advocate (or advocate) to the point made in my own post, the concern would be that excessive security measures ultimately decrease security (and privacy). If we're using backdoors or analysis of centralized repositories of user data to detect attacks, not only are we hurting anonymity but we're making our network less secure (and private) as well.

  • On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy

    Andrew F ( profile ), 31 Oct, 2013 @ 10:25am

    Re: A total fantasy.

    Again, I don't entirely agree with his line of thinking, but it's not about "real names". Suppose, as a matter of network security, you were analyzing packets entering or leaving your network and comparing them against historical records of network data. This would enable you to detect security anomalies but also raises privacy concerns.

    By way of analogy, it's sort of like saying, "I want to be able to access my grandma's e-mail to make sure she didn't reply to some identity theft scam." The goal isn't to find real names, but to detect unusual behavior. Creepy and paternalistic? Yes. But not about real names per se.

  • On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy

    Andrew F ( profile ), 31 Oct, 2013 @ 09:54am

    How Coviello arrives at the conclusion that anonymity is damaging privacy isn't exactly clear. It may be the enemy to security (or at least, unhelpful to retributive actions), but the online anonymity shielding crooks doesn't threaten users' privacy, at least not directly.


    I don't entirely agree with him, but the point he's trying to make is pretty straight-forward actually: Anonymity decreases security. Without security, criminals (or the NSA) can break in and access your private information. That's bad for privacy.

  • On the post: Yelp Reviewers Launch Class Action Lawsuit Claiming They're 'Unpaid Employees'

    Andrew F ( profile ), 28 Oct, 2013 @ 02:26pm

    I estimate that my Yelp reviews are worth 200 million theoretical Internet Dollars and I demand to be paid!

  • On the post: NSA Urged US Officials To 'Share Their Rolodexes' So NSA Knew Phone Numbers Of World Leaders To Track

    Andrew F ( profile ), 24 Oct, 2013 @ 01:31pm

    Snowden

    This sort of belies Snowden's claims that he carefully vetted materials going out to journalists for things for things that might affect national security. The rationale for Snowden doing public was that the U.S. was conducting illegal surveillance on its own citizens (something that violates the NSA's mandate and raises 4th Amendment issues).

    In contrast, spying on the French or the Germans may be a bad idea, but it's not illegal or unconstitutional. It's part of the NSA's job to spy on foreign leaders (even our allies). It's one thing to whistleblow on illegal behavior. It's another to release classified information because you have a policy disagreement.

  • On the post: Former Federal Prosecutor Accuses DOJ Of Retaliatory Acts For His Refusal To OK An Illegal Search And Seizure

    Andrew F ( profile ), 17 Oct, 2013 @ 04:08pm

    Re:

    Proper channels typically means "up and out" -- the problem being "up" often means reporting to the problematic party to begin with. Not sure what a proper "out" channel would be, but I wonder if giving government contractors a way to bring cases directly, discreetly, and pseudonymously to the judiciary would work.

  • On the post: Ohio Zombie-Man Confirmed Dead By The Court He Personally Attended

    Andrew F ( profile ), 10 Oct, 2013 @ 02:45pm

    Re: Re: Re: Who is really the zombie here?

    Because not all laws are written this way -- many laws still include concepts such as "reasonableness" or "substantial evidence", which permit a fair degree of judicial discretion.

    Judges also decide what to do if you have two laws that are otherwise clear but contradict each other when presented with a particular test case (that wasn't anticipated at the time the law was drafted or "encoded").

  • On the post: Ohio Zombie-Man Confirmed Dead By The Court He Personally Attended

    Andrew F ( profile ), 10 Oct, 2013 @ 02:39pm

    Re: Re: Re: Re: Re: Who is really the zombie here?

    Because natural language processing isn't quite there yet and the the law isn't (yet) written in a machine-readable format (although there are attempts to do this -- take a look at https://github.com/mpoulshock/hammurabi)

  • On the post: Privacy Is A Part Of Civilized Society: There's No Defense For Having It Taken By Force

    Andrew F ( profile ), 10 Oct, 2013 @ 02:25pm

    Re: Re: Information Wants to Be Free

    Our PERSONAL information, unless we knowingly give it out for use in some kind of study, is NOT information that "wants to be free."


    YOU (and I) personally don't want such information to be free, but it happens. Information wants to be free is not a normative statement about what should happen but what does happen.

    A substantial amount of the information that triggers the Streisand effect is "personal", yet we see how well efforts to control that go.

  • On the post: Privacy Is A Part Of Civilized Society: There's No Defense For Having It Taken By Force

    Andrew F ( profile ), 10 Oct, 2013 @ 02:21pm

    Re: Re: Information Wants to Be Free

    It might be wasted type but you're aware that prior to the NSA being directed to subvert the order that the order was no domestic surveillance, correct?


    Yes, but it didn't work. And there's no easy way to enforce it. Or know when it's being violated.

  • On the post: Why Healthcare.gov Sucks? Because They Hired Political Cronies, Not Internet Native Companies To Build It

    Andrew F ( profile ), 10 Oct, 2013 @ 02:33pm

    Regulatory Capture

    What part of this is outright cronyism vs. regulatory capture? I know plenty of people who could build healthcare.gov quickly, reliably, and cheaply, but I've also seen plenty of government contracts. Those things can be monstrous, and there are plenty of qualified individuals unable to work on healthcare.gov solely because they couldn't (or wouldn't) want to comply with all of the government's rules. Imagine if you had to do a cost-benefit analysis or choose the lowest bidder on every sub-component of your system. Ugh.

  • On the post: Privacy Is A Part Of Civilized Society: There's No Defense For Having It Taken By Force

    Andrew F ( profile ), 09 Oct, 2013 @ 02:06pm

    Information Wants to Be Free

    One thing that gets tossed around a bit here but is missing from the privacy discussion: Information wants to be free. What doesn't that apply to information we want kept secret from the NSA?

    We usually use that phrase in the context of paywalls or DRM. But it's absolutely relevant here as well. Even if we didn't explicitly bargain for the NSA to see our private information (much as content holders don't bargain for their content to be shared outside of the original licensee), anything we put on the Internet can and will make its way out to them if they truly want to see it -- if not be the NSA, then surely by a foreign government which owes us even less accountability than the NSA (if such a thing is possible).

    That doesn't me we have to condone domestic spying, much as we can recognize piracy happens without condoning it. But it does suggest that attempts to keep information private are a temporary stop-gap at best.

    I'd argue that a better place to draw the line is not "what does the government know?" but rather "what can the government do with what it knows?". It's hard to control the flow of information, but it is (somewhat) easier to recognize and prevent certain conduct. I'm not sure what those conduct-based lines would be, but the DEA's prosecution of drug-based offenses based on NSA intel definitely fall on the wrong side. Privacy is a part of civilized society -- but not all aspects of civilization can be legislated. IMHO, our efforts are probably better directed at identifying specific harmful acts we want the government to refrain from, rather than a blanket ban on domestic surveillance.

  • On the post: Privacy Is A Part Of Civilized Society: There's No Defense For Having It Taken By Force

    Andrew F ( profile ), 09 Oct, 2013 @ 01:43pm

    Trade Off = Taxation

    The problem with the trade-off analysis is that it trivializes the issues of privacy somewhat. If we're OK with sharing private information as part of an exchange for services, but disapprove of that information being acquired without our consent, that implies that what the NSA is doing is equivalent of taxation without representation (or inadequate representation).

    That's an important issue for sure -- one important enough to have started the American Revolution -- but I don't think that's the harm people are thinking of when the NSA spies on them. For example, the CIA spends all sorts of taxpayer money on secret gadgets, many of which probably have questionable benefits for national security. But that doesn't invite the same type of outrage that Snowden's revelations did.

  • On the post: DailyDirt: Who Cares if You Went To A Good School?

    Andrew F ( profile ), 30 Sep, 2013 @ 06:26pm

    Re: The 1% like Mike who went to the Ivy League care.

    Skull and Bones is Yale.

    Sorry, couldn't help myself.

  • On the post: California College Tells Student He Can't Hand Out Copies Of The Constitution On Constitution Day

    Andrew F ( profile ), 19 Sep, 2013 @ 05:18pm

    Re: Re: Re:

    Incorrect. There are, however, some rulings that would suggest the contrary:

    http://en.wikipedia.org/wiki/National_Socialist_Party_of_America_v._Village_of_Skokie (neo-Nazi march in a Jewish community protected)

    http://en.wikipedia.org/wiki/R.A.V._v._City_of_St._Paul (law against cross burning unconstitutional)

    http://en.wikipedia.org/wiki/Snyder_v._Phelps (Westboro's picketing a funeral protected)

  • On the post: Tech Companies Speak Out About NSA Encryption Breaks And They're Not Happy

    Andrew F ( profile ), 09 Sep, 2013 @ 05:31am

    Context

    As far as I know, both Snowden and Bruce Schneier (who has access to the full set of Snowden materials) still believe the fundamental math behind encryption is sound and that NSA is merely "cheating". https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html

    Also worth noting is that most, if not all, of the "breakthroughs" by the NSA can merely be described by exploitation of publicly known vulnerabilities in encryption. http://arstechnica.com/security/2013/09/of-course-nsa-can-crack-crypto-anyone-can-the-question-is-how-much/

  • On the post: NSA Defender Claims Thousands Of Abuses By NSA Shows 'The System Is Working Well'

    Andrew F ( profile ), 16 Aug, 2013 @ 03:29pm

    Makes Sense

    This actually makes sense if you accept the basic premise of the NSA's argument re privacy -- there is nothing wrong with collecting information so long as we don't act on it in an inappropriate manner. By way of analogy, Google's collection of Wi-Fi data via StreetView was incorrect, but ultimately harmless since it deleted the data collected without sharing or doing anything with it. The fact that it's happening 1000s of times is meaningless if you consider each violation unimportant (1000 times nothing is still nothing).

    The more damning argument, IMHO, is the revelation that the NSA data is, in fact, not merely being improperly collected but improperly used against U.S. citizens. Specifically, there is no reason for NSA data to be shared with the IRS or the DEA, no matter how broad a definition of national security you throw out there. Full stop. But it is. And that's wrong even under the NSA's rules.

Next >>