Goofy systems like the Electoral College aside, I believe that in the general case politicians get elected because a simple majority (50% + 1) of eligible voters who actually vote want them elected.
The will of the non-voter is entirely irrelevant, as is the cause of their non-voting status. Additionally, from a practical perspective, a non-voting constituent isn't a constituent. Voting constituents on the losing side of the election are also irrelevant to politicians.
with the low voter turnouts we've seen the last decade plus, it makes it easy for politicians to know who to try to please - and it only seems to be - on average - 10-15% of the registered voters in any given district.
Cache locally until cell service is restored. Done.
Also, it would be fairly trivial to compare GPS location of vehicle w/ cellular coverage map of provider. If they're using Verizon, and over the course of 8 hours you don't see any cellular coverage while the GPS shows you're in downtown LA, you're busted. Oh, and now you've clearly intentionally interfered with the proper function of their vehicle. You might want to check the fine print for penalties for that.
"Would you go after someone who knows everything about you and can place evidence on your or your friends computers (i.e. child pron or money trace to some terror group) which destroys your/their life?"
...And this is why "Congressional Oversight" has failed so miserably, and will continue to do so.
since I can't edit: Yes, IC/Military have their own set of legislation that they have to abide by, but acts like the CFAA specifically exempt them so long as the activity is "lawfully authorized".
In this case, it's safe to assume that CIA legal counsel has a set of orders stashed way which "authorizes" the activity for the purposes of compliance with the CFAA. And if they don't, well, it's fairly trivial (in practice) to generate such paperwork retroactively.
Most US Federal laws around this type of activity include explicit exceptions for LE/IC/Military organizations.
Easy way to check: Pull up the specific law in question in a browser, and search repeatedly for the word "intelligence". When you get to the phrase "intelligence community", you have arrived. That's where the LE and Military exemptions will be as well.
(f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
This type of carve out is pretty much boilerplate.
"The tricky part is subverting the compiler in a way that nobody notices it has been subverted"
How many developers actually validate their compilers? As far as I'm aware, very few people/organizations expend any effort on the compiler unless it's producing obviously broken object code - particularly when the compiler is delivered pre-built, like XCode is.
When I see phrases like "developers were boasting" that they'd figured out how to manipulate a compiler, it makes it sound like they felt they'd hit on a fresh, new concept.
"The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people."
So...some of the best CompSci minds in the US figured out that if you control the compiler, you can make code compiled with that compiler do what you what you want. And even better, if you put that compiler on the workstation of a developer who builds a popular product, you get a compromised binary installed on lots of systems.
Am I missing something? This attack vector is obvious, and frankly every compiler available, across every computing platform available, is "vulnerable" to this type of manipulation.
This goes all the way back to Ken Thompson's ACM Turing Award Lecture "Reflections on trusting trust" - that he presented in August of 1984, if I'm not mistaken - and was fairly well known and understood back then.
Many things in life are greatly simplified when you consult the manual.
But here's the thing: substantially fewer than 1% of the general public will read a manual. If they can't figure out proper usage from the user interface, they'll either use the product incorrectly (and be dissatisfied), or they won't use the product.
In a world of mobile apps, any software package designed for use by the general public that requires reading of anything to achieve basic functionality is pretty well doomed from the outset.
Oh, I can hear the prepared police statement now....
"To prevent the suspect from committing suicide, the officers opened fire, thereby killing the suspect. The shooting was justified, as there was a clear and present danger that the suspect - an upstanding member of the public - was placing a member of the public at risk."
An open-source firmware for hard disks may not be as simple as that. I've heard - 2nd hand, but from a source I put a reasonable amount of trust in - that at least one of the vendors listed has set the hard drives up to require signed firmware, or the disk won't accept it. if you can't sign the code with a key the disk will accept, your open source project won't gain traction.
Also: it would short sighted to assume the scope of the actions here is limited to hard drives. Yes, this set of recently released documents is HDD specific. Yes, HDD's make an excellent target for this attack vector, for a variety of reasons, not the least of which is that, being hard disks, storage space presumably isn't an issue and so you presumably wouldn't be so severely constrained on the size of the malware you were shipping. But hard disks aren't the only built-in peripherals that allow for field-upgradeable firmware. Video cards, mother boards, CPU's - almost all of them have some amount of field-writable, onboard storage coupled with the firmware that allows them to operate. In fact, while they'd be harder targets, they might well be more valuable.
After all: You can remove a potentially compromised HDD from a system entirely, and run it off of live media on thumbdrive/cd/dvd/etc. Most people would have a very hard time running that same live media system w/o a video card. Or a motherboard.
Can't wait to see someone try this defense in court and then lose terribly when it doesn't work.
That's exactly what would happen. Although for a politician or investigator, it wouldn't have to get to court - just to the press.
Our societies built-in skepticism and inclination to pre-judge guilt based on the news media is exactly why this would be such a nasty lever, were it to be used - People claim "it wasn't me" so frequently that no one pays attention when that might actually have been the case.
(please note, I'm not saying this has actually happened. I have not idea if it has or not. But assuming the NSA has its fingers into everything as deeply as it's been reported - there's nothing that can really prevent it.)
They have it because the threat model when the spec was developed excluded (accidently or intentionally) "TLA's grabbing all the keys".
The current crypto key generation model saves time and costs associated with key generation at the time of deployment, and frankly, is probably a large part of why deployment is so smooth (I can go to my cell phone carrier today, ask for a SIM card, and get one, pretty much no questions asked).
(and, by the way, anyone know if the SIM's pre-printed ID is also the key? From what I"ve seen, the crypto algorithms are clearly symmetric, there's no reason the SIM ID couldn't be the actual crypto key)
There's nothing Gemalto _can_ do about it that would be meaningful. The specification was designed more to ensure that unauthorized handsets couldn't use the network than to prevent mass surveillance from an organization with access to all of their keying material.
"Oh, hey, sorry about the compromised crypto keys on that first SIM, here's a free replacement. We know that _these_ crypto keys are secure because, well, Um...."
Shouldn't there be some prosecuter out there working on a CFAA case against them
Almost everyone is focusing on the NSA's ability to "get any data they want", but if the NSA and other TLA's are as deeply embedded into computer networks as they're rumored to be, then they have, or can get, Read-Write access to damn near anything they want. You have to assume they can trivially plant evidence as easily as they can retrieve it.
Unfortunately, If we've crossed the rubicon, you can be certain that any prosecutors, judges, politicians, etc, who might initially push back against the NSA and other assorted three letter agencies might quickly find themselves convinced to look the other way, lest they end up out of a job or in prison.