There's no excuse for FinCEN to exist.
Of course it's going to be "abused" like this; that's completely obvious and unsurprising.
But its official "use" is illegitimate mass spying in the first place.
The DEA is a threat to families. It's a brutal jackbooted agency that exists only to enforce laws that aren't even within the government's legitimate scope of legislation in the first place. And, like the rest of the DOJ, it does that in a calculatedly inhuman way. Next time you might want to pick a better example.
"Broadband providers should not block, throttle, or otherwise discriminate against lawful websites and services.”
... and the operators of either of the effective duopoly of mobile app stores should not block or otherwise discriminate against lawful applications, even if they compete with their own offerings...
... does not exist, and nobody has the slightest idea how to build it.
Only a credulous idiot would think that today's AI was even remotely close to being able to tell when a real crime was being committed, let alone when one was about to be. That would require at least human-level AI, and probably better than human.
Yes, there's stuff that can watch parking garage video and detect behavior that's often characteristic of people trying to break into cars... and then alert an actual person to watch that camera. No, there is nothing that can tell with any certainty when somebody is ACTUALLY trying to break into cars.
And that is a million times easier than somehow detecting any possible kind of pre-crime that may have been dreamed up by somebody with weeks to plan it.
Certainly NSO can't be expected to prevent end users from using its malware for evil, but it could be more selective about who it sells to.
To heck with that.
Selling exploits and malware is out of bounds, period. It doesn't matter who you sell them to. These people need to get real jobs.
Or at least fuck them as most often conceived.
If the network wants to protect its own resources by not allowing huge traffic floods, especially without some indication that the recipient actually wants the data, that's good. If the network wants to start guaranteeing that the source address on a packet bears some relation to where that packet came from, that's also good.
But oddly enough the people pushing "smart networks" don't want to make networks smart when it comes to dealing with their own internal functions, because that's actually hard. Nobody wants to actually redo the routing infrastructure.
Instead, what they want to do is to spy on traffic, filter it, "collect intelligence" from it, and sometimes react to it... including with things that you could reasonably call security attacks. In the process they'll introduce a bunch of complexity and create gridlock by making everything depend on everything else. And they'll further blur the lines about what you're allowed to do to somebody else's traffic. Those are actively bad for security.
Not to mention the number of things they'll simply break, because it's crazy hard to look at the traffic between two other parties and intuit what they're actually doing.
They'll also create the machinery for an Internet police state. I'm not saying there's any kind of conspiracy to do that. I'm saying that that's what the technology is actually good for, regardless of anybody's current intentions.
Anybody who suggests "smart networks" as a solution for any kind of privacy problem needs their head examined.
If some piece of shit endpoint misbehaves, then other endpoints need to protect themselves, and the network needs to stay out of it.
... that Techdirt will now be retracting this idiocy:
https://www.techdirt.com/articles/20170329/13234837037/no-you-cant-buy-congresss-internet-data-anyone-elses.shtml
A corporation is nothing but a creation of government in the first place. How is it nonsensical if the government tells the corporation it can't do business in a certain way?
No, they can't physically prevent anybody from viewing public social media data.
They also can't prevent anybody from, say, racial discrimination, and if you're not a total idiot and avoid creating a paper trail, they can't even reliably catch you at it. Nonetheless, it's demonstrably effective when they create anti-discrimination rules, because your average manager isn't going to take any risks.
What they really ought to be doing is setting a rule that nothing you do that's not clearly and directly related to the work can be considered in making corporate employment decisions.
Correction: it was 6 figures, not 7. But I literally did do nothing at all, not even come in to work.
You can find people goofing off like that anywhere. ANYWHERE. Public sector, private sector, intelligence, law enforcement, judicial branch, and hot dog stands. And, yes, they get away with it at about the same rate everywhere.
I had a private sector job where I was paid 7 figures for two years to literally do nothing at all.
So what is interesting about this personnel matter, other than your desire to demonize anybody who works for the government?
I would use open source, yes. With the understanding that that's not foolproof.
Look folks. If you let somebody other than yourself hold your unencrypted data (or hold the keys to your encrypted data), then you can expect those data to be given to people you don't want them given to.
That's not a US law matter, and it's not an international law matter. It's a laws of physics matter. It will happen regardless of anybody's laws.
Only idiots store anything in the cloud unencrypted if they don't want it known.
The solutiond to this are decentralization, user-managed end-to-end cryptography, and stealth technology. Where that interacts with the law is in the need to keep those things from being forbidden (or to make it impossible to enforce any laws against them).
Spending time on some doomed attempt to keep governments from forcing corporations to turn over data is a distraction.
It may actually be a useful distraction, because as long as the governments think they can get what they want by attacking Google or whoever, their attention doesn't turn to finding ways to attack the actually effective technical approaches. With some luck, you might even get them to tie themselves up in giant nets of treaties and precedents that would make it harder for them to interfere with anything actually effective once they figured out that they needed to.
But it's not useful to drink your own Kool-Aid and think that you'll ever get useful protection from Google, Microsoft, or anybody else.
The easiest way to implement that would be just to log the session keys, rather than handing over the private key. That works even with PFS. But an even easier way is just to hand over the plaintext, which is what a bank would do. I predict that it will be extremely rare, if it ever happens at all, for there to be any demand for anybody to decrypt something ephemeral like TLS. What these guys are really interested in is logged text messages, email, files in cloud storage, contents of phones, and the like. They don't want to grovel through your HTTP traffic. They want your personal papers served up on a silver platter.
You know, noxious as this sort of thing is, you shouldn't be trusting a third party to encrypt your data for you in the first place. Forcing those third parties to break their security won't "kill real encryption", because "real encryption" is done end to end without trusting them in the first place.
To be fair, you can't really blame the Manchester border police for following up on that complaint, given the terrorist attack that had taken place in the city just 24 hours before.
Yes, yes I can. It was a stupid complaint and a stupid thing to follow up on, and I don't really give a damn if the monkeys were scared that day.
Hey, I will give you 10 magic points if you go over to the nearest park and stomp the flower beds. You can even tell everybody you have 10 points.
That's a sincere offer. I'm making it for snarky reasons, but I truly promise that if you go do that, I will award you 10 points. Think of it! 10 points! Awarded by me!
Now, if you go stomp the flowers, who should the law hold to account?
No, the real stupid that happened here were her constituents that vaulted her to the halls of power instead of showing her to the door reserved for crooked politicians. It pains me to say that, since I am very much not a Republican or conservative, but honesty compels me to call stupid by it's proper name.
Actually, the alternative to Harris would have been Loretta Sanchez, who was running to the left of her. The final ballot was Harris vs. Sanchez. There was no serious Republican candidate for that seat.
Yep, they're pretty close to the same, definitely to the point where they had to be cut and pasted. State legislators are mostly morons, so you can usually find one to introduce any garbage you want...
The "shall not provide to a consumer methods, source code, or other operating instructions" gag order is itself an unconstitutional prior restraint on speech, and probably a more dangerous one than the porn restriction itself.
Trying to restrict any site that might "facilitate prostitution and the trafficking of persons for sexual servitude" is surely unconstitutional because of the sheer breadth of what you could read "facilitate" to mean.
Delegating the decision about what to block to a private company with no meaningful oversight is a huge due process issue.
The fact that it requires something that's technically impossible might also be a wee little due process issue. And if you defy the clear language and read it down to require only what is technically possible, then it fails on vagueness.
Re: Ah good old 'If it's in the rules I don't need to think for myself'...
I believe the current legal rule for determining whether a cop can "reasonably be expected" to know that his or her actions are illegal, unconstitutional, excessive, or whatever is that it has to have been personally explained to that particular cop by at least three Supreme Court Justices, on separate occasions. On videotape. Within the last week. With a signed triplicate acknowledgement from the cop. But only if the cop's behavior causes the horrible, painful death of a total innocent, and the case is absolutely identical to the explained situation in every detail including the names. Otherwise it has to be the whole court en banc. I think there's some kind of good faith exception, too. By the way, the standard for prosecuting a citizen for identical behavior is that the behavior has to vaguely resemble something that might be illegal in the twisted mind of a prosecutor somewhere in Pakistan.