streetlight’s Techdirt Profile

streetlight

About streetlight




streetlight’s Comments comment rss

  • May 19th, 2016 @ 12:06pm

    Would this be the canary?

    Right now Mike has clearly said Techdirt has not received a warrant. What if he said, "We can't say whether we've received a warrant" be the appropriate canary? Isn't language fun.

  • May 18th, 2016 @ 7:34pm

    Re: Sound more like the tragedy of the market

    Also, like sports broadcast networks (ESPN) that pay big bucks to sports leagues (NFL, NBA) for broadcast rights, then increasing subscriber fees to cable companies to cover these costs, resulting in cable companies increasing fees while people drop the more expensive packages containing sports networks producing major layoffs of sports broadcast personalities. Not sure this is a tragedy of the commons but it could be the tragedy of expensive cable programming and sports broadcast celebrities going away.

  • May 9th, 2016 @ 2:16pm

    Did any of Hillary's emails get out?

    Her server might have been more secure than that of the State Department's. Not sure, though. Also, not sure whether Patraeus's secrets to his mistress went beyond her. The military has pretty severe penalties when officers are involved in illicit sexual affairs, particularly if married at the time. A double whammy in his case.

  • May 4th, 2016 @ 11:06am

    Are these guys from Flint?

    Maybe they've been drinking too much water from the Flint, MI, water system.

  • Apr 27th, 2016 @ 10:40am

    Another thing improved encryption technology

    IIRC, the National Institute of Standards and Technology (NIST) was found to have purposely compromised encryption technology by producing a poor random number generator used in some encryption products. Once that was corrected I'm guessing various commercial encryption methods improved immensely.

    Perhaps a bit off topic but the push by some government three letter agency leaders and politicians for back doors to encryption probably won't stop the use of secure encryption. Should this be required and implemented then immediately cracked it would be interesting to see the response of those pushing this when their most private correspondence is published including financial records, hotel bills, notes to girlfriends or boyfriends, etc.

  • Apr 11th, 2016 @ 1:32pm

    When the anit-privacy hawks have their data revealed...

    It'll be interesting how the anti-privacy hawks will feel if they get their way regarding the installation of back doors in hardware and software and their most private and secret information is made available for all to read. For sure as soon as the back doors are installed they will be hacked and there will be no data privacy for anyone unless stored completely off the Internet. Then again, there may be some advantages. Government may become very transparent!

  • Apr 1st, 2016 @ 5:29pm

    Out for shopping today passed sign: ISS

    There's a pretty big building that I passed that houses ISS. Hmm... I wondered if they needed to change their name. I think it stands for Intelligent Software Solutions. And then there's the International Space Station, and there's a company that makes fluorescence equipment. And there are Chase bank branches all over town and I wonder if ISS employees have problems with their banking there. Oh, hum...

  • Mar 28th, 2016 @ 11:45am

    What about Google Hangouts or other apps?

    According to Google's web site:

    Conversations

    All signals, like messages, are encrypted over an HTTPS connection with 128-bit encryption, using TLS 1.2. The connection is encrypted and authenticated using AES_128_GCM. The key exchange mechanism is ECDHE_ECDSA.

    and

    Audio and video

    To improve audio and video quality, Hangouts calls use a direct peer-to-peer connection when possible, instead of routing through a server.

    Audio and video in Hangouts are encrypted using SRTP. Video is AES_CM_128_HMAC_SHA1_80, and audio is AES_CM_128_HMAC_SHA1_32 (128-bit AES encryption and SHA-1 HMAC for authentication).

    When you dial a phone number from a Hangout, audio is encrypted until it reaches the carrier network. But telephone carriers are responsible for the audio within carrier networks

    I'm not a security expert, but it seems messages using Hangouts are end-to-end encrypted over Wi-Fi and possibly over cell networks. I believe that's also the case for Gmail as messages are stored encrypted on Google's servers. Whether decryption of these Google products messages can be done by others, I don't know. Others should comment.

    The possibility of detecting members of a connected web of terrorists by just knowing their messaging connections should one or more persons in the terrorist web is a known terrorist is a fascinating possibility. This suggests the authorities need to leave at least one known terrorist at large for awhile to complete the web while keeping an eye on the connected individuals. Burner phones may be a problem in this scenario, though.

  • Mar 25th, 2016 @ 4:15pm

    No 1st Constitutional Ammendment in the UK

    The USA is one of the only places, maybe the only place, where free speech is enshrined in the a founding document. The UK does not have such a commitment as far as I know. Even then, there are limits to free speech in the USA - you can't yell, "Fire!" in a theater when there is no fire to start a riot of escape. Threatening someone with violence or other threats is not allowed and can put one in jail, too.

  • Mar 14th, 2016 @ 1:14pm

    1- Some people can't learn and 2- disobey a judge

    This sheriff has a certain mind set the prevents him from leaning when things don't go his way. His mind and thought processes are getting in the way of knowing, much less understanding, the law.

    With regard to ignoring a judge's order he might find himself in jail. Judges can do that. Putting him in jail with some folks the sheriff put there might be an interesting experience for him.

  • Feb 23rd, 2016 @ 8:49am

    Is it possible for Apple to perfectly secure their phones?

    It seems the conventional wisdom has been that no one, not even Apple, could break into one of their phone's encrypted data. I guess that's not the case. It may be Apple can't guarantee such a level of security and this knowledge will one of the most important results of this episode. Perhaps the best way to prevent anyone getting at your data is to physically destroy the phone with an industrial strength shredder and/or a high temperature blow torch focused on its parts.

  • Feb 18th, 2016 @ 8:26pm

    Re: Re: All those iPhone users have been mislead

    I admitted I was somewhat ignorant of what Apple could do and what folks who bought iPhones thought Apple or anyone else could not do, that is get at the decrypted data in the phone. According to Mike Masnick's post above even new phones can be hacked without destroying the data or the encryption key. Updating the phone's OS does not harm the data or or the encryption key if done properly. Apple can do this and apparently has done this at least 70 times for law enforcement.

    My interest is to stimulate discussion. I haven't heard whether Apple ever claimed the encrypted data and its decryption key could be obtained. It looks like it can regardless of what iPhone owners thought.

  • Feb 18th, 2016 @ 12:42pm

    All those iPhone users have been mislead

    I'm not an iPhone user and pretty ignorant about what's going on here with regard to Apple's ability to undo the encryption on it's phones, old or new, but my guess is that a vary high percentage (>>99% ?) of iPhone purchasers believed that no one, not even Apple, could gain access to the encrypted data on an iPhone that was properly secured. I'm not sure Apple ever said that but it seems to be the conventional wisdom. It's also possible that a lot of folks didn't care, but for knowledgeable people who use their iPhones for things that ordinary, law abiding folks do, such as banking, retail purchases at brick and mortar stores, etc., such security was very, very important. Apple needs to match perception or admit it can't be done.

  • Feb 18th, 2016 @ 12:17pm

    Re: Can the engineers refuse?

    Can the engineers refuse?

    Anyone can refuse to obey a court order but there may be penalties for doing so, including jail time until the order is obeyed.

  • Feb 2nd, 2016 @ 3:53pm

    Re: Re: I can see the future.

    Non-standard cable box support fee: $35.00

    And everyone would have to pay the fee regardless of whether or not they rent their box

    Exactly. Might not be a separate fee but a greater the usual increase in subscription fees to cover the lost revenue.

  • Feb 2nd, 2016 @ 3:47pm

    Re:

    TV sets have basically become video monitors with multiple inputs - cable/satellite boxes, Blu-ray players, Chromecasts, Rokus, gaming consoles, computers, etc. The only real requirement is they contain an over the air broadcast tuner. I don't even know why they need to have "smartness" built in and from my experience the smart TV UI is horrible. If the built in cable box were to die or need hardware upgrade to get the latest video experience, you'd probably have to throw the whole thing away or get a new attachment anyway. Keep the TV as a video monitor and let folks buy the attachments they want.

  • Jan 28th, 2016 @ 5:23pm

    Re: Re: Re: Re: I see a future business

    "covering a license plate with anything is illegal."

    Is it illegal to drive in a snow storm?

    In Colorado, it's illegal to drive in a snowstorm if you don't have the right kind of tires or traction gear (chains). If drivers block traffic or skid off the road and don't have the proper traction the fine is something like $600 or more. Commercial vehicles must carry chains, whether it's snowing or not, from something like Oct. 1 to May 31. The fine there is $1,000. Accidents have decreased greatly since this law was enforced.

  • Jan 28th, 2016 @ 12:50pm

    Re: Re: I see a future business

    "in plate overlays that do not make human-unreadable but machine unreadable.

    IIRC, in my state of Colorado, covering a license plate with anything is illegal. One other use of license plate readers here is the toll roads use them to bill drivers.

  • Jan 21st, 2016 @ 12:49pm

    The Internet of things including thermostats

    Didn't I read somewhere that Google's connected thermostat update drained the battery and prevented access. The result was that there was the possibility of a cold house and maybe frozen water pipes. Bad for folks who went to a warm place to get away from those Northern Minnesota temperatures and couldn't use their cell phones to warm up their houses.

  • Jan 12th, 2016 @ 7:04pm

    Others have noted...

    I read that the recent Paris terrorists used unencrypted phone communictions which were obtained by the authorities but it was never recognized for what it was. Just because it's readily available doesn't mean it'll be read and even then any action taken. One of the problems with all the enormous amount of information collected there's just too much to analyze. When one collects billions and billions of phone calls, emails, SMSs, MMSs, etc., finding the 10 or 100 that might be significant is almost impossible. There's information overload. Then again, the San Bernardino terrorists apparently never communicated about what they were intending using technology. My guess is that in the future terrorists will not use discoverable communication methods.

    I'm not sure Bernie Madoff would be considered a terrorist but it is estimated his "clients" lost ~$18 billion over many years starting in 1970. His activities were in the open and the financial regulators didn't find out until ~2008. If someone can hide their nefarious activities in one of the most highly regulated industries in the world, why can't violent terrorists do the same despite the intense surveillance by all these three letter agencies?

    Looking at everything isn't going to work. Perhaps an implication of the quotation above from the NY state constitution and the US Constitution about probable cause and the sanctity of personal documents suggests a very narrow, focused search for the bad guys. It might even require spies infiltrating organizations before getting proper search warrants. It might even cost less than what's being done now.

More comments from streetlight >>