streetlight’s Techdirt Profile

streetlight

About streetlight




streetlight’s Comments comment rss

  • Apr 27th, 2016 @ 10:40am

    Another thing improved encryption technology

    IIRC, the National Institute of Standards and Technology (NIST) was found to have purposely compromised encryption technology by producing a poor random number generator used in some encryption products. Once that was corrected I'm guessing various commercial encryption methods improved immensely.

    Perhaps a bit off topic but the push by some government three letter agency leaders and politicians for back doors to encryption probably won't stop the use of secure encryption. Should this be required and implemented then immediately cracked it would be interesting to see the response of those pushing this when their most private correspondence is published including financial records, hotel bills, notes to girlfriends or boyfriends, etc.

  • Apr 11th, 2016 @ 1:32pm

    When the anit-privacy hawks have their data revealed...

    It'll be interesting how the anti-privacy hawks will feel if they get their way regarding the installation of back doors in hardware and software and their most private and secret information is made available for all to read. For sure as soon as the back doors are installed they will be hacked and there will be no data privacy for anyone unless stored completely off the Internet. Then again, there may be some advantages. Government may become very transparent!

  • Apr 1st, 2016 @ 5:29pm

    Out for shopping today passed sign: ISS

    There's a pretty big building that I passed that houses ISS. Hmm... I wondered if they needed to change their name. I think it stands for Intelligent Software Solutions. And then there's the International Space Station, and there's a company that makes fluorescence equipment. And there are Chase bank branches all over town and I wonder if ISS employees have problems with their banking there. Oh, hum...

  • Mar 28th, 2016 @ 11:45am

    What about Google Hangouts or other apps?

    According to Google's web site:

    Conversations

    All signals, like messages, are encrypted over an HTTPS connection with 128-bit encryption, using TLS 1.2. The connection is encrypted and authenticated using AES_128_GCM. The key exchange mechanism is ECDHE_ECDSA.

    and

    Audio and video

    To improve audio and video quality, Hangouts calls use a direct peer-to-peer connection when possible, instead of routing through a server.

    Audio and video in Hangouts are encrypted using SRTP. Video is AES_CM_128_HMAC_SHA1_80, and audio is AES_CM_128_HMAC_SHA1_32 (128-bit AES encryption and SHA-1 HMAC for authentication).

    When you dial a phone number from a Hangout, audio is encrypted until it reaches the carrier network. But telephone carriers are responsible for the audio within carrier networks

    I'm not a security expert, but it seems messages using Hangouts are end-to-end encrypted over Wi-Fi and possibly over cell networks. I believe that's also the case for Gmail as messages are stored encrypted on Google's servers. Whether decryption of these Google products messages can be done by others, I don't know. Others should comment.

    The possibility of detecting members of a connected web of terrorists by just knowing their messaging connections should one or more persons in the terrorist web is a known terrorist is a fascinating possibility. This suggests the authorities need to leave at least one known terrorist at large for awhile to complete the web while keeping an eye on the connected individuals. Burner phones may be a problem in this scenario, though.

  • Mar 25th, 2016 @ 4:15pm

    No 1st Constitutional Ammendment in the UK

    The USA is one of the only places, maybe the only place, where free speech is enshrined in the a founding document. The UK does not have such a commitment as far as I know. Even then, there are limits to free speech in the USA - you can't yell, "Fire!" in a theater when there is no fire to start a riot of escape. Threatening someone with violence or other threats is not allowed and can put one in jail, too.

  • Mar 14th, 2016 @ 1:14pm

    1- Some people can't learn and 2- disobey a judge

    This sheriff has a certain mind set the prevents him from leaning when things don't go his way. His mind and thought processes are getting in the way of knowing, much less understanding, the law.

    With regard to ignoring a judge's order he might find himself in jail. Judges can do that. Putting him in jail with some folks the sheriff put there might be an interesting experience for him.

  • Feb 23rd, 2016 @ 8:49am

    Is it possible for Apple to perfectly secure their phones?

    It seems the conventional wisdom has been that no one, not even Apple, could break into one of their phone's encrypted data. I guess that's not the case. It may be Apple can't guarantee such a level of security and this knowledge will one of the most important results of this episode. Perhaps the best way to prevent anyone getting at your data is to physically destroy the phone with an industrial strength shredder and/or a high temperature blow torch focused on its parts.

  • Feb 18th, 2016 @ 8:26pm

    Re: Re: All those iPhone users have been mislead

    I admitted I was somewhat ignorant of what Apple could do and what folks who bought iPhones thought Apple or anyone else could not do, that is get at the decrypted data in the phone. According to Mike Masnick's post above even new phones can be hacked without destroying the data or the encryption key. Updating the phone's OS does not harm the data or or the encryption key if done properly. Apple can do this and apparently has done this at least 70 times for law enforcement.

    My interest is to stimulate discussion. I haven't heard whether Apple ever claimed the encrypted data and its decryption key could be obtained. It looks like it can regardless of what iPhone owners thought.

  • Feb 18th, 2016 @ 12:42pm

    All those iPhone users have been mislead

    I'm not an iPhone user and pretty ignorant about what's going on here with regard to Apple's ability to undo the encryption on it's phones, old or new, but my guess is that a vary high percentage (>>99% ?) of iPhone purchasers believed that no one, not even Apple, could gain access to the encrypted data on an iPhone that was properly secured. I'm not sure Apple ever said that but it seems to be the conventional wisdom. It's also possible that a lot of folks didn't care, but for knowledgeable people who use their iPhones for things that ordinary, law abiding folks do, such as banking, retail purchases at brick and mortar stores, etc., such security was very, very important. Apple needs to match perception or admit it can't be done.

  • Feb 18th, 2016 @ 12:17pm

    Re: Can the engineers refuse?

    Can the engineers refuse?

    Anyone can refuse to obey a court order but there may be penalties for doing so, including jail time until the order is obeyed.

  • Feb 2nd, 2016 @ 3:53pm

    Re: Re: I can see the future.

    Non-standard cable box support fee: $35.00

    And everyone would have to pay the fee regardless of whether or not they rent their box

    Exactly. Might not be a separate fee but a greater the usual increase in subscription fees to cover the lost revenue.

  • Feb 2nd, 2016 @ 3:47pm

    Re:

    TV sets have basically become video monitors with multiple inputs - cable/satellite boxes, Blu-ray players, Chromecasts, Rokus, gaming consoles, computers, etc. The only real requirement is they contain an over the air broadcast tuner. I don't even know why they need to have "smartness" built in and from my experience the smart TV UI is horrible. If the built in cable box were to die or need hardware upgrade to get the latest video experience, you'd probably have to throw the whole thing away or get a new attachment anyway. Keep the TV as a video monitor and let folks buy the attachments they want.

  • Jan 28th, 2016 @ 5:23pm

    Re: Re: Re: Re: I see a future business

    "covering a license plate with anything is illegal."

    Is it illegal to drive in a snow storm?

    In Colorado, it's illegal to drive in a snowstorm if you don't have the right kind of tires or traction gear (chains). If drivers block traffic or skid off the road and don't have the proper traction the fine is something like $600 or more. Commercial vehicles must carry chains, whether it's snowing or not, from something like Oct. 1 to May 31. The fine there is $1,000. Accidents have decreased greatly since this law was enforced.

  • Jan 28th, 2016 @ 12:50pm

    Re: Re: I see a future business

    "in plate overlays that do not make human-unreadable but machine unreadable.

    IIRC, in my state of Colorado, covering a license plate with anything is illegal. One other use of license plate readers here is the toll roads use them to bill drivers.

  • Jan 21st, 2016 @ 12:49pm

    The Internet of things including thermostats

    Didn't I read somewhere that Google's connected thermostat update drained the battery and prevented access. The result was that there was the possibility of a cold house and maybe frozen water pipes. Bad for folks who went to a warm place to get away from those Northern Minnesota temperatures and couldn't use their cell phones to warm up their houses.

  • Jan 12th, 2016 @ 7:04pm

    Others have noted...

    I read that the recent Paris terrorists used unencrypted phone communictions which were obtained by the authorities but it was never recognized for what it was. Just because it's readily available doesn't mean it'll be read and even then any action taken. One of the problems with all the enormous amount of information collected there's just too much to analyze. When one collects billions and billions of phone calls, emails, SMSs, MMSs, etc., finding the 10 or 100 that might be significant is almost impossible. There's information overload. Then again, the San Bernardino terrorists apparently never communicated about what they were intending using technology. My guess is that in the future terrorists will not use discoverable communication methods.

    I'm not sure Bernie Madoff would be considered a terrorist but it is estimated his "clients" lost ~$18 billion over many years starting in 1970. His activities were in the open and the financial regulators didn't find out until ~2008. If someone can hide their nefarious activities in one of the most highly regulated industries in the world, why can't violent terrorists do the same despite the intense surveillance by all these three letter agencies?

    Looking at everything isn't going to work. Perhaps an implication of the quotation above from the NY state constitution and the US Constitution about probable cause and the sanctity of personal documents suggests a very narrow, focused search for the bad guys. It might even require spies infiltrating organizations before getting proper search warrants. It might even cost less than what's being done now.

  • Jan 12th, 2016 @ 3:09pm

    Re:

    This is too monumentally stupid to have any hope. People should really be upset at the waste of time and effort on the part of the senator and his aides. They should spend their resources on issues that matter.

    Remember: we get the kind and quality of government we elect.

  • Jan 12th, 2016 @ 2:58pm

    What streaming providers could do

    I wonder if Google, Netflix and others could show up T-Mobile by noticing that they are streaming to T-Mobile and display a popup noting something like:

    "You are using T-Mobile to view our video stream and the quality of the stream is degraded to the point that your experience will be unacceptable. Since we wish you to have a great experience viewing our video we will stop the stream. Contact T-Mobile to fix the situation."

    On the other hand, these streaming companies make money when one views their product they may not care about the quality of your experience. That is, unless, of course, you stop watching or cancel a paid subscription.

  • Jan 12th, 2016 @ 2:31pm

    Provice the user with encryption software

    As Tim suggests, nothing in the bill would prevent the purchaser from providing encryption software. I'm not sure if the encryption software could be provided by the phone's manufacturer or an independent company set up by the manufacturer. Apple could set up Baldwin,Inc. or Granny Smith, Inc. Google - or is it Alphabet - could have a company called Green Robot, Inc. The 5th avenue Apple store might end up in New Jersey as well. Think of the sales tax losses. And, what about mail order purchases?

  • Jan 7th, 2016 @ 4:41pm

    German publishers can set up a pay wall

    Folks interested in the German publishers' valuable information can pay the publishers directly for it. Cut out Google out of the middle. Then they will find out how valuable it is to folks. If it's really worth much to the audience the publishers will make a pile of money.

More comments from streetlight >>