nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Graham Cobb

407 posts • joined 13 May 2009

Page:

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

Graham Cobb

Questioning the premise

We need El Reg to be more active in questioning the premise behind these sorts of requests. Before talking about either the impact or the implementation details (as in this article) we need to be much more critical of the claims being used to justify this.

The claim is that law enforcement is "going dark" and losing access to evidence it needs.

On the contrary. it is a golden age for law enforcement. Instead of planning with trusted comrades, in a private room, criminals now use text and even talk on mobile phones in public places. Some even use email and web chatrooms (particularly those planning digital crimes). Much more planning information is available to law enforcement.

And, as for evidence of the crimes themselves, instead of just stealing something or assaulting someone criminals now often record their actions with photos or even videos. For their own amusement or to prove to someone else that they did as they were commanded. That evidence is often available and would never even have existed in the past.

Law enforcement have never had it so good. There is so much evidence available to them.

As we all know, policing is a difficult job. Unfortunately for them, we need it to remain so in order to protect our civil liberties (such as trade unions, effective protest and campaigns for major societal changes). The simplifications that the digital world have introduced to their job need to be rolled-back.

Encryption is part of that: not only is there no justification for demands for law enforcement access, we actually need improved, easy-to-use, routine encryption to protect all of us and our civil liberties.

9
0

Security bods: Android system broadcasts enable user tracking

Graham Cobb

Re: don't seem like that much of a threat to me

I get that, but my question was in what way is that a threat to me

The answer is that it might be or might not be. You don't have to be James Bond for this to be a problem.

Even in the UK, a journalist for a local paper might find this a problem if they have been trying to track down and write about corruption in the local council awarding planning approvals. An investigative journalist at a national newspaper will certainly be targeted, often by powerful or dangerous people (even if only reporting on extramarital affairs).

Abused women and children also need to have privacy (why do you think people aren't allowed to take photos of their children's school play? It isn't about paedophiles, it is about children who have been removed from abuse possibly being located by the abusers).

And, in some countries almost anyone might accidentally fall foul of government or criminal gangs and need to keep their location hidden.

Sure, maybe you have the luxury of living in a safe country, with no serious enemies and a boring job (just like I do). Or are qualified to make a full analysis of your security risks. But there are many people not in that position and manufacturers need to be forced to fix problems which put these people into danger.

4
0

Distro inferno: Debian's still rocking at 25

Graham Cobb

Re: Sadly

Only the old hands or those peed off with Canonical use Debian these days.

I don't think that is true. I heard the other day that there is a waiting list to become a Debian Developer because there are more people wanting to become a DD than the people managing the process can handle.

And looking at https://contributors.debian.org/contributors/year/2018 there are still a lot of people contributing to Debian.

As for systemd, like many people I don't like it but it is clearly here to stay (unlike the previous attempts at init system replacement) and more and more software will assume it is there, like it or not. Devuan is the UKIP of Linux distros: defined only by hating one thing and supported by moaning pensioners.

8
17

Think tank calls for post-Brexit national ID cards: The kids have phones so what's the difference?

Graham Cobb

Re: "And extremely sad you're happy to carry a ID card 24x7 "

I've my ID card in the wallet with the driving license and the credit cards, for decades, and never anything bad happened because of it. It's just a simple and comfortable way to prove you are what you say whenever such a proof is needed.

And I have lived my life for many decades carrying no ID at all and have never had anything bad happen. I have never had any need to prove my identity except at borders and, as you say, being in Britain borders rarely crop up unexpectedly.

Unlike you, I was able to handle all my parents affairs without any need to prove my identity to the lawyers involved -- the process does not require proving identity unless someone challenges it. The point is that ID cards are only useful in a society which has changed to require them. If there are no ID cards no one can demand them, no one needs them and society still functions perfectly well.

And ID cards have massive disadvantages. Perhaps most seriously, they enable much more commercial spying, with very many companies ending up with both a unique ID for correlating data they acquire (legally or not) from many sources and personal information like name, address and age which I have no wish to share with companies I do business with unless I see some actual benefit to me.

I could almost understand a government ID card but it would have to be absolutely illegal for any commercial company to record any information from a card.

20
5
Graham Cobb

Re: ...citing the Windrush scandal as justification.

The fix for the Windrush scandal is clear: the government need to end this "hostile environment" and "war" around immigration.

The law needs to be very clear: if you are in the country it must be up to the government to prove that you have no right to be here, not up to you to prove that you do have the right to be here.

I am quite happy with current and recent levels of immigration and have no problem with accepting the small amount of illegal immigration that occurs. It isn't a problem in my view. Somehow those of us who share this view need to make our position known to fight the xenophobic little-Britain insularists.

35
8

On Android, US antitrust can go where nervous EU fears to tread

Graham Cobb

Re: I'm so totally in Google's camp on this

If Google's services are better that is a fine and perfectly valid way to compete. What is not fine is to use market power to prevent others from competing. That is the reason the competitors are not as good -- if they spend the money to make them as good, they can't sell them to get their investment back because of Google's abuse.

If, once the environment is competitive, "people simply prefer Google's solutions" that is fine. And it might even be that Google remain the largest player but it would mean that market segments like "the tinfoil crowd" actually have a real choice.

1
0
Graham Cobb

Apple

So why aren't Apple being castigated in the same way, either by the EU or the USA?

Apple doesn't have significant market power in the mobile phone OS business. They only have about 15-20% share (by units).

1
0

Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound

Graham Cobb

Re: Why so hard?

Just having a button inside held for 10 seconds to dis-associate the old owner from the system would be great for a car thief that had stolen your key to nick your car.

No. It would make no difference at all.

If my car is stolen I don't go and find it and retrieve it myself. I call the police and the insurance company. They would still be able to use the mechanisms they use today to contact the manufacturer and get access to location and other information -- they aren't asking the owner for that today.

15
1
Graham Cobb

New owner must be able to disconnect seller immediately from the vehicle

Car manufacturers must put a "disconnect car from current account" function within the vehicle itself so that the new owner can do the disconnect before driving a single metre after buying the car.

If there is a concern about theft then the back end for the function can be made more complex: still collect the data but prevent the previous owner from accessing the data or controlling anything. The police can still have access to the data (for example with a warrant) but the previous owner does not unless they go through a process to reclaim the car (disputing that ownership has been transferred). Meanwhile, the person with control of the car immediately has full access and control (although only to data from the moment of claiming the account).

It is not reasonable to require any co-operation from the previous owner, nor to allow any access from one of the users to data about the other's usage, nor any complex process of proving ownership to a third party such as JLR or a dealer (control of the car should be sufficient). The tiny number of cases of theft or disputed ownership would be the cases which have the complex process, probably involving a court.

22
3

Some Things just aren't meant to be (on Internet of Things networks). But we can work around that

Graham Cobb

Re: No...

I quite liked the image of my router dodging electrons being fired in random directions from some IoT crap while trying to simultaneously provide a Wifi service.

7
0

UK.gov is ready to talk data safeguards with the EU – but still wants it all

Graham Cobb

Re: ?

BoJo didn't want to become PM instead of the PM. Everyone knew that the "leaving" job was a poisoned chalice and whoever did it would be immediately removed (and happy to go) once it was over, whatever happened. Theresa May realised that was her only chance of becoming PM so went for it. BoJo is just continuing his positioning to stand after Brexit is over.

He knew he would have to resign, over a "point of principle", at some point to set himself up as a future saviour. He would probably have preferred to leave it a little later so it was fresher in people's minds when he comes back, but his hand was pretty forced if he didn't want to start being considered responsible for the mess.

8
0

UK.gov agrees to narrow 'serious crime' definition for slurping comms data

Graham Cobb

Re: Is there any crime

As I (and others) predicted, they only proposed 6 months so that they could "address" the outcry and make it still a ridiculous time! We need to make sure there is still an outcry.

Make it maximum sentence of more than (not equal to) 3 years.

2
0

Brit privacy watchdog reports on political data harvests: We've read the lot so you don't have to

Graham Cobb

Re: If you ever wondered

Good thought. I already never "click through" to the supplier I am interested in -- I go to their website and start again (mainly because I am bolshie and if they won't offer an equally good price to someone not using a comparison site then I won't do business with them). But I will now make sure I give fake details (name, address, DOB, etc) to the comparison site -- close enough that I should get roughly the same quote but not enough to identify or contact me.

4
0

Every step you take: We track you for your own safety, you know?

Graham Cobb

Re: Corporate Security

I downvoted you because you have identified a completely disproportionate and unrealistic justification for a blatant privacy violation.

Yes, I understand that the incident caused you and your company a lot of genuine concern and I commend your hard work in checking on your visitors' safety. I had an employee on business in the New York area on 9/11 and it was obviously very worrying for him, his family and for us in the company. I know that his wife appreciated the effort we went to to confirm his safety and let her know before he had been able to call her directly.

However, such incidents are of such low likelihood that it is not worth taking any action at all in advance, let alone sacrificing an important human right. I haven't checked the numbers, but I am sure the likelihood of being killed in a terrorist attack is much less than that of being killed by lightning.

What we need is a society which values reasonable assessments of risk and accepts that "something must be done -- this is something" is no way to make decisions.

46
0

UK.gov's long-awaited, lightweight biometrics strategy fails to impress

Graham Cobb

I despair

Why aren't there riots over this? Why aren't there resistance cells being created, with freedom fighters destroying surveillance cameras?

My parents fought in WW2, and I lived through the threat of nuclear annihilation in the Cold War, to protect us against police states, where the authorities tried to monitor what everyone was doing. Out of that we maintained Britain as a free society, with (now) the lowest crime rates ever and even terrorism is not a serious threat (reduced to running people over with vehicles).

Why on earth are people willing to just give up all liberty and put an electronic tail on every man, woman and child at all times? The police have a tough job, and that is deliberate! If the police are too effective, if their job is too easy or cheap, they become a tool for the government to suppress free thought, protest, whistleblowers, activists, trades unionists and, eventually, even political disagreement. Policing needs to be hard and expensive so they are forced to focus on important crime.

Whatever your political interests, whether you are a right-wing abortion protester or a left-wing animal rights activist, you have to be really concerned about tracking and surveillance. How have we got to this state?

5
0

IEEE joins the ranks of non-backdoored strong cryptography defenders

Graham Cobb

Encryption will become ubiquitous

I am currently looking into encrypting all my disks with separate (long) passwords. My plan is that the system will be set up with the passwords for the current set of disks but I will not record them anywhere else. I certainly won't be able to remember them!

This is because I currently have a pile of old disks (some working, some not) which I can't send to the dump because they have private and personal data on them. My plan is that in future when I stop using a disk I can throw it away (or sell it on eBay) without worrying because no one (including me) can access the data any more.

Once I have that all set up I plan to look into extending it to removable media (memory cards). My drawer of USB sticks will then be full of encrypted drives which I don't know the password to. When I need one I will reformat it with a new password, use it for however long I need it and then throw away the password and put the stick back in the drawer.

If I can do this, how long will it be before it becomes ubiquitous on every device? In particular for memory cards. At which point no one will know whether the memory card they have confiscated from the terrorist suspect at the border is "empty" (no one knows the password) or contains the plans for their latest atrocity. It is unlikely anyone can prove beyond a reasonable doubt that the terrorist knows the password. Particularly if they are carrying several.

0
0

Labour MP pushing to slip 6-hour limit to kill illegal online content into counter-terror bill

Graham Cobb

Re: When it comes to being an authoritarian, data fetishist nut job..

Too many people forget that "authoritarian/freedom" is a completely orthogonal axis to political left/right. Unfortunately, becoming an MP mostly attracts more authoritarians so they are over-represented in the House of Commons. We need more civil society types appointed to the House of Lords to counter this.

6
0
Graham Cobb

Re: Who decides what is illegal?

Sorry, Headley, your analogy is completely wrong. Policing forums is not at all related to publishing. The publisher is the person putting up the post. All Google/FB/etc are doing (in these cases) is providing transmission capability (just like BT and the Royal Mail).

A better analogy for FB/Google/etc is a hotel. Of course a hotel doesn't want people using its rooms to conduct illegal activities (e.g. run a criminal operation). But it doesn't employ people to spy on all the rooms all the time, monitor what people are doing, etc. It waits for the police to call about some activity and then it may terminate the room hire.

I am no fan of Google/FB/etc (in fact, I do not use them), but in this case they are right. This is critical because Google/FB/etc are the town square nowadays, whether I like it or not. If I have a complaint (against the government or against a company) I need to be able to air it on FB/etc. FB/etc should not be allowed to interfere with that unless my activity is illegal.

9
3

JURI's out, Euro copyright votes in: Whoa, did the EU just 'break the internet'?

Graham Cobb

So if you create some content and it gets ripped off, who protects you?

No one does. Sorry -- that is the way the world has changed. Wake up, smell the coffee and get a new business model. There are other ways to make money from your talent and the material you have created than getting paid for copies.

Copyright (the law) and business models around talent and content have always been reinvented every 20 years due to changes in technology. Just think about the impact (on both laws and business models) of piano rolls, phonographs, radio, TV, VCRs, etc. All those took away someone's existing exclusive rights and forced them to change their business model. Some of them went out of business and some others were more successful. That is business.

Cory Doctorow has a great example: think about music hall artists. They used to have control over the only way to be entertained by them: you had to buy a ticket to get into the theatre. It means that success rewarded not only being able to sign and dance but also charisma, stage presence and good looks. Then radio came along and everyone could get the entertainment for free. All of a sudden success rewarded a good voice (and a talent for ending up in the newspapers). Dancing, charisma, looks became much less relevant. Some performers lost out very heavily, and others saw much increased success. No one succeeded in getting the new reality banned.

5
1
Graham Cobb

Re: Hand Off My Internet

Government regulations are very handy when they keep corporate greed in check.

Indeed. They are also, unfortunately, very handy to those same corporations when they prevent competition.

Google are the only winners here.

9
1
Graham Cobb

Re: Whatever is bad for Google...

I share your dislike of Google. but these two articles favour only Google!

Google will never have to pay the link tax to anyone: no one who owns any copyright, of any type, can afford Google to delist it. Copyright is worth precisely zero if no one knows your copyrighted material exists (to buy it) and Google is the way the word finds everything. So Google will always be given free licenses.

Google Youtube has already implemented the leading content identifying system. Even if someone demands it be improved, Google is ahead of everyone else and can easily improve it at little further cost. All the "staydown" does is create a massive barrier to entry for any competitors to Youtube. You want a Bulgarian national competitor to Youtube? Well, you won't get one now because no one can compete: with no revenue except advertising, how will your national UGC service ever pay the entry costs of implementing Content-ID?

The only winner for this is Google. Certainly not Spotify. And not copyright owners either.

7
1

PC nerds: Can't get no SATA-isfaction? Toshiba flaunts NVMe SSD action

Graham Cobb

What do I need to specify on my next motherboard?

I'm looking to replace one of my systems later this year and I am thinking this will make a great system disk.

What do I need to look for in my motherboard specs to make sure I can use things like this (and whatever their competitors are coming out with that are similar)?

By the way, this will be an AMD system (I like to help make sure Intel has some competition) and will run Linux. It will be a workstation class system.

1
0

Relax. It's OK, folks, the US government isn't going to try to take back control of the internet

Graham Cobb

Re: But ...

jake is right, but it is also true that today's commercial internet is pretty much under the control of ICANN, because the commercial internet heavily relies on (mostly) shared naming (and, although to a much lesser extent, shared numbering).

While private IP-based networks are possible (and used to be common, and partially still exist today as corporate intranets), only ubergeeks and special interest groups (militaries, terrorist groups?) would really be up for operating a global IP-based network without use of the normal DNS.

4
0

Internet luminaries urge EU to kill off automated copyright filter proposal

Graham Cobb

There is a problem for copyright holders who don't have deep pockets

The biggest problem for small copyright owners is not piracy, it is visibility. The big companies can pay for massive advertising campaigns. The small guys rely on visibility on web sites. It doesn't help them that a higher proportion of their users may be forced to pay, if no one even knows their stuff exists!

That visibility will go away almost completely when all sites except Google and Facebook stop allowing users to upload content and messages due to the imposition of unreasonable liabilities and high cost barriers to entry.

16
0

Businesses brace themselves for a kicking as GDPR blows in

Graham Cobb

Not in my name

I am very worried that some firms will use this issue as an excuse for storing (and subsequently losing) even more of my personal data! Including some quite sensitive stuff.

For example, there is no need for a retailer to know my date of birth and I always refuse to do business with anyone who requires it (I know some people just lie but I choose who I give my business to). I could imagine that many sites might try to add DOB as part of their "verification/reset" process. If so, they won't get my business.

The main reason for that is the general principle that given the strongly asymmetric power relationship with a commercial company, I need to make sure they know as little as possible about me. That minimises their chance to set prices based on my willingness to pay, or to exchange information with other companies.

Another reason is that although I do not think the government is snooping on me, they do regularly snoop on people I rely on or support such as investigative journalists, trade union organisers, human rights lawyers, etc and those people need to be able to avoid being identified in many of their transactions.

We need to make sure that the concern for data security does not throw privacy, particularly privacy from commercial organisations, out of the window.

5
0

Europe fires back at ICANN's delusional plan to overhaul Whois for GDPR by next, er, year

Graham Cobb

Re: I don,t get it.

Why is domain name registration any different?

Because a domain name is not a company. It is an address. I do not need to display my name and phone number as I walk around or put my name on my front door. I don't even need to tell them to someone who talks to me in the street (or someone I telephone). Why should I need to tell them to someone who talks to me on the internet?

2
0

'Alexa, listen in on my every word and send it all to a shady developer'

Graham Cobb

Re: The real reason is...

There is some truth in that. That is part of the reason why I trust Amazon a little more than some other spyware vendors.

The main reason is that they want you to have Alexa to make it easy to sell you stuff. They have a very strong interest in not doing anything (or, more importantly, not letting anyone else do anything) that makes it likely you realise how bad an idea it is to have their spy in the house. So they will focus on things to make you (i) find Alexa useful and (ii) buy stuff.

That means I expect them to do nasty things that help them find out more about you, to target ads, offers and pricing. However, they are not very likely to allow third parties to abuse the device.

Of course, saying I trust them a little more than others doesn't mean much. I certainly won't have one of their devices in the house, but I don't refuse to visit my brother-in-law who has one, which I might for other devices.

5
0

Oh dear... Netizens think 'private' browsing really means totally private

Graham Cobb

Re: Explain to me what the real life cost is of "your data"

ok , so armed with that little treasure trove , I load face book and an advert pops up at the side saying "hey fancy some life insurance?" I'm still not seeing the problem.

In real life, you don't tell everyone you come into contact with (from the door opener at the mall, to your boss, to your spouse, to your doctor) the same things. Sometimes these are big important things, other times they are just "nobody else's business". You are many different persona, presenting many different views of your life to many different groups of people.

Maybe you don't want your potential employer to know you are pregnant. Maybe you don't want your daughter to know, yet, that your doctor has told you you have cancer. Maybe you want to go looking for a new car without the seller knowing your old car has just died and you need to buy something in a hurry. Maybe you coach a kids football team and you don't want them to find out that you are thinking about moving away because it isn't certain yet. Maybe you don't want the investment company you are talking to to know that you have over $1M invested elsewhere because you want them to offer you a discount to get you into saving. Maybe you don't want the car insurance company you have just contacted to know how much your current insurer has quoted. Maybe you don't want Amazon to work out the most you are willing to pay every time it shows you a price.

Maybe you just think cartels are illegal for a reason and you don't want commercial companies exchanging information, gossip and rumour about you -- you need some advantage in negotiating deals in an age with massively asymmetric information.

6
0

Petty PETA rapped by judges over monkey selfie copyright stunt

Graham Cobb

Re: And on another news item...

This is a really big upcoming fight.

It is clear that under US law content created by machines is not copyrightable. And under the "moral rights" approach often advanced in Europe it should be clear that morals are irrelevant for machines. So, content created by machine should have no copyright at all (even though some people choose to pretend that there is no such thing as content without copyright).

The bigger issue is when there is some human involvement: design of algorithm, effort spent teaching algorithm, facilitation and setup of creation process, selection of outputs, editing, etc. On the other hand, some human contributions are clearly not relevant for copyright: turning the handle on the sausage machine, etc.

If we go back to the purpose of copyright: to promote the creation of content by making sure that creators are fairly compensated. We certainly want to encourage people to create interesting content-generation algorithms. But we don't really want rewards to be based on how many times you turn the handle and create a copy with a few differences (a different colour palette for the same picture, or a different genre for the same novel or movie).

What we need is some clear leadership and thinking about these new issues, otherwise it will be left to the legacy content industries to write the agenda. And their goal will be to maximize payments for whatever they think they can do (and no interest in anything else).

3
0
Graham Cobb

Re: Next time you see a please donate

Or remember the battle Wikipedia has to fight every day against attempts to push the boundaries of copyright beyond what statute says (and, when that fails, to extend the statute itself to steal content belonging to the public) and donate to Wikipedia.

I hope David Slater is very successful in selling his other pictures: I am sure the publicity has been very good for him.

However, that wish has no effect on the purely legal question of whether there is any copyright at all in the monkey selfie. I am not a copyright lawyer so my opinion is worthless but I look forward to this being judged in a court sometime. Although my suspicion is that David Slater will come under a lot of pressure from major wildlife photographers not to let any such case get to court.

2
4

Google kills off domain fronting – and so secure comms just got tougher

Graham Cobb

Re: Unsupported feature is unsupported

YES the privacy aspect was a bit of a sore spot, but the WAY that privacy was caused (by sending traffic to a different domain) was a problem.

NO, it was NOT a problem and is not a security flaw.

At no time does a user, app or web server end up confused about what site they are accessing -- all the secure steps (https, certificates, etc) use the correct host names. The hack just means that people spying on the unencrypted initial steps of the connection set up see a different, uncontroversial, host name.

I think it is a shame that Google have stopped it working. I suspect that if they really wanted to, they could actually offer this as a (paid for) feature for sites which want to be accessible without their users revealing that they are contacting it.

4
0

Facebook previews GDPR privacy tools and, yep, it's the same old BS

Graham Cobb

Re: "an opportunity to invest even more heavily in privacy."

I now have DuckDuckGo

I have now moved on to Searx (https://en.wikipedia.org/wiki/Searx). It finds more stuff than DDG (DDG is one of the engines it uses), although the tradeoff is that it really isn't so good at ordering the results. And you have to pick an instance to use (or run one yourself).

2
0

Facebook faces foe formation in facial fingering fight

Graham Cobb

Re: Seems like a direct correlation...

The obvious flip side is that any clever tech to help FB identify me and track me for cool reasons allows them to identify and track me for nefarious reasons... or for others to do so if FB deliberately or accidentally exposes this data.

Neither of those are the reasons this law exists. The reason this law exists is that the obvious flip side is that other people may have different things going on in their lives and for them the capability is not "bloody cool" it is "bloody scary" or maybe even "life threatening".

Bloody millennials ...I bet you think this song is about you...

6
1

Europe wants cloud giants to cough up data from anywhere in 6hrs

Graham Cobb

Re: Warrants

If warrants really are too slow (hint: I don't believe they are), surely the best answer is to impose the warrant requirement for secrecy: the Order is automatically disclosed to (all of the) victim(s) after12 hours, unless a warrant is received specifying a limited time (no more than 1 year, but renewable) during which the Order is not to be disclosed to the victims.

Seems reasonably fair and proportionate, and allows for "emergency" actions.

Of course, once the Order has been disclosed, it must be challengeable in court by the victim, with compensation for Orders found to be unfair or disproportionate (as well as mechanisms to force procedural changes and/or remedial training).

And, of course, "maximum sentence 3 years" does not represent serious crimes: 10 years max sentence seems a more reasonable measure. But I assume that term is really there for a future "compromise negotiation" with MEPs who pretend to care about civil liberties.

1
0

Google lobbies hard to derail new US privacy laws – using dodgy stats

Graham Cobb

Re: An arrest is not a conviction

The demand is to make the report, presumably a true one in most cases, harder to find.

Yes. Exactly right.

It is easy for those of us with a logical, IT approach to think that the law is like programming: a set of rules. It isn't. It is about goals and outcomes and justice and proportionality. And the just outcome changes over time.

That is particularly hard in RTBF cases.

There is a strong public interest in being allowed to quickly report arrests and charges: it can cause other evidence to turn up, it can protect or warn local people, it can comfort victims, etc. A rule preventing reporting until the case is proven would not be a good thing. On the other hand, everyone knows that "suspect acquitted" is never going to be as big a news item. That is the balance we live with as reasonably proportionate.

On the other hand, years later the public interest is different. The original reports in "Backwater Daily Journal" are not the ones that matter -- the ones that matter are the ones Google returns. Unless systems become smart enough to make sure that acquittals mean that all arrest reports are no longer visible (and spent convictions hide the original convictions where that concept exists) then the best compromise is to make sure the search engines delete the information. That is the proportionate thing to do.

The law isn't a machine: it is a series of compromises to try to work in the way society wishes in as many cases as possible.

1
0

Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? Yes and no, say DoJ auditors

Graham Cobb

Re: No right to conceal information

The Constitution protects against unreasonable search and this is certainly not unreasonable.

But the Constitution failed to be applied for many years (see Snowden). US spooks and law enforcement trampled all over both the Constitution and international human rights. The people will not grant them anything near those powers again for at least a generation.

If you (FBI & CEO) can't do the time (without intrusive powers), don't do the crime (violating the Constitution and international law). Come back when you can demonstrate some trust.

A good first step would be shutting up about the fake "going dark": they have much, much, much more data than a few years ago, including enough electronic capability to put a continuous automatic "tail" on every person at least as good as the tails that used to require teams of people just for one target. What would the founding fathers say about a police force that can track everyone in the whole country all the time?

16
0

Meet the open sorcerers who have vowed to make Facebook history

Graham Cobb

Re: Please just don't care enough

Mastadon/Diaspora/<thing> in a box

That is part of the idea behind Freedombox.org. The harder part, though, is a good way to market it -- to get people to connect to you at sufficient levels that Facebook are forced to allow integration with other systems.

The issue isn't really the protocols, it is achieving critical mass to make it necessary for the walled gardens to open up and interoperate.

Maybe the current hassle facing Facebook will mean there could be actual political action this time to force them to open up the monopoly. Remind me, how much do the silicon valley monopolists contribute to political parties each year?

7
0

Transport for New South Wales told to stop tracking oldies, students

Graham Cobb

Re: as it should be

The gold & student cards are registered so that a name comes up & that name can be checked against the concession card.

Why should that be? I can see that the ticket inspector might ask for evidence that the person is eligible for the concession (just like they might when inspecting a single use concession ticket) but what has a name got to do with it?

Particularly as non-concession cards do not need names (so a restriction on transferability can't be the issue).

3
0

Your entire ID is worth £820 to crooks on dark web black market

Graham Cobb

What are these guys selling?

Our research is a stark reminder of just how easy it is to get hold of personal info on the dark web and the sheer variety of routes that fraudsters can take to get hold of your money.

No, it isn't a reminder of either of these things.

There is no evidence shown that the personal info is actually valid, and is for someone who is a valuable catch. And the quantity of information available is tiny compared to the population. The real killer is the apparently very low prices: if buying someone's ID would allow me to "get hold of their money" I would presumably be willing to pay more than a few pounds for it.

What it is a reminder of is how relatively useless personal info on the dark web is and how effective fraud protections are.

So what are these people trying to sell with this scare story?

3
0

'A sledgehammer to crack a nut': Charities slam UK voter ID trials

Graham Cobb

The only people that are worried about having to show ID are those that are up to no good and are looking to fraudulently affect the result of the vote.

No, the ones who are up to no good and looking to fraudulently affect the result of the vote are either supporting, or ignoring this. They use other, much more reliable, techniques such as postal voting fraud, pushing for internet voting and voting machines or just rewriting constituency boundaries.

The only people worried about having to show ID are those that have principles. They all have ID but recognise that that is no business of the returning officer as having ID is not part of the suffrage qualification.

1
0
Graham Cobb

Or you just choose a lifestyle that does not include those things. There is no law saying you have to travel or pay bills, or even socialise with other people, to have the right to vote.

8
0
Graham Cobb

Re: It's almost as though...

Then some bright spark went and actually *interviewed* the very people that were being used as part of that argument against requiring ID and all of them said they had no problem with it, in fact most of them welcomed it.

Citation please. I would like to examine how the study discovered the people to interview. As far as I know, the people who do not have ID are unlikely to be easy to find and would be very interested to learn how the researchers managed that.

Just because there may be disproportionate numbers of some ethnic groups within the group of people without ID does not mean that anyone is suggesting that most (or even many) of the members of those ethnic groups do not have ID.

The problem is that the suffrage is supposed to be universal: not restricted by money, belongings, lifestyle, habits, priorities or beliefs.

And this is addressing a NON-EXISTENT PROBLEM! So, there must be some other explanation.

9
2

Euro Commission gives tech firms an hour to take down terror content

Graham Cobb

There needs to be a balance

If there is going to be pressure (fines, or political threats) on platforms to remove illegal content, there have to be equal threats to them if they remove legal content. Otherwise, as the commission appear to acknowledge, the obvious impact (remove anything when there is any doubt at all) will happen.

Platforms should only be removing illegal content. So, if content is removed there should be a right to challenge the removal in a court. If the court determines it was illegal then you get hit with a significant fine paid to the platform for posting it. On the other hand, if it was not, the platform gets hit with a significant fine paid to the submitter for removing it when it was not illegal.

Make the two fines high enough and the system will not be overloaded. Although only rich people will be able to afford to take the risk involved in the challenge, it will at least give the platforms a business reason to invest in properly functioning determination processes, which should feed down to all of us.

Some may argue that as private companies, platforms must be able to remove anything they want to. I say that when acting as an arm of the government (under the sorts of threats made in this paper) they lose that right and have to accept any and all legal postings.

2
2

Google: Class search results as journalism so we can dodge Right To Be Forgotten

Graham Cobb

Re: This is the precise problem with this right...

All possibly true. But an argument to be made to your MP to get them to change the law. As it stands, parliament has decided that the public interest is better served by helping offenders to walk away from their past than it is in allowing us to know about it.

The points are irrelevant to this case, which should be about whether that law applies as much to Google as it does to everyone else.

7
0
Graham Cobb

Re: "its in the public interest to know of old business fraud"

My understanding is that if I am thinking of doing business with someone (or hiring them) and I pay someone to research them (could be a credit reference agency or a private detective) it would be illegal for that report to include any spent convictions. Whether that should be the case or not, that is the law, I believe.

If that is the law, then it should apply equally well to the dossier which Google produces when I enter a name. Otherwise the law is both unfairly preventing the research companies from competing against Google, and it is unfairly exposing spent convictions which parliament decided should be illegal.

So, no. It is a thorny issue but parliament decided that the public interest in rehabilitating prisoners outweighs the public interest to know of old business fraud. You can argue to change the law but, whatever it is, Google should be subject to it.

6
0

Voice assistants are always listening. So why won't they call police if they hear a crime?

Graham Cobb

Irony

I am disappointed that almost all the commentards here have missed the irony in the article. It is actually really quite thought-provoking.

Of course we are told that the devices are just listening for their wake-up keywords. And some of them probably are. But we have no way of knowing what undocumented wake up keywords are built in, or whether there are any other circumstances in which they will start to record, send and process audio.

There have been various rumours of Google, Amazon and Smart TVs listening in for shopping-related terms in order to target advertising. And if they aren't doing that today, they certainly will be just as soon as they can get good enough local processing (which won't be hard in mains-powered devices).

The article raises the question: if they are going to do that for their own commercial ends why wouldn't we require them to also do similar things for social good reasons? Good question.

It also highlights the fact that if that question is asked, the manufacturers will push back very hard because the last thing they want is for us to be reminded that they are listening all the time and could be processing anything we say. They either will want to make a virtue of not being advertising-driven (Apple) or they need us to forget all about them being there and being unguarded in what we say (everyone else).

And, of course, that is without even getting into the surveillance issues.

Good, thought-provoking article. Pity that we don't teach irony any more and people started discussing how a device would decide automatically whether to call the police (particularly as the answer is obvious: do what a human would do, ask "are you all right?").

0
2

US state legal supremos show lots of love for proposed CLOUD Act (a law to snoop on citizens' info stored abroad)

Graham Cobb

Re: Rapid legislation is never a good idea

Not only is it rapid, it is supported by Theresa May!

I am just waiting to see her insistence that the "bilateral agreement" between the US and UK for this is fair, symmetrical and based on human rights.

11
0
Graham Cobb

Re: Wow.... just... wow!

I would also expect such co-hosting situations, like the T-Systems owned and run Azure/Office365 installations in Magdeburg and Frankfurt, where Microsoft have no administrative or physical access to the servers, to mean that the CLOUD act would have no affect on the data held in those facilities.

I don't share your optimism. It will surely apply to any case where the US company has any access to the data at all, whether through its own employees or through contractual arrangements with third parties. It is nothing to do with ownership, or even control, of the servers.

Are you really sure there is nothing in the contract between T-Systems and Microsoft allowing Microsoft to access any customer data?

8
2

Australia joins the 'decrypt it or we'll legislate' club

Graham Cobb

Re: Sauce for the goose...

One of the problems with the whole debate is that Americans generally loathe and distrust their own government in a way that all other civilised societies don't.

Oh, how soon we forget.

I realise you are probably a Millennial, but my parents actually fought in WWII, and actually knew people who had been in concentration camps. Even I lived through a period where I expected nuclear destruction imminently.

I know why human rights such as the right to free speech, the right to free association and the right to privacy are critical to any functioning democracy.

Please read history. And, when you are holidaying in Germany please visit a Stasi museum.

17
0
Graham Cobb

It is important that we hold their chosen electricity company responsible when they use electric lights to plan unlawful activity.

As for the manufacturers of the vans used to deliberately run people down -- they are obviously accessories to the crime.

4
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing