Posts by tom dial

Re: Bah!

Having a personal email server and using it for official government duties might legal if it is fully compliant with (in this case) Department of State FAM regulations, FIPS requirements, and FISMA (2002). The equipment might have to be owned and operated by the government, although it is possible for a privately owned and maintained system to be fully compliant in technical respects; but there would be serious accountability issues with private ownership and operation, and it would take a CIO or CISO much braver than the one at State to certify one.

Hillary Clinton's personal email server was not certified and accredited for its purpose, and therefor did not (and would not today) comply with State Department and government wide IT regulations, or the law.

Re: So it begins...

In looking at the text of the IG report I found no statement that laws were not broken. There were many statements, however, that State Department instructions ('rules") were not followed, and in particular, that they were not followed in respect of Secretary Clinton's use of a personally owned email system that was not certified and accredited. That fairly clearly violated the Federal Information Security Management Act (2002) as well as the applicable Federal Information Processing Standards written to implement it, both of which dominate any State Department instructions.

The departmental rules in State Department Foreign Affairs Manual derive from the laws that govern the executive branch in general and the State Department in particular. When the Department or its employees violate such a regulation they very often have violated an underlying law as well. That probably is for the Attorney General to say, rather than the Department IG, and may explain lack of specific statements about violation of laws.

Re: Rules are for little people

This should not go unchallenged.

First, the report is from the State Department Inspector General, an appointee of the current President, a Democrat. It is not done by the Congress and is not by any stretch a Republican smear.

Second, contrary to the assertion, the FBI started an investigation some time back, based on an earlier referral by the State Department IG and others. That investigation is a work in progress without an announced completion date. Both the FBI Director and his manager, the US Attorney General, were appointed by the current President.

Re: Bonkers

Yet the original poster stated that his search, on both PC and Android, returned results for Microsoft products ahead of their own. I can't vouch for the correctness of that report, but my experience, using Chromium, a sort of Google product, showed LibreOffice, Apache OpenOffice, and Microsoft Office as the first three non-paid items. Somewhat later came a couple of results for something called WPS Office, and a bit later FreeOffice, another one for WPS Office Free, and finally Google Office, the 11th (non-ad) item on the first page, at the very bottom. On Android (Verizon) I got returns for Microsoft Office, Apache OpenOffice, LibreOffice, and WPS Office 2016 Personal Edition before Google Office. All the sponsored returns in both cases were for various Microsoft Office products.

Here in the Western US, at least, Google seem to (1) honor their commitments to those who pay for their advertising service and (2) not rank their commercial offering in the office software category above their competitors'. This probably is not because they are under pressure not to do so, as they are not under significant pressure here in that respect.

Two reports are not a statistically useful sample, but their consistency suggests that Google, in at least one area where they compete, may be operating honestly.

Re: Free is Free

"Contributions" if made public "can be used in both great open source projects AND amazing closed source ones." That "if made public" is a significant difference. Apple (for example) might have developed major improvements to the BSD kernel that they do not release publicly, as the BSD licenses allow. Those improvements are unlikely to be used in "great" or, indeed, any open source projects.

I did not claim that GPL is the only appropriate open source license, or that it is the best for all purposes. I do consider non-GPL open source software to be subject to exploitation in ways that GPL licensed software is not. Indeed, I consider that to be entirely obvious, and it is confirmed from time to time by closed-source advocates, maybe most famously by Steve Ballmer's description of it as a "cancer."

Any author, of course, has the liberty to use any license, or none, for his or her software products. Those who choose a version of the GPL have taken a position that extensions of their work must be licensed in the same way if published at all.

I do not see it as a major problem, and the Debian Project approach seems a reasonable way to handle the issue of GPL vs non-GPL incompatibility, as it was for the proprietary Nvidia, AMD, and WiFi drivers I and many others use. The only evident defect is that it will be difficult to set a system up that is entirely on ZFS; yet /boot hardly needs that, and / certainly needs it less than general storage for application data and user login file systems. I would not be at all surprised, however, to read in the not distant future that the installer had been taught to download and compile ZFS to enable its use for the entire system.

The first order evidence from Linux vs the various BSD kernels certainly suggests as a plausible hypothesis that the GPL is the superior license in practice. The claim that the GPL "causes tremendous problems in situations like this" is a major overstatement for which there is little real evidence, if any. The GPL folks had a rather public, but still internal, discussion about it and the starchiest of the major producers settled the issue for themselves in a way that seems fairly reasonable and workable. And the world will move on, an increasing part of it on Linux with ZFS.

You are entitled to your opinion, as I am to mine.

The problem with non-GPL licensed software seems to me to be that it eliminates the requirement for reciprocity that the GPL licences embody. There are enough of us who, because we make no contributions other than minor ones for our own use, only take. Red Hat's suggests rather emphatically that the GPL, although not the only viable license model, is quite a decent one.

That ZFS is covered by an incompatible open source license should not be a greater impediment than the even more restrictive licensing of Nvidia drivers and a good deal of WiFi chip drivers. I look forward to installing the package that will download and compile it from source.

The point of e-cigs should not be taken as inducing tobacco smokers to stop, but as a much safer and less offensive way to deliver small amounts of nicotine to the many people who find it pleasurable. With some restrictions we allow people to consume alcohol and to smoke tobacco and in some places marijuana, and we (for some value of "we") promote extensive use of dangerous opioid pain medications. We certainly can live with e-cigs.

Re: Q: How is the government ever going to convict bad guys without access to encryption?

Based only on the claims made there is nothing that would bring you to the attention of any police agency, whether local or federal. Absent anything else, you almost surely are safe from more surveillance than the general population, which despite the hubbub really is not very much.

If, on the other hand, you had been seen to be generating explosions not associated with appropriate and lawful activities like stump removal, or to have appeared to conduct transactions with others under suspicion of criminal activity, it might well elicit law enforcement interest. If their cursory, and then more careful, observation indicated there might be a problem, they might seek, and be granted a search warrant; that warrant might include the contents of your computers and cell phones and perhaps lead to a court order for help in accessing it. Even with that, though, you would be entitled to the formal presumption of innocence, a presumption that would continue even if you were to be charged with a crime, and tried, right up until there was a finding of guilt by a jury or, at your option, a judge.

On the other hand, if you happened to leave a few thousand dollars in cash in plain sight, law enforcement officials might bring in a talented dog to signal the traces of illegal drugs inevitably present on US cash. The money then might be charged with participation in a crime and seized, leaving you to prove, at considerable effort and expense, that you held it legitimately. The risk of that type of action probably equals or exceeds that of phone seizure and access.

Incorrect. The article describes agency empire building. While also ubiquitous, that is not regulatory capture.

Re: Dear Ferals

"aren't those federal officials who violate the Constitution be guilty of treason?"

No, they are not. Treason is clearly defined in the Constitution, and what the judge did, however incorrect, does not meet that definition. See Article III, Section III.

Re: Ubuntu Phone

If you can't go to a phone store on the high street and buy a non-Android, non-Apple, non-Microsoft smart phone, why is that Google's fault or Apple's? Could Canonical not do something similar to those three and offer a phone with integrated app store, etc. to the public and see what uptake they get? Or did they and got told, effectively, to pound salt?

As Microsoft and RIM apparently found, there is a strong first mover effect in many areas that may take years or decades to overcome. Google probably could eliminate those provisions the EU Competition Commissar finds most onerous with very little change in outcome.

Re: It's funny...

Darn that pesky old 1791 first amendment, only a couple of years younger than the All Writs Act, so clearly of dubious applicability now we are in the Internet Age and so much smarter than those of the late eighteenth century who wrote and passed it.

The notion that Apple would not want everyone to choose an iPhone is absurd. They don't care about the "cachet," they care about the money.

Re: Alternate operating systems

Is this not a wish to express to your phone supplier? It seems to have little to do with Google other than as the hypothetical provider of the underlying OS in most of the examples. Whether any phone provider or manufacturer cares to develop, test, and provide their customers with such choices is something for them to decide.

Arguably, it is for Google to decide whether they will develop and test GMS on operating systems that they do not develop, and ultimately provide operability assurances to those who offer it on their phones. If they did not do that it would be on the phone manufacturer and provider to do the work, in addition to porting NonAndroid to the hardware and assuring its operation with their network, to insure correct operation of either Google GSM or other services they might want to substitute. It is not entirely obvious that they would wish do do that, or why.

Re: I don't see how this would be a problem for Apple

There are a few other countries where law enforcement officials would be happy to be able to access data stored on smartphones (France, Belgium, and the UK come to mind rather quickly). It seems possible that these companies find few large markets in which to sell equipment that is immune to government authorized search.

Upvoted anyhow for clarity of analysis, although the bill, if enacted, is certain to differ from what we see now in draft.

Re: I don't see how this would be a problem for Apple

The prohibition of ex post facto laws probably would be effective exactly until they (for whatever value of "they") offer a new model or an update to the software or firmware of an existing model.

Re: I don't see how this would be a problem for Apple

The question might well be whether Apple would be able to sell such equipment in the US. The draft law appears to require that they bypass, or help the government to bypass, security that they provide or have provided on their behalf by another party, given a constitutionally valid warrant or other court order, and maybe a lawful court order for assistance under the proposed act, to do so. One obvious solution to the "cannot bypass" claim would be a "cannot sell" injunction applicable to such equipment in the US.

I am not arguing that this would be good policy, or would not cause great uproar and discontent. However, it is not obviously inconsistent with anything in the Constitution. Moreover, if implemented subject to the same controls that Apple applies to iOS, it would not, in fact, pose any threat that does not now exist to users against whom the government does not obtain authority to breach privacy.

The draft act has numerous problems, but "cannot bypass my built in security" may not be the most serious of them.

Re: In the Land of the Free..

You are allowed now to keep whatever secrets you wish by default. The government (either federal or state) can get authorization from a judge to access those secrets by obtaining a warrant based on "probable cause, supported by Oath or affirmation." That is included in the Constitution's fourth amendment. The proposed law may be unworkable and it may be bad policy, but nothing in it affects legal rights of citizens or of non-citizens legally present in the US.

Re: I don't see how this would be a problem for Apple

On its face, the draft law requires in Section 3a that a company that provides a device or encryption system "shall" perform certain actions under specified circumstances. How they provide for that (Section 3b) is up to them; the government cannot require a specific implementation (similar to the fact that they did not require a specific implementation in the recent California case). The imperative "shall" does not, on its face, allow for a "covered entity" such as Apple, for example, to evade this by implementing a security system in their product that they cannot, in fact, circumvent; the law, if enacted, will impose a requirement

The draft does not provide any information about the consequences for a "covered entity" that either will not or cannot comply. I can imagine a fine, possibly quite large, for covered entities that refuse and possibly injunctions shutting down sales of non-compliant products which the covered entity has designed so that it cannot bypass the product security. That would be a sad outcome indeed.

The proposed law still is pretty rough, and does not cover things, such as fraud, money laundering, and other financial crimes that seem fairly obvious. There seems no very good reason, for example, to single out any particular type of crime for this treatment; it ought to be enough for a US or District Attorney to be able to convince a judge to issue a search warrant based on probable cause. (I expect that other types of court order, if included in an enacted version, would be thrown out on the basis of Riley v California, which found a warrant necessary for search of a cell phone, even incident to an arrest).

Re: Who cares if it leaks?

The "second request" mentioned appears likely, in fact, to be an earlier one, where the judge suggested Apple oppose it and sent them back a couple of times to get them to revise their brief so he could deny the order, which he did. That one was in various states of play from October, 2015 on.

All these cases (by now several hundred) have to do with executing legally obtained search warrant for a phone the police have in their possession.