* Posts by tom dial

2187 publicly visible posts • joined 16 Jan 2011

FBI boss: Apple's iPhone, iPad encryption puts people 'ABOVE THE LAW'

tom dial Silver badge

Re: do we really believe this?

The ability of authorities (and others) with suitable technical capabilities, including the cryptographic agencies, probably depends on the quality of the passphrase or other information used to protect the encryption key. A four digit PIN probably is useless, 8 character complex passwords might not be enough, and biometric items like fingerprints and iris scans are subject to spoofing or forced use. And cloud backups, unless encrypted by the owner may be available the provider - not quite a back door, but maybe nearly as useful.

Comey's concerns, while not fundamentally unreasonable, probably are overstated, especially when one considers the likelihood that the true need for cell phone search is rare.

tom dial Silver badge

Re: I actually agree with him, but -

It is worthwhile to keep in mind that nearly all warrants are issued by state and local courts. The skew probably is less for warrants seeking cell phone or other computer-stored data, but the great majority still would be issued by state and local judges.

To estimate the magnitude of the "warrant problem", consider the disclosures made by Apple, Google, et al. of court demands for customer data disclosure - in the tens of thousands per year for all courts, even assuming the highly improbable, that orders issued to different providers do not duplicate targets. Assume, for discussion, that ten times as many cell phone searches are done, a total of perhaps a million. The number of such searches doubtless has begun to drop following the Supreme Court decision in Riley v. California and United States v. Wurie that cell phone search requires a warrant. In a country with perhaps 200 million adults or near adults this seems a bit shy of providing evidence for a budding totalitarian dictatorship

tom dial Silver badge

Re: Land of the free?

Civil forfeiture and its close relative criminal forfeiture are abominations, but have little to do with search warrants. The main connection is that in many cases, police intimidate people into allowing searches, or use pretexts to compel searches, that reveal questionable things like large amounts of cash, which they then take into custody and charge with such crimes as being proceeds of illegal drug commerce

tom dial Silver badge

@intrigid:

- Citation for claim that holocaust denial can be punished by law in the U. S., keeping in mind that legislators sometimes pass some pretty foolish laws that courts sooner or later overturn.

- The Second Amendment allows for regulation. As far as I know, not even the NRA does claims registration laws violate the Second Amendment, however much they dislike and oppose such laws. Whether private ownership of machine guns can be banned (or for that matter tanks and artillery) seems an interesting question despite the fact that nearly everyone would agree that some limits are appropriate.

- Police stops do not by their nature violate the Fourth Amendment, even when a search is done, as long as consent is given. A forced search would require a warrant or reasonable presumption that a crime was immanent or underway. Lawyers make a substantial income handling disputes about this.

- The Fifth Amendment provides a number of safeguards against arbitrary government action, including that no person "shall be compelled in any criminal case to be a witness against himself". That does not mean those charged with criminal offenses are entitled to conceal evidence that might be used against them. Cell phones are no more immune in this respect than houses or their contents.

tom dial Silver badge

Re: Is he unable to convict an axe murderer if they haven't taken a selfie of the crime?

"...Snowden published to the world the fact that court orders were not required to access user..." has, of course, nothing at all to do with Comey's complaint that properly issued warrants will be more difficult to execute due to Apple changing its encryption implementation and more widespread use of encryption generally.

"The only way to stop this was for the service providers to use encryption which is believed to be currently unbreakable". But they have not actually done anything yet to the bulk of cell phone communication data. Comey's subject was data at rest in smart phones and similar devices. As the Supreme court ruled in Riley v. California and United States v. Wurie, these searches require a warrant. Apple has stated that in the past they demanded a warrant before decrypting an iPhone for the police. For Google, the question is moot, as they never had a way to comply with such requests.

tom dial Silver badge

It would really be useful if an attorney with actual knowledge of constitutional and criminal law would comment. The huge majority of the comments are pretty worthless and display substantial lack of knowledge of those subjects.

Comey, for discussion purposes, having convinced a judge with proper jurisdiction that a particular cell phone contains specified data pertinent to a criminal investigation, and on that basis obtained a search warrant, wold like to have the actual power to execute the warrant and obtain access to the data. (Note that Comey, here, is a stand in for all law enforcement officials, and that the overwhelming majority of search warrants are issued at the state or local level).

Too bad for him. Encryption algorithms in common use do not have known back doors and are believed to be infeasible to crack without the key, including by government cryptographic agencies. And use of such encryption is as close as anything to a natural right.

That said, we have governments, and in democratic regimes we grant them authority in certain areas of activity, one of which nearly always is protection of life and property, along with identifying, charging, trying, and punishing those who violate laws. The U. S. Constitution is quite clear about that; it is far more than the Bill of Rights, as important as it is. The Bill of Rights, and som later amendments, limit what both federal and state governments can do, but the protections in them are limited as well. The Fourth Amendment prohibits unreasonable searches and seizures, not all; and it requires that the government establish probable cause to obtain a warrant and to describe in some detail what the warrant is after. (The latter is part of the argument against general communication metadata collection). The Fifth Amendment, in part, relieves those charged with crimes of any requirement to give testimony against themselves, but that is not leave to hide or destroy evidence, even evidence they own, that supports the charges against them.

That the FBI and other law enforcement agencies sometimes exceeded their authority does not invalidate a claim, fully justified by the Constitution, that they can, subject to limitations and procedural requirements, properly obtain information from individuals' cell phones and other computers, just as they can from houses and file cabinets within them. It probably also does not mean that the government cannot punish refusal of a person served with a warrant to reveal the contents of an encrypted cell phone or other computer.

The person may have a natural right to encrypt the data and refuse to act to decrypt it, but the government has the authority and power, under some circumstances, to punish him for that refusal.

tom dial Silver badge

Re: What a fuckbag

That probably would be AES-256, but I suppose accuracy is not foremost when one is frothing profusely.

tom dial Silver badge

Re: Is he unable to convict an axe murderer if they haven't taken a selfie of the crime?

Downvoting because the basic claims put forward are simply false. Apple required warrrants and physical access to the phone, according to reports, so warrants always were in order there. And Comey's comments had to do with execution of search warrants issued by courts, not (now, in some circuits) searching of phones without a warrant.

tom dial Silver badge

Re: Court orders, and enforcement.

"That is what Apple wants to avoid."

Google never had the capability, nor did the device manufacturers.

Apple wants credit for no longer doing a wrong thing, as well as for making data security sort of a default. Google doesn't want to seem be unconcerned, so follows in making encryption a default.

The correct thing here is for the government to obtain a warrant to serve on the device owner, to be followed up by contempt of court punishment if the owner fails to get the warrant suppressed and refuses to open up the data. While I'm not a lawyer, I suspect the Fifth Amendment is not a major barrier; I would guess that search warrants have been issued, and executed, that require opening a safe, although in that case the police have a realistic physical alternative.

FBI: Your real SECURITY TERROR? An ANGRY INSIDE MAN

tom dial Silver badge

An even bigger problem, probably, is the SA or DBA who, acting properly within authority, screws up. I once typed the command "delete from forgotten_tablename;" and had a moment of panic after pressing the enter key before remembering the rollback command. It could have been a lot worse.

EU dangles $6bn threat over Google in endless search abuse probe

tom dial Silver badge

Re: Yeah, and....

As is, of course, your ISP's spam filter (if you use their email service as I do), but that, of course is good surveillance, unlike Google's.

tom dial Silver badge

Re: Yeah, and....

If you do not want *every* device (and its administrator) that handles your email to be able to read it at will, then encrypt it. Google's (filter) reading it could result in delivery to you of ad content in which you might have interest, that you can mostly exclude with Adblock Plus. Can the same be said of all the other's (filters) that may read your email?

tom dial Silver badge

Re: Tweak the search engine, how exactly?

There are two principal and easily stated functional requirements:

From Microsoft: "make google results at least as poor as mine."

From the aggregators and comparators: "remove all results that duplicate ours."

The implementation details are, of course up to the implementor, Google; but the complainants will continue to whine until they are convinced that their requirements are met

tom dial Silver badge

Google search results are, by my standards, superior to those of Bing, DuckDuckGo, and Yahoo! in about that order. In my opinion, they are quite right to downrate comparison shopping sites in favor of the direct result; those sites are pretty useless in my experience, and I suspect there is widespread agreement on that - from web users. And I rather expect, without ever having looked, that the other major search engines behave much the same as Google with respect to the aggregators.

Microsoft and other search engine operators are unhappy that they have been unable to compete successfully with Google. Google's enterprise naturally operates to eliminate the need for middlemen and the middlemen are unhappy that they receive less money for what most people no longer see as a useful service. As a group they have petitioned government authorities for relief that will draw money away from Google and deliver it to them. This activity is called "rent seeking". Whenever and wherever it is practiced successfully it operates to the detriment of the many in favor of the few, and it should be opposed and discouraged.

The petitioners should be told to go home and study harder if they want better results.

Home Depot ignored staff warnings of security fail laundry list

tom dial Silver badge

Did anyone else notice that the comments to the article may contain more actual information about the incident than either the Reg. or NYT articles?

On the other hand, is enough publicly known yet to make reasonable conclusions about who did what wrong, other, apparently, than the kind of slackness common in large organizations?

Google Apple grapple brings crypto cop block to Android

tom dial Silver badge

Re: Errm, Android has had on device encryption since 2012

OSX on a machine having a multi-core processor with cryptographic exensions, perhaps? That would not be very comparable to older ARM based devices.

TOR users become FBI's No.1 hacking target after legal power grab

tom dial Silver badge

Re: Damaged without authorization...

The quote ("used to the injury of ...") is from 18 USC 1030 (a)(1), and appears to cover retention or disclosure to unauthorized persons of information obtained by unauthorized access or access exceeding authorization.

The paragraph describes pretty completely what Edward Snowden is accused of and Bradley Manning was convicted of.

tom dial Silver badge

Re: Damaged without authorization...

The version of 18 U.S.C. § 1030(a)(5) available at http://www.law.cornell.edu/uscode/text/18/1030 reads, at the citation:

"(5)

(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss."

That sounds like (a) a cyberattack, and (b) what the FBI might do in executing a warrant.

Prof. Ghappour's article, linked at the end, is much more balanced and measured than either this article or any of the comments (as of 1830 UTC).

New Snowden leak: US and Brit spooks 'tap into German telco networks to map end devices'

tom dial Silver badge

An interesting paper indeed, and I suspect that NSA analysts both anticipated and read it. In large part, they appear to have extended and deepened the mapping, as might be expected of such an agency.

tom dial Silver badge

Re: With 20:20 hindsight ...

Actually, a moderately attentive and somewhat technically knowledgeable reader of James Bamford's "Body of Secrets", published in 2001 (not a typo), certainly ought to have been able to figure out the extent, although certainly not the details of NSA internet signals intelligence activities. And only the incurably dull even would consider it possible that the Russians and Chinese do not have similar, and similarly ambitious, programs.

The same goes for the notion of "trust that was built in the post cold-war period." The Five Eyes governments trust each other to a considerable extent, but certainly expect to spy on, and be spied upon by each other; France, Germany, and the other NATO countries are nearly in the same category, as, probably, are Israel, Japan, South Korea, and Taiwan, although the levels of "trust", and of spying, vary. In the end, "trust' between nations always is limited, conditional, and subject to continual review and verification. Spying, including signals intelligence collection and analysis in particular, are some of the ways this is done.

In fact, with more or less extensive signals intelligence activity by numerous governments, much of the world is nonetheless engaged in extensive and growing peaceful multilateral trade and information exchange. The Internet has been generally recognized as basically insecure for over twenty years; most people act as if they do not care, and somewhere between most and nearly all of the real damage to people has come in the form of fraud and other theft.

PLEASE STOP with the snooping requests, begs Google as gov data demands skyrocket

tom dial Silver badge

Re: In the USA, quote the Fourth Amendment then DEMAND a warrant first

There is somewhat more complexity to this than this post suggests. An example:

Khalid Shaikh Mohammed or Mohammed Atta would, in the lead up to the 9/11/2001 attack on the WTC and Pentagon, have been legal and quite reasonable targets for US intelligence collection and their emails could have been collected under FISA rules in effect both then and now. Several of the hijacking participants were legally present in the US various times before the attack; their email and other communications would not be allowed, either then or now, to be targeted under FiSA constraints. What about (hypothetical) email messages between them discussing the planning for that event?

As I understand it, such emails would be fair game, but the minimization rules require the US addressee's ID to be masked for any dissemination unless an appropriate court order is obtained. Some, and I include myself, think this is a reasonable compromise and much better than the alternative of discarding or foregoing collection of such messages because one of the addressees is a US person. And contrary claims notwithstanding, current law clearly allows collecting such communications.

Collection within the US probably requires a court order (not necessarily a warrant) for the collection activity; done outside the US, it would be subject to the laws of the country in which it is done, and might well be done illegally (but still could be legal under US law).

tom dial Silver badge

It often amazes and amuses me that people down vote simple and reasonably accurate statements of fact.

tom dial Silver badge

Re: Transparency

Stop and think about it. Suppose you, for some reason, should be acquainted with and exchange email with someone under investigation in connection with a criminal offense like offering a bribe to a public official. Suppose further that the district attorney obtains a warrant requring Google to produce the suspect's email communications. Suppose, finally, that after the investigation is completed in a month or so the DA declines to prosecute on the basis that no criminal offense actually occurred. Would you wish the details of that warrant to be made public? Irrespective of your wishes in the circumstances, does it serve a public purpose to publicize it, or does it serve the public better to discard and forget it?

Things are not always what they seem at first to be, and not all warrants (or subpoenas, NSLs or other official requests) lead to further government action.

tom dial Silver badge

The data Google presents on their web site covers from 2009 forward, and court orders for such data existed for decades before that.

There is nothing new here, and not all that much to see either. Unless Google is lying by several orders of magnitude the number of requests and accounts affected is a tiny fraction of the population of internet users (what they report is in the order of 1/1000 of 1%). US government requests (at all levels of government) in criminal matters have grown about 32% annually over the last four and a half years and and the number of affected accounts about 25% annually over the three years for which Google presents data. FISA requests over the last four years have not changed much, but the number of affected accounts increased by around 50% annually, to a total of under 16000 for the second half of 2013. NSL activity appears to have changed little over the period. Against that, the annual growth in internet users appears to be about 12%, but the usage (proxied by traffic) has been growing at about 40% annually and the rate appears to be increasing. This is not grossly inconsistent with the reported growth in demands for data production.

Google is a big company and generates a lot of income. They are unlikely to be seriously inconvenienced by the reported volume of government data requests, especially in view of the fact the US government, at least, offsets part of their cost and Prism, whatever else it does, facilitates execution of the FISA requests.

tom dial Silver badge

Re: Maybe if the spooks had to pay

They do have to pay the reasonable costs of satisfying the government's demands, and when it came out not all that long ago that they did so, Google and others were promptly accused of selling out theiir customers.

To a first approximation, that is what Prism is about.

Phishing miscreants THWART securo-sleuths with AES-256 crypto

tom dial Silver badge

Re: This clip is applicable to many articles...

Including that it links to, which requires Javascript.

iPhone 6: Advanced features? Pah! Nexus 4 had most of them in 2012

tom dial Silver badge

I may be overly cynical, but I do not believe Apple would have bothered with NFC and payment processing unless they had a plan for domination.

Net neutrality protestors slam the brakes on their OWN websites

tom dial Silver badge

Re: Get it right

To put it more plainly: the "last mile" ISPs are getting more than enough monthly rent to cover serious network infrastructure upgrades - if they choose. Those who do are likely to have moderately satisfied customers; the others, maybe not.

Europe's Google wrangle: PLEASE, DOMINANT Mr Schmidt? More?

tom dial Silver badge

On the other hand, if your site is not on the first page or so of Google's response list it is likely not on the first page of Bing, Yahoo, or Duck Duck Go either. Although all of these consistently are slightly inferior to Google in producing the result list I want, all are pretty good, and certainly good enough for most uses. Schmidt is correct at least for me: I want a response containing links to sites that answer my query, not a result link that has links to sites that might respond to my query.

It would be interesting to see results of a survey posing the question whether (a) others have an opinion similar to mine and (b) how many/what per cent of the population actually want to see such useless responses as foundem or nextag (also how many/what per cent actively ignore such sites, as I do, in search results).

Heavy VPN users are probably pirates, says BBC

tom dial Silver badge

Regret if this has been noted before, but it appears that "rampant pirate" activity consists of a bit under 2.8 million of 22 million Australians "access" Pirate Bay or Kickass Torrent. Some of them download something, some of them doubtless quite a few somethings; and some of those surely are copyright materials from unauthorized sources. Perhaps 10% of the population downloads *something* unlawfully; probably less than 1% do so regularly and in quantity; for much of it the alternative to the illegal download would not have been a legal purchase or viewing.

The BBC Worldwide submission also claims A$1.37 BILLION in revenue lost to "movie piracy", an amount on the order of 5 to 10 movie theater admission tickets for each Australian. This fanciful number was paid for by "AFACT", probably the Australian Federation Against Copyright Theft, and needs discounting by at least one and more likely two orders of magnitude before approaching reality. But as it stands, it is under 1/10% of the Australian GDP and so, effectively, economic noise. It is all but certain that any real infringement loss to purveyors of copyrighted material is proportionately much less than mall store inventory shrinkage or grocery store spoilage losses. They are making much of little trying to get the government to impose regulations that will benefit them very little.

The difficult

The Schmidt hits the clan: Google chief mauls publishers' 'abuse of dominance' claims

tom dial Silver badge

Re: "Antitrust" ... misused as regularly as "Antisemitism".

"I am surprised to see that there is still no real competition to that - anyone an idea why?"

Other than the obvious one that the competitors haven't a clue how to do it as well? After all, nobody is forced by anything but habit to "google" anything; they could as easily "bing" it or "yahoo!" it, but those who try it usually will have found that the result, although often close, generally fail to be either equal or superior to those Google returns.

The complainants are mostly would be competitors who want Google hobbled so they can succeed where their own efforts are deficient to what the web users want. The remainder are poor souls who envy success that is not theirs.

FCC boss Wheeler: Lack of broadband choice is screwing Americans

tom dial Silver badge

Close scrutiny is warranted of municipal governments that have sold monopolies. In the Cleveland, OH suburb where I formerly lived the beneficiary was Cox Communications, which held a cable and high speed internet monopoly until at&t began to offer it a few years ago. I gave it a 30 day trial and found it usually failed to meet, and never exceeded the 18 mbit advertised rate. I reverted to Cox and transferred the telephone service as well. Cox almost always equaled or exceeded the 20 mbit service I contracted for; the usual rate when I measured it generally was around 30 mbit. They also repaired the gratuitous damage the at&t installer did by cutting the coax, some of it my owned premises equipment, in several places. Several of my neighbors had similar experiences and switched back to Cox after an at&t trial. Competition, alone, is not necessarily enough. My current Salt Lake City suburb has only Comcast, which although a bit less reliable than I would like, consistently meets the 35 mbit contract rate. The "competitor" presently offers a choice of 1.5 or 5 mbit.

Another factor is that it is not cheap extend service to a large area/number of potential customers, so competitors have to front a lot of money before they can begin to erode an established customer base.

Wheeler points out a real problem, but I doubt he has the authority to cancel local monopolies or the money to replicate existing high capacity infrastructure. It is not clear that local or national government funding or operation of this type of service is a good idea given that such expenditures all too often lead to at least the appearance of impropriety.

Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather

tom dial Silver badge

Re: It's up to us

Upvoted with reservation: It is fairly clear that, at least at present, most citizens in English speaking and NATO countries, including India, have little reason to fear targeting by their governments. They almost certainly run a larger risk, at least in the US, that a criminal beneficiary of POS skimming will empty their bank account or run up credit charges that may cost them money and certainly will be a major irritation. And that would be true even if all the signals intelligence agencies were shuttered. The case for encrypting internet traffic and securing the network infrastructure is entirely independent of any government actions.

The moral panic over government signals surveillance that has not been shown to have been misused to a significant degree has overshadowed concern for the larger real risk from criminal activity and the risk from the overbearing laws that governments can bring to bear with or without the general surveillance.

tom dial Silver badge

Re: or... this is why

Anarchy has not been seen to work well, or for long, in "societies" with more than a few dozen people.

tom dial Silver badge

Re: If all you do is sit on the couch at night.

The Queensland VLAD act sounds much like the US Racketeer Influenced and Corrupt Organizations law which, similarly, was enacted with the best of intentions and has induced police and prosecutors to engage in a wide variety of mischief. Widespread surveillance surely makes the authorities' jobs easier, but the persistent focus on it diverts attention from the larger problem that there are all too many laws, like RICO, VLAD, and the (US) Computer Fraud and Abuse Act that give those authorities the power to pursue matters that might better be left to the civil courts (e. g., copyright infringement) or are criminal acts without help of additional, more abstract, laws (e. g., murder or embezzlement). Pruning laws like RICO, CFAA, and maybe VLAD could go far toward mitigating the risks of general surveillance, which is to a degree an obligation of governments.

tom dial Silver badge

Re: @dan1980

The event referenced, of course, has nothing at all to do with any kind of surveillance. The point?

Ice cream headache as black hat hacks sack Dairy Queen

tom dial Silver badge

Re: Are you talking to me?

From the us-cert.gov posting it is obvious that the vulnerable POSs all run some variant of Windows. However, that probably is merely a reflection of the target environment, and the root fault appears (from the article) to be deployment failures : remote access (strike 1), weak credentials (strike 2), and credential reuse (strike 3).

Someone (individuals in the case of debit cards and largely banks in the case of credit cards) is eating the cost of these depressingly repetitive events and the civil courts would seem a reasonable agent for reassigning them to the responsible parties.

Big content seeks specialist court for copyright cases

tom dial Silver badge

We in the US have seen how well specialized courts work out, in the form of the Court of Appeals for the Federal District (specializing in patent issues).

NIST to sysadmins: clean up your SSH mess

tom dial Silver badge

Is the SSH version 1 protocol still allowed anywhere? My recollection is that it has been deprecated for ten or more years, and when I left the US DoD several years ago their systems had been required for at least five years to be configured to use only protocol 2.

The article appear to address mainly sloppy administration practices that tools like SSH make easier. Monkeying with SSH will not cure that, and it is not clear that some of the matters complained of are properly the job of SSH at all.

EU justice chief blasts Google on 'right to be forgotten'

tom dial Silver badge

Re: Forgotten?

Really.

If your prospective employer pays any attention whatever to your teenage error, would you want to work for him? Is a 20 year old bankruptcy likely to have any effect on your multi-million pound company? It seems more like a recommendation than something to worry about (unless your company is paying dividends from the capital put in by new investors, in which case the earlier bankruptcy might be quite relevant).

Should Yahoogle be the judge? I do not think so. It would be better if each removal were reviewed and based on a judgment by a competent court.

Germany 'accidentally' snooped on John Kerry and Hillary Clinton

tom dial Silver badge

Re: James 51

Need to find a replacement word for sh..le.

Time to ditch HTTP – govt malware injection kit thrust into spotlight

tom dial Silver badge

I wonder ...

... how many people/websites actually need or benefit from the kind of security being discussed here. The articles on the Register or similar sites are fairly public information that I do not think is likely to implicate me in anything interesting to spy agencies. Comments I post are meant to be read by anyone who cares to and I try to edit them accordingly, mainly to attempt clarity and avoid being offensive. I expect that is true for most of those who read and post on this site. I never have changed comments to avoid the interest of any government agency, although I do not name the one that employed me and avoid describing in detail their information assurance procedures, but anyone seriously interested probably could find out with moderate difficulty at most.

Account creation over HTTP is a bit offputting, but I knew that going in and provided a password that I do not use for anything associated with data I wish to keep private. I sort of hope it is salted and hashed, and that TheRegister takes reasonable precautions to secure it and the associated account data, but there isn't any correct information there that I care much about keeping private.

HTTPS certainly is warranted for more important things like online purchasing or bank access. For the most important ones I really would prefer that the identification and authentication in both directions be based on something like hand-to-hand direct exchange of public keys to automated acceptance of certificates signed by one of dozens of CAs about which I know, in most cases, next to nothing.

tom dial Silver badge

Re: SSL is a good thing

"Browsers pop up really alarming warnings" might not be an entirely bad thing. In that case I have an explicit choice whether to accept the risk of connecting rather than the implicit and sometimes incorrect acceptance that goes with trusting the certs distributed with the browser. I still have some security from the encrypted link, and can't see that risk associated with accepting a private cert differs much from that of trusting the browser and the largely unknown CAs that signed certs for anyone who paid them money.

SpiderOak says you'll know it's secure because a little bird told you

tom dial Silver badge

Assuming that SpiderOak is what it claims, it seems doubtful that they are likely to be bothered by many warrants, national security letters, or subpoenas unless the cryptography they use is broken. Their customers, however, will be subject to pretty much the same range of intrusions as they are now.

Govt control? Hah! It's IMPOSSIBLE to have a successful command economy

tom dial Silver badge

Re: "Mega Corp" proves command and control can work!

For many years, General Motors operated an internal market economy, and were highly successful and very profitable. Different divisions competed with each other as well as the likes of Ford and Chrysler, and individual plants were competitors with other plants within their division to supply designs and components. Those less successful in winning bids for supply contracts made lower profits (or losses) and might need to shrink, while the more successful ones were more profitable and would grow. This might have declined or been abandoned in the '70s or beyond, as the major divisions came, for efficiency, to rely on more uniformity and common designs and parts, Detroit management laid a heavier hand on overall control, and the different brands became largely indistinguishable except by ornamentation and finish details. That may have contributed to the decline and near extinction of the corporation.

Password manager LastPass goes titsup: Users locked out

tom dial Silver badge

Re: Who trusts a third party with their authentication?

KeePassX with the database on a USB key. I trust myself more than I trust the unknown provider of a remote service.

Amazon smacks back at Hachette in e-book pricing battle: We're doing it for the readers

tom dial Silver badge

Re: El Reg is Pro-Amazon sympathiser?

The full Orwell quote:

"The Penguin Books are splendid value for sixpence, so splendid that if the other publishers had any sense they would combine against them and suppress them. It is, of course, a great mistake to imagine that cheap books are good for the book trade. Actually it is just the other way around. If you have, for instance, five shillings to spend and the normal price of a book is half-a-crown, you are quite likely to spend your whole five shillings on two books. But if books are sixpence each you are not going to buy ten of them, because you don’t want as many as ten; your saturation-point will have been reached long before that. Probably you will buy three sixpenny books and spend the rest of your five shillings on seats at the ‘movies’. Hence the cheaper the books become, the less money is spent on books. This is an advantage from the reader’s point of view and doesn’t hurt trade as a whole, but for the publisher, the compositor, the author and the bookseller it is a disaster."

It is clear that many digital books are worth less than paper ones in that instead of purchasing an object outright, with an unrestricted right to use and transfer it you are buying a sometimes seriously restricted license. They should be priced lower. With that limitation, Amazon's proposal clearly would benefit *book purchasers.

Amazon claims empirical evidence that their proposal is likely to increase the revenue to publishers and authors, but they might be wrong or warping the truth for their benefit. If they are correct, though, it also could benefit publishers and authors as well.

The publishers' argument has the appearance of an attempt to justify and continue a possibly obsolescent business model, where in the future "books" may be produced by web-mediated groups of independent authors, editors, compositors, and printers; and publishers, as coordinators of the overall process (and skimmers of some of the revenue) are consigned a much less central (and profitable) role than they now have.

As another poster noted, nothing major stands in the way of Hachette or other publishers engaging in online sales of books on their lists in competition with Amazon, although start up costs could be significant and Amazon's market position would be a challenge. Those who did so likely would accrue a larger part of the total revenue and would be able to use part of it to improve the lot of the authors. If they so chose.

DIME for your TOP SECRET thoughts? Son of Snowden's crypto-chatter client here soon

tom dial Silver badge

Questions

Is the proposed service demonstrably superior to PGP (with the actual subject embedded in the message body) in either security or usability? Do any points of superiority matter a great deal?

Does the apparently greater complexity (e. g., to PGP) enlarge the attack surface and possibly lead to additional vulnerabilities?

Is it safe from local system compromises by hardware or software implants?

Can it be used to transmit malware?

Crypto Daddy Phil Zimmerman says surveillance society is DOOMED

tom dial Silver badge

As much as I respect Phil Zimmerman, I think he is largely mistaken. For quite a few years I have urged nearly everyone I know who is even marginally computer literate to use PGP or OpenPGP to secure email, with exactly one success, who already was set for, and using, one of these product.

Although this sample is not at all random and the results of analysis unsuitable for making long term projectios, it nonetheless suggests that people are not very interested. Whatever the reason, it appears likely that a great many people are comfortable with the same degree of privacy they would get by sending a post card through the mail. I do not really expect that encryption of voice mail to have enough uptake to limit the signals intelligence agencies. Those who have reasons to use encryption, or a desire for the privacy that encryption can provide probably are using it already, and I rather doubt that preaching to the faithful at Black Hat will change that much.