I'm a peaceful person, but this issue has been simmering in my head for years, and I find myself actually looking forward to some kind of meaningful conflict. I'm sick, sick, sick to death of the president issuing denials while they keep building more and more infrastructure against humanity. I think the article is right, that it'll get worse from here, and in a way, I'm glad.
"Looking forward to conflict" comment auto-logged, reference #391Z328. Report to the proper authorities within 24 hours for interrogation. You've been auto-added to the no-fly list.
That's likely what will happen from here, because only a small percentage of American voters care about this issue.
"He found he was unable to print out a boarding pass […] when he approached ticket agents, they were blocked from producing a boarding pass for him without first calling a Secure Flight number at the Department of Homeland Security. […] ticket agents told him he was on a federal watchlist."
Don't mind the petition though, last I heard was that his family was getting him out of jail with him not being indicted for anything. The authorities seemed to get a good amount of public pressure.
Last time people were looking forward to a meaningful conflict, it plunged the whole world into 4 years of war, followed by another 7. Be careful what you wish for.
We need a peaceful solution for this. Vote these people away. Replace them by better people. Educate those who think they have nothing to hide.
The scary thing is this: these people were already voted away. People voted for Obama when he promised the end of warrantless wiretapping, the closing down of Guantanamo, etc. Why should voters believe the next guy who promises these things? It feels hopeless.
Welcome to democracy (or rather the facade)! Does the US president actually have that much individual power anyway? I wish it was more like the film Dave, inasmuch as that the president on his first day questions all the wrongs, and suggests to put them all right!
People love a figurehead to moan and blame, but it's not ever as simple as that. I'm not making excuses for Obama, but he's also up against the establishment.
The weird thing is, I'd read about Prism a few weeks back, and like others have just been under the assumption that my electronic data isn't secure. That's not to say I'm happy about it. If the NSA wasn't doing it, then someone else would be. I know that's a pretty crappy line, but it's the normal diatribe for the advocation of defence policies.
I'm totally disillusioned with British politics, so have the same sinking feeling, along with others to the point of apathy - which is really quite sad. I think the expression is 'don't let the bastards grind you down', I feel ground down. Our current government is a sad mishmash of nearly theres, and we haven't even got a viable opposition at the moment. Good times. That along with media lies, and the average Joe paying the price for corporate crimes - is all pretty shitty.
The worst thing about all of this, is that you end up questioning whether this is legitimate or not, is the US just bigging up their capabilities - is this all just disinfo?
Either way, the hot pot of data that a silo like Facebook has, is just gagging to get into the hands of the wrong doers, and that's probably a tough force to be reckoned with.
"I'm not making excuses for Obama, but he's also up against the establishment."
Obama's not 'up against' the establishment. He is the establishment. After everything he's done, how on earth are people still ascribing good intentions to this guy?
No, he is one small part of the establishment that will be gone in < 4 years. There are senators who have been there decades, there are senior management at government agencies who have been there decades. The president isn't powerless but he is very temporary and fighting against large entrenched organizations. Consider how hard it would be to be the CEO of Microsoft or IBM if everyone under you knew you were going to be in charge for at most 8 years.
Focusing on the president (small p, for the actual person) is the wrong conversation. The debate should focus on the President and the role and scope of the Executive. That requires more than educating the average voting citizen. It requires a public discussion of the moral and ethical pitfalls of a powerful Executive in context of world history. Even then, it misses the bulk of the issue. The masses elect and re-elect a legislature with <15% approval rating.
If you look at the 2012 presidential debate topics, it is mostly devoid of any real substantive insights into the candidates world view or ethics. This leaves the citizens to deduce disparate idealized versions of the candidate based on mostly trivial or momentary current event topics. Combined with the two party system, you get a citizenry with black and white goggles. The average person never has to think philosophically about how elected officials might steer the moral and ethical direction of the country.
He still could have chosen to use the bully pulpit to try to improve the situation. Instead he chose to maintain the status quo, specifically breaking a campaign promise. Worse, having been called out on it, he now whines, "But Congress said it was OK" as if that were some kind of justification. It's true that Obama doesn't have the power to singlehandedly change the situation. But he does have more influence than any other individual.
You make it seem as if keeping promises and good intentions are the same thing. How many lives is a promise worth?
I'd much rather have a politician that bas his plans on the latest known evidence, rather than blindly adhering to promises made. This isn't to suggest that this is what happened here, but frankly, it's too early to tell. Information is still being spilled day by day.
And for many of this, it isn't news. It's stuff we've known was going on for a long time. But shit, some whistleblower comes out and everyone suddenly becomes all for privacy, forgetting that countless times scaremongers and conspiracy theorists were shouted down.
This is what the American people voted for many times, not just in the presidential elections. And it didn't start with Obama.
So, until you can answer "How many lives is a promise worth?" you're simply playing arm chair politics. It's easy to get indignant and out of sorts when you don't have any responsibility.
That's not what I was getting at. I was suggesting that pointing the finger of blame at one person, and placing the onus on them - and asking them to resign is a little shortsighted. Expecting the problem to just vanish is merely wishful thinking.
Is he or is he not the establishment, that's probably another debate in itself.
I'm over the pond here, so I can't quite grok the American reaction to the recent news over this Prism stuff. I'd expect the Hacker news community to be pissed, but what's the general feeling over there?
There are all kinds of intellectual arguments against the "I have nothing to hide" excuse, but the argument itself is emotional - "I am a good person, bad things do not happen to good people."
We need examples, emotional heart-string tugging examples of good people who had something to hide and suffered because it was exposed. I don't have any off the top of my head, but perhaps someone has already realized this and started collecting them somewhere on the web?
One nice point raised in that article is the feeling of encroachment on personal space.
Going somewhat OT, sorry no concrete examples for you...
Like other's have said the thought that you are being watched is like being in a panopticon, or having God looking over your shoulder. Which might of course curb some people from doing wrong, but could stifle exploration and expression of our multiple personas on the web.
Some laws are easy to get on board with, others are not. You could kill your career with something like the exposure of drug taking.
There's the possibility of smear campaigns (if the data falls into the wrong hands). Did anyone hear about the news of the world police bribing scandal in the UK?
You might loose your job, if you are found to have certain political or organisational leanings.
You could find yourself the target of ethnic cleansing.
Those that have nothing to hide, probably feel right now that they are on the right side of the law. Perhaps you could identify 'criminals' by asking for a show of hands for those that 'have nothing to hide', and lock up the rest.
We all have a few skeletons in our closet, it might be nice to get these out there and seek repentence, but sadly some people are just not so tolerant, forgiving, or able to not pass judgment. And sometimes it's best to just bury these things.
what was the excuse for voting for him again in 2012?
really I fail to understand people here, One day they bitch about invasion of privacy the next day they want the same people to have every bit of control over their health care. Well guess what, you cannot have it both ways.
Granted he had help from a major government agency interfering with groups opposed to his reelection from gathering funds. So perhaps you didn't have a choice in who won.
> One day they bitch about invasion of privacy the next day they want the same people to have every bit of control over their health care. Well guess what, you cannot have it both ways.
This is just as flawed as the arguments that giving the government access to your email is no big deal because you gave access to Google, and they're a massive organization too, right?
I have no problem with Medicare having access to the health records of every American. Single-payer healthcare is a great system. This is completely tangential to giving the NSA/FBI similar access to information.
Comparatively speaking, it might actually be more difficult for the NSA to get unwarranted access to government medical records, since we have extensive laws on the books protecting such data. Your argument is an absolute red herring.
Not sure why you're getting the downvote. This is obviously true.
It's also important to consider not just the size of the organization, but the nature and extent of its powers. For instance, Google - no matter how big - cannot arrest you, try you, convict you, or imprison you. Your health insurer isn't going to send the Marines to attack another nation, no matter how many doctors they have in their network. I could go on, but the point should be clear: military and law enforcement have a unique - and uniquely dangerous - set of powers. Accordingly, they operate under structures for accountability unlike those that exist anywhere else. The extraordinary trust they're given in some areas is balanced by a distinctly high and formalized level of distrust in others (e.g. actions that are subject to prior judicial review and approval).
So contrary to what you insist, we can give some powers to some organizations, withhold the same power from others. And we can base those organization's ability exist and operate legally on the degree to which they respect and abide by these divisions, and the rule of law.
When it turns out that (a) they don't and (b) we can't respond to these violations, it's a signal that the most basic arrangement keeping our society viable is coming undone. That's a problem that needs to be solves. But thanks to the principle of divided power, it doesn't mean we have to give up intelligent arrangements for sending email or handling health care data in order to keep the police and military in line.
> what was the excuse for voting for him again in 2012?
It probably depends on which person you're talking about and how they decide to allocate votes: some people vote to signal some measure of approval of a candidate, some people vote to send one kind of message or another, some people just vote to select one of the available candidates.
> One day they bitch about invasion of privacy the next day they want the same people to have every bit of control over their health care.
I don't know what your level of familiarity with the various threats to civil liberties is, but after reading this, one could be forgiven for thinking that you don't know very much about the recent health care legislation if your working summary is that it provides for the government to have "every bit of control" over each individual's health care.
Sr. got an airport named after him? Reminds me when they renamed National to Reagan National. I thought Nixon National would be catchier if the bar's that low.
The time voting would help was gone years and years ago. If you want to make peaceful change now you're going to need to get involved in politics directly (e.g. "The pirate party" but don't call your party that in the US. In fact, I'd call them "democrats" or "republicans", which ever is more popular). Until enough of us do this, things will just continue to get worse. There is no politician out there who truly has your interests at heart. Even if there is, they're alone (e.g. Ron Paul and I don't even agree with the majority of his platform).
I'd say that culture is a much more powerful agent of change than traditional political work
could ever be.
Politicians can act as scribes and put down into legislation a part of the cultural ethos,
but they don't do much in the way of inspiring that ethos in the first place.
Practice what you preach, call bullshit by its' name.
I don't know about you, but I remember a time where calling your representative could affect change. In the last ~10 years politicians have shown that they no longer care. Studies in Canada and various places have shown that simply advertising changes enough people's behavior to be effective. So now politicians feel ok simply ignoring their constituent so long as they get enough advertising money to secure a win. Culture of the "plebs" is irrelevant to the 1% so long as the plebs aren't armed with a mind to do something with those arms.
If you want to change the system at this state the only option is to be the system.
But the system is not the government. It is an emergent system created by the interaction of people. You don't have to accept the government as the primary authority that determines how you live your life. If enough people do that the culture changes and so will the "system".
I mean look at how inefficient governments are… Have you ever seen one make a solid economic plus? Those archaic structures are pretty much already crumbling.
I hope and think that the kind of shit these systems are doing right now are just the death throes of an obsolete institution desperately trying not to fade into irrelevance.
That make a huge assumption, that you can work within the constraints of the Institution and not become institutionalised in the process.
The reason that governments (I'm in the UK) keep on doing this is that by its nature institutions will naturally gravitate towards this kind of behaviour, so it becomes self reinforcing.
Is it enough to just vote? Possibly not. Those peers of yours, the people you grew up with, one day they might be in Government, but don't expect them to be different from the last lot.
We need more radical action to re-establish a new relationship between a government and its people; What we have now works in many ways, but clearly it has its limits that need to be addressed.
I didn't mean to make it sound as if I want violence. I hate violence. But they've been lying and building weird information weapons for years. We need something other than that to start happening soon.
> Sadly those votes don't mean a thing when there's lobbyists involved.
I honestly think this might be the most important insight in the modern political landscape -- though I think it's incompletely expressed in the language on display here.
The central truth is that voting on its own is a pretty limited form of civic interaction, and as long as it's the only one, officials and citizens will tend to be pretty isolated from one another.
Lobbyists close the loop. Of course, as long as that means hired lobbying, it only closes the loop for people who can afford to hire people to lobby for them.
The question I think this analysis brings up is whether we have too many lobbyists or too few.
It's the American obsession with the apocalypse. Conflict is "fun" and "cool" and gives people a way to amplify their voice disproportionately. Blow up a government building and you'll get more attention than someone who works peacefully a whole lifetime.
It's not a modern or uniquely American concept. Consider the story of the prodigal son, for example. The wayward son received all the attention, even if the faithful son had a bigger inheritance left in the end.
You aren't alone. People are organizing protests and preparing letterheads, as they should be, but it all feels just as ineffective as the last time. The ugly truth, as many people know, is that these complaints/protests are built-in to the infrastructure, they're expected and they disrupt absolutely nothing.
At least in Germany a lot of people have become disillusioned by the (german) Pirate Party.
They seem to have degraded into a mix of ridiculous infighting and traditional political party stuff.
I'd much rather see them to push for just one topic: Getting direct democracy.
Right now they are just dispersing all the resources they have (in mind and matter) towards hundreds if not thousands of different topics and don't look like an efficient agent of change at all.
> At least in Germany a lot of people have become disillusioned by the (german) Pirate Party.
In termss of the Hype Cycle (http://en.wikipedia.org/wiki/Hype_cycle), they've passed the peak of inflated expectations and are now in the trough of dissillusionment. This state will not last forever.
> They seem to have degraded into a mix of ridiculous infighting and traditional political party stuff.
They grew too quickly. Digital rights issues aren't going away, and nor are the Pirates.
> I'd much rather see them to push for just one topic: Getting direct democracy.
No, they need a full range of policies if they are to get people to vote for them. Otherwise, people will say "I agree with you on X, but other policies are more important to me, so I won't be voting for you."
> Right now they are just dispersing all the resources they have (in mind and matter) towards hundreds if not thousands of different topics
No, they need a full range of policies if they are to get people to vote for them. Otherwise, people will say "I agree with you on X, but other policies are more important to me, so I won't
be voting for you."
It just seems like an insane amount of brain cycles. Having just one clear goal would make it much easier for anyone to understand - in it's entirety - what the PP is standing for and also streamline resources towards that goal which would probably make it much more efficient in reaching said goal.
As for a complete political programme, can't they just have a team that puts all the decisions that are decided upon in political institutions where pirates are involved into a liquid feedback system where everyone can vote on it? That way the PP could already act as a small direct democracy.
Yeah, unfortunately. I think the PP proved that there is potential and support for real change; I think they basically got elected on the platform of not being like all those other suits, and I enjoy(ed) that. But of course, that alone is not enough.
I honestly am far more fearful of what a revolution in the modern USA would look like.
The "Good Guys" have no assurances of being on the winning side. Who says we don't end up with a fascist dictatorship or, more realistically, a theocracy?
Revolution is one violent gang fighting another violent gang, producing a new boss that's same as the old boss. Instead, seriously consider ways of living and behaving which minimize your contact with and support for all gangs.
By "gang", I mean any organized group of people which systematically initiates force against others, or coerces them with the credible threat of force.
What "anarchist"? Nobody I even know is an anarchist.
You're a minarcho-proprietarian who considers government to be a gang. Yeah, that's actually worse than an anarchist. At least anarchists don't pretend they're not radicals.
I define a "gang" as any organized group of people which systematically initiates force against others, or coerces them with the credible threat of force. A gang violates my core moral principle, which is that relations among people should be by mutual consent, or not at all.
That I understand. Big chewy bloated terms like "minarcho anarcho radical yadda yadda" mean nothing to me.
I prefer peace as well, but this needs to get physical for it to get real.
Hacker News, The Guardian, The Atlantic, Medium, etc. will never overpower CNN, NBC, et al.
TPTB have a lock on the media. Do you recall how they ignored Ron Paul's early victories in the 2012 election? It doesn't matter that he ACTUALLY had a chance early on, because the mainstream media never let it be.
Peaceful negotiation cannot take place because the ruling political class is in denial. Meaningful education cannot take place because of a media controlled by TPTB. Not even virality can help either, because virality is fleeting, and eventually the media reverts back to its stupid self.
There needs to be something REAL to really move forward. Something physical, lasting, emotional. Something like OWS (mostly peaceful but widespread) combined with the Arab Spring (not peaceful but very emotional).
Shit needs to go down, basically, or the majority will never get awoken out of its stupor.
For me, this incident is an example where the U.S. democracy failed, pure and simple. Obama made campaign promises to not do surveillance. He was elected and then did it anyway. It's frankly impossible now to change this issue in a democratic fashion.
From the outside it often looks as if American politicians are overly busy with a very expensive "game", rather than using the game for the greater good.
This problem is systemic. It has little to do with Obama or Clinton or X, Y, Z individual. Individuals are irrelevant here. What you have is a runaway state.
For better or for worse, Obama is a good symbol for the problem though in that his entire campaign was based on hope and change, only to prove that such change isn't actually possible in a couple of election cycles, if at all.
If that were his intention, he'd have to make sure to never say or write that during his campaign possibly. Yup. And I'd guess there are probably people working on deciphering true intention from merely campaign promises. Welcome to our new world. If not now, then someday... unless the good of humanity prevails in coming years and we change our course.
False dichotomy. The problem is not Democracy vs every other non-democratic system, it's in the implementation details of the current versions. We just need to refactor Democracy Version 1.0. Far from a rewrite.
And where do we begin? Upholding campaign promises, that's where. They must be watertight like contracts where the voters can sue.
There has to be some way for campaigning politicians to make non-watertight promises too. (For almost any promise you might make, there will be some circumstances in which breaking it would be the right thing.)
Given the option of making truly watertight promises and making ones with escape clauses, most politicians most of the time will make the ones that they can get out of.
So then who will make the most impressive-sounding "watertight" promises? Candidates who know they'll never actually get into power. Candidates who expect to be able to weasel out of those allegedly watertight promises somehow. (They probably will.)
This doesn't sound to me like an improvement. Am I being too cynical? Is there some way to have watertight campaign promises without these problems?
You'd have no more campaign promises. And truth be told, what you suggest is dangerous. In fact, it would create a situation worse than the one we have now.
I'd rather our politicians tell us what they want to do. Then, when they are in power, and have the means to do those things, balance it with the knowledge they've gathered from having access to all that power.
Maybe the issue is that politicians too easily make promises they cannot make. Maybe it's our problem for demanding politicians keep promises despite new information.
I'd rather our politicians tell us what they want to do. Then, when they are in power, and have the means to do those things, balance it with the knowledge they've gathered from having access to all that power.
What prevents them from sharing that knowledge, so the people who voted for them actually believe them when they say they had good reason for breaking campaign promises? Why is it always nebulous non-information like "there are threats" instead of "we are now tracking XX organizations with Y and Z capabilities and intentions, with exhibits A, B, and C proving this fact"?
If they're going to manipulate us into voting for them, I'd like them to be held accountable differently for things they told us they "intend to do" compared to things they told us they "promised to do".
Well, there is a problem with that. In searching for a "Promise" quote, I kept seeing this:
"Under an Obama presidency, Americans will be able to leave behind the era of George W. Bush, Dick Cheney and "wiretaps without warrants,"
No mention of a promise. On top of that, warrants were issued. You can argue the merits of the warrants themselves, but it wasn't warrantless.
Now, if I missed a quote, please share. =) But, going by what little research I did, he never used the word promise, and did make sure to have warrants.
That what he did and what we wanted him to do diverged is surely an issue. But we aren't anywhere better.
I don't like any of this, but I also don't think it's as black and white as some make it out. How do you balance what you want to do with what is best for the country? Do you sacrifice your own honor to save lives? Maybe he didn't save any lives. But maybe he came into a situation where the intelligence community told him if he shut down the program like he'd intended, it would cost X dollars and cost Y years of intelligence gathering and putting us behind.
I'm not prepared to pass judgement. I don't like it, but I don't think we know the whole story yet.
> He was elected and then did it anyway. It's frankly impossible now to change this issue in a democratic fashion.
And this is an intentional feature of the system. It's in the Constitution. That's what term lengths are for. The American people never understood how to hold enough power to keep the governmental branches in check. They're too busy feeling self-righteously indignant to actually keep ahold of any power.
While I have my quibbles with the American Constitution, I do understand that politicians in a representative democracy are not bound to the will of their voters.
I still object in this instance because promises were broken, and in a significant, yet to be determined, portion of the population the spirit of the constitution was broken as well.
> I still object in this instance because promises were broken,
The fact that we ever even anticipate that a promises involving specific things ought to be made is a mistake in our civic education. It is a goddamned stupid expectation to have of elected officials. They give an oath. That oath defines their job.
Campaign promises should never be made, but no one significant can be elected without them. We ask them to lie and then are shocked when they do.
> and in a significant, yet to be determined, portion of the population the spirit of the constitution was broken as well.
But democracy, as an institution, is built to anticipate such failures. That's why there are impeachment procedures. That's why there are checks and balances. That's why there is civil disobedience. You can't call this a failure of democracy until those break down as well. (And, I concede, they probably will.)
Initial trust is always free. Candidates all compete for this initial implicitly transacted form of confidence. Then the electing public play the wait & see game. If the incumbent reneges on the promise, trust is understood to be broken, they vote someone else or soon enough become cynical of the entire system.
This system is bullshit. Promises made without accountability is the problem.
I think campaign promises should be made, but they should be made clearly with details of outcomes, timelines and plan Bs. Candidates can then compete on those detailed manifestos.
Of course it is. It's bullshit because you have no responsibility in it. You've abdicated your democratic capabilities by saying, "Promise me the world, and I'll wait and watch to see if you give it to me."
You're just a face in the audience. Why would anyone give a shit about being accountable to you?
> From the outside it often looks as if American politicians are overly busy with a very expensive "game", rather than using the game for the greater good.
This is because the players (Booz Allen, Lockheed, etc) are major campaign donors with huge lobbies). I don't like the corruption of politicians, but I like to believe that if money and lobbying were not involved, Obama (and most of Congress) would do a fine job of looking out for the best interest of Americans.
The real question is whether he is unable or unwilling to do what he promised. If the latter, he's just another disappointing politician. If the former, the US is in real trouble.
Who says it is a choice between two people? You may not have noticed, but there are more than two parties in this country.
How about all the Democrat and Republican voters who talk about choosing the lesser of two evils get over it and vote for third parties whose views they agree with? Stop being cowards and worrying about the "other side."
If anything, we will at least force the major parties to work harder to keep their power.
Winner-take-all voting systems naturally tend to produce a two-party system. There's an aversion to vote third party due to the problem of throwing your vote away. So, before you can have viable third parties in this country, you have to revamp the voting system to something like instant runoff.
We have a Parliamentary system with six parties with at least one seat. For the most part, I'd say it barely has any effect, except maybe on some important social issues (same-sex marriage and drug use decriminalization), but which could have passed without them.
The problem is that the two major parties coalesce the broad ideology-less voters, and while the others have a solid core of supporters, they can never really get a meaningful number to really force change.
I mean, even during one of our worst economical crisis, with unemployment and poverty hitting record highs, the polls barely show any increase for the other parties.
I don't believe his opponents where a lot better. As long as they didn't get president, it's easy to say they have more morals and spine, but they were sure squawking opinions I didn't like.
Here's my view. I recently wrote an article on my blog (http://ledgersmbdev.blogspot.com/2013/06/tangent-design-thou...) which was on the front page of HN for a while. I want to summarize both my thoughts again and things that have occurred to me after writing it.
All of our existing key interchange systems are amazingly brittle. With X509, there's no reason to assume the NSA couldn't order verisign to produce a certificate for any given individual or site which they could then use to orchestrate a MITM attack. Purely synchronic protections (i.e. focused exclusively at the moment of exchange) are obsolete in my view. Similarly purely diachronic protections have problems too, and often aren't well implemented. Suppose you need to rotate ssh host keys. This becomes a problem. I think we need something a lot better.
Regarding PGP, the question is what they can break. Could they get a court order to force MIT to help them present that your key on their directory is visible to you but their key is visible to everyone else (allowing them to step in between and conduct another MITM attack of another variety?
Even if you add endorsements (web of trust model), how easily can that be attacked? It might be harder but not that much harder.
So my thinking is this. Start with a standard PKI model and extend it to require evidence of continuity. The assumptions required to do this are:
1. No external authority issues private keys, and
2. You must retain and continue to use an old private key for an unspecified transition period (possibly spanning several keys). This shows a chain of issuance, and evidence that the same entity controls the same internally issued private keys over time.
So suppose you define a transition period of 2 years and a key rotation period of one year. This means that anyone you have been in communication with over the last three years will be able to check that the continuity of key possession has not changed, and three keys would have to be compromised to force a certificate believably (two of those keys can be stored somewhere else and only used for the certificate resigning process) If a MITM attack starts, anyone who has been in contact in that period knows instantly that something is wrong. Newcomers get alerted when the MITM attack stops.
I would recommend looking into what we can do to implement a system like that. I am thinking of trying to write it up as an RFC and submit it to the various bodies.
Put a better interface on GPG to make managing web-of-trust not a nightmare. The infrastructure has existed for a long time, but using it is amazingly unfriendly.
It gets more interesting when you consider a model like off-the-record encryption, where the goal isn't encryption and verification but deniability. OTR has the great property of ensuring that any time you manage to decrypt or intercept a message, you've also received all the information necessary to forge that message. Identifying keys are transient so you can never really prove any individual, sent any message since if you hold a copy of the message you could just as easily have faked the message.
I wish there was a site to connect open-source projects who need better UIs with the designers over at Dribbble. On Dribbble you see a lot of UI concepts that never come to fruition. What if we could convince some of them to help build a better PGP UI? After all, real world applications look much better on a resume than concepts.
We've tried to write a streamlined UI for GPG keysigning parties in university. The CLI of gpg was absolutely hostile. Fatal errors would still have 0 as the exit code etc... :(
As a designer, throughout this entire scandal I've been wishing for the same thing. I assume there are projects out there that I can contribute design thinking to, but I honestly don't know which ones need it or would welcome it.
Putting a better UX or UI has been considered for PGP/GPG a very long time, and if you really reflect on that topic, you'll learn that a fancy interface or UX won't solve anything.
Foolproof software is operated by fools. Facebook has only proven that to an extent that you simply can't deny it anymore.
If fools use PGP/GPG, they will compromise you by putting the message in the subject and encrypting their disclaimer/footer.
OTR uses, iirc, AES and DH-kex, that are the same basic building blocks like RSA and AES or any other symmetric cipher you like to use for PGP/GPG/SSL. OTR adds deniability which is fancy for privacy but won't do for other scenarios (like business, money, profit), it works fine in one to one sessions, but group sessions are off the record.
We can conclude that OTR is fine for chat, sorry to hear google dropped the interoperability protocol in hangouts, take a wild guess why.
PGP/GPG can sent to group-messages (one message encryped for multiple recipients and may optional provide proof of the sender), does not imply any protocol like XMPP, and stores messags in a secure manner too. The drawback is, you have to take care of your private-key and your friens, partners, business-associates public-keys.
If somebody really inists that key management sucks with GPG/PGP let them do some key management and distribution only with a symmetric cipher.
Key-Managment with PGP/GPG is a light, soft breeze compared to that. Some people even used it as an excuse to party.
I understand why people have dropped privacy and anonmyity, it is no fun to follow procedure and there are so less benefits compared to every other social media app, it is so comfy to state you have nothing to hide and not care about the implications.
With PGP/GPG you won't have 600 friends, that means caring about 600 keys, that is basically one revoke a week if you are lucky and all you friends master crypto and revoking and getting their new key signed.
If you want to understand a bit crypto it may take a good tutor to teach you the very basic concepts and history of using crypto within 2 schooldays, 16h (and they'll hate you afterwards and they won't pay that).
I agree with this, but would also point out that the problems I am addressing though can't be solved by a better user interface. In addition to the issues you describe you also have the question of key infrastructure. Key servers are not adequate as they are, and so IMO you need to have ways of verifying the key is legit, which are not included in the PGP model.
That key infrastructure is something which needs to be thought out and made resistant to a single party tampering with things.
Key infrastructure doesn't even emit security anymore. The P in PKI is for painful, and I really doubt that some CA, owned by big corporate entity (microsoft, oracle, ca) wouldn't manipulate the eternal append-only log-file for any given human factor and just re-roll it.
There is no benefit in auditing it permanently, like rewarding auditing with payment in bitcoin.
A given conglomerate CA would just revoke and reissue client/customer certificates for some reason and that eternal append log-file gets a short restart and everything is fine again, because of OOPPS compromise.
No CA ever, would host a eternal append-only log-file where you can simply point at and tell: I told you so.
It is simply beneficial for any CA to deploy compromising evidence, just in case, of OOPPS compromise. You sure know whom to blame.
It is not beneficial for a given CA (usa) to allow any other CA (china) to forever store their certificates and make you pay for it.
There is no benefit in eternal log-hoarding for PKI, and they make you pay it.
There is no benefit in it for customers even, because you cant even store that log, retrieve that log or even process it as an individual.
I am at a point where I would try web of trust with unicorns, raindows and flying cats before trying again and again with PKI by taking something from virtual currencies and attach it to PKI. Certificate Transparency is like Chrome, it is not build to let you or me delete, or remove CA-Certificates, we may dislike for any given reason, or just because we can.
I am at a point were I really conclude that taking away certificates or keys and delegate them, is the worst idea ever.
Certificate Transparency is baiscally the same wet-hot idea as in 1994 with PKI:
PKI, nearly twenty years ago: In the perfect PKI world imagined by netscape, there would be no war, only love, because secrets would stay secrets forever and the NSA would still chew on their first intercepted message.
Reality check please.
CAs have proven not to be reliable trust providers. It is so easy to find the weakest CA and attack and compromise it.
Certificate Transparency won't change that, its not even beneficial for CAs.
So lets try web of trust, it hasn't failed us yet, it just wasn't sexy enough. May we need that P in PKI pain to gain something after 20 years.
Imagine certificates trust-validated from your nerd friend, facebook group, google circle, 4chan, whom you trust, ymmv.
Everthing is better than certificates from the folks that hold your browser, operating system, data, e-mails or docments hostage and make you pay for some binary data blob and logging their failures.
1. Ensuring that the key belongs to the person you think it does.
2. Graceful changing of keys.
In theory you could do something like what I am proposing with GPG too. You could sign a public key with the previous private key or two. In practice, getting the keys to where you want them is a bit more complex.
As a point I made clear in my blog entry, I am not a fan of X509, because the impedance mismatch of anything OSI and TCP/IP is significant. However, it does a decent job, when combined with LDAP (another monster IMHO) of spelling out the general solutions to problems PKI's suffer. It is therefore a useful reference point and probably the best foundation to build a decent proof of concept on.
I think the problem is the one you're inadvertently recreating here: you're trying to imagine a system which is perfect amongst people who are always in isolation with each other and tries to make keys as perpetual as possible.
Consider the alternative: social keying. A system where the expectation is that you'll change keys frequently, taking advantage of day-to-day social interactions and the like to do so. I see a friend, our phones are in proximity - software takes advantage of this and generates and signs a new key.
Of course, this is where the whole "metadata" issue really crops up: those awesome secure keys, to work, still timestamp and identify you perfectly.
Assuming you trust it (e.g. Google), Keyczar[1] is a good starting point. If you don't trust it and you can deal with the GPL, GPG[2] is probably a reasonable way to go, but key management is still a bitch.
Of course, these are very high level answers, and neither may actually work for you project, since you don't really talk about what making "security a core aspect" actually means.
Cryptography is insanely hard to get right. The more you can leave up to the peer-reviewed experts, the better.
We're creating a development environment based on a visual object language using a fully composable framework. The output of the development environment is blobs of "hooked up" objects. The user's programs are stored on host servers and, in real time, propagated to all people working on the project. Meta-data and data are also part of a program the user is creating.
We would like to encrypt the blobs of objects so behavior can not be injected into the program (logic can be injected anywhere - think something like Aspect oriented programming to an extreme). We would like to encrypt any data (program - blobs of objects, meta-data and private user data) that is being persisted and/or propagated.
Since the story broke last week, I've been thinking about a PKI-based message program (think email, but not actually email) built on top of Freenet, to remove the need of any central server. I think I have a reasonable idea of how it would work, but I'm not convinced it would help anything.
Tools already exist to securely send messages. Someone who truly cares about their security will learn how to use them. People who don't care about security won't bother. Hell, people already put all of their information on the Internet for effectively everybody to view.
What would an easy-to-use, secure crypto app help with? I don't know.
> Someone who truly cares about their security will learn how to use them.
Needs are relative. People have a lot of cares in this world and for most people, online anonymity and confidentiality don't rank very high. That's why convenient, cheap solutions are important. Solutions that require people too much won't be used. Think of digital cameras. Most people will use them if they're included free on a phone, but they're not willing to pay $3000 for "quality."
"Why would you use AES/RSA/etc. when the NSA employs more
mathematicians than anyone else and may well have cracked them?"
Well, because of everybody else seems to be a good reason.
And one thing a bunch of good mathematicians is not better than is math. And as far as we know, they may still be good systems.
The construct of encryption systems today is so complex I think the last part they would address would be the algorithms themselves (but they certainly can factor the product of two primes in record time)
Assuming for a minute, hypothetically, that the NSA can crack AES and RSA, then the way to combat that is for more people to use it more often, and to create meaningless encrypted spam.
Cracking requires huge computing resources. If there's an overwhelming amount of data to crack, with little guarantee of any useful yield, then we can reasonably expect it that negates the ability to crack it.
Keep in mind that it is a verified fact [1] that the NSA knew about differential cryptanalysis in 1976, when they reinforced DES against it (it turns out that they did not build in a weakness, rather the reverse). That technique was discovered in 1990 ... it seems lots of mathematicians does help.
I know a couple of people that, for as long as I've known them, have been consumed by this idea of having to be able to defend yourself from an intrusive government. They, as one would expect, have gun safes full of guns of all types, piles of ammunition and other survivalist tools and equipment.
When the Newtown school massacre happened I actually called a friend in the Sheriff's department to ask if I should "drop a dime" on these guys. My argument was that, while they had never hurt anyone in their lives, perhaps they could one day blow a fuse and use their arsenal to kill innocent people.
This was a troubling call for me. I am not anti-gun at all. I don't happen to own any. Yet, I don't have any fundamental objections to law-abiding people owning them. The Newtown event rattled me as much as it probably did lots of people.
To my surprise my friend, the Sheriff, said not to worry. He went on to tell me that this sort of thing (stock-piling weapons and ammo) is very common. He said lots of cops do it. He went further and told me "we can find most of these people because they are being tracked one way or the other, whether they know it or not".
I didn't think much of that last statement until the latest government scandals started to surface, from the IRS targeting political groups (regardless of alignment, would you like it to happen to you in the future?) to this PRISM/surveillance mess. You now have to wonder where else the government is tracking us. Or, perhaps, the right question could very well be the opposite: Where are you safe?
All of a sudden these "nut-cases" who stockpile weapons and wake up every day thinking the government is out to get them actually have something to point to and say: "See, I told you so". I already got that call, BTW.
No, I am not going out to buy guns. Not interested. I have enough fun shooting them at the range. I don't feel I need to own any of them for any reason. But, you know, how can I now tell these guys they are insane for thinking the way they do?
You can't, because a rebellion/revolution is a potentiality. Sure, it seemed unlikely, but now not so much.
Would I criticize someone for not locking their front door? No. Locks only keep honest people honest, and the chances of your property being broken into are fairly slim.
Would I criticize someone for preparing themselves for a collapse/rebellion/revolution of some kind? Absolutely not. The cost of not doing so is much higher than lost possessions. Rights, Your life, etc...
The main thing to take away from this, is that you can't know for sure, and everybody reacts to those percentages differently. It's better to be safe than sorry, or you can live fast and die young without worries.
I should note that the duality above can be taken in both contexts.
I have not locked my cars in probably fifteen years. In the summer I usually leave all the car windows open (all day). Most of my neighbors do the same. It is common to see garage doors open all night in my neighborhood.
When I want to throw out something like a bike it can stay on the sidewalk for weeks if I don't put a sign on it that says "free, take me". So it should come as no surprise that we don't really feel the need to own weapons for any reason whatsoever. I enjoy target practice at the range a few times a year with my son. It's fun, and I think it is important to learn --particularly safety.
Now, I have lived and worked in areas of Los Angeles where you would not dare leave your car unlocked for one hour. I've had car stereos and whole cars stolen from right outside my window in those areas. What did we do? We moved.
Ultimately you need to consider what it is you want from life. If I have to own a weapon to feel safe at home I am living in the wrong place. I realize one isn't always free to make these kinds of choices. I get it. I also have to question if owning a few guns is of any use whatsoever as it pertains to curtailing a corrupt or over-reaching government.
Perhaps my point is that, if we have to resort to an internal armed conflict to bring our government in line we will have already failed at so many levels that this will, at that time, in no way resemble the country I grew up in.
Agreed. Hopefully it never gets to that point, and from what I see, it wont.
I was just referring to the effects of these variables on people's minds. I agree with you that it's almost always contextual, but you'll find the odd person or two that feel very strongly about a low odd potentiality and it can definitely make you feel like their are some crazies...
But I think everyone does this to some degree. If you cancel a marathon in Halifax because of a 5 seconds phone call to the police referencing a the Boston Bomber, then most understand that... However, when one looks at the facts, in my country no one has died from Terrorism in the last 9 years... a far fetched reason for this government power grab. So I don't know. Maybe the Gun Nuts are wrong, and they have nothing to fear. But maybe most of the populations of OECD countries are completely wrong in this manufactured fear.
This whole thing is so bizarre to me. The NSA has been doing this sort of thing since at least the early 90s. Who knows, probably earlier. What exactly did people think the NSA was doing? The only difference is that, before digital cell service, it was more difficult to monitor phones conversations because the infrastructure simply didn't support it.
Everyone's all riled up over a few PowerPoint slides (which may ver well be fake). I don't get. No mainstream company or consumer has ever given two shits about encryption. You send data in plaintext and are surprised that the NSA might be reading/logging it?
The public overwhelmingly supported the PATRIOT Act back when it was passed. Black box rooms in telecom facilities were exposed what, 10 years ago? No one gave a shit.
Why do people seem to suddenly care? You can't say it's because, "We have more information," because we really don't. People suddenly care about privacy?
I do not understand what those who are outraged thought the NSA did. Honestly, how can you be so ignorant?
A lot of people— sometimes the most technically competent ones— were busily telling them that wholesale surveillance was infeasible... greatly underestimating the available funding and ingenuity.
So it was easy to imagine that only a few things were being intercepted: Communications be an amorphous "bad people". A distant problem for someone else.
In the mean time digital communications devices, cloud services, social media, etc. have become increasingly central to our lives— mediating more and more of our most private communications and storing our most trusted data. Most of it has built on an architectural house of cards which provides little systemic security beyond "hasn't screwed you yet".
The fact that this is happening to _everyone_, that the data is being correlated and stored— perhaps forever— that the argued legal basis of the program itself is cloaked in secrecy, that the public has been denied the ability to question something that potentially impacts the entire world, that the leaders of technology companies that we trust with our most personal data are either clueless or lying— as they make claims that appear to contradict the whitehouse.
And now it's becoming clear enough that its harder to say "well, maybe it isn't really happening" (even as you say "which may ver well be fake!)or "the black box rooms are for someone else" and so instead of ignoring it people are being forced to process the information. Some of them feel violated and upset. "Hasn't screwed you yet" is starting to look a little too weak once considered in the sunshine.
The fact is there are almost no facts. The NSA is allegedly putting some stuff in a database. That's essentially the "facts." We don't know what, or how, or really understand the scope. We don't know if it's real time or archival. There are ZERO technical details.
The only thing that concerns me is that the NSA is actually somewhat incompetent, as those three PowerPoint slides make it seem like the kind of security strategy developed by a 12 year old kid.
I would have assumed that the NSA wouldn't need to ask Facebook or Google to participate. I just assumed that they could get access to any encryption keys necessary through any number of ways, and syphon off the data wholesale at the ISP level. These aren't exactly "secure" organizations. Gmail accounts routinely get hacked by 15 year old Chinese kids trying to steal WoW passwords. I would hope the NSA could do much better.
> The NSA is allegedly putting some stuff in a database.
William Binney, who was at the NSA for 30 years, and who designed big pieces of the infrastructure we're talking about, quit and blew the whistle. If I understand him correctly, every type of electronic communications people use -- email, phone, SMS, IM, fax -- are all stored forever.
Edit: and, it seems that Snowden wanted the Washington Post and the Guardian to release all 41 slides, but neither paper had the courage to do it. I'd like to know what was on the other slides. If they had nothing of interest, why were they withheld?
Part of the problem is defining wholesale surveillance. I don't think we are to the point of having everything stored by the NSA (in terms of all content we produce, send, or exchange). I think it is quite likely that the NSA does in fact store their most interesting subset of broad data (cdrs etc) along with a narrower subset of content. If that isn't wholesale surveillance, then we aren't to that level yet.
But in the end what I have said for a while is that it doesn't matter. The NSA doesn't need to store your Facebook stuff on their servers because Facebook is doing it for them. The scary thing is that the interesting subset that the NSA has to pipe back is a small fraction of what they can go through if they ever decide to make you a target of an investigation, so in that sense we are under wholesale surveillance and the NSA is just controlling a very small piece.
A lot of people— sometimes the most technically competent ones— were busily telling them that wholesale surveillance was infeasible... greatly underestimating the available funding and ingenuity.
The fact that this is happening to _everyone_...
Has this actually changed? Is there any evidence that a U.S. citizen's gmail account, or skype calls, or yahoo searches, or facebook information, has been obtained without a court ordered warrant?
I'm not a U.S. citizen and have always assumed that anything I put on these companies' servers can be read by the U.S. government at will. But if you're a citizen of the land of the free and the home of the brave, I haven't seen anything come out that actually showed your cloud data is being accessed without probable cause being shown, the way it always has been.
Firstly, I feel like assuming the government has the ability to monitor your communications and acting accordingly is better than assuming they can't and getting worried when it turns out they do.
Secondly, I have zero power to change how the U.S. conducts it's business in this regard so I'm not going to expend energy fighting it, I just take it into account and try not to use these services in a way that I wouldn't want to be discovered.
Thirdly, I do agree that the government (U.S. or mine) should be allowed to get information on me if they show probable cause. I strongly support that. And if I accept people might look at my stuff, then it doesn't really matter in the end why they are doing it- I should still plan accordingly. The Government could very well have probable cause to investigate me even when I've done nothing wrong.
We have the technology to keep what we do online anonymous. Even if the government had no power to check this, stuff like the AOL search data debacle shows there is always a non zero possibility someone could be looking at your unprotected data. If you're worried about that, you should protect your data. That's the only real solution. I agree with people who fight against illegitimate or non transparent ways people try and access that data- but that's not what I rely on to keep my privacy.
The NSA tried to force twitter the list of all the people who subscribed to wikileaks. Twitter refused, but similar requests to gmail etc were being done and probably were'nt refused.
I'm thinking that the volume of data that they would have to store would be reflected in disk drive sales. In other words, it's probably large enough that it would have distorted the market price for hard drives.
Threads like these might as well be generated by an algorithm.
>NSA news
>Why is everybody so surprised!? comment
Like clockwork. Let me ask you, though. Do you really think that people only "suddenly" care (with the implication of ignorance or a contradiction on their part) or is it possible that there are nuanced differences between all of the things you casually reference as common knowledge and the current NSA news? I mean, there is speculation and there is confirmation. There are hunches and there are reputable sources. There is pointing somebody to the Room 641A Wikipedia page and there is telling somebody, "hey, look, this guy who was a part of the NSA is not only confirming this, but has sacrificed his career to give us even more information about it."
The public unconscious may have assumed that this was going on, clusters of people may have known, but you're underestimating how people compartmentalize this kind of knowledge. So when we have an event that brings a lot of this knowledge together and to the forefront and gives us something we can point to and talk about (even if it's only a story or a face at this point), I don't think we should pass up the opportunity to develop a louder voice about all of this rather than being cynical AGAIN just because we can't resist putting down public outcry.
What's your question? How someone could possibly dare to care about something they did not care about before? How being pummeled 24/7 with reports about terrists and nucular mushroom clouds could possibly have lead to an atmosphere in which questioning the NSA was not an issue, what with starting wars all over the place and what not?
And what's with "being surprised" somehow being the only time where people to be allowed to discuss things? What's with that "argument" showing up all the time? If that's the only criticism you have, you have none, are you aware of that?
(1) Previously, various official sources have denied this sort of thing was happening. As a specific example, Congress has asked and been told that universal surveillance of US citizens was not occurring, and the plain-text meaning of the law makes universal surveillance of US citizens illegal. (Now we are told that this is contradicted by a secret legal opinion.)
(2) Frog boiling. You can argue that at every point along the way the difference from the previous point is not big enough to cause an outcry. But there is a fallacy in this reasoning: at some point the aggregate IS enough to cause an outcry. Right now, there is an outcry among the media (partly exacerbated because these stories about leaks are contemporaneous with cases of prosecuting the media for leaks), perhaps it will spread to politicians and the citizenry.
(1) The FBI has just recently acknowledged that all (including all U.S. citizens') electronic communications are tapped - the NSA is/was not allowed to eavesdrop on U.S. citizens (with exceptions now seemingly the rule).
(2) You do know that Friedrich Goltz, the creator of the "Boiling Frog" experiment had the brains of the frogs removed, only then these did not jump out of the heating water - I hope you're using the reference to this experiment intentionally that way
What I'm about to say is absolutely nuts, but it could be that this is something the NSA leaked intentionally and the media is running with it for reasons we are not aware of. Despite twitter and the like, the mainstream media is still largely in control of what occupies the "news" and therefore what the otherwise apathetic public is concerned about.
> What I'm about to say is absolutely nuts, but it could be that this is something the NSA leaked intentionally
I had a similar thought this morning, not necessarily about the NSA leaking this on purpose, but about how they could turn this into their own advantage. You can already see that Obama has gone on record saying that "we cannot fight against terror without giving away some of our freedoms" (or something very similar to this, I'm too lazy to search for the exact quote), a statement which he couldn't have made before this scandal.
What's really more disconcerting are all those comments (reasonably highly voted) coming from what seem to be genuine American citizens saying something very similar to what Obama is saying: "We can't fight terrorism if we don't let the Government go through our stuff".
A little bit OT, I'm surprised nobody has yet made a parallel between present-days United States and the end times of the Roman Republic. You just have to replace today's "terrorists" with the "Barbarians/Germans" of that time and Julius Caesar with today's over-reaching Government. The bad news is that for all of Brutus's and Cicero's efforts Caesar was followed by future emperor Augustus and the end of the Roman Republic.
We're definitely not immune to collapse. Nuclear weapons just make things a collapse more sticky. Society needs a scapegoat to channel it's inherent violence (ie the Communists of the 50s, the "Barbarians" of Europe as you mentioned & the Terrorists of today) It's not a coincidence. Check out professor Rene Girard[1] from of Stanford if you haven't heard of him. The people who run this show know exactly what they are doing.
It's reaching considerably, but the only two reasons that could be true is if the truth is considerably worse (or will be) and the NSA is getting the world used to the idea of pervasive surveillance inch-by-inch (unlikely), or it's not as bad as it's being made out to be and they're framing reality in terms of a more dire alternative. An example of the latter would be that infamous daughter's letter home to parents. [1]
The reality is probably that the unauthorized leak is just that, an unauthorized leak and a lot of people internally are pissed as hell.
The surveillance apparatus in the US and other places is probably more developed than we know about and probably getting more sophisticated.
Ok, I'll bite. What sort of hypothetical could warrant such an action, intentionally leaking this story?
Do they want to reassure us of their best efforts in protecting us from terrorism?
I can't imagine a scenario existing where the tables might eventually turn & those who were once appalled & angry that the NSA was so into everything change their minds and become reassured that the gov't is actually on their game & has the means to get some outrageous terrorist threat we couldn't have imagined under control again because of their broad wiretapping capabilities.
Security reassurance is something I hadn't thought of, but I think you are right that this leak goes way too far for that to work. I don't believe this either...but if I wore a tinfoil-hat I would point out that:
1) The NSA "leak" is not really news because it was reported in 2006[1].
2) "Bad" publicity from it is the beginning of Obama's 2nd term downfall which is happening too soon in his 2nd term for us to be angry enough to elect a Libertarian 2016. It'll be an opportune time to usher in an all-talk small government Republican in 2016 to maintain Red State vs. Blue State illusion. Even if the Repub doesn't win, it'll look like the election was a close ideological fight, which is all that matters in the eyes of the public. Of course, all 2016 candidates will continue to support the NSA oversight regardless of what they say during their campaign, so it won't matter whether red or blue gets the oval office.
Already this is scrolling off the news. It's a safe bet that the vast majority of voters either don't care or don't feel they can change it. If they do try to change it, they put themselves at risk. The surveillance will continue and become more pervasive. As before, if you don't have anything to hide you have nothing to fear, until you do.
How indeed, but people smoke and stuff their mouths full of unhealthy food even if they know it can kill them. Humans aren't always 100% rational beings. When they suddenly get cancer (ie actual proof) they wake up.
Also, this isn't just about the NSA but also about FBI, and that order certainly isn't fake.
>Why do people seem to suddenly care? You can't say it's because, "We have more information," because we really don't. People suddenly care about privacy?
Now, I don't have my finger on the pulse of the everyman... not by a longshot. But within my own echo chamber? all those things were pretty big deals. As you said, nobody else cared, yeah. But they were a big deal to the news I read.
My question to you, is "Does anyone care about this?" I mean, I know I care, and I know my own echo chamber is all shook up, but if my "media bubble" mattered? we'd have been on IPv6 a decade ago.
So yeah. what does Fox news have to say about this? Hm. Looking, it's got something about how Ron Paul is worked up, but the other bits there seem to be about how much jailtime the whistleblower is getting. There's a neutral to positive article about what the NSA does.
Go to npr.org, for the mainstream left, and there's an opinion piece calling Obama "big brother" - so I guess that's something?
We'll see how long the stories last. But yeah... I think you are mistaking your own media bubble for the world as a whole. My guess? The average Facebook user is going to shrug and keep using facebook.
Hell, this is going to be a big deal for me (as most of my customers also live in the same media bubble or echo chamber or whatever you want to call it as I do.) - I don't have any real response, either. (I've been talking about setting up customer portals where you can see all log data I have about you... but that's hard to do well enough that I can honestly say "This is ALL the data I have about you," and it's not like I don't have a whole bunch of other work to do, and really? as a VPS provider, well, most of what I log is access to your serial console and the like. Really, everything the NSA would want would be within your VPS. Well, that and the ip -> billing data mapping, but I think you know I'm keeping that.)
> You send data in plaintext and are surprised that the NSA might be reading/logging it?
I live in Europe, it's true, but even so I would expect my Government not to enter my house without a proper warrant, even though I've only locked the door once when I left for office this morning. And when I'm mentioning "proper warrant" I'm thinking about Stalin's "Great Purge", which did use the Soviet legal system of the time that I find no worse than today's "secret courts". A parody of justice is not justice.
It's not because we have more information, it's that THEY have a lot more information. The amount of our lives that we divulge to or involve the internet has shot up exponentially, certainly since the 1990s but when you think about it, even since, say 2000-2005.
I wonder if there will be a bigger outrage if companies like Salesforce and Oracle are involved. Non-US companies might be a tad alarmed if their ERP provider is cooperating with PRISM.
Since Microsoft is explicitly mentioned I wonder if the access includes their SMB-ERP stuff.
From the reports I would be surprised if non-hosted ERP stuff was ever easily targeted. Hosted stuff is a bit of a different story.
ideally if you are paranoid, you should run things in-house and firewalled. If you are less so, I will point out I help run a British-registered hosting company for an open source ERP (the company can be found at http://www.efficito.com).
Everyone wants to talk about how the cloud will change ERP and while I am involved in a startup that is operating in this space, I have to say that it is extremely important for users to know that they give up a lot of control over security when they make that choice. We do our best but we cannot compare to a well-run internal installation.
But those companies are both American, aren't they? Regardless, I feel like the ceiling for outrage and/or concern has reached its ceiling, at least among foreign governments who can at least do a semblance of something about it, since it's way more important which companies are used the most than the nations from which the companies in question originate, and the NSA has the data of all the most popular internet companies in the world.
The innocent days of building software and having fun are probably over. Let's get our kicks before the whole shithouse goes up in flames. Then we can figure out how to teach the next generation to build software in the brave new world we'll give them.
Never underestimate the apathy of the general public, their faith in authority, and their general willingness to write this stuff off as 'stuff that affects someone else'.
I'm not sure it can. Human history is full of examples of people tolerating the most awful oppression from their leaders.
That said there seems to be less and less tolerance of this crap on both sides of the atlantic, I'm just not sure what can be done about it, as most people won't do anything other than have a bit of a moan, and then attempt to vote for the least-worst candidate again next time.
"And so—before the capability was made public, it _likely_ wouldn't have been used against mere political nuisances,"
Wasn't this type of data mining the source of the data leading to the expose' of Eliot Spitzer's bad habits; ultimately leading to his political demise? Exposing philandering politicians, or prostitution, are both far away from what I'd consider an appropriate use of technology.
Of course we can go back to business as usual post-PRISM, because PRISM turned out to be absolutely nothing. It's a mundane, boring data storage & analysis system for data obtained through FISA requests about specific individuals. It's not a data dump from major tech companies, it's not a warrant-less spy program, etc...
You don't have a clue what it is. What you should realize, though is that a lot of people are up in arms about this. Do you think you're smarter than all of them? From this post alone, I see a resounding no.
Oh, so one of the people involved in this immoral, illegal spying program says it's not that bad? Well never mind then! I guess it must all be ok. No oversight needed.
