* Posts by tom dial

2187 publicly visible posts • joined 16 Jan 2011

NORKS? Pffft. Infosec bods BLAME disgruntled insiders for savage Sony hack

tom dial Silver badge

Re: No shit, Sherlock.

No downvote from me. My recollection from a number of US DoD Information Assurance classes and assorted other reading is that the major IA risks (both probability and cost) are, in descending order, (1) the Admin or other privileged operator who screws up accidentally; (2) the disgruntled current or former Admin who does damage intentionally; and (3), with much lower probability than either of the first two, the outside hacker.

Recent troubles with POS terminals might have rearranged the costs, but unless each POS terminal is considered a separate case it is likely the probabilities are unchanged and are likely to stay that way.

The Sony breach clearly shows malice, so administrative error can be eliminated except for possible failure to implement a proper security model and prevent access ex-employees. The North Korean link was suggestive but should not have diverted attention from systematic analysis of the breach that looked at the likely sources in a logical order.

Why has the Russian economy plunged SO SUDDENLY into the toilet?

tom dial Silver badge

Re: So, Crony Capitalism doesn't work!

@Mage, RE: "Giant country and actually for every Intel, MS, Google there are 10,000 fails or mediocre companies." Indeed there are many fails for each success, and few of the successes reach the magnitude of an Intel, Google, or Walmart. But the "crony capitalists", whoever they may be, do not prevent people from trying, often succeeding, and very rarely succeeding wildly; and in general they are due little credit for the success, or blame for the failure of new businesses.

tom dial Silver badge

I have no recollection of seeing "Made in USSR" or "Made in Russia" on manufactured goods. My impression, which I cheerfully admit may be somewhat in error, is that the USSR had a pretty good arms and military equipment industry and fielded good heavy lift rockets. That still seems to be true,. What industrial base was destroyed?

tom dial Silver badge

Re: So if I have this straight

In the long run, Saudi Arabia cannot sell oil above the market clearing price, and it is not incumbent on producers in other parts of the world to adjust their prices to allow the Saudis to meet their budget planning targets. If the clearing price is ~$50 a barrel as it seems to be at present, and they need ~$90, it is unfortunate for their plans, and they should rethink their plans. Similar considerations apply to the Russian oil producers and the government under which they operate.

tom dial Silver badge

Re: So, Crony Capitalism doesn't work!

I would like to see a coherent explanation of how crony capitalism (caps are not appropriate here) explains the growth in the US of the semiconductor industry, the computer industry, the computer software industry, and various internet based enterprises such as Google and Amazon.

Tor de farce: NSA fails to decrypt anonymised network

tom dial Silver badge

Re: Wait a mo.

The amount of work (by people and probably machines as well) associated with the deanonymising TOR users by a timing attack is far too large to apply to 20,000,000 UK citizens. The technique described requires, in practical terms, GCHQ ownership of the exit node and ability to monitor the entry node. It is worth noting that exit node ownership exposes any unencrypted exit traffic as well, without a need to infer from correlation of TOR entry/exit timing.

Online armour: Duncan Campbell's tech chief on anonymity 101

tom dial Silver badge

I encrypt email for privacy from those I consider are likelier than the local SIGINT agency to want to do me harm. And I live just over 21 miles from the NSA Bluffdale, UT data center.

Ireland: Hey, you. America. Hands off Microsoft's email cloud servers

tom dial Silver badge

Re: post by ckm5: The question before the court appears to be whether, under US law, the US court can issue a valid order to Microsoft in the US to produce data that it controls but has stored on a foreign server, in this case in Ireland. The alternative presumably is for the US law enforcement agency to request under the MLAT that Irish authorities compel Microsoft in Ireland to produce the data. Most of the discussion, at least in this thread, seems to assume implicitly that the Irish authorities would deny the request, something that might or might not be true.

Whatever the interaction between the details of US law and the MLAT, it certainly is in Microsoft's business interest that the decision fall on the side of denying the validity of the present warrant and forcing use of the MLAT. However, it might be going a bit far to say that if the decision goes the other way it is a ruling that treaties can be ignored. Both the law and the treaty depend on language that likely is a bit imprecise and ambiguous in matters of computer stored data, and it is possible that underlying Irish and European law has problems as well; this could be a reason that US authorities sought to short cut the process with a US warrant.

tom dial Silver badge

Re: Best Practice: avoid US SaaS companies and US based servers entirely

Why would anyone think the NSA (or GCHQ, CSEC, ASD, or any other SIGINT agency) would pay any attention to where data are stored, other than as governed by the laws of their country?

tom dial Silver badge

Someone familiar with US law can, in fact, contribute to a proper understanding of the laws that govern the controversy that is being litigated in a US court. As the government of Ireland apparently recognizes, inasmuch as they have submitted an amicus brief on the matter to the US court.

One assumes that if the US government ultimately loses in the US courts, they will try to attain their objective via the international law enforcement assistance agreements, but for now they seem to be pursuing the US warrant approach on the theory that Microsoft can be compelled, under US law, to provide the access to data it manages, irrespective of its storage location. I do not think this represents good policy, but it may represent good law. The law, in the case at hand, is rather old and probably needs revisions to adjust to technological change over the last quarter century or so.

tom dial Silver badge

Orin Kerr, a law professor knowledgeable about Constitutional and legal privacy issues, has written a couple of times about this as part of the Volokh Conspiracyy:

http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/07/what-legal-protections-apply-to-e-mail-stored-outside-the-u-s/

http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/07/25/more-on-privacy-rights-in-e-mail-stored-outside-u-s/

and Michael Vatis of the Steptoe and Johnson law firm comments on this and the Verizon amicus brief here:

http://www.steptoecyberblog.com/2014/07/30/verizons-response-to-orin-kerrs-posts-on-the-microsoft-search-warrant-case/

These might be of interest to those interested in going beyond mere opinion about what ought to be.

NSA's Christmas Eve confession: We unlawfully spied on you for 12 years, soz

tom dial Silver badge

Given that the documents were made public under a court order sought by the ACLU, it is quite certain that quasi-official public record publications such as the New York Times and Washington Post will have been notified as soon as they were posted. Whether those publications would publicize them beyond the NSA web pages is another matter, which might best be taken up with their editors.

I received notification in an email from Reason magazine.

That said, the reports do not appear to show systematic intentional violations of law or regulations. Nearly all of the errors in the two (2Q13 and 1Q12) that I have looked at appear to result from incomplete knowledge of the regulations, incomplete knowledge of the facts of a particular situation, or more or less random errors of execution

It would have been nice to know the final disposition of the case in which an analyst inquired into her husband's activities, but the reports at hand unfortunately do not appear to contain follow up information about incidents not completely resolved in a previous reporting period. It might be worth mentioning, though, that in similar cases reported in years past in the news media the usual outcome was termination of NSA employment for civilians and transfer of offending military personnel out of the NSA.

New Zealand Supreme Court says Kim Dotcom search warrants were legal

tom dial Silver badge

Re: Dotcom has always maintained

I think it remains to be proved that Napster was costing IP owners a lot of money. While skepical, I am not closed to persuasion. However, all the claims I have seen that support such a claim were bought by industry groups and therefore corrupted by the very strong suspicion of self interest.

tom dial Silver badge

Re: I don't get it

"if say a bar, openly allows drug trafficking on the premises, are they guilty of trafficking?"

The short answer is that Kim Dot Com is unlikely ever again to see any of his US holdings.

In the US, they probably would not be guilty of trafficking as such, but the bar likely would be subject to forfeiture under laws that allow confiscation of things alleged to have been used for criminal activity. Lately one of the favorite activities of some police forces is to stop out of state cars for possibly spurious traffic offences, intimidate the drivers into allowing a search, or bringing in a drug sniffing dog to "alert" and justify a search. Any money found (and people sometimes transport astonishing amounts of cash, running to many tens of thousands of dollars) is "charged" with being the product of criminal activity and seized. While some owners have mounted a successful defense and recovered at least part of their money, in most cases it is split about evenly between the "arresting" agency and the federal government. The Washington Post had a good series on this a few months back, although they failed to explain so that I could understand it how this abomination passes Fifth Amendment muster.

Hilton, Marriott and co want permission to JAM guests' personal Wi-Fi

tom dial Silver badge

While I certainly am not in favor of allowing the hotels to disrupt a private wireless network operating within their bounds, I think it fair to to note that in Utah most of the Marriott hotels (39 of 42) and Hilton hotels (29 of 34) offer free high speed internet service in the rooms. Those that do not seem, as several earlier posters noted, to be oriented to high end, business, and convention customers, so they might have it in mind to soak them a bit more, or separate internet service from the lodging part of business per diem allowances.

The US Government, and probably state governments and many larger corporations, distinguishes lodging, meals & incidentals, and separately reimbursable expenses such as taxis, with inflexible limits on the first two. My memory has it that internet service was a separately reimbursable expense for US government travel, and since the lodging and m&ie allowances were none too big, charging the internet service separately allowed the hotels to charge government rate for the room and make up some of the difference between that and and their normal room charge with overpriced internet service.

And it seems possible that there might be marginally valid justifications for exercising some central control of large users for such things as conventions and trade shows.

Google Tax part 94: EU's H-dot wavers over copyright levy

tom dial Silver badge

"Yahoo News does charge people for traffic sent their way."

Is that working well for them, then?

Judge spanks SCO in ancient ownership of Unix lawsuit

tom dial Silver badge

Re: Zombix

I have a copy of IBM Xenix 1.0 that I found far better than MS-DOS for learning C programming many years ago.

MS-DOS: dereference invalid pointer -> black hole -> hardware reset & OS reload -> fix program.

Xenix: dereference invalid pointer -> bus error -> fix program.

Saved me a lot of irritation and time.

ICANN HACKED: Intruders poke around global DNS innards

tom dial Silver badge

We might do worse. She's a pretty good organizer and has the people skills to handle techies. But also the common sense to avoid messes like this.

tom dial Silver badge

My wife, who denies any degree of technical knowledge (but is an astute judge of people), would instantly reject an invitation to follow a link and provide login details. I do not believe we can trust those who failed a trivial test of common sense to administer systems and data sets critical to proper operation of the Internet naming and numbering system.

Why is ICANN rushing its 'UN 'net security council'? So it can be announced at Davos

tom dial Silver badge

Re: It's an NSA plot!!!

Never infer a conspiracy when the superficially apparent facts speak for themselves. As here appears to be the case.

Senator: Backdoor for the Feds is a backdoor for hackers

tom dial Silver badge

Re: Meanwhile over in processor land..

Presumably the "kill switch" feature would require OS support for its operation, so the notion that reflashing a device will not make it yours probably is overstating things. The feature, or course, would have been included at the behest of (primarily) state legislatures like those in Minnesota and California who were in a panic over things like cell phone robbery and texting while driving.

Still, no users, statistically speaking, actually will reflash their devices. Like much technology, this can be used for good or bad, and by either government or private actors, and nearly everyone will remain vulnerable even though the intent was to protect them and the use in nearly all countries will be to do that.

tom dial Silver badge

Re: Hooray for progress!!

As far as I know only FBI Director Comey (in the US) has expressed concern about cell phone encryption that lacks a capability for law enforcement access based on a warrant, most of which would be issued by state or local courts. And the notion that nations outside the US would allow the sale of equipment secured by US mandated encryption is quite absurd.

tom dial Silver badge

Re: Every single company will officially say yes "we have stopped"

What you suggest has no basis in the law, and neither the FISC nor any other court has the authority to do it.

tom dial Silver badge

Senator Wyden is quite right: a back door is (eventually) a back door for those who pose more actual, as against imaginary, risk for those who use (or should) cryptographic systems in the course of life or business. That said, major data exposures rarely result from cryptographic vulnerabilities or failures; there are plenty of other exploitable vulnerabilities, and one or more of them has been implicated in nearly all of the major incidents. Furthermore, government communication surveillance is not much dependent on cryptographic vulnerabilities, and would not be helped greatly by introducing back doors in cryptographic systems used in the US.

Senator Wyden's opinion piece is built upon straw men. His recently introduced bill does nothing particularly significant: it explicitly excludes CALEA, which appears to be an open door to law enforcement searches of cell phones and computers. This bill would forbid a practice that has no legal basis now, and is unnecessary. No law that I am aware of limits the use of cryptographic systems in the US, or limits the systems that people may use to those approved by the government, with possible exceptions in commerce or banking. Most users, if not all, are free to choose ciphers as they like, including those developed and analyzed outside the control of any Federal agency or, indeed, outside the US (and Five Eyes).

Senator Wyden is correct, but nonetheless is a normal grandstanding politician. He may be one of the most vocal on the subject at hand, but it is unlikely that the Congress in the present would enact a law mandating encryption systems with back doors any more than the Congress of 20 years or so ago would mandate use of the CLIPPER and CAPSTONE chips.

Portland lobs fair-trade gluten-free artisan SUEBALL at Uber

tom dial Silver badge

Re: Uber : the new 4 letter word

"The innovation of most of these OTT services is using location technology to improve efficiency." And that could be done easily and fairly inexpensively by the present franchised cab companies. But it is even easier and cheaper for them to engage in the rent seeking behavior typical of regulated entities that have coopted their regulators (and that would be the great majority of them).

Feds dig up law from 1789 to demand Apple, Google decrypt smartphones, slabs

tom dial Silver badge

Re: king of fools bad != stupid

In the last decade or two it is likely that most financial crimes have involved significant evidence gathered from computer systems. Bernie Madoff, for example, but he was just one of the biggest two or three.

tom dial Silver badge
Flame

Re: FBI will find a lump of coal in their stocking this year!

Enough BS about the oppressive FBI getting general warrants. Those who actually bothered to look at the two cases the Reg article linked to will have noticed that each court orders was issued based on a previously issued search warrant that in turn was issued by a judge based on probable cause and a description of the material the government sought.

The government certainly does not always follow the rules as well as they should, but in these cases it appears they did. There was no bamboozling of befuddled judges, just use of a law on the books for over two centuries for what appears to be something like its intended purpose.

tom dial Silver badge

Re: "necessary or appropriate"

I believe we have seen how it worked with Blackberry v India - not all that well. The case with Android (since version 3) and Apple iOS (beginning with version 8) is a bit different, in that Google and Apple do not have the technical capability to assist law enforcement with decryption, and they are not the service providers who might be in position to do so. With Apple and Android encryption it also is not clear to whether or to what extent communication providers can help, either, if customers can install software.

tom dial Silver badge

Re: I do not understand phone encryption.

The key is on the phone, encrypted and protected by a PIN or pass phrase. Those protected by a 4 - 6 digit PIN probably do not worry the authorities, who with access to appropriate emulators probably can image the phone and test the entire PIN space pretty quickly. It seems reasonable to suppose the emulators in development kits would suffice or could be extended suitably in a straightforward way. Their concern probably would be users who have passwords or pass phrases with 100+ bits of entropy.

tom dial Silver badge

Re: Zounds! I envisage a threat to public order!!

While I am not a lawyer, I suspect the law is not entirely clear yet on the question of compulsory pass phrase disclosure, or that such a legal requirement would be held unconstitutional base on the Fifth Amendment. Those accused, for example, can be required to produce documents that incriminate them, and can be held in contempt of court if they refuse to produce them; and the documents can be used to support convicting them of crimes. The accused, of course, can decline to answer questions about the material.

It is not obvious that a subpoena could not be used similarly to compel disclosure of incriminating evidence stored in a computer system, including on a smart phone. Compelling disclosure of the pass phrase might well not fly, since that might be used to protect other systems that are not the subject of the subpoena, but requiring the targeted person to enter the pass phrase without disclosing it to law enforcement personnel might be workable.

tom dial Silver badge

Re: "necessary or appropriate"

Well, shame on Apple if they have a key that will decrypt a customer's data. If they do, it is a fair target for law enforcement as well as any hacker who can breach their firewall or social-engineer their staff.

tom dial Silver badge

Android 3.0. See:

https://source.android.com/devices/tech/encryption/android_crypto_implementation.h

For what it's worth (off topic) I am reverting after a week or so trial to Google as the default search engine for Chrome. DuckDuckGo returned a substantially less informative list.

tom dial Silver badge

The law, in the US, is very unlikely to be changed to require a back door to encryption. That was largely settled a couple of decades ago in connection with the Clipper chip and related proposals for data encryption systems.

In any event, there is a good deal of encryption technology, along with some probably fairly good implementations that, if not known to not have back doors are at least not known to have back doors. There also are quite a few competent cryptographers in the private sector. As long as there is free software we, including the criminals among us, will be able to have and use encryption for privacy, and the police will have problems dealing with it. But unlike Russia, China, and a few others (including some we think of as democratic) the US, and I think other Five Eyes governments, do not restrict the use of cryptographic systems by citizens and are unlikely to do so going forward.

Apple, Google, and other companies can be trusted to look after what their executives and directors consider the interests of the company (and themselves) and their shareholders. In the case of successful companies that will result in products that, like the iPhone and Galaxy, their customers think meet their needs or wants. They now think at least some of their customers want decent encryption, so they (claim to?) provide it.

tom dial Silver badge

What nearly all of those commenting on this overlooked is that access with due process - i. e., a search warrant - is exactly what FBI Director Comey was whining about a few weeks ago. That he was unhappy about proper cell phone encryption is his problem, and that of other law enforcement officials, is largely immaterial. Android has had it for years, and Apple for months, and that is unlikely to change. Court orders demanding that companies comply with law enforcement officials in the investigation have been issued before, and they will be issued in the future. The bottom line is that Google, the various smart phone manufacturers, and now Apple, lack the capability to decrypt the content once they provide that assistance.

Snowden files show NSA's AURORAGOLD pwned 70% of world's mobe networks

tom dial Silver badge

Re: The lunatics are in the hall.

The NSA Bluffdale data center actually is in Utah, ten or fifteen miles from my house. I have no other association with either it or the NSA.

tom dial Silver badge

Re: @chris lively

The question of whether NSA operates constitutionally or not will be decided in due course by the US Supreme Court, not in the comment section of a UK based technical news web site. Aside from that, it is clear that the Congress intended and authorized the FISC to operate in secret, for reasons some might disagree with and which certainly are open to abuse. The silent implication that a court dealing with national security matters is unique to the US, however, is incorrect.

tom dial Silver badge

Re: @chris lively

@Phil Koenig: The fact that most FISC proceedings have been kept secret may or may not mean they are not doing the job the Congess intended. The fact the you, or I, do not know about it has no evidentiary value whatever. What has been released, though, suggests they are doing it to a significant degree, and cases headed for the Supreme Court are likely to clarify that and, perhaps, modify what they do going forward.

Manning went to prison for copying and releasing to Wikileaks a large quantity of classified material, including private diplomatic correspondence that was quite embarrassing to the US government and certainly did nothing to promote peace in the Middle East or anywhere else. Assange has so far skipped not only jail, but questioning in a matter that might or might not bring him jail time. Et al? Edward Snowden surely would be facing some prison time, for the exact same offense as Manning, if he were to return to US jurisdiction but does not seem to be inclined that way.

tom dial Silver badge

Re: @chris lively

To a first approximation, foreign intelligence is the result of combining and analyzing data from a variety of sources, some of them foreign, about the capabilities, assets, intentions, and plans of foreign nations, groups, and individuals thought to have an impact on the US, its capabilities, assets, public and private organizations, citizens, and residents. That covers a lot, and it is far from obvious that the laws, executive orders, and the agency instructions and regulations that derive from them, actually are overly broad. The NSA and other nations' similar signals intelligence agencies play a significant role in intelligence production. The NSA diffesr from many others in being ratherl better funded than most and having more of their internal activities exposed, by Congressional oversight committees, by authors such as James Bamford, by whistleblowers such as William Binney, and lastly, by Edward Snowden and those who publish the materials he copied and removed illegally.

AURORAGOLD appears to be an activity aimed at developing, maintaining, and upgrading the NSA's capability to collect and analyze data from cell phone communications, an activity clearly a prerequisite to theiir foreign intelligence mission. Nothing in it surprised me, nor should it have surprised anyone who knows anything about history, let alone anyone who has paid the least attention to the news over the last year and a half. The most disturbing thing in the documents linked and reported upon here and by the Intercept is the apparent intent to inject vulnerabilities into communication systems. It is to be hoped that Bruce Schneier is correct, and they are waiting passively to identify and exploit design and implementation weaknesses.

Nothing illegal to see here: Tribunal says TEMPORA spying is OK

tom dial Silver badge

"Anyone" != "Everyone"

There has been a great deal of imprecision in reporting and commenting on various signals intelligence activities, focused largely on Five Eyes agencies, particularly the US NSA and UK GCHQ, due to documents leaked by Edward Snowden. The probability approaches 1 that the great majority of governments engage in data collection and analysis activities that are essentially indistinguishable in kind, although it is possible they are less extensive due to resource limitations.

It appears to be the position of the governments that their intelligence services need to be able to spy on *anyone* within their remit, requiring that they have access to the full communication spectrum, including radio, wire, and fiber facilities. Given the technical nature of the Internet and cell phone infrastructure it is hard to see how it could be otherwise. It does not imply that they are, in fact, spying on *everyone*, an undertaking that intelligence agency manpower limits suggest is impractical to the point of implausibility. John Poindexter's dream is not one that seems likely to be attainable.

A critical question is how to reconcile the requirement to be able to spy on any legal target, and the corresponding technical requirement to be able to access all users of all networks. In the US, the laws and executive orders, publicly known well before the Snowden Revelations, were fairly specific, overseen by agency inspectors general, the Department of Justice, the FISC, and the responsible committees in the Congress. From published or declassified FISC and other documents we have reason to think they were followed with considerable care, although there were cases of technical and administrative error, legal ambiguity, and analyst misuse for personal reasons. In the aggregate these represent a tiny fraction of the data the agency accessed, although it certainly is not a trivial matter. However it is not clear that anyone has suffered harm from these errors and transgressions.

In particular, there is little evidence, or none, that the data retained has been or is being used to suppress political dissent or create dossiers to identify those citizens (or legal residents) who must be watched for political deviance. We need to be watchful for that; governments sometimes go wrong, but it is likely that for nearly everyone (including those espousing unpopular or anti-establishment political views) the much larger risk is that their credit card details will be acquired by criminals and used to harm them financially.

tom dial Silver badge

Re: New Innovation may save us...

Innovation in encryption is much less necessary, for now, than verification that existing implementations are not flawed. While it is necessary to keep an eye out for developments in number theory that lower the cost of finding keys, the risk of weak keys or implementations that leak key information is greater by many orders of magnitude.

tom dial Silver badge

Re: btrower The gloves are off

I might have missed something, but the link given appears to be to a BBC report on the same decision that is the subject of this article, and states that the plaintiffs intend to appeal to the ECHR - in the future.

Ten Linux freeware apps to feed your penguin

tom dial Silver badge

Re: freeware?

Every one of the listed software products is free as in beer AND free as in speech. Eight are in the main Debian repository for the upcoming release; Unity Tweak Tool is more or less specific to Ubuntu, but licensed under GPLv3; and Springseed is MIT licensed.

That the FSF would like to purify the language for clarity is OK and occasional reminders may be beneficial, but that shouldn't get in the way of meaning.

Yahoo, Bing beg 'right to be forgotten' wipers: Don't FORGET about US

tom dial Silver badge

Re: Google is becoming too slow

I have not seen any Google slowness in Utah. On the other hand, since making DuckDuckGo my default search engine I notice that it is noticeably slower than Google in addition to producing less satisfactory results. Not by much in either area, but I may revert to Google.

Right to be forgotten should apply to Google.com too: EU

tom dial Silver badge

Re: First Amendment ?

"Letting Google (~95% search market share) have too much power to pick and choose what we read is certainly a bad thing."

This is quite backwards. In this case Google's position is that for the type of information at issue it should NOT be required to control what you read.

tom dial Silver badge

Re: Unnecessary by their own admission

If I recall correctly, Mario Costeja Gonzales, whose house was sold to remedy a tax delinquency, tried to have that removed from the web site of the newspaper that published the original public record of government action. That failed, and the fallback was to force Google (and presumably other search engine operators) to devise a way to hide it.

Politicians, including judges, do not necessarily understand technology or allow it to operate as intended when they do.

Gates Foundation to insist on Open Access science

tom dial Silver badge

Well done!

Now my government should follow the Gates Foundation's outstanding example and insist on open access for research that the taxpayers fund, along with public ownership of all patents obtained based on the research. I do understand that the patent thing is problematic, but have in mind the extortionate behavior of Myriad Genetics wrt the BrCa patents. Sorting out and implementing such a policy seems a better way than some others for patent and other attorneys to occupy their time.

Snowden doc leak lists submarine'd cables tapped by spooks

tom dial Silver badge

Re: Bullet

Assumptions like "spy agencies were for spying on foreigners ... not hoovering up all data from everyone" overlook a good deal of history. In any case, it would be interesting for those who make them to explain just how, technically, they might do that - how they might get access to foreign communications of intelligence interest without having equivalent access to a great deal, if not all, of the traffic And they should explain also, with some precision, how what they are doing now differs from what they were doing half a century and more ago when they hoovered up as much as they could the entire available radio spectrum, to the extent that they were able to do so, and tapped quite a few cables in addition to requiring communication providers to deliver copies of foreign cable traffic. It is nearly a century since British intelligence snatched the Zimmerman telegram proposing that Mexico go to war with the US.

Let's vote on breaking up Google, say MEPs with NO power to do any such thing

tom dial Silver badge

Re: Precedent has been set...

Downvoted for cause:

1. Back in the browser wars Microsoft also worked to ensure that other vendors' products did not work as well as the installed default, and made it clear (whether true or not) that removing IE would damage the OS.

2. I have just installed duck duck go as my default-from-the-omnibox search engine. It took about 5 minutes and no special knowledge of Chrome.

Customize and Control Chromium -> Settings -> Search -> Manage Search Engines, and fill out the empty line at the bottom. The hardest part was getting the URL right. It is "https://duckduckgo.com/?q=%s"

3. Google is presently at the top because it is demonstrably the best, on average, of the leading general purpose search engines. And that has been so long enough that we use "google" as an active verb much as we often use "kleenex" and "hoover" to refer to tissues and vacuum cleaners. In the meantime those who have been unable to compete seek rents from governments.

'Snoopers' Charter IS DEAD', Lib Dems claim as party waves through IP address-matching

tom dial Silver badge

Re: It's not nesessary the evil

"There are many notable instances of mission creep from laws designed to combat terrorism."

If that is true you should have no difficulty listing three or four examples related specifically to telecommunications provisions like those authorized by section 215 of the US Patriot Act or mentioned in the article.

tom dial Silver badge

Re: "I'll have an IP address please, Bobby"

I haven't tried this with Comcast, but a few years ago I had to replace a failed Cox router which, of course, had a different MAC address. It would not establish connectivity until I had a chat with Cox tech support.

Given that many or most of the IP addresses the provider gives out, and the number of computers and users attached to each, the evidentiary value of the information is apt to be quite low, scarcely more, in the US at least, than what is necessary to get a search warrant.

I suspect that those who want anonymity had best change their computer's wireless MAC address and connect from a public WiFi point. That probably won't protect those who are active surveillance targets of concern to a nation-state, but would make tracking more difficult.