Posts by Doctor Syntax 40432 publicly visible posts • joined 16 Jun 2014
"Sadly some may break the rules, that is what supervision, management, the police and other agencies are supposed to be there to control"
True. And those who break the rules, at least those rules which are part of legislation, can be prosecuted. But are those who break this set of rules prosecuted? If not why not? People have been asking "Quis custodiet ipsos custodes?" for a very long time and with very good reason.
"The FBI clearly messed up and need a telling off, but it can't be in the public interest for this many convictions to go down on a technicality."
That technicality might one day protect you against a false accusation.
Along with "if you've nothing to hide"* we keep hearing "nobody is above the law". Well, that one is right, nobody should be above the law and that includes the law enforcers.
*Which is too close to abandoning the presumption of innocence and should be treated with the contempt it deserves.
"Neither the article author nor the EU have come up with any solid proposals as to how their idea of a mix-and-match phone would actually work."
If the finding goes against Google that's Google's problem. But one solution seems clear enough from reading the article - remove the restrictive terms on licensing the APIs.
"Google is trying to control the Android stack, that much is undeniable, so the question is whether that control is ultimately harmful to such an extent that it is illegal"
And determining whether it's illegal is the outcome of legal processes such as that which the EU is launching. If they're doing that they must have a basis for believing it to be so and the present article presents informed opinion that supports such belief.
As you say, it's a question. Don't you agree that it should be answered by the appropriate mechanism?
"The problem is that they can't .. at least not without falling foul of US law when the feds come a-knocking."
There are ways. Microsoft think they've got one with the data trustee set-up they're putting together in Germany. An alternative would be to have EU nationals set up an EU corporation to run the operation in the EU in data centres owned by the EU corporation under EU law as a franchise with the terms of the franchise specifically preventing the US parent from accessing the data.
I can't think why they haven't done this already - I'm sure there's no shortage of legal expertise in setting up franchises when it comes to tax arrangements - unless they don't want to share the money with their franchisees.
"or US companies operating in the EU the solution is simply making a sincere effort to abide by the law there."
No. The solution is simply to abide by the law. Sincere efforts are not enough. It will take a serious reorganisation of how they do business. If the Microsoft data trustee scheme proves effective then that sort of solution would suffice. If not then they'll have to resort to a franchise operation where the entire operation is hands off for the US parent.
I don't know the ins & outs of this particular site* but I suspect in a lot of cases the business has no IT knowledge whatsoever. They found somebody local who could "do" them a website for some amount of money. The somebody has then arranged to host the site and moved onto the next client. The client may not even have seen the T&Cs, much less read them, much less understood them. It wouldn't surprise me if there were e-commerce sites there where the business's only copy if its entire transactional history is the website's database complete with customers' credit card details.
*It's football - my personal view is that anything involving 22 men chasing a bag of wind up and down a field could be removed from the planet with no loss whatsoever.
' people doing things that they know in their real heart of hearts is a "bit dodgy" need to bear this in mind'
Do you, in your real heart of hearts, know that it's a "bit dodgy" to order you groceries online and pay through online banking? If not then, by your own arguments as far as I can follow them, you are entitled to best security to protect that transaction and your bank account.
Your phone, tablet, laptop or whatever can't have two automatically selected encryption modes, one for dodgy and one for not dodgy.
"you should assume that when the Feds arrive with the proper papers they'll be given what they ask for."
Barry, sit down before you read the next bit, it might shock you.
Sitting comfortably? OK.
There are other governments in this world besides the US.
Some of them might not have human rights policies that you agree with. Who makes the call when one of those rocks up to $vendor with proper papers? Does $vendor let them all in? Or none? Or should they call you with your great powers of judgement of who's right and who's wrong?
Stay sitting down because the next bit might shock as well.
In addition to governments there are also criminals who might want to break encryption.
If you've given out the keys to legitimate requests (whatever those might be) how do you control them so that the criminals don't get them? Or if you tackle the issue by installing back doors you do you prevent the criminals from discovering them?
"Probably by way of skimming only a low bit count out of the generator"
You still have the problem of ensuring that the low bit count numbers repeat any patterns in the high bit count. To take an extreme example you take the low 8 bits, they look random but the top 8 bits are cycling through a short repeated sequence.
"There are two sets of random numbers generated, one with high entropy and one with low."
I get that. But why should the latter tell you anything about the former? Or, given that they're talking about TRNGs based on noise sources, how do you get two sets of numbers out of them other than by diverting every other number (or some other percentage) from one set to the other in which case how do you have different entropies for the sets?
In short, this seems like a remarkably low content article.
"While I agree that catch-alls can be a problem, in small service companies they can be a life (company) saver."
There's a difference between external mail and internal mail in this respect. And the larger the company the greater the probability that there will be legitimate internal mail that's above the monitor's level of responsibility.
If you think you need a catch-all make sure everyone knows about it and whose will be reading it. At least anybody who's sending anything sensitive (personal or business) can either take extra care with addresses or choose not to use email. Shock-horror - other methods of communication exist!
"Suppose the emails contained evidence of some crime that was later committed?"
I'll see your straw man and raise you. Suppose they contained confidential company information that would affect share prices? Difficult to avoid suspicion, even if innocent, if there were then suspicious share trades.
The fact is that intra company email can contain all manner of confidential information. It could be customer or employee personal data. It could be product plans. It could be results of clinical trials. All sorts of things above a support desk pay grade and operation of the email system shouldn't depend on such an employee opening it to route it correctly. It should bounce and give the sender a chance to re-route it correctly, sight unseen by anyone else.
'If you mentally block out the word "digitalising" and replace it with "computerising" then it all works so much better.'
That doesn't work here.
Consider:
'the company is also winning "digital" contracts, too – including the digitisation of a number of train companies' front-end ticketing systems.' Aren't these systems already computerised and, therefore digital?
or:
"we have a lot of demand to digitalise the front end of those legacy systems – rather than full legacy modernisation."
and especially:
"Moran believes digital and legacy are not mutually exclusive."
In order to make sense of this one has to assume that either these systems aren't already running on digital computers or that she has some previously unknown meaning of "digital" in mind.
Did she get parachuted in from some entirely different industry?
"the pedestrians should be walking on the side facing traffic"
Common sense needed here.
On a blind corner walk on the outside of the band irrespective of whether you're facing the traffic or not. Cyclists, of course, have their own technique in this situation. They just barrel round the corner in the middle of the road.
"Will the subject province of Great Britain have to make any changes to its networks and data retention to comply with its European government's new statutes and dictates?"
Well, I hope so because up until now our elected representatives have been doing a crap job of looking after our interests.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
