Posts by Doctor Syntax 40559 publicly visible posts • joined 16 Jun 2014
"democratic and judicial oversight"
I think you're confusing political with democratic.
What this bill does is attempt to legitimise the abolition of the presumption of innocence and to redefine "due" in the concept of "due process of law". Last year we celebrated the presence of that latter concept in the last 8 centuries of English law. We celebrated it by abolishing it.
"Before 10 came out I could update a clean 7 build in around a hour or two. Hit update, a minute later the list of 200 updates would appear, click install and go get on with something else for an hour or two."
The fact that this was considered acceptable, or at least normal, is a sad comment on the extent to which MS had brainwashed admins.
My aunt and mother were both great hoarders of photographs. But not great labellers. So I have problems of who were these Edwardian ladies staring at the camera and who were the children with them? And what was the building all these people were standing beside? A few labelled pictures are a useful archive; a few Tb of unlabelled jpegs are so many random bits.
"I don't have time to be picky about what is stored"
Maybe best to delete it all. If you don't have time to review it now you're never going to have time to look at it all or to find the one picture which you seem to remember you have somewhere if only you can find it...
"More to the point perhaps is the use for family histories; family trees including pictures,, scans of certificates and other historic addenda."
Print out on good quality paper. Your descendants might not be bothered to work out how to use your digital version but hard copy won't be a problem. Unless they burn it, of course; maybe you should print a large threat to come back & haunt them on the cover.
"DVD drives are so common today that finding one in 50 years time (if only to reverse-engineer a non-functioning one) is likely to be easy."
It's not so long ago that 5 1/4" floppies were common. And 8" before that. There aren't too many about now. And good luck reverse engineering a non-functioning DVD drive.
You just have to keep migrating to new media.
"When you Brits are being shafted (and in many ways, the rest of the world) you're very calm."
At present the matter is before Parliament. Despite what happens in PMQs florid displays of anger are likely to be counter-productive. A better tactic is presenting reasoned and reasonable arguments as ammunition for any sympathetic politicians who might be listening (as I hope Lord Strasburger still is despite the reception he was given).
"Add another thing - a judge can only grant a maximum of X warrants in any 24 month period. This is to stop a judge that is overly sympathetic to bullshit or probe to rubber stamping."
What concerns you here is what's sometimes called regulatory capture, the judges being the first layer of regulation. If you look at point 5 you'll see that this is also checked for. The approach I've suggested is to check for outcomes.
One could easily envisage a situation where a case has a large number of suspects The judge is presented with a request for warrants against all of them. I'm assuming that individual warrants would be issued for each suspect. This could eat up an undue proportion of your X without the judge being overly sympathetic to bullshit or rubber stamping. In fact, by having to read the background to the case once he could concentrate on wanting to know why there are so many suspects and requiring warrants to be vacated as soon as it became clear that a suspect was eliminated.
Rationing the inputs wouldn't be as effective as reviewing the outcomes.
"You missed one key thing."
No.
From point 5: "this would be to check for attempts to slip unjustified, overbroad requests through the system"
One of the purposes of the checking layer would be to prevent what you're concerned about.
A well-informed commentard on a thread some time ago pointed out than in some cases multiple warrants had to be sought to follow up on an initial warrant - IIRC an example was discovering that a suspect had a second mobile & another warrant had to be issued to cover that. It's likely that a warrant system that required undue follow-ups would be counter-productive - the judges would be overwhelmed with requests & not able to give due scrutiny. An effective system would need a sufficient degree of flexibility which is why I didn't suggest a specific granularity but a system of checks to countermand abuse.
"The new Bill must close all the old loopholes, and the new overly-broad powers that are in the current draft of the Bill must be eliminated if we are to avoid repeating this scandal of the Executive writing its own powers."
That's an overly-broad statement. We need more specific requirements. Here's my suggestion.
1. The presumption of innocence is an important principle in English law. A corollary of that is that, whilst an investigator will necessarily regard individuals as suspects prior to conviction, the population as a whole must not be treated as suspects. Mass surveillance is not an unacceptable means of investigation.
2. Any interception must require a warrant.
3. It is unacceptable that a warrant be granted by a politician or by an official of the investigating body. It must be granted by a judge or magistrate.
4. There must be a regulatory oversight of the process over and above that provided by the independent granting of warrants
5. The regulatory oversight should review the outcomes of intercepts. The percentage of significant outcomes should be compared against the sources of requests for warrants and against the granters of warrants. In the first case this would be to check for attempts to slip unjustified, overbroad requests through the system and in the second to check for regulatory capture. Suitable action should be taken in the event of the discovery of anomalies including withdrawal of the ability to make requests or to grant warrants. There should also be spot checks on the returns made for this statistical review.
6. The regulator should also respond to complaints from members of the public in regard to abuse of the interception powers.
7. The regulator should have the power to act when abuses are discovered. Available actions should include requiring agencies to take disciplinary action, criminal proceedings and ordering public apologies and compensation to victims of such abuse.
8. The regulator should publish regular reports including summaries of the statistical reporting, complaints and all actions taken in the event of abuse.
If the regulator needs a motto "Quis custodiet ipsos custodes?" seems appropriate.
"But interested to know what exactly you think is so special about the UK electricity supply sector that makes you think it is so different from others like Australia and NZ?"
I don't know about your environment but here we've had a stupid charge to "renewables"* which means supply is increasingly unpredictable.
In consequence the responsible govt dept, rather than admitting it's got things wrong & needs to take action to keep the lights on, wants to be able to balance the system by remotely switching the lights off. And we don't actually like the idea that someone in Whitehall or wherever should be able to remotely switch off our washing machine mid-cycle or our freezer or our fridge or our lights.
Given that smart meters are, in effect, remote switches, we see them as an essential element of achieving that. The irony, of course, is that when they start to exercise that ability, should they get it into their hands, the political consequences will finally dawn on the govt. with the result that there'll be a panic programme to build nuclear capacity at whatever cost.
"other than the government mandate"
That in itself is sufficient basis for mistrust whatever the colour of the govt. If anything the other lot would be even worse.
* Renewables here don't include much hydro nor, as far as I'm aware, any geo-thermal. And this comes on top of generations of technophobe politicians and administrators who have thrown away our early lead in nuclear generation.
"energy-engaged"
Engaged! More marketwanker-speak.
After I'd renewed my house insurance recently, my insurers decided to start spamming me except it's not called "spam", its "part of our customer engagement". (We'd had words about spam a couple of years ago after I found the email address of someone senior in their marketing.)
Using your own domain for email has benefits. Last summer I sorted out my email to give individual addresses to people I'm a regular customer of. So they've quickly found themselves disengaged when I deleted their address. They'll find themselves even more disengaged next time renewal's due.
"Also different leccy suppliers use different meters, different software... so if you dance to that other favourite gubmint tune and SWITCH - then your spiffy new smart meter immediately becomes a good old-fashioned dumb meter."
Sounds interesting should they ever try to insist on installing one here.
"In a letter to Rudd this month Henney had said the only beneficiaries will be the meter manufacturers."
Given standard IoT security this is wrong. Terrorists could also be beneficiaries. This is the line to push. It will stop the roll-out stone dead (assuming it isn't effectively stone dead anyway). And their security won't be able to be improved because encryption.
"The intelligence community is coming to the tech companies and saying sorry (not publicly, that would be too much) "
If you're right it's a good start but publicly is not too much, it's what's needed. However I don't see the tech companies being able to help the community out of their hole. If they were to try they'd simply find their customers turning against them and looking elsewhere for secure apps.
Missed the edit window.
The security community also need to accept that there is no magic bullet to solve their encryption problems. Code for strong encryption has been generally available for a couple of decades. It's not going to become suddenly unavailable.
Mandating weak encryption or key escrow systems are not going to satisfy public needs. If such restriction on strong encryption were imposed on suppliers in their jurisdiction the public would simply turn to suppliers from outside. If such external software were made illegal then the general public would suffer but anyone wanting to use strong encryption for illegal purposes would not be affected. As I've written here previously, you do not dissuade people who are or are planning to break laws by furnishing them with more laws to break.
The security community has a real problem with widespread use of strong encryption. It's a problem entirely of their own making. They can't blame anyone else. And frankly I don't see what they can do about it now except live with it.
"Admit what exactly?"
Exactly what I said: that they have lost the trust of the people.
The people who object to being spied on. The people who are the customers demanding end-to-end encryption of Apple etc's services. The people who are the demos in democracy. The people whose taxes pay their salaries. The people for whom they are supposed to work.
Clear enough?
The problem the intelligence community is stuck with is that it has lost the trust of the people it is supposed to serve. Neither Apple, Google nor anyone else can repair that trust for them, it's a job they have to do themselves. Frankly, I don't see how they can do that but a useful first step would be to stop all the bluster and admit it publicly. A few resignations would be the next step. Then someone with clean hands will have to do the hard work.
"the way that Linux Mint started insisting on having my password every single time, rather than just the first time after booting"
So if someone came up with a piece of Linux malware you'd be quite happy for it to install itself silently rather than draw itself to your attention by asking for the password?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
