Monday 29 Jul 2013 1 comment
Thursday 25 Jul 2013 comment? Recent discussions of bulk collection of telephone metadata occasionally note that the US Supreme Court held, in 1979, that recording the numbers a telephone subscriber has dialed is not a search under the Fourth Amendment and thus does not require a warrant. Just because something is the law doesn't mean it's good law. Like a lot of Supreme Court decisions, this one (Smith v. Maryland) was not unanimous (5-3). From dissenting opinions (by Potter Stewart and Thurgood Marshall, respectively): The numbers dialed from a private telephone—although certainly more prosaic than the conversation itself—are not without "content." The prospect of unregulated governmental monitoring will undoubtedly prove disturbing even to those with nothing illicit to hide. Many individuals, including members of unpopular political organizations or journalists with confidential sources, may legitimately wish to avoid disclosure of their personal contacts. [...] Permitting governmental access to telephone records on less than probable cause may thus impede certain forms of political affiliation and journalistic endeavor that are the hallmark of a truly free society. Particularly given the Government's previous reliance on warrantless telephonic surveillance to trace reporters' sources and monitor protected political activity, I am unwilling to insulate use of pen registers from independent judicial review. Wednesday 24 Jul 2013 2 comments Today, miscellanous items.
Sunday 14 Jul 2013 1 comment DuckDuckGo, a search engine that doesn't log your queries, has been in the news recently. I like their approach to privacy, I like that their birthday is on a February 29, I like some of the stuff on their founder's blog, and they did OK with some sample searches I tried (although they only index a small fraction of this blog's archives). On the minus side, I think three syllables is too many for the name of a search engine. Thursday 11 Jul 2013 2 comments A couple Echinopsis cacti at a neighbor's house flowered today. Each flower takes a month or so to develop, opens one morning, and wilts the same day. Two plants bloomed in sync this morning, something I've seen this species do enough times that I don't think it's coincidental. I poked around a little on the web and found pages on the why of synchronized flowering but not the how. I once asked a biologist friend how they do it, and he thought they usually communicate through the substrate—which didn't explain what's happening when plants in separate pots do it. The two that bloomed this morning were in pots about ten feet apart. My guess is that they communicate chemically through the air, which I think is pretty impressive. Sunday 07 Jul 2013 comment? Friday 05 Jul 2013 comment? I've gotten better results taking pics of people than I have with landscapes or sunsets. Part of it is that a photo of a large expanse won't have the desired effect unless it's presented in a large format—perhaps an obvious point, but one that I hadn't appreciated until I read it somewhere, after which I didn't feel so bad that my pics of landscapes don't come off so well. (I've never had a really big enlargement made.) I used to walk through Grand Central Terminal every day on my way to work in New York, where Kodak had a 18×60 foot backlit transparency that changed every month: the largest enlargements in the world. Some people thought the pics were kitschy and thus out of place in a building known for its elegant architecture, but I remember liking them. They were assembled in strips like wallpaper. In the early days, the image was made of 41 pieces, each one roughly 0.5×6 meters. Over time, Kodak geared up to make the panels wider; in the last few years of the program, each panel measured 6×18 feet. If you think enlarging and developing and retouching film is work, imagine doing it on that scale. Monday 01 Jul 2013 comment?
Encryption tools for securing email have been available for some time, although most people don't bother to use them. Large email providers don't have an incentive to further the adoption of strong encryption. Google could have built user-friendly end-to-end encryption into Gmail from day one and promoted its use, and with the growth of Gmail it could've reached a large enough user base to really catch on. That didn't happen because it would've kept Google from reading your email for its own purposes (e.g., selecting targeted advertising). And. When service providers coöperate with the US government in surveillance, keep in mind that in many cases the government pays to defray the cost of providing the requested information. Just playing follow-the-money, individual Gmail users aren't paying customers whereas the snooping government is; whose interests will Google be more inclined to serve? I read news and commentary on the Snowden case every day, which takes patience when encountering stuff written by people who may not understand the subject well. E.g., in the WaPo, Greenwald said the people in possession of Snowden's files "cannot access them yet because they are highly encrypted and they do not have the passwords." I'm sure that elicited laughter in Moscow and Beijing. Snowden's encryption may be an obstacle for journalists such as Greenwald, but it's not a problem for the PLA and the FSB.If encryption is done right, it is uncrackable for practical purposes. It's not like a safe deposit box, where any box we have the tools to build we also have the tools to dismantle. With well-designed-and-managed encryption, no one decrypts the data without the key. The question then becomes, can they get your key (by guessing, keystroke-logging, rubber-hose cryptanalysis, ... ). A lot hangs on "doing encryption right". There are ways to do it wrong, but I imagine Snowden knows the difference. Although the WaPo essay I quoted from above didn't go into detail, it gives the impression that encryption is but a small hurdle for a skilled adversary, as if various Hollywood portrayals of encryption-breaking were authentic. This is a nuanced subject; a detailed treatment is beyond the scope of this blog posting. My point is, just because Government X has successfully hacked into lots of machines doesn't mean it can break any encryption it wants. As long as we're on misconceptions in the press, the value of data obtained by tapping fiber optic Internet cables is sometimes exaggerated. Taking email for example— even though Gmail has access to your email in plaintext on their servers, they routinely encrypt it (e.g., by ESMTPS) for transmission across the Internet, and if that's done right it is not trivially decrypted in transit (and nor is HTTPS for web pages). |
current journal
FAQ contact rss/xml atom/xml spam notice archive
|