Chris Norton on 25 May 2018 11:49:37 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] groan


Telling a police officer that you don’t know about an event 16 years ago is NOT akin to perjury (lying under oath). You are allowed, as a human being, to forget things.

Also, it is possible to not remember the exact time and date something happened when recalling it the next day. So, using someone’s words against them, while legal, is still hard to prove that someone is lying to intentionally withhold something.

Just because they have the information, doesn’t mean you’re going to jail because the cops showed you left the house at 10am and you said you left at 9:30am. Be realistic here.
On May 25, 2018, 14:37 -0400, Rich Freeman <r-plug@thefreemanclan.net>, wrote:
On Fri, May 25, 2018 at 12:43 PM Thomas Delrue <delrue.thomas@gmail.com>
wrote:

On 05/25/2018 09:20 AM, Rich Freeman wrote:

The problem is that even if you don't have a smart TV, all your friends
do,
so if the NSA is listening in they get to hear your friends talking
about
you. Add in Facebook/SMS, and for that matter basically all the
internet
traffic there is, and a lot of off-internet private line traffic for the
major cloud providers, and any cooperative data feeds they get...

Or as you keep repeating in most of these types of threads: "Why
continue fighting? The terrorists have won this battle anyways. You
stand no chance of winning so what's the point to keep fighting?
Besides, they /want/ their panem et circenses..."

I find that type of fatalism hidden under a thin veil of "practicality"
or misplaced "reasonableness" tiresome and damaging. I think that it's
nothing more than hiding behind the status quo or "fait accompli".

Your accusation is absolutely true, but I'll stick by my attitude, because
I see no practical alternative.

Hey, if I were supreme leader every store would take NFC payments, the
government wouldn't spy on you, everybody would get along, and you wouldn't
have to go to work on Monday morning.

However, that just isn't the world we live in, and trying to fight the
system makes no sense when it has no positive impact on your life.


It's not about whether you are /currently/ on their radar, it's about
whether or not you will ever be on their radar because then they will
throw the book at you: what is legal/acceptable today, may not be
tomorrow.
And when, FSM forbid, you do get on their radar, your adversary will
recall *exactly* what you did on May 27th, 2002 since they have a record
of it, but you won't & you will tell them something inaccurate; and
lying to a law enforcement officer is illegal in this country and
carries a harsh prison sentence so you just got an extra charge with
prison time on top of everything else just for that.


Absolutely true, but they'll know what I did on May 27th regardless of
anything I try to do to prevent it.


Personally I'm more concerned with identity theft/etc. I don't care if
the
NSA can break bitlocker/etc. I care that if I lose my laptop somebody
isn't stealing all my cookies and credit card numbers.

Sure, that's a more pertinent threat, you're right to be concerned about
any one of these things. But that doesn't take any of the threats of
privacy invasion away, it just adds to them. You should still care that
the NSA can break bitlocker, because if they can, so can the DGSE, the
GRU&SVR, the MSS, the Mossad and pretty much any other intel service
worth their salt - of which there are more than you may think. And if
they can, then non-state actors aren't that far behind either.

That depends on how the NSA can break it. If it is due to a weakness in
the system then that would be exploitable by anybody. If it is because of
an otherwise-secure back-door, then that access would be limited to the NSA.

In the case of something like bitlocker the NSA could compromise it simply
by having the TPM module accept signed commands to release its key data, or
decrypt data even without a verified boot path. Unless you had the NSA
signing key (which the manufacturer would not have - you don't need it to
implement this in a TPM), you wouldn't be able to utilize this exploit.
Well, at least not without defeating the TPM hardware, but if you can do
that then the backdoor doesn't make any difference.

Alternatively the bitlocker software could encrypt the session key using an
NSA public key and write that on disk somewhere. However, that would be a
lot easier for an auditor to detect than something designed into the TPM
chip.

Now, to the extent that the NSA doesn't have a private backdoor and is just
hacking the hardware, then conceivably anybody else would have the same
opportunity assuming they invested the same amount of effort into defeating
it.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug