Anti-Terrorism Hypothetical: Bulk Scanning of Hosted Files? (justsecurity.org) 284
An anonymous reader writes: The tech community has spoken: we don't want the NSA or any other government agency running bulk surveillance on us, and we don't want tech companies to help them. But Bruce Schneier points out an interesting hypothetical raised by Harvard Law School professor Jonathan Zittrain: "Suppose a laptop were found at the apartment of one of the perpetrators of last year's Paris attacks. It's searched by the authorities pursuant to a warrant, and they find a file on the laptop that's a set of instructions for carrying out the attacks. ... The private document was likely shared among other conspirators, some of whom are still on the run or unknown entirely. Surely Google has the ability to run a search of all Gmail inboxes, outboxes, and message drafts folders, plus Google Drive cloud storage, to see if any of its 900 million users are currently in possession of that exact document.
If Google could be persuaded or ordered to run the search, it could generate a list of only those Google accounts possessing the precise file — and all other Google users would remain undisturbed, except for the briefest of computerized 'touches' on their accounts to see if the file reposed there." Zittrain asks: would you run the search? He then walks us through some of the possible complications to the situation, and the pros and cons of granting permission. His personal conclusion is this: "At least in theory, and with some real trepidation, I'd run the search in that instance, and along with it publicly establish a policy for exactly how clear cut the circumstances have to be (answer: very) for future cases to justify pressing the enter key on a similar search." What would you do?
If Google could be persuaded or ordered to run the search, it could generate a list of only those Google accounts possessing the precise file — and all other Google users would remain undisturbed, except for the briefest of computerized 'touches' on their accounts to see if the file reposed there." Zittrain asks: would you run the search? He then walks us through some of the possible complications to the situation, and the pros and cons of granting permission. His personal conclusion is this: "At least in theory, and with some real trepidation, I'd run the search in that instance, and along with it publicly establish a policy for exactly how clear cut the circumstances have to be (answer: very) for future cases to justify pressing the enter key on a similar search." What would you do?
And what about false positives? (Score:5, Insightful)
What about false positives - like if a document has been mass-mailed or put as a part of a story etc.?
I an imagine that we would end up into a situation of "guilty unless proven innocent".
Re:And what about false positives? (Score:5, Insightful)
Nice conclusion jumping you've got there, you missed something though...
Possession of such a document is little different than having a digital or dead tree version of the Anarchist Cookbook [amazon.com] (the buyers of which I'm sure Amazon could be compelled to release to investigators).
It would simply mean that such owners might get a second or third look to see if they are up to anything else that seems fishy, maybe even get a few extra screenings at the airport and digital checks to see if you've been chatting with any suspected/known terrorists... if so, then things could difficult for you.
I'm sure the RIAA/MPAA would also like the tech companies to use such an ability for themselves, do a search for all copies Let_It_Go.mp3 with a given hash that was known to have been on a file sharing site and send them each bills... however neither means you are criminally or civilly liable.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
"Sure I knew Ahmad, good guy, our families hung out. I remember him talking about these things but never thought him serious, I thought it was all just a joke. When it finally happened I was scared that I would get blamed so didn't tell anyone."
What are you going to char
Re: (Score:2)
when someone is charged with something (England) what it usually means is that the State has enough to convict. This is one way to save money - the State won't waste it charging someone without evidence. This decision is on the AG, not the police and not on any judge. Assurance of conviction is also their way of fudging the conviction rate. It's only when something unexpected happens - surprise witness for the defence, or sudden and confirmed alibi - that the accused is cleared. ~When a conviction for eg mu
Re: (Score:2)
Damning evidence of what? That I was writing a book and something in real life happened that looks strikingly similar?
Here is the problem. If you can think of it, I can think of it. We may be motivated to think of it differently like I may be intending to write the plot line of a book or movie and you may be interested in taking everyone's freedom away.
Now I have seen all sorts of things like tools modified for specific tasks that someone has been using for years and find out later that some company noticed
Re: (Score:2)
Damning evidence of what? That I was writing a book and something in real life happened that looks strikingly similar?
If your book matches word for word instructions for carrying out a criminal act and you pulled out that story, there's a good chance you could get convicted on that basis alone.
But if they're just as you say searching for stuff that is just similar then there's going to be a lot of false positives.
Or maybe they don't even do that and just scoop up everyone who has documents with particular keywords or sentiment. This global searching opens up a huge can of worms.
Re: (Score:2)
Exactly. And it is wrong.
A lot of people who commit crimes search the interweb for directions on how to commit at least parts of their crimes. Most high profile crimes have "their computer search history" as an element of evidence against them.
So lets say I put up a short story on how to rob a bank. I imagine every possible way and come up with something that sounds fool proof. So some terrorist wannabe finds it online or through some infection leaking documents from my computer and thinks it is fool proof
Re: (Score:2)
Damning evidence of what? That I was writing a book and something in real life happened that looks strikingly similar?
No... that you actually had a copy of *the* Word document the terrorist cell had circulated within its members prior to the attack. The one that said what to wear that day, the reminder to remain calm, how to react if the police stopped you, whatever and etc. A word for word document with a particular hash, that was searched for by the hash.
Unless the book you are writing is LITERALLY the blueprint document used by the terrorist cell to commit its attack your name isn't going to come up.
Several of the presentations were near identical to rough drafts
Even just the paragr
Re:And what about false positives? (Score:4, Insightful)
The Fourth Amendment was written precisely because we didn't want people trawling through our lives looking for things to hang us for.
That we seriously consider "hmm, maybe it's not so bad to search millions of innocent people for criminal tendencies" is a condemnation of our society.
Re: (Score:2)
yes, it describes the circumstances in which a search may be performed: a search must be for a certain thing in a certain place (a gun that's been recently fired the police have reason to believe you're in possession of because they have a registry that shows you do, that they think might be hidden under the floorboards?). Otherwise, says the 4th, "leave we free people the fuck alone!".
Hence to the Fifth: no man shall be compelled to testify against himself. *Unless on a presentment or indictment of a grand
Re: And what about false positives? (Score:2)
That isn't what the Fifth Amendment says. At all.
Re: (Score:2)
get a warrant. meet the minimum test. (Score:2)
all kinds of searches are possible when a judge grants a search warrant. over the phone.
Why just Gmail? How far do you want to go today? (Score:5, Insightful)
Do we force companies to scan theirs too?
Get developers to add backdoors scanners to all their software?
This isn't a new problem.
Even though it's hypothetical, it's still dumb.
Re:Why just Gmail? How far do you want to go today (Score:5, Insightful)
How about searching the account of the one person they've identified to find out which other accounts he had mailed that to?
Then the government can get warrants to search those accounts as well.
As long as they are not in another country or otherwise protected or delete all records after a certain time.
Re: (Score:2)
Which is a strong reason to never use gmail or the likes.
Re: (Score:2)
Re: Why just Gmail? How far do you want to go toda (Score:4, Interesting)
The problem is that this is the precise definition of slippery slope. As attractive as it would be to scan for such content legally, this is not the kind of toys we want the government to have. Would the government as with a foreign enemy, we should be discussing capabilities, not intentions. The one inescapable truth is that any capabilities of a bureaucratic entity are going to be abused. If you don't want the abuse, don't give them these capabilities took begin with.
Mod parent up. (Score:5, Insightful)
To be clear on this ... while you may trust President A not to abuse this, that means that you must also trust Presidents B, C, D, etc. Eventually there will be someone elected that you really do not agree with.
And that person will have all the authority you supported for the people you did agree with.
And none of the inhibitions on abusing that authority.
What else is searched for (Score:5, Insightful)
Once the government has the ability to scan files belonging to hundreds of millions of users for a specific document, it might be easy to broaden that. Searches for similar documents. Searches for a standard set of illegal materials - say known child porn images. Searches for copyrighted materials like movies and audio.
Specifically searching for a specific document with a known like to terrorism doesn't bother me, but the extensions do. I absolutely do not want to give the government the right to search for anything illegal - and I don't see a clear way to enforce the distinction.
The innocent have nothing to fear, but there are few absolutely innocent people
Re: (Score:3, Informative)
Yes, just imagine an alternate relaity in which Donald Trump becomes president, enforces his "Scare the Muslims away" policy by requiring them to wear clearly visible marks on their clothing and the document being a call for civil disobedience telling among other things how to produce markers which look OK but will not be visible for automatic surveillance cameras.
Obviously everyone forwarding such a document is not a law-abiding citizen but a prospective terrorist and needs to be found and detained.
Re: (Score:2, Interesting)
Muslims already wear clearly visible indications of their religion in the manner they dress (religiously dictated) -- you don't need an alternate reality or Donald Trump for that.
Islam is a Religion-State -- their goal is wold domination by any means -- this is the critical difference between Islam and other religions:
Christianity: domination of the entire globe by word-of-mouth, example and metaphysical enlightenment.
Judaism: domination of a 300 x 50 mile piece of desert by any means necessary
Islam: domin
No - there's no relgiously required clothing (Score:3)
Re: (Score:2)
Christianity dominated the entire globe by means of conquest and colonialism and killing everyone not wanting to convert.
So in general, you have a strong opinion about muslims, but a weak knowledge.
Re: (Score:2)
"Christianity dominated the entire globe by means of conquest and colonialism and killing everyone not wanting to convert. " So this justifies the actions of a small number of Muslims trying to impose their views and lifestyles on the masses? Just how far are you willing to go back in history to weave a chain of cause and effect? The violence and atrocities committed in the name of spreading Islam and the inevitable military reprisals will continue unabated until the people actually committing the violence
Re: What else is searched for (Score:2)
Both Judaism and Christianity thought the patch of desert they had and later the Roman Empire was the whole world. Both New and Old Testament make reference to "the whole world" being their respectively rightful inheritance and the final war.
Re: (Score:2)
What? lol..
They knew there was more out there than what they were in. In the old testament, the jews were only supposed to be given a small portion of the world and had rules for dealing with gentiles that did not involve in killing or converting any of them. In fact, the jews of the old testament thought they were the chosen people and you needed to be of ancestry so conversion wasn't really a factor.
The Christians in the new testament also knew about the rest of the world (maybe not the Americas) but the
Re: (Score:2)
Do you have some problem with comprehension? The bible says things and if you or anyone else wants to claim it says something, it actually needs to say it. If what is claimed is actually in there, it is truthful in reality (it really does say that).
And yes, the bible does contain a story about a big fish. It also contains stories about a lot of fish and a little amount of fish. Those are all statements that are truthful in reality. The bible doesn't say anything about fish is not something that is truthful
Re: (Score:3)
Re: (Score:2)
Bollocks. And also anyone who modded you up, go fuck yourself.
You are the worst people I can imagine, spreading utter bullshit from no position of knowledge that incites distrust and violence. Try learning about things from a source that isn't full of hatred - maybe if you have opinions about Islam then you should talk to an actual Muslim person. No, I suppose you wouldn't risk that, you probably believe they have lasers in their eyes and can crush your skull with a single swipe of their robotic hands.
Re: (Score:2)
I sure am glad you pointed out that this is happening today and always has happened in the entire history of Christianity. Otherwise people might think that people in power used Christianity to otherwise enact their evil agenda in the way that the road to hell is paved with good intentions (or they were just sadistic tyrants who enjoyed watching people die)...
BTW, can you refresh me on the passages in the new testament that say to go fourth and kill? I lost my
Re: (Score:2)
The residential schools were shut down in the 1990's here in Canada. Ran by Christians, they practiced torture, often just for fun, sexual molestation, medical experiments and all kinds of horrible stuff,as related by living witnesses. You were safer being sent to the western front in WWI and WWII then letting the Christians get hold of you.
That's Christians practicing their evil agenda of converting or killing savages (and being sadistic tyrants) as recently as 25 years ago in a first world country.
Then th
Re: (Score:2)
I see you can offer uncited allegations but skirt around the actual question. I'm sure what you say happened is possible and could have happened, but you failed to show any passages in the new testament making it part of the christian ideology.
There are horrible stories all over the place involving all sorts of people. Until you can show the passages in the new testament calling for it, all you are doing is showing that you are not intelligent enough to understand your own bigotry. None of what you mentione
Re: (Score:2)
It's obvious you don't know. Only one quote on that page came from the new testament and would be considered a practice of Christianity and even then it was taken out of context. It's a fucking parable.
I guess there are a lot of liars in that world of yours where you cannot be assed to find out the truth and just go with anything you think sounds good.
Re:What else is searched for (Score:4, Informative)
Some services already do that to try to uphold their terms of service: http://venturebeat.com/2012/08... [venturebeat.com]
Re: (Score:2)
Once the government has the ability to scan files belonging to hundreds of millions of users (..)
Depends on who does the searching, read: who determines how exactly that search is done. Compare with the situation where somebody wants your help in looking up something on the internet. There is a significant difference between:
a) You being handed a clue on what to look for, followed by you using your own computer / software / internet connection to look for answers, and hand back results. Versus
b) You stepping aside, and letting the other person use your computer / software / internet connection to lo
Re: (Score:2)
Once the government has the ability to scan files belonging to hundreds of millions of users for a specific document, it might be easy to broaden that. Searches for similar documents. Searches for a standard set of illegal materials - say known child porn images. Searches for copyrighted materials like movies and audio.
Specifically searching for a specific document with a known like to terrorism doesn't bother me, but the extensions do. I absolutely do not want to give the government the right to search for anything illegal - and I don't see a clear way to enforce the distinction.
The innocent have nothing to fear, but there are few absolutely innocent people
Use of public/private key crypto could make it possible for the authorities to do this kind of search without being able to see the contents of files, or look for "similar" stuff.
If the files stored are encrypted with your public key, only you can see the actual contents; however, the authorities can take a specific file, encrypt it to your public key, and THEN see if any of the files in your account match. They can't go on a fishing expedition to see if something "suspicious" is there.
Unfortunately, a sing
Re: What else is searched for (Score:4, Insightful)
It should bother you though. This is akin to a house-to-house search by the government. Your documents are your documents regardless of where you store them. Just because it is digital and therefore easier doesn't mean it's legal, if the cops came by your house everyday or several times per day to search your house for "terrorism", even if they didn't disturb anything and put everything back where they found it would you let them?
Re: (Score:2)
With those skills you should be an IT project manager.
Ever heard of a checksum?
Re: (Score:2)
Its a legal / political issue, not a technical one. I agree that you could apply technical limits, but I worry that the government could change the rules easily and continuously.
Re: (Score:2)
I would hope that they report a hash plus the file size, to reduce the risk of false positives.
This already happens (Score:5, Informative)
Send or receive a known kiddie porn image through GMail and they will tip the authorities [techcrunch.com]. That hash check can be used for anything the government wants to find people in possession of, just hand them a hash and a NSL.
Re: (Score:2)
Re: (Score:2)
That should be the main response to this idea. It hinges on this completely retarded statement: "The private document was likely shared among other conspirators [via or stored using sharing services of big (US-based) companies]"
Honestly, which serious bad guy would be stupid enough to share or store 'Instructions.for.Executing.Terror.Attack.docx' using Google fucking Drive?
Additionally, the point of using email drafts is that they are never sent, which means that they only ever exist in a single account and
Re: (Score:2)
Cloud-based antivirus would be another sector to think about.
Been secure in a persons own papers has gone years ago. The way some email was stored long term made it a free for all years ago.
Google is a private company (Score:2)
Re: (Score:2)
This "Its a private company, it can do what it wants" attitude is an odd idea. Are you American? Can a private citizen do whatever he wants?
And BTW, Google is a public company, not private.
Too complicated (Score:4, Insightful)
Too complicated for me. We should refer this one to Bennett Haselton.
Re: (Score:2)
APK has the answer.
(cue the twat in 3... 2... 1...)
Three words : content addressible storage (Score:3)
They *already* do this, not because they're scanning things, but because they index files on their hashes in the first place.
Remember "Dropship"? If you knew the hash of a file on Dropbox, you could "teleport" it into your Dropbox storage by using the API to tell Dropbox that you had a file with that hash locally. Since it got used for file-sharing, that was shut down - but it reveals that for de-duping purposes, Dropbox hashes all your files anyway.
It's a trivial matter to take that file, hash it, do a lookup in the table of files that belong to each user, and produce a list of the accounts. It's probably already been done for copyright-infringement suits.
No bulk scanning required. Just a lookup.
BRB - Door (Score:2)
We get round that by either changing the payload itself (while rendering it still usable) e.g. by transcoding videos, adding filler pages to .pdfs and/or by zipping it together with a randomly gener
Re: (Score:3)
They *already* do this, not because they're scanning things, but because they index files on their hashes in the first place.
Yes, I thought that was obvious. Do people think Google really stores a million copies of that cat video that has been emailed around?
At the very least, they must index hashes on whole files.
The hypothetical sounds a bit like "if you could strangle Hitler as a baby". Sure we would, but the precedent is of concern.
Briefest touch? It's still a search. (Score:2)
...except for the briefest of computerized 'touches' on their accounts to see if the file reposed there....
A search is a search, no matter how innocent you try to make it sound.
No. (Score:2)
I wouldn't run it without the authorities being able to meet the requirements for a search warrant. Otherwise you have the problem of copies of the document in the inboxes of people with no involvement whatsoever who were sent the document in a deliberate attempt by the terrorists to bury their tracks in a crowd of false leads. Given that the sender, not the recipient, determines to whom a message is sent, merely receiving a message without anything more doesn't indicate any involvement or intent on the par
Re: (Score:2)
and i would put the following restrictions
1 the warrant must be one of the original three copies printed by the officer (no photocopies no fax physical originals)
2 the signing judge must sign in blue or black ink with his own hand ON EACH COPY
3 each warrant should be limited to 15 documents
don't forget that your setup may miss somebody that received a file originally on a thumbdrive
I have a better idea (Score:5, Insightful)
Lets deal with threats like ISIS at their source rather than playing wack-a-mole with our liberties here at home.
Re:I have a better idea (Score:4, Insightful)
Lets deal with threats like ISIS at their source rather than playing wack-a-mole with our liberties here at home.
The problem is that the source of ISIS is a medieval-minded culture comprised of billions of people, hundreds of millions of which at the least happily applaud ISIS-like and Taliban-esque behavior. What did you have in mind in terms of solving that problem? Were you proposing to go into those countries and change how they mal-educate their citizens? Just conduct a little cultural imperialism to fix how they think? Hint: that's exactly what they're complaining about: the fundamentalists among them (who comprise and finance groups like ISIS) are using violence to establish a geographical zone that they hope will be completely impervious to such western taint. And then they want to spread that zone everywhere, to get rid of the taint. Please be more specific about your "deal with" plan.
Re:I have a better idea (Score:4, Interesting)
Maybe it's time for less 'compromise' and more action? If these groups are truly the threat indicated by western governments, then the last thing they should be doing is shaming their own populations with 'tolerance' propaganda, especially while attacks and radicalization of western citizens continue. Why do you think Trump is so popular? People are tired of talk and 'compromise' that gets nowhere.
No, I'm not suggesting 'reeducation'. I'm talking doing whatever is necessary, including war, if that's what it takes. Send the countries harboring them a clear message. If what you say is true, then leaving them alone might solve it as well, but somehow I doubt pulling out would change much. Many of these groups want a worldwide muslim caliphate. They're 'imperialist' as well.
Re: (Score:2)
Some perspective: There's 1.6 billion muslims in the world. Looking at the PEW research there's on the order of 10% or 160 million of those I consider to have a world view fundamentally opposed to modern society. The number of IS jihadists is on the order of 160,000 or 0.1% of that, it's damn fucking few and damn fucking many. And the kind of people that blow themselves up in 9/11, the Paris attacks and such are maybe 0.01% of that again, five and ten and twenty here and there don't really add up to much. F
Re: (Score:2)
Watch some of our political rallies. And the calls for war. No matter what the cost. We even have politicians talking about nuclear attacks against "them".
It's not an "ISIS" thing. It's a human thing. ISIS is just getting the media attention right now.
And that is the core problem with this "Anti-Terrorism Hypothetical". There will always be a new "terrorist" out there. Or some other "enemy".
It is more about spying on people with less power so that the people with more power can keep that power.
Re: (Score:2)
And then what? Keep troops in the region for the next hundred years to deal with ISIS/Al Queda 3.0 and 4.0 and 5.0?
Which country is going to do that? We've learned from Bush/Obama that the American people don't have what it takes to do this.
Re: (Score:2)
Re:I have a better idea (Score:5, Insightful)
Maybe it's time to declare war on the countries harboring and funding these organizations instead of making 'peace' deals with them. Targeting our own citizens with 'not all muslims are like that' shaming language propaganda to placate these radical idiots doesn't seem to be doing the job. Are our leaders just spineless or do they think that 'infinite consensus' solves everything? I'm not sure, but it's obvious it is not working.
We no longer tolerate fundamentalist christians teaching 'creation' in place of science, nor allow them to trample women's reproductive rights. Why should irrational muslim belief be given any more quarter, especially if it is violent and has clear intention to bring down western civilization?
Re: (Score:2)
I don't know where you live, or what you think the laws are there, but here in the USA we still have something called "Freedom of Religion."
Re: (Score:2)
Maybe it's time to declare war on the countries harboring and funding these organizations instead of making 'peace' deals with them.
Unfortunately it is not that simple. I believe that out of all the states in that region Saudi Arabia is the most likely candidate for being the source of funds. Reasons why I suspect that:
1. Their interpretation of Islam is quite strict and extreme: Wahhabism [wikipedia.org]
2. They are by order of magnitude the richest in the region.
3. They have a history of supporting extremist groups in the past: wikipedia [wikipedia.org]
However, US and Saudi Arabia are VERY close allies ever since World War 2: wikipedia [wikipedia.org].
According to the above link Sau
Re: (Score:2)
Not sure where to start. I assume, given the current news, you are referring to the Iranian 'peace' deal when you say:
Iran is not supporting ISIS and is, in fact, urging their allies to fight them [jpost.com].
You go on to say:
Again I must assume
Government is too big and too unaccountable (Score:5, Insightful)
The problem with this search is that government is too big and too unaccountable to be allowed that capability. Governments and law enforcement agencies routinely act unjustly. They use violence and threats needlessly, acting as bullies rather than public servants. And they are almost never punished when they commit crimes.
If governments showed humility and served the public, maybe you'd consider letting them search something occasionally. But that sort of government seems like an impossible fantasy these days. So no. Not until they prove they can be trusted -- which unfortunately means probably never.
That's not a problem (Score:2)
Get a warrant and search away. It's the illegal searches and bulk collection of personal information that's the problem.
No warrant possible (Score:2)
To me, it seems unconstitutional (Score:3)
In the U.S. (where Paris is not, I realize - but neither is Harvard) we ostensibly are innocent until proven guilty. No, no, quit laughing... I'm trying to make a point. The searcher has no foreknowledge that I might be guilty, so they shouldn't be able to look through my "stuff" for evidence of guilt.
I don't see how this is materially different from, say, having permanent access to my home surveillance camera footage and routinely using bots to review them for the image of a rocket launcher. If you have no reason to suspect me of involvement with a crime, you can't just randomly search my house, stop me on the street to frisk me, or search my personal papers.
Re: (Score:2)
Innocent until proven guilty?
How about being a 'person of interest'? You're not guilty, no siree, we'll just harass, search, detain and otherwise make your life miserable until we're convinced you've got nothing to hide. Yeap, innocent.
Oh No! (Score:2)
Re: (Score:2)
Oh No! (Score:1)
by Mister Liberty (769145) Alter Relationship on Saturday January 16, 2016 @02:30PM (#51314895)
I was just about to inform my cells where the nuke is located!
Username checks out.
Different hypothesis (Score:2)
Obviously you wouldn't do an actual byte-by-byte search of every file; you'd first compare some metadata - like the file size, or the file hash/MD5sum/etc.
So, say that Google gives whoever is asking a list of files that match the metadata. They haven't actually looked at anyone's contents; no file has actually been opened or read. The list doesn't need to include the people's accounts or other details; it can just be a list of inodes. The people asking could then get a court order to look at those specific
Re: (Score:2)
If the files haven't been read, how were the hashes generated?
New concept there... (Score:2)
Gee, almost like the government would have a legal and legitimate (search) warrant that Google et al would likely be happy to comply with. If the government uses it's powers correctly and within the letter of the law, not to mention the spirit, why shouldn't Google et al comply? It is only when they overstep and do BLATANTLY illegal things is when they tech companies push back.
My reading of this would be the government getting a search warrant for the provider in question, and a fully legal one at that. Leg
Deduplication anyone (Score:3)
As was pointed out by a commenter earlier when Bruce Schneier posted this.
This whole hypothetical is moot and has already been attempted for DMCA and Child Porn cases. This is because Deduplication is a feature of any large file sharing entity gmail included as drive space is not free.
Because of deduplication there will only ever be one copy of the relevant file clusters in existence and a table of assignments for which messages and or accounts to apply it too. Thus given an example of the file or the list of cluster hashes and a simple court order a company can expunge the one copy and/or return the list of holders with their association / upload / download dates.
Now one key issue would be that even a single bit changed in the file (mentioned in the article) would change the file hash and probably 50% of the bits in the specific cluster would flip. But for larger files >10MB it may be sufficient to match a percentage of cluster hashes and then inspect the misses further.
That said a savvy antagonist would recognise the above and suggest ways to defeat deduplication, even without using anything fancy. For a text file, simply running it through a compression algorithm would change it sufficiently and if you use one that does encryption correctly then each encipherment, even with the same key, would result in a different file. Plus since you are not actually interested in securing the file you could include the password as the filename.
Re: (Score:2)
Dedupe is usually done at a block level, no a file level for this specific reason. Encryption, compression, and the like will cause headaches for the hypothetical one byte changes, but that is probably a solved problem by now. I have not kept up with the minutia of dedupe lately but for an outfit the size of Google, it would probably be worth it to decompress the files for dedupe. No clue if they do though, but it is not a huge technical challenge.
The issue is way bigger (Score:3)
It's not privacy which is sacrosanct here; it's the right to be free from government searches without sufficient suspicion. The way this needs to be framed is in terms of the limits of government power. If the government has this type of surveillance power, you may joke about the word "bomb" in your post triggering the FBI's monitoring software, but the chilling effect it has on free speech is the same whether the search was carried out by software or by an authoritarian government trying to control the populace.
To put it another way if we've decided that individual freedom is more important than government control, then this is one of the tools we simply cannot allow government to have. It is incompatible with the notion of government for the people, by the people, of the people. If that leads to the downfall of democracy, then so be it. The sole reason for democracy's existence is as a bulwark against authoritarian government control. If democracy self-implodes in this fashion - because people are too scared of terrorism they democratically choose to give government that authoritative control - then we'll either just have to accept that democracy is conceptually a failure, or we'll have to come up with a new idea for a system of government which respects and protects individual liberty.
Re: (Score:3)
If the government has this type of surveillance power, you may joke about the word "bomb" in your post triggering the FBI's monitoring software, but the chilling effect it has on free speech is the same whether the search was carried out by software or by an authoritarian government trying to control the populace.
Except in the thought experiment being discussed here, it's not the presence of a key word in your files or communication on a private system like Google's ... it's the presence of a file that would be an exact match for one found in connection to a mass murder (like Paris) in the hands of the murderers, detailing specifics related to that terrorist attack. This isn't you saying "bomb" in an email, this is you sharing a specific document with someone who just slaughtered a bunch of people in a Parisian con
No way (Score:2)
that terrorists figure out how to intentionally create misleading files on their computers and send out such files to 10000 random people in order to jam the system.
so Bruce started working with the DHS a while back (Score:4, Insightful)
This didn't make the DHS smarter. It only made Bruce dumber.
Let's start with his example: the Paris attacks. The Paris attackers plotted everything using... wait for it... SMS. Just about the least-secure communications system ever devised. About the only way they could have fucked up worse would be if they planned the attacks inside a police station, talking to each other with bullhorns. That's not surprising, of course; the criminal geniuses whose masterplan was "get guns and shoot people with them" aren't going to think of using encryption, decentralized communication, or anything else that even the average slashtard knows how to do.
Now let's move on to Bruce's example. So the police capture or kill a suspect, find his place of residence, find his laptop, his laptop is unencrypted, the terrorist masterplan is just sitting there in plaintext, and... that's it? There aren't any other or better investigative leads? Their best and fastest strategy is to ask Google or whoever to scan all the data of 900+ million users? There's no other evidence on the laptop, no "electronic paper trail" from his online communications, nothing useful in his apartment, they couldn't recover his phone, they can't track the gun he used, they've got *nothing* except a mass surveillance dragnet? The cops just gotta twiddle their thumbs for several hours while Google/Apple/Microsoft/Yahoo/whoever process their request and get back to them? The same terrorist who was so smart he covered all of his tracks was also so dumb he left this vital, identifying, incriminating piece of evidence just waiting for the cops to find it?
It took me as long to read about this idea as it did for me to invent a countermeasure to it. Take some JPEG of a stupid meme, append the terrorist masterplan to the end of the file (or just stick it somewhere in the EXIF data), attach it to an email with the subject line "ch34p V14Gr4!!!!," and use a compromised webserver to bulkmail it your co-conspirators (and a few hundred thousand other people). I'm pretty sure even the dumbest terrorist can manage to download a JPEG, open it with Notepad, and scroll past the gibberish until he finds something he can actually read, and meanwhile the counterterrorism geniuses are working their way through a pool of suspects big enough to populate San Francisco.
This is fucking stupid, Bruce. You're asking me to buy some hypothetical scenario where the perpetrators are so dumb that this strategy would work and yet so smart that this is the best strategy that would work.
Here it is (Score:2, Insightful)
The Japanese attack on Pearl Harbour wasn't unusual; the US Navy imagined exactly that scenario. Similarly, bin Laden didn't predict the damage from flying a plane into a building; recently published novels did that. Also, the US DHS spent a few years discussing every kooky attack vector there was. What exactly qualifies as "instructions" in this description?
It gets worse: The FBI profile for a terrorist includes possessing a Casio digital watch, or a pocket reference to the US constitution. The slippe
NO WAY IN HELL. (Score:4, Interesting)
Second: This would set the precedent to bring about the absolute and total end of even a pretense of privacy for everyone. It would become leveraged for seaches of anything and everything; everyone's lives would in essence be laid bare for any government agency with a half-assed reason for a search. Not much longer after that the private sector would find a way in, and I wouldn't at all be surprised if not long after that, it would be used outright for marketing datamining.
This is a dangerous, stupid idea, and no way in Hell should it ever be allowed to even be so much as discussed as actual legislation.
Already done with Child porn MD5 search (Score:2)
Google already does this anyway (Score:2)
Only after the government proves it's not corrupt (Score:3)
Key Factor (Score:2)
The huge key factor in the linked article is "warrants."
Rather than a mass collection of data on the off chance some number of things in the data might be useful sometime, this is a very targeted search for a very specific document discovered via a search with a properly issued warrant. There are checks and balances in the system for reasons. Currently, things have swung to far to "collect everything in case we need it!" On the other side of the spectrum is "Collect nothing. Privacy is absolute." Somewhere
USSA (Score:4, Insightful)
Supposedly the USSR had copy machines etched so that it was possible to track down the source of aberrant materials. A means of tracking is also done with consumer copiers in the name of reducing fraud, but there is no law restricting it solely to that use.The Federalist Papers would be an anathema today.
Exactly how much further down this rabbit hole do we want to go? Yes, it is fine and good that these measures will only be used with the best of intentions, but if the difference between a police state and your liberal democracy is intentions, you are already fucked.
Re:USSA (Score:5, Informative)
This is done in the US with all printers, copiers, and just about anything else that can produce digital output. They are all watermarked with the printer info, time and date, plus likely other stuff encoded in (usually) yellow dots all over the page. The EFF had a decryption project for it, not sure how it ended up but the landing page is here:
https://www.eff.org/issues/pri... [eff.org]
It wouldn't work anyhow (Score:2)
Such a search only "works" in the minds of a few people because they have a navel-gazing mindset that presumes all data is managed by a select group of companies they know about, and which are hosted by one country (usually the US in these narrow-minded viewpoints.)
In reality there are hundreds of thousands of service providers around the world, and you'd have to scan them all. Even Google mail is a drop in the bucket compared to the oceans of emails floating around the world.
false question (Score:2)
The entire point of this is to first convince many people to say "why yes, that does seem reasonable" then advance to "but we can't do it if service providers use secure encryption, and that's why we must be provided back doors"! Granted, most email is not stored encrypted with the account owners' public keys, but that's what this "hypothetical" is about, require back doors, then apply that to all stored communications, not just email.
Some file systems checksum files anyway. (Score:2)
So if I commit a crime (Score:3)
and write about it on my lap top surely because Google can do what they can do, they should let the gov/police access to all Google services that are used by my family, friends, co workers and neighbors? Crack pot much?
Terrorism is a crime just like any other and authorities should only have enough power to investigate it like any other crime.
"Suppose" -- is key (Score:2)
"Suppose a laptop were found ..... a file on the laptop that's a set of instructions for carrying out the attacks."
This is a hypothetical.
It's pretty easy to encrypt your way around this. You can use a different IV for every co-conspirator...
The likelihood of this being useful, cost of implementing something like this, and ease of subverting it; all brings me to the conclusion that it won't be worth it.
The money is better spent saving lives by other means.
It's kind of like the DRM discussion: You can't distribute videos without people copying them (you can make copying harder, but really you just make your pr
"hotel search" on a computer (Score:2)
Regular mail (Score:2)
Would they be able to check everybody's regular mail at a sorting facility if they found that the document had been printed out, a box of envelopes with some missing, and a pack of stamps with some of those missing too and the investigators assumed that the suspect mailed any copies so that they would be at the facility at the time of the search?
Re: (Score:2)