> Google had no knowledge of NSA's physical compromise of their data centers.
How do you know this is the case? In the diagram submitted within the article, the box highlighted with the smiley face is labeled "GFE" for Google Front-End [1], which means it's a Google controlled server. It seems more plausible to me that the NSA compromised this target with a FISA court order rather than hacking it. And if that is true, then someone at Google did know about it, they just weren't willing to discuss it because of a legal threat.
> How do you know this is the case? In the diagram submitted within the article, the box highlighted with the smiley face is labeled "GFE" for Google Front-End [1], which means it's a Google controlled server.
Yeah, its the external facing server that is the boundary between Google's (encrypted) communication with outside systems and its internal network which doesn't use encryption.
> It seems more plausible to me that the NSA compromised this target with a FISA court order rather than hacking it.
If you read the article, the leak of documents that included the diagram indicates that:
1. The GFE server itself wasn't compromised, whether by a court order or hacking -- the unsecured communications which occur "behind" the GFE server were compromised, and
2. The entity which compromised the unsecured communications wasn't the NSA, but Britain's GCHQ. The NSA gets information from the compromised system because GCHQ allows NSA to submit search terms ("selectors") which are matched against the data GCHQ collects from tapping Google (and Yahoo!) unsecured internal comms, and then feeds the data matching the selectors back to the NSA.
You are correct, I've misunderstood this program and perhaps the parent post I was responding to. Oh well, can't win 'em all. This is in addition to the PRISM programs we've already seen.
HIPAA is no joke. Even if this company is technically in the clear, being associated with a controversy like this is enough to keep doctors from using the service. Makes me wonder if they had any domain knowledge at all or just a "Yelp for doctors" pitch and some mumbo-jumbo about big data revolutionizing healthcare.
(I'm not a lawyer, but) I doubt they are in the clear. Sounds like they injected a public survey in a communication channel previously reserved for private interaction with their doctor. Perhaps the patient (state privacy law), doctor (business associates agreement), and the government (via HIPPA) have standing.
Under 42 USC § 1320d-5, penalties for wilful neglect are $10k per occurrence, up to 1.5M. There are also criminal penalties for up-to ten years for those who "knowingly" disclose individually identifiable health information for commercial advantage.
Ah, it's not willful, though. They apparently assumed that every single patient would read and understand the tiny, italicized grey print warning to not include personal information.
When companies advertise on TV that they automatically (patient need not request or accept each order) ship replenishment supplies for C-PAP based on eligibility... yeah... HIPPA is a joke.
How is that in any way related to HIPAA? The patient has to contact the company and give them their information. The company then bills their insurance. No one is exposing their private health information.
I'm pretty sure HIPAA made the rule that patients must accept everything billed to insurance (or something to that effect), so I think it makes sense that they would be responsible to making sure it's enforced.
HIPAA isn't taken seriously until shit hits the fan, much like FINRA or any other piece of alphabet soup.
I've seen companies closed over HIPAA violations, and I've seen folks go to jail. It's totally ok to ignore HIPAA until it isn't and by then it's too late.
Some people play chicken with the federal government and some don't. As always, it is up to your particular risk profile.
Regarding the mainstream news cycle and from a PR perspective, you want bad news to come out late Friday to minimize exposure. The typical audience is ready for the weekend and paying less attention. Also staff journalists tend to be off which leaves a weekend crew to man the ship---they're less experienced and have fewer resources available. Since you're likely not going to be pressed for a comment until Monday, the extra days might mean the public outrage subsides by then, or another news story becomes more important.
A lot of bad news comes out late Friday, government reports, financials, etc. It's obvious that the Washington Post was sitting on this particular story and decided to post it only after today's Guardian reports. WaPo has done it quite a lot since the leaks came out, either they aren't particularly interested in breaking these stories, or they're abiding by an earlier deal with Snowden since they wouldn't agree to his release timeline.
Then does not saying racist things automatically make you not-racist? Or is there other criteria we need to apply before hanging the label? For example, do they believe the words coming out of their own mouth? What about someone with Tourette's? I'm not trying to fall in a philosophical hole, but I believe that racism is a conscious choice at some level and mental illness is not.
> Then does not saying racist things automatically make you not-racist?
No, that doesn't work. A person not saying racist things might be a racist on his day off. The absence of racist speech cannot be used to declare a person not racist, because:
1. The person might harbor racist but unspoken thoughts.
2. We're all racists.
Number (2) pretty much settles the issue. I emphasize that the fact that we're all racists doesn't mean we're all bigots, or that we're not ashamed of our racism and sincerely wish to be free of racism.
> I believe that racism is a conscious choice at some level and mental illness is not.
I've met people raised in the south before modern times, and for many of them, racism was not a conscious choice. I've often disagreed with federal intervention in local politics, but as to civil rights, I have to say that was one case where federal intervention was absolutely necessary and just:
Also, mental illness can sometimes be a conscious choice as well. We can talk ourselves into a very unhealthy mental state -- or out of one. I'm talking only about the many kinds of mental illness that aren't biological in origin -- the kinds of mental illness that were voted into existence, and that make the DSM* noticeably bigger with each new revision.
EDIT: I cannot believe someone downvoted this terrific reply. If I say so myself, it's first-rate, and it represents the height of irony that it was downvoted.
Also, mental illness can sometimes be a conscious choice as well. We can talk ourselves into a very unhealthy mental state -- or out of one.
Lest anyone believe this, let me emphasize that this project's author is suffering from schizophrenia, and schizophrenia is a physical disease. Your brain physically deteriorates.
> Lest anyone believe this, let me emphasize that this project's author is suffering from schizophrenia
That doesn't contradict the idea that many mental illnesses have no physical or biological connection, indeed many are inventions of psychologists for their own personal benefit, and were created by votes, not research.
> and schizophrenia is a physical disease. Your brain physically deteriorates.
Very true, which is why schizophrenia isn't a mental illness, it's physical illness with mental symptoms. This isn't remotely controversial.
According to wikipedia, it is associated with (doesn't imply causation) physical changes to the brain in 40-50% of cases. I'm not any kind of expert, just reading what I see there, but apart from small decreases in brain volume (not known whether this is preexistent or not), I don't see any mention of the brain "deteriorating". Indeed, it seems that around a quarter of sufferers recover completely, others may have long periods between relapse. It is also possible to suffer schizophrenia with a high intelligence quotient.
Yes, noted, and perfectly reasonable. All this will eventually be resolved by neuroscience, as it takes over from psychiatry and psychology, a process that has already begun.
Neuroscience has a long way to go before it can offer what medicine offers for conventional diseases. But in the long term, it will make psychiatry and psychology look like astrology.
I noticed on my last trip that the TSA, at all airports involved, were more pushy this time about herding me through the machines, using similar words. I guess there was a new policy memo sent out.
And what happens when these videos are leaked to the press, or some hair-brained politico wants to post them up on his mugshot website.
Accountability is great, but so is innocent until proven guilty. Hopefully systems will be put in place to curb abuse, but I doubt it.
Sure, it's the belief that the rulers can create a rational society through technical means, and it's been the dominant idea of the past century. And time after time, their pet theories of the day are undermined by the unintended consequences of meeting reality.
I think what we need is a public that holds the government accountable to the Fourth.
If you think that the government defying the purpose of the Fourth will be fixed by pushing for another amendment to be passed and then returning to public passivity, you don't understand how the fourth has been "made a runaround".
The Constitution will continue to be treated as something to pay lip service to without substance as long as all the public cares about is having the right words in it rather than the right action (or right restraint of action) by the government. Adding, deleting, or rearranging words won't fix that -- holding people accountable will.
Anyone who watches government in action understands quite well how laws are twisted and turned to meet objectives. It only matters what is explicit, and there is no mention anywhere in the Constitution about "privacy". If this is a value that we Americans wish to continue, then it needs to be codified. Any government action begins with words and the interpretation of said words.
Very clearly true. Compare to the very plain language of the 2nd Amendment, which 9 out of 9 Supreme Court justices agreed was an individual right, with of course 4 saying it then doesn't mean anything.
Those who don't support following the 2nd Amendment as it was intended, or amending it, have absolutely no place in fighting for privacy in this fashion, and, really, if you support rule of men vs. the rule of law....
The reciprocal, my Internet company will spy on my users in exchange for a government contract, wouldn't be called leverage, it'd be called corruption.
Any leadership on the Intelligence Committee will back these programs to the bitter end---they set it up, it's their judgement under scrutiny, and they have the most to lose politically and historically.
How do you know this is the case? In the diagram submitted within the article, the box highlighted with the smiley face is labeled "GFE" for Google Front-End [1], which means it's a Google controlled server. It seems more plausible to me that the NSA compromised this target with a FISA court order rather than hacking it. And if that is true, then someone at Google did know about it, they just weren't willing to discuss it because of a legal threat.
[1] Google server names: http://googlesystem.blogspot.com/2007/09/googles-server-name...