Year: 2017
-
RIP, SHA-1
Today’s cryptography news is that researchers have discovered a collision in the SHA-1 cryptographic hash function. Though long-expected, this is a notable milestone in the evolution of crypto standards. Kudos to Marc Stevens, Elie Bursztein, Pierre Karpma, Ange Albertine, and Yarik Markov of CWI Amsterdam and Google Research for their result. SHA-1 was standardized by…
-
Smart Contracts: Neither Smart nor Contracts?
Karen Levy has an interesting new article critiquing blockchain-based “smart contracts.” The first part of her title, “Book-Smart, not Street-Smart,” sums up her point. Here’s a snippet: Though smart contracts do have some features that might serve the goals of social justice and fairness, I suggest that they are based on a thin conception of…
-
Mitigating the Increasing Risks of an Insecure Internet of Things
The emergence and proliferation of Internet of Things (IoT) devices on industrial, enterprise, and home networks brings with it unprecedented risk. The potential magnitude of this risk was made concrete in October 2016, when insecure Internet-connected cameras launched a distributed denial of service (DDoS) attack on Dyn, a provider of DNS service for many large…
-
Regulation and Anti-Regulation
[Hi, Freedom to Tinker readers. I’m back at Princeton, having completed my tour of duty as Deputy U.S. CTO, so I can resume writing here. I’ll start with some posts on specific topics, like the one below. As time goes on, I’ll have a lot more to say about what I learned. –Ed Felten] Politicians often…
-
Engineering around social media border searches
The latest news is that the U.S. Department of Homeland Security is considering a requirement, while passing through a border checkpoint, to inspect a prospective visitor’s “online presence”. That means immigration officials would require users to divulge their passwords to Facebook and other such services, which the agent might then inspect, right there, at the…
-
Regulatory Questions Abound as Mobile Payments Clamor for Position in Apps
People frequently associate mobile payments with “tap and pay” — walking into a store, flashing your smartphone, and then walking out with stuff. But in-store sales really aren’t the focus of companies working on mobile payment issues. That’s because payment in stores generally isn’t a problem in need of a fix. Swiping a payment card…
-
Concerned about Internet of Things Security?
There is no shortage of warnings about the need to improve security for the Internet of Things: The Guardian asks “Can we secure the internet of things in time to prevent another cyber-attack?”. The New York Times calls for “Stepping up Security for an Internet of Things world”. Technology Review reports that Security Experts Warn…
-
AdNauseam, Google, and the Myth of the “Acceptable Ad”
Earlier this month, we (Helen Nissenbaum, Mushon Zer-Aviv, and I), released a new and improved AdNauseam 3.0. For those not familiar, AdNauseam is the adblocker that clicks every ad in an effort to obfuscate tracking profiles and inject doubt into the lucrative economic system that drives advertising-based surveillance. The 3.0 release contains some new features we’ve been excited to…
-
GIS Analysis as a Research Communication Tool
The power of geospatial analysis lies in the new ways it provides to look at datasets and the relations among them. It allows you to explore more nuanced questions and discover correlations previously hidden. Used properly, geographic information system (GIS) tools can increase the saliency of a policy issue by expressing your argument visually and…
-
NYC to Collect GPS Data on Car Service Passengers—Good Intentions Gone Awry or Something Else?
During the holiday season, New York City through its Taxi & Limousine Commission (the “TLC”) proposed a new rule expanding data reporting obligations for car service platform companies including Uber and Lyft. If the rule is adopted, car services will now have to report the GPS coordinates of both passenger pick-up and drop-off locations to the…