Author: Ed Felten
-
Regulation and Anti-Regulation
[Hi, Freedom to Tinker readers. I’m back at Princeton, having completed my tour of duty as Deputy U.S. CTO, so I can resume writing here. I’ll start with some posts on specific topics, like the one below. As time goes on, I’ll have a lot more to say about what I learned. –Ed Felten] Politicians often…
-
FREAK Attack: The Chickens of ‘90s Crypto Restriction Come Home to Roost
Today researchers disclosed a new security flaw in TLS/SSL, the protocol used to secure web connections. The flaw is significant in itself, but it is also a good example of what can go wrong when government asks to build weaknesses into security systems. Back in the early 1990s, it was illegal to export most products…
-
Lenovo Pays For Careless Product Decisions
The discovery last week that Lenovo laptops had been shipping with preinstalled adware that left users wide open to security exploitation triggered a lot of righteous anger in the tech community. David Auerbach at Slate wrote that Lenovo had “betrayed its customers and sold out their security”. Whenever a big company does something so monumentally…
-
In Partial Defense of the Seahawks' Play Calling
The conventional wisdom about last night’s Super Bowl is that the Seahawks made a game-losing mistake by running a passing play from the Patriots’ one yard line in the closing seconds. Some are calling it the worst Super Bowl play call ever. I disagree. I won’t claim it was the right call, but I do…
-
On the Sony Pictures Security Breach
The recent security breach at Sony Pictures is one of the most embarrassing breaches ever, though not the most technically sophisticated. The incident raises lots of interesting questions about the current state of security and public policy.
-
"Information Sharing" Should Include the Public
The FBI recently issued a warning to U.S. businesses about the possibility of foreign-based malware attacks. According to a Reuters story by Jim Finkle: The five-page, confidential “flash” FBI warning issued to businesses late on Monday provided some technical details about the malicious software used in the attack. It provided advice on how to respond…
-
PCLOB testimony on "Defining Privacy"
This morning I’m testifying at a hearing of the Privacy and Civil Liberties Oversight Board, on the topic of “Defining Privacy”. Here is the text of my oral testimony. (This is the text as prepared; there might be minor deviations when I deliver it.) [Update (Nov. 16): video stream of my panel is now available.]
-
On the value of encrypting your phone
This is a true story. Yesterday my phone crashed, and it wouldn’t reboot. Actually it would do nothing but reboot, over and over, with a seemingly different error message every time. I tried all of the tricks available to a technically handy person, and nothing worked—I couldn’t get it out of the crash-reboot cycle. So…
-
Airport Scanners: How Privacy Risk Leads to Security Risk
Debates about privacy and security tend to assume that the two are in opposition, so that improving privacy tends to degrade security, and vice versa. But often the two go hand in hand so that privacy enhances security. A good example comes from the airport scanner study I wrote about yesterday.
-
Researchers Show Flaws in Airport Scanner
Today at the Usenix Security Symposium a group of researchers from UC San Diego and the University of Michigan will present a paper demonstrating flaws in a full-body scaning machine that was used at many U.S. airports. In this post I’ll summarize their findings and discuss the security and policy implications.