Author: Ed Felten
-
Mesh Networks Won't Fix Internet Security
There’s no doubt that the quality of tech reporting in major newspapers has improved in recent years. It’s rare these days to see a story in, say, the New York Times whose fundamental technical premise is wrong. Still, it does happen occasionally—as it did yesterday. Yesterday’s Times ran a story gushing about mesh networks as…
-
How to protect yourself from Heartbleed
The Heartbleed vulnerability is one of the worst Internet security problems we have seen. I’ll be writing more about what we can learn from Heartbleed and the response to it. For now, here is a quick checklist of what you can do to protect yourself.
-
Secure protocols for accountable warrant execution
Last week the press reported that the White House will seek to redesign the NSA’s mass phone call data program, so that data will be held by the phone companies and accessed by the NSA, subject to a new warrant requirement. The Foreign Intelligence Surveillance Court will issue the warrants. Today Josh Kroll and I,…
-
Algorithms can be more accountable than people
At an academic meeting recently, I was surprised to hear some social scientists accept as obviously correct the claim that involving “algorithms” in decision-making, instead of sticking with good old-fashioned human decision-making, necessarily reduces accountability and increases the risk of bias. I tend to believe the opposite, that making processes algorithmic improves our ability to…
-
Why Dorian Nakamoto Probably Isn't Satoshi
When Newsweek published its cover story last week claiming to have identified the creator of Bitcoin, I tweeted that I was reserving judgment on their claim, pending more evidence. At this point it looks like they don’t have more evidence to show us—and that Newsweek is probably wrong.
-
Understanding Bitcoin's transaction malleability problem
In recent days, several Bitcoin exchanges have suspended certain kinds of payments due to “transaction malleability” issues. There has been a lot of talk about why this happened, and some finger-pointing. In this post, I will try to unpack what “transaction malleability” is and why it has proven to be a problem for some companies.
-
It matters what the NSA does
It seems axiomatic that if we want to have an informed conversation about the legality, ethics, and policy implications of the NSA’s actions, it is useful to know what the NSA is doing. Yet a vocal subset of NSA defenders seem to be taking the contrary position, that information about the agency’s activities serves no…
-
NSA call data analysis: inside or outside government?
Last week the President suggested that the NSA’s database of phone call data be stored outside the government, and he asked his Administration to study how this could be done. Today I’d like to start unpacking the options.
-
Can Washington re-architect the NSA phone data program?
In the President’s NSA reform speech last week, he called for a study of how to re-architect the NSA’s phone call data program, to change where the data is stored. This raises a bunch of interesting computer science questions, which I’m planning to explore in a series of posts here.
-
Top Tech Policy Stories of 2013
As the year draws to a close, it’s time to review the top tech policy stories of 2013. (1) NSA Surveillance. The most important story by far was the revelations about the scope and scale of surveillance by the U.S. National Security Agency and allied services. It took a major leak of documents by Edward…
-
RSA doesn't quite deny undermining customers' crypto
Reuters reported on Saturday that the NSA had secretly paid RSA Data Security $10 million to make a certain flawed algorithm the default in RSA’s BSAFE crypto toolkit, which many companies relied on. RSA issued a vehement but artfully worded quasi-denial. Let’s look at the story, and RSA’s denial.