CITP Blog - Formerly Freedom to Tinker

Author: Ed Felten

  • Software backdoors and the White House NSA panel report

    – by

    Comments

    Yesterday the five-member panel appointed by the President to review “Intelligence and Communications Technologies” issued its report. The report is serious and substantial, and makes 46 specific recommendations for change. I expect to have a lot to say about the report and its aftermath, but for today I want to focus on one small aspect:…

  • Judge Leon explains why the NSA uses everyone's metadata

    – by

    Comments

    There are many interesting things to discuss in Judge Leon’s opinion from yesterday, finding the NSA’s phone metadata program likely unconstitutional. In this post, I’ll focus on an interesting bit of computer science in the judge’s ruling, and I’ll explain why the judge’s computer science argument is actually more powerful than he realized.

  • How to protect yourself against NSA tracking

    – by

    Comments

    Jonathan Mayer and I have a new piece in Slate about how the NSA piggybacks on the web tracking activities of advertisers and other services. Essentially, the trackers tag computers and smartphones with unique tracking IDs that are attached to web requests, and the NSA uses those tracking IDs to follow users. I wrote last…

  • How to stop spies from piggybacking on commercial Web tracking

    – by

    Comments

    Tonight the Washington Post published a story about the NSA’s eavesdropping on the unique tracking cookies used by advertisers and analytics companies to identify their users. By capturing these unique identifiers the NSA was able to re-identify users whom it had seen earlier. In short, the NSA could piggyback on commercial tracking to track users…

  • Princeton CS research on secure communications

    – by

    Comments

    Continuing our series on security research here at Princeton Computer Science, I’d like to talk about how new information about government surveillance is driving research on how to secure communications. For a long time, users and companies have been slow to adopt secure, encrypted communication technologies. The new surveillance environment changes that, with companies racing…

  • Bitcoin Research in Princeton CS

    – by

    Comments

    ,

    Continuing our post series on ongoing research in computer security and privacy here at Princeton, today I’d like to survey some of our research on Bitcoin. Bitcoin is hot right now because of the recent run-up in its value. At the same time, Bitcoin is a fascinating example of how technology, economics, and social interactions…

  • Game Theory and Bitcoin

    – by

    Comments

    ,

    In light of the back-and-forth about the recent Eyal and Sirer (“ES”) paper about Bitcoin mining, I want to take a step back and talk about what a careful analysis of Bitcoin mining dynamics would look like. (Here are some previous posts if you need backstory: 1 2 3 4 5.) The key to a…

  • Bitcoin isn't so broken after all

    – by

    Comments

    ,

    There has been a lot of noise in the Bitcoin world this week about a new paper by Ittay Eyal and Emin Gun Sirer (“ES” for short) of Cornell, which claims that Bitcoin mining is vulnerable to attack. In a companion blog post, Sirer says unequivocally that “bitcoin is broken.” Let me explain why I…

  • CITP Call for Fellows, Postdocs and Visiting Professor for 2014-15

    – by

    Comments

    The Center for Information Technology Policy is an interdisciplinary research center at Princeton that sits at the crossroads of engineering, the social sciences, law, and policy. CITP seeks Visiting Fellows and Postdoctoral Research Associates for the 2014-2015 academic year who work at the intersection of digital technology and public life, including computer science, sociology, public…

  • A Court Order is an Insider Attack

    – by

    Comments

    Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access? The answer is simple but subtle: There are…

  • The Linux Backdoor Attempt of 2003

    – by

    Comments

    Josh wrote recently about a serious security bug that appeared in Debian Linux back in 2006, and whether it was really a backdoor inserted by the NSA. (He concluded that it probably was not.) Today I want to write about another incident, in 2003, in which someone tried to backdoor the Linux kernel. This one…

  • Silk Road, Lavabit, and the Limits of Crypto

    – by

    Comments

    ,

    Yesterday we saw two stories that illustrate the limits of cryptography as a shield against government. In San Francisco, police arrested a man alleged to be Dread Pirate Roberts (DPR), the operator of online drug market Silk Road. And in Alexandria, Virginia, a court unsealed documents revealing the tussle between the government and secure email…