Author: Ed Felten
-
Senate Judiciary Testimony: FISA Oversight
I testified today at a Senate Judiciary committee hearing on Oversight of the Foreign Intelligence Surveillance Act. Here is the written testimony I submitted.
-
Software Transparency
Thanks to the recent NSA leaks, people are more worried than ever that their software might have backdoors. If you don’t believe that the software vendor can resist a backdoor request, the onus is on you to look for a backdoor. What you want is software transparency. Transparency of this type is a much-touted advantage…
-
On Security Backdoors
I wrote Monday about revelations that the NSA might have been inserting backdoors into security standards. Today I want to talk through two cases where the NSA has been accused of backdooring standards, and use these cases to differentiate between two types of backdoors.
-
NSA Apparently Undermining Standards, Security, Confidence
The big NSA revelation of last week was that the agency’s multifaceted strategy to read encrypted Internet traffic is generally successful. The story, from the New York Times and ProPublica, described NSA strategies ranging from the predictable—exploiting implementation flaws in some popular crypto products; to the widely-suspected but disappointing—inducing companies to insert backdoors into products;…
-
Axciom Opens (Some) Consumer Data; What Should You Do?
Yesterday Axciom, a large data broker, rolled out their data transparency site, aboutthedata.com. The sites lets you view some data that Axciom has about you, including demographic data, family status, financials, commercial history, and shopping preferences. The site also lets you correct any errors in the data. It looks like you can modify the data…
-
NSA, the FISA Court, and Risks of Tech Summaries
Yesterday the U.S. government released a previously-secret 2011 opinion of the Foreign Intelligence Surveillance Court (FISC), finding certain NSA surveillance and analysis activities to be illegal. The opinion, despite some redactions, gives us a window into the interactions between the NSA and the court that oversees its activities—including why oversight and compliance of surveillance are…
-
Groklaw Shuts Down, Citing NSA Eavesdropping
The legendary technology law blog Groklaw is shutting down. Groklaw’s founder and operator, Pamela “PJ” Jones, wrote that in light of current eavesdropping, email is no longer secure. She went on to say: There is no way to do Groklaw without email. Therein lies the conundrum. […] What to do? I’ve spent the last couple…
-
British Court Blocks Publication of Car Security Paper
Recently a British court ordered researchers to withdraw a paper, “Dismantling Megamos Security: Wirelessly Lockpicking a Vehicle Immobiliser” from next week’s USENIX Security Symposium. This is a blow not only to academic freedom but also to progress in vehicle security. And for those of us who have worked in security for a long time, it…
-
MIT asks to intervene in Swartz FOIA suit
Yesterday MIT filed papers asking to intervene in journalist Kevin Poulsen’s Freedom of Information Act (FOIA) lawsuit seeking the Secret Service’s records of the agency’s investigation of Aaron Swartz. Poulsen had won a court order requiring the Secret Service to turn over its documents about Aaron, who took his own life while facing aggressive criminal…
-
Regulating Bitcoin
On Tuesday the State of California sent a letter to the Bitcoin Foundation, saying that the Foundation might be in violation of California’s law against running an unregistered money transmission business. The letter isn’t important in the grand scheme of things—it’s clear that the Bitcoin Foundation isn’t transmitting money—but it does raise the obvious question…
-
Open-source Governance in Bitcoin
Josh Kroll, Ian Davey, and I have a new paper, The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries, from the Workshop on Economics of Information Security. Our paper looks at the dynamics of Bitcoin, how resilient it would be in the face of attacks, and how Bitcoin is governed. Today I…
-
51% foreign test doesn't protect Americans
One of the notable claims we have heard, in light of the Verizon / PRISM revelations, is that data extraction measures are calibrated to make sure that 51% or more of affected individuals are non-U.S. persons. As a U.S. person, I don’t find this at all reassuring. To see why, let’s think about the underlying…