Category: Privacy & Security
-
Apple Encryption Saga and Beyond: What U.S. Courts Can Learn from Canadian Caselaw
It has been said that privacy is “at risk of becoming a real human right.” The exponential increase of personal information in the hands of organizations, particularly sensitive data, creates a significant rise in the perils accompanying formerly negligible privacy incidents. At one time considered too intangible to merit even token compensation, risks of harm…
-
The Defend Trade Secrets Act and Whistleblowers
As Freedom to Tinker readers know, I’ve been an active opponent of the federal Defend Trade Secrets Act (DTSA). Though my position on the DTSA remains unchanged, I was both surprised and pleased to see that the revised Defend Trade Secrets Act now includes a narrow, but potentially useful, provision intended to protect whistleblowers from trade secret…
-
On distracted driving and required phone searches
A recent Arstechnica article discussed several U.S. states that are considering adding a “roadside textalyzer” that operates analogously to roadside Breathalyzer tests. In the same way that alcohol and drugs can impair a driver’s ability to navigate the road, so can paying attention to your phone rather than the world beyond. Many states “require” drivers to consent…
-
Gone In Six Characters: Short URLs Considered Harmful for Cloud Services
[This is a guest post by Vitaly Shmatikov, professor at Cornell Tech and once upon a time my adviser at the University of Texas at Austin. — Arvind Narayanan.] TL;DR: short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force. Our scan discovered a large…
-
Why Making Johnny's Key Management Transparent is So Challenging
In light of the ongoing debate about the importance of using end-to-end encryption to protect our data and communications, several tech companies have announced plans to increase the encryption in their services. However, this isn’t a new pledge: since 2014, Google and Yahoo have been working on a browser plugin to facilitate sending encrypted emails…
-
An analogy to understand the FBI's request of Apple
After my previous blog post about the FBI, Apple, and the San Bernadino iPhone, I’ve been reading many other bloggers and news articles on the topic. What seems to be missing is a decent analogy to explain the unusual nature of the FBI’s demand and the importance of Apple’s stance in opposition to it. Before I dive…
-
Apple, the FBI, and the San Bernadino iPhone
Apple just posted a remarkable “customer letter” on its web site. To understand it, let’s take a few steps back. In a nutshell, one of the San Bernadino shooters had an iPhone. The FBI wants to root through it as part of their investigation, but they can’t do this effectively because of Apple’s security features.…
-
The Princeton Bitcoin textbook is now freely available
The first complete draft of the Princeton Bitcoin textbook is now freely available. We’re very happy with how the book turned out: it’s comprehensive, at over 300 pages, but has a conversational style that keeps it readable. If you’re looking to truly understand how Bitcoin works at a technical level and have a basic familiarity…
-
Updating the Defend Trade Secrets Act?
Despite statements to the contrary by sponsors and supporters in April 2014, August 2015, and October 2015, backers of the Defend Trade Secrets Act (DTSA) now aver that “cyber espionage is not the primary focus” of the legislation. At last month’s Senate Judiciary Committee hearing, the DTSA was instead supported by two different primary reasons:…
-
Who Will Secure the Internet of Things?
Over the past several months, CITP-affiliated Ph.D. student Sarthak Grover and fellow Roya Ensafi been investigating various security and privacy vulnerabilities of Internet of Things (IoT) devices in the home network, to get a better sense of the current state of smart devices that many consumers have begun to install in their homes. To explore this question,…