Category: Privacy & Security
-
PCLOB testimony on "Defining Privacy"
This morning I’m testifying at a hearing of the Privacy and Civil Liberties Oversight Board, on the topic of “Defining Privacy”. Here is the text of my oral testimony. (This is the text as prepared; there might be minor deviations when I deliver it.) [Update (Nov. 16): video stream of my panel is now available.]
-
Bitcoin mining is NP-hard
This post is (mostly) a theoretical curiosity, but a discussion last week at CITP during our new course on Bitcoin led us to realize that being an optimal Bitcoin miner is in fact NP-hard. NP-hardness is a complexity classification used in computer science to describe many optimization problems for which we believe there is no algorithm…
-
POODLE and the fundamental market failure of browser security
Last week saw the public disclosure of the POODLE vulnerability, a practical attack allowing a network attacker to steal plaintext from HTTPS connections. In particular, this attack can be used to steal authentication cookies. It’s a bad vulnerability, and it particularly hurts because it should have been fixed long ago. It only affects the ancient SSL v3 protocol, which was…
-
On the value of encrypting your phone
This is a true story. Yesterday my phone crashed, and it wouldn’t reboot. Actually it would do nothing but reboot, over and over, with a seemingly different error message every time. I tried all of the tricks available to a technically handy person, and nothing worked—I couldn’t get it out of the crash-reboot cycle. So…
-
Guessing passwords with Apple’s full-device encryption
With the recently-introduced iOS 8, Apple has switched to a encrypting a much larger amount of user data by default. Matt Green has provided an excellent initial look at a technical level and big-picture level and Apple has recently released a slightly more detailed specification document and an admirable promise never to include backdoors. This move, and Google’s prompt promise…
-
It’s time to bring Bitcoin and cryptocurrencies into the computer science curriculum
In the privacy technologies grad seminar that I taught last semester, Bitcoin proved to be the most popular topic among students. Two groups did very different and equally interesting final projects on Bitcoin and cryptocurrencies; more on that below. More broadly, we’re seeing a huge demand for learning the computer science underlying Bitcoin, both at…
-
Security Audit of Safeplug "Tor in a Box"
Last month at the FOCI workshop, we presented a security analysis of the Safeplug, a $49 box which promised users “complete security and anonymity” online by sending all of their web traffic through the Tor onion routing network. Safeplug claims to offer greater usability, particularly for non-technical customers, than the state-of-the-art in anonymous Internet browsing:…
-
The Dangers of the New Trade Secrets Acts
First, I want to state how thrilled I am to be joining the great group here at CITP. Every CITP scholar that I’ve gotten to know over the past several years have become friends and influenced my work in areas ranging from voting machine code access to international lawmaking processes. I’m delighted to be a…
-
Takedown 2.0: The Trouble with Broad TROs Targeting Non-Party Online Intermediaries
On August 14, a federal district court in Oregon issued an ex parte temporary restraining order (TRO) in a civil copyright infringement case, ABS-CBN v. Ashby. The defendants in the case are accused of operating several “pirate websites” that infringe the plaintiffs’ copyrights in broadcast television programs. In addition to ordering the defendants to stop…
-
Airport Scanners: How Privacy Risk Leads to Security Risk
Debates about privacy and security tend to assume that the two are in opposition, so that improving privacy tends to degrade security, and vice versa. But often the two go hand in hand so that privacy enhances security. A good example comes from the airport scanner study I wrote about yesterday.