Category: Privacy & Security
-
Researchers Show Flaws in Airport Scanner
Today at the Usenix Security Symposium a group of researchers from UC San Diego and the University of Michigan will present a paper demonstrating flaws in a full-body scaning machine that was used at many U.S. airports. In this post I’ll summarize their findings and discuss the security and policy implications.
-
Why were CERT researchers attacking Tor?
Yesterday the Tor Project issued an advisory describing a large-scale identification attack on Tor hidden services. The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was canceled abruptly. These attacks raise serious questions about…
-
A Scanner Darkly: Protecting User Privacy from Perceptual Applications
“A Scanner Darkly”, a dystopian 1977 Philip K. Dick novel (adapted to a 2006 film), describes a society with pervasive audio and video surveillance. Our paper “A Scanner Darkly”, which appeared in last year’s IEEE Symposium on Security and Privacy (Oakland) and has just received the 2014 PET Award for Outstanding Research in Privacy Enhancing Technologies, takes a closer look at…
-
"Loopholes for Circumventing the Constitution", the NSA Statement, and Our Response
CBS News and a host of other outlets have covered my new paper with Sharon Goldberg, Loopholes for Circumventing the Constitution: Warrantless Bulk Surveillance on Americans by Collecting Network Traffic Abroad. We’ll present the paper on July 18 at HotPETS [slides, pdf], right after a keynote by Bill Binney (the NSA whistleblower), and at TPRC…
-
No silver bullet: De-identification still doesn't work
Paul Ohm’s 2009 article Broken Promises of Privacy spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification techniques. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies, despite its claims of “setting…
-
"Privacy Comes at a Cost" – The U.S. Supreme Court’s Opinion in Riley v. California
In Riley v. California, a cell phone search-and-seizure opinion delivered by Chief Justice Roberts for a unanimous Court last month, the U.S. Supreme Court squarely recognized, and afforded special protection to, the ubiquitous use and storage of voluminous electronic data of many different types on mobile devices today. The opinion holds that, without a warrant,…
-
Privacy Implications of Social Media Manipulation
The ethical debate about Facebook’s mood manipulation experiment has rightly focused on Facebook’s manipulation of what users saw, rather than the “pure privacy” issue of which information was collected and how it was used. It’s tempting to conclude that because Facebook didn’t change their data collection procedures, the experiment couldn’t possibly have affected users’ privacy…
-
On Decentralizing Prediction Markets and Order Books
In a new paper to be presented next week at WEIS by Jeremy Clark, we discuss the challenges in designing truly decentralized prediction markets and order books. Prediction markets allow market participants to trade shares in future events (such as “Will the USA advance to the knockout stage of the 2014 World Cup?”) and turn…
-
Cognitive disconnect: Understanding Facebook Connect login permissions
[Nicky Robinson is an undergraduate whose Junior Independent Work project, advised by Joseph Bonneau, turned into a neat research paper. — Arvind Narayanan] When you use the Facebook Connect [1] login system, another website may ask for permission to “post to Facebook for you.” But what does this message mean? If you click “Okay”, what…