Category: Privacy & Security
-
RSA doesn't quite deny undermining customers' crypto
Reuters reported on Saturday that the NSA had secretly paid RSA Data Security $10 million to make a certain flawed algorithm the default in RSA’s BSAFE crypto toolkit, which many companies relied on. RSA issued a vehement but artfully worded quasi-denial. Let’s look at the story, and RSA’s denial.
-
Judge Leon explains why the NSA uses everyone's metadata
There are many interesting things to discuss in Judge Leon’s opinion from yesterday, finding the NSA’s phone metadata program likely unconstitutional. In this post, I’ll focus on an interesting bit of computer science in the judge’s ruling, and I’ll explain why the judge’s computer science argument is actually more powerful than he realized.
-
How to protect yourself against NSA tracking
Jonathan Mayer and I have a new piece in Slate about how the NSA piggybacks on the web tracking activities of advertisers and other services. Essentially, the trackers tag computers and smartphones with unique tracking IDs that are attached to web requests, and the NSA uses those tracking IDs to follow users. I wrote last…
-
The Politics of the EU Court Data Retention Opinion: End to Mass Surveillance?
The Wall Street Journal headlines: “EU Court Opinion: Data Retention Directive Incompatible With Fundamental Rights”. The Opinion is strong, but in fact not yet an outright victory to privacy and civil liberties. The jury is out: the Opinion is a non-binding, but influential advice to the E.U. Court, that will deliver its final judgment come…
-
Privacy and Cloud Computing in Public Schools
As reported today by the New York Times here, we are releasing our research study this morning on “Privacy and Cloud Computing in Public Schools.” Districts across the country are widely and rapidly adopting cloud services to fulfill educational objectives and take advantage of opportunities for cost savings and 24/7 services. Disturbingly, privacy protection for…
-
How to stop spies from piggybacking on commercial Web tracking
Tonight the Washington Post published a story about the NSA’s eavesdropping on the unique tracking cookies used by advertisers and analytics companies to identify their users. By capturing these unique identifiers the NSA was able to re-identify users whom it had seen earlier. In short, the NSA could piggyback on commercial tracking to track users…
-
New Research: Cheating on Exams with Smartwatches
A Belgian university recently banned all watches from exams due to the possibility of smartwatches being used to cheat. Similarly, some standardized tests in the U.S. like the GRE have banned all digital watches. These policies seems prudent, since today’s smartwatches could be used to smuggle in notes or even access websites during the test. However, their potential use…
-
Bitcoin Research in Princeton CS
Continuing our post series on ongoing research in computer security and privacy here at Princeton, today I’d like to survey some of our research on Bitcoin. Bitcoin is hot right now because of the recent run-up in its value. At the same time, Bitcoin is a fascinating example of how technology, economics, and social interactions…
-
NSA Strategy 2012-16: Outsourcing Compliance to Algorithms, and What to Do About It
Over the weekend, two new NSA documents revealed a confident NSA SIGINT strategy for the coming years and a vast increase of NSA-malware infected networks across the globe. The excellent reporting overlooked one crucial development: constitutional compliance will increasingly be outsourced to algorithms. Meaningful oversight of intelligence practises must address this, or face collateral constitutional…