Category: Privacy & Security
-
Bitcoin isn't so broken after all
There has been a lot of noise in the Bitcoin world this week about a new paper by Ittay Eyal and Emin Gun Sirer (“ES” for short) of Cornell, which claims that Bitcoin mining is vulnerable to attack. In a companion blog post, Sirer says unequivocally that “bitcoin is broken.” Let me explain why I…
-
Data Surveillance States—US and Europe
Every day that we learn more about various countries’ data surveillance programs, one point keeps coming up: national data surveillance seems to have few privacy boundaries that the law has effectively protected. In a new essay that I just posted on “The Data Surveillance State in the United States and Europe,” I take a look…
-
Local Expertise is Exceedingly Valuable- Principle #7 for Fostering Civic Engagement Through Digital Technologies
One of the most rewarding and enjoyable aspects of my research has been my series of conversations with innovators in civic engagement in various cities across the country. These conversations have been enlightening for me as I think about how Washington, DC can maximize its natural advantages to foster civic engagement in its neighborhoods. The…
-
The 2008 Liberty Case: An Authoritive Ruling on Snowden's Disclosures
The other day, I was re-reading the 2008 Liberty vs. The United Kingdom ruling of the European Court of Human Rights (‘ECHR’). The case reads like any BREAKING / REVEALED news report on Edward Snowden’s disclosures, and will play a crucial role in the currently pending court cases in Europe on the legality of the…
-
When an Ethnographer met Edward Snowden
If you talk about ‘metadata’, ‘big data’ and ‘Big Brother’ just as easily as you order a pizza, ethnography and anthropology are probably not your first points of reference. But the outcome of a recent encounter of ethnographer Tom Boellstorff and Edward Snowden (not IRL but IRP), is that tech policy wonks and researchers should…
-
Engineering an insider-attack-resistant email system and why you wouldn't want to use it
Earlier this week, Felten made the observation that the government eavesdropping on Lavabit could be considered as an insider attack against Lavabit users. This leads to the obvious question: how might we design an email system that’s resistant to such an attack? The sad answer is that we’ve had this technology for decades but it…
-
U.S. Citizenship and N.S.A. Surveillance – Legal Safeguard or Practical Backdoor?
The main takeaway of two recent disclosures around N.S.A. surveillance practices, is that Americans must re-think ‘U.S. citizenship’ as the guiding legal principle to protect against untargeted surveillance of their communications. Currently, U.S. citizens may get some comfort through the usual political discourse that ‘ordinary Americans’ are protected, and this is all about foreigners. In…
-
A Court Order is an Insider Attack
Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access? The answer is simple but subtle: There are…
-
Lavabit and how law enforcement access might be done in the future
The saga of Lavabit, the now-closed “secure” mail provider, is an interesting object of study. They’re in the process of appealing a court order to produce their SSL private keys, with which a government eavesdropper would then have access to the entirety of all traffic going in and out of Lavabit. You can read Lavabit’s…
-
The Linux Backdoor Attempt of 2003
Josh wrote recently about a serious security bug that appeared in Debian Linux back in 2006, and whether it was really a backdoor inserted by the NSA. (He concluded that it probably was not.) Today I want to write about another incident, in 2003, in which someone tried to backdoor the Linux kernel. This one…