Category: Privacy & Security
-
Silk Road, Lavabit, and the Limits of Crypto
Yesterday we saw two stories that illustrate the limits of cryptography as a shield against government. In San Francisco, police arrested a man alleged to be Dread Pirate Roberts (DPR), the operator of online drug market Silk Road. And in Alexandria, Virginia, a court unsealed documents revealing the tussle between the government and secure email…
-
Senate Judiciary Testimony: FISA Oversight
I testified today at a Senate Judiciary committee hearing on Oversight of the Foreign Intelligence Surveillance Act. Here is the written testimony I submitted.
-
The Debian OpenSSL Bug: Backdoor or Security Accident?
On Monday, Ed wrote about Software Transparency, the idea that software is more resistant to intentional backdoors (and unintentional security vulnerabilities) if the process used to create it is transparent. Elements of software transparency include the availability of source code and the ability to read or contribute to a project’s issue tracker or internal developer…
-
Software Transparency
Thanks to the recent NSA leaks, people are more worried than ever that their software might have backdoors. If you don’t believe that the software vendor can resist a backdoor request, the onus is on you to look for a backdoor. What you want is software transparency. Transparency of this type is a much-touted advantage…
-
Is the NSA keeping your encrypted traffic forever?
Much has been written recently about the NSA’s program to systematically defeat the encryption methods used on the internet and in other communications technologies – Project Bullrun, in the parlance of our times. We’ve learned that the NSA can read significant quantities of encrypted traffic on the web, from mobile phone networks, and on virtual…
-
On Security Backdoors
I wrote Monday about revelations that the NSA might have been inserting backdoors into security standards. Today I want to talk through two cases where the NSA has been accused of backdooring standards, and use these cases to differentiate between two types of backdoors.
-
No Facebook, No Service?
The Idaho Statesman, my sort-of-local newspaper, just announced that it will follow the lead of the Miami Herald and no longer allow readers to post anonymous comments to online stories. Starting September 15, readers who want to make comments will have to login through Facebook. This is the second time I’ve encountered a mandatory Facebook…
-
NSA Apparently Undermining Standards, Security, Confidence
The big NSA revelation of last week was that the agency’s multifaceted strategy to read encrypted Internet traffic is generally successful. The story, from the New York Times and ProPublica, described NSA strategies ranging from the predictable—exploiting implementation flaws in some popular crypto products; to the widely-suspected but disappointing—inducing companies to insert backdoors into products;…
-
On the NSA's capabilities
Last Thursday brought significant new revelations about the capacities of the National Security Agency. While the articles in the New York Times, ProPublica, and The Guardian skirted around technical specifics, several broad themes came out. NSA has the capacity to read significant amounts of encrypted Internet traffic. NSA has some amount of cooperation from vendors…
-
Annual report of FCC's Open Internet Advisory Committee
For the past year, I’ve been serving on the FCC’s Open Internet Advisory Committee (OIAC), and chairing its mobile broadband working group. The OIAC just completed its first annual report (available here). The report gives an overview of the past year of work from four working groups (economic impacts, mobile broadband, specialized services, and transparency).…