Category: Privacy & Security
-
Do corporations have a "personal privacy" right?
Today, the Supreme Court released its unanimous opinion in Federal Communications Commission v. AT&T Inc., No. 09-1279 (U.S. Mar. 1, 2011) At issue was the question, “Does a corporation have a “personal privacy” right under the Freedom of Information Act?” In this decision, the United States Supreme Court said “no.” The decision was 8-0 with…
-
Things overheard on the WiFi from my Android smartphone
Today in my undergraduate security class, we set up a sniffer so we could run Wireshark and Mallory to listen in on my Android smartphone. This blog piece summarizes what we found. Google properly encrypts traffic to Gmail and Google Voice, but they don’t encrypt traffic to Google Calendar. An eavesdropper can definitely see your…
-
Seals on NJ voting machines, October-December 2008
In my examination of New Jersey’s voting machines, I found that there were no tamper-indicating seals that prevented fiddling with the vote-counting software—just a plastic strap seal on the vote cartridge. And I was rather skeptical whether slapping seals on the machine would really secure the ROMs containing the software. I remembered Avi Rubin’s observations…
-
Brazilian Communications Agency Moves Towards Surveillance Superpowers
January is the month when the Brazilian version of the popular TV show Big Brother returns to the air. For three months, a bunch of people are locked inside a house and their lives are broadcast 24/7. A TV show premised on nonstop surveillance might sound like fun to some people, but it is disturbing…
-
Seals on NJ voting machines, 2004-2008
I have just released a new paper entitled “Security seals on voting machines: a case study” and here I’ll explain how I came to write it. Like many computer scientists, I became interested in the technology of vote-counting after the technological failure of hanging chads and butterfly ballots in 2000. In 2004 I visited my…
-
If Wikileaks Scraped P2P Networks for "Leaks," Did it Break Federal Criminal Law?
On Bloomberg.com today, Michael Riley reports that some of the documents hosted at Wikileaks may not be “leaks” at all, at least not in the traditional sense of the word. Instead, according to a computer security firm called Tiversa, “computers in Sweden” have been searching the files shared on p2p networks like Limewire for sensitive…
-
Some Technical Clarifications About Do Not Track
When I last wrote here about Do Not Track in August, there were just a few rumblings about the possibility of a Do Not Track mechanism for online privacy. Fast forward four months, and Do Not Track has shot to the top of the privacy agenda among regulators in Washington. The FTC staff privacy report…
-
Monitoring all the electrical and hydraulic appliances in your house
Dan Wallach recently wrote about his smart electric meter, which keeps track of the second-by-second current draw of his whole house. But what he might like to know is, exactly what appliance is on at what time? How could you measure that? You might think that one would have to instrument each different circuit at…
-
Burn Notice, season 4, and the abuse of the MacGuffin
One of my favorite TV shows is Burn Notice. It’s something of a spy show, with a certain amount of gadgets but generally no James Bond-esque Q to supply equipment that’s certainly beyond the reach of real-world spycraft. Burn Notice instead focuses on the value of teamwork, advance planning, and clever subterfuge to pull off…
-
Court Rules Email Protected by Fourth Amendment
Today, the United States Court of Appeals for the Sixth Circuit ruled that the contents of the messages in an email inbox hosted on a provider’s servers are protected by the Fourth Amendment, even though the messages are accessible to an email provider. As the court puts it, “[t]he government may not compel a commercial…