Category: Uncategorized
-
What an expert on seals has to say
During the New Jersey voting machines lawsuit, the State defendants tried first one set of security seals and then another in their vain attempts to show that the ROM chips containing vote-counting software could be protected against fraudulent replacement. After one or two rounds of this, Plaintiffs engaged Dr. Roger Johnston, an expert on physical…
-
The trick to defeating tamper-indicating seals
In this post I’ll tell you the trick to defeating physical tamper-evident seals. When I signed on as an expert witness in the New Jersey voting-machines lawsuit, voting machines in New Jersey used hardly any security seals. The primary issues were in my main areas of expertise: computer science and computer security. Even so, when…
-
Super Bust: Due Process and Domain Name Seizure
With the same made-for PR timing that prompted a previous seizure of domain names just before shopping’s “Cyber Monday,” Immigration and Customs Enforcement struck again, this time days before the Super Bowl, against “10 websites that illegally streamed live sporting telecasts and pay-per-view events over the Internet.” ICE executed seizure warrants against the 10, ATDHE.NET,…
-
Predictions for 2011
As promised, the official Freedom to Tinker predictions for 2011. These predictions are the result of discussions that included myself, Joe Hall, Steve Schultze, Wendy Seltzer, Dan Wallach, and Harlan Yu, but note that we don’t individually agree with every prediction. DRM technology will still fail to prevent widespread infringement. In a related development, pigs…
-
2010 Predictions Scorecard
We’re running a little behind this year, but as we do every year, we’ll review the predictions we made for 2010. Below you’ll find our predictions from 2010 in italics, and the results in ordinary type. Please notify us in the comments if we missed anything. (1) DRM technology will still fail to prevent widespread…
-
Web Browser Security User Interfaces: Hard to Get Right and Increasingly Inconsistent
A great deal of online commerce, speech, and socializing supposedly happens over encrypted protocols. When using these protocols, users supposedly know what remote web site they are communicating with, and they know that nobody else can listen in. In the past, this blog has detailed how the technical protocols and legal framework are lacking. Today…
-
CITP Visitors Application Deadline Extended to Feb 1st
The deadline for applications to CITP’s Visitors Program has been extended to February 1st. If you or someone you know is interested but has questions, feel free to contact me at sjs@princeton.edu The Center has secured limited resources from a range of sources to support visiting faculty, scholars or policy experts for up to one-year…
-
RIP Bill Zeller
All of us here at CITP were saddened by the death of Bill Zeller, our respected and much-loved colleague. Bill was a Ph.D. candidate in Computer Science here at Princeton, who died last night due to injuries sustained in a suicide attempt. There has been a huge outpouring of sympathy for Bill, both at Princeton…
-
The Flawed Legal Architecture of the Certificate Authority Trust Model
Researchers have recently criticized the Certificate Authority Trust Model — which involves the issuance and use of digital certificates to authenticate the identity of websites to end-users — because of an array of technical and institutional problems. The criticism is significant not only because of the systemic nature of the noted problems, but also because…
-
Ninth Circuit Ruling in MDY v. Blizzard
The Ninth Circuit has ruled on the MDY v. Blizzard case, which involves contract, copyright, and DMCA claims. As with the district court ruling, I’ll withhold comment due to my involvement as an expert in the case, but the decision may be of interest to FTT readers. [Editor: The EFF has initial reactions here. Techdirt…