CITP Blog is hosted by Princeton University’s Center for Information Technology Policy, a research center that studies digital technologies in public life. Here you’ll find comment and analysis from the digital frontier, written by the Center’s faculty, students, and friends.
-
Over the past couple of days there has been some press coverage over security researcher Guarang Pandya’s report that the browser on his Nokia phone was sending all of his…
-
Predictions for 2013
After a year’s hiatus, our annual predictions post is back! As usual, these predictions reflect the results of brainstorming among many affiliates and friends of the blog, so you should…
-
Turktrust Certificate Authority Errors Demonstrate The Risk of "Subordinate" Certificates
Update: More details have continued to come out, and I think that they generally support the less-paranoid version of events. There continues to be discussion on the mozilla.dev.security.policy list, Turktrust…
-
Report on the NSF "Secure and Trustworthy Cyberspace" PI meeting
The National Science Foundation (NSF) Secure and Trustworthy Cyberspace (SaTC) Principal Investigator Meeting (whew!) took place Nov. 27-29, 2012, at the Gaylord Hotel just outside Washington, DC. The SaTC program…
-
Where Are the Legal Lossless Downloads?
I must have been very nice last year, because Santa brought me a Sonos Connect Wireless HiFi System and Network Attached Storage (NAS) with Wake-on-LAN for Christmas. This particular combination…
-
Technology & Nature – Perfect Together?
The ongoing recovery from Sandy’s devastating impact from the Caribbean to the East Coast of the U.S. – particularly New Jersey and New York – highlights for me the complex…
-
End-to-End Encrypted GMail? Not So Easy
Last week Julian Sanchez urged Google to offer end-to-end encryption for GMail, so that your messages would be known to you and your browser (and your email correspondents) but not…
-
You found a security hole. Now what?
The recent conviction of Andrew “Weev” Auernheimer for identity theft and conspiracy has renewed interest in the question of what researchers should do when they find security vulnerabilities in popular…
-
What happens when responsible disclosure fails?
The topic of how to handle security vulnerabilities has been discussed for years. Wikipedia defines responsible disclosure as: Responsible disclosure is a computer security term describing a vulnerability disclosure model.…
-
When Technology Sanctions Backfire: The Syria Blackout
American policymakers face an increasingly complex set of choices about whether to permit commerce with “repressive regimes” for core internet technologies. The more straightforward cases involve prohibitions on US import…