Collaborate Disseminate
This was newly released under FOIA at my request: Victor C. Williams, Jr., Donn B. Parker, and Charles C. Wood, "Impacts of Federal Policy Options for Nonmilitary Cryptography," NTIA-CR-81-10, National Telecommunications and Information Administration, US. Department of Commerce, June 1981. It argues that cryptography is an important enabling technology. At this point, it’s only of historical value…. Continue reading 1981 US Document on Encryption Policy
The Brennan Center has released a report on EO 12333, the executive order that regulates the NSA’s overseas surveillance. Much of what the NSA does here is secret and, even though the EO is designed for foreign surveillance, Americans are regularly swept up in the NSA’s collection operations: Despite a series of significant disclosures, the scope of these operations, as… Continue reading Brennan Center Report on NSA Overseas Spying and Executive Order 12333
ZDNet has an article on US government pressure on software companies to hand over copies of their source code. There’s no details because no one is talking on the record, but I also believe that this is happening. When asked, a spokesperson for the Justice Dept. acknowledged that the department has demanded source code and private encryption keys before. These… Continue reading Companies Handing Source Code Over to Governments
In the conversation about zero-day vulnerabilities and whether "good" governments should disclose or hoard vulnerabilities, one of the critical variables is independent discovery. That is, if it is unlikely that someone else will independently discover an NSA-discovered vulnerability — the NSA calls this "NOBUS," for "nobody but us" — then it is not unreasonable for the NSA to keep that… Continue reading Simultaneous Discovery of Vulnerabilities