Collaborate Disseminate
Last month, the White House released the "National Cyber Strategy of the United States of America. I generally don’t have much to say about these sorts of documents. They’re filled with broad generalities. Who can argue with: Defend the homeland by protecting networks, systems, functions, and data; Promote American prosperity by nurturing a secure, thriving digital economy and fostering strong… Continue reading The US National Cyber Strategy
The major tech companies, scared that states like California might impose actual privacy regulations, have now decided that they can better lobby the federal government for much weaker national legislation that will preempt any stricter state measures. I’m sure they’ll still do all they can to weaken the California law, but they know they’ll do better at the national level…. Continue reading Major Tech Companies Finally Endorse Federal Privacy Regulation
Some of us — myself included — have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include: Disincentive for vul… Continue reading Security Risks of Government Hacking
Some of us — myself included — have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include: Disincentive for vulnerability disclosure Cultivation of a market for surveillance tools Attackers co-opt hacking tools over which governments have lost control Attackers… Continue reading Security Risks of Government Hacking
The Five Eyes — the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) — have issued a "Statement of Principles on Access to Evidence and Encryption" where they claim their needs for surveillance outweigh everyone’s needs for security and privacy. …the increasing use and sophistication of certain encryption designs present challenges for… Continue reading Five-Eyes Intelligence Services Choose Surveillance Over Security
Funny and true…. Continue reading xkcd on Voting Computers
BoingBoing has the story. I have never quite trusted the idea of a warrant canary. But here it seems to have worked. (Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear is what we would expect if SpiderOak were being forced to comply… Continue reading SpiderOak’s Warrant Canary Died
Good policy paper (summary here) on the threats, current state, and potential policy solutions for the poor security of US space systems…. Continue reading The Poor Cybersecurity of US Space Assets
A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote. Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging President Trump’s now-defunct "election integrity" commission…. Continue reading Suing South Carolina Because Its Election Machines Are Insecure
The Intercept has a long story about the NSA’s domestic interception points. Includes some new Snowden documents…. Continue reading The NSA’s Domestic Surveillance Centers