Privacy

Privacy / Featured Blogs

IP Addresses Are Not Telephone Numbers - The Fundamental Flaw with the FCC's Proposed Privacy Rules

Last month the FCC released a Notice of Proposed Rulemaking (NPRM) on Customer Proprietary Network Information (CPNI), the information telcos collect about consumers' phone calls. The Commission's proposed rules would adapt and apply privacy rules that have historically applied to the traditional telephone space to broadband carriers. It would also regulate how broadband providers use and share that data. more»

The Path to DNS Privacy

The DNS is normally a relatively open protocol that smears its data (which is your data and mine too!) far and wide. Little wonder that the DNS is used in many ways, not just as a mundane name resolution protocol, but as a data channel for surveillance and as a common means of implementing various forms of content access control. But all this is poised to change. more»

Join An Online Dialogue About Encryption - Wednesday, May 25, at 13:30 UTC

What are your concerns around encryption? What questions do you have about the legal, technical and policy aspects of the increasing use of encryption? How does encryption help bring about a higher level of trust in the Internet? On Wednesday, May 25, the Internet Society and its Greater Washington, DC Chapter are hosting an "Online Dialogue About Encryption" to discuss all these questions and many more. more»

We Need You: Industry Collaboration to Improve Registration Data Services

For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities... The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. more»

Writing the Next Chapter for the Historic One-Time Pad

The OTP, or One-Time Pad, also known as the Vernam cipher, is, according to the NSA, "perhaps one of the most important in the history of cryptography." If executed correctly, it provides uncrackable encryption. It has an interesting and storied history, dating back to the 1880s, when Frank Miller, a Yale graduate, invented the idea of the OTP. Communication was expensive and difficult in the age of telegrams, and few messages were easily encrypted. more»

The Importance of IPRC in Asia Pacific

I believe and strongly support Internet Principle and Right Coalition (IPRC) Charter is an important edition of document supplementing the principles and rights of individual internet users in any developing and least developed country. Especially in Asia Pacific region where the need and use of such document is immense, as there is a gap in recognition and awareness of rights of internet users. more»

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

Is the FCC Inviting the World's Cyber Criminals into America's Living Rooms?

In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor." The bipartisan statement explains that the Intelligence Committee's Report, "highlights the interconnectivity of U.S. critical infrastructure systems and warns of the heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies." more»

Problems With the Burr-Feinstein Bill

What appears to be a leaked copy of the Burr-Feinstein on encryption back doors. Crypto issues aside -- I and my co-authors have written on those before -- this bill has many other disturbing features. (Note: I've heard a rumor that this is an old version. If so, I'll update this post as necessary when something is actually introduced.) One of the more amazing oddities is that the bill's definition of "communications" (page 6, line 10) includes "oral communication", as defined in 18 USC 2510. more»

Government-Industry Collaboration Is Better than Developing a Surveillance State

President Obama, in March 2016, again stressed the need for better collaboration between the tech industry and the government. He referred to his own White House initiative - this has resulted in the newly-formed US Digital Service, which is trying to recruit the tech industry to work with and for government. One of the key reasons it is so difficult to establish trustworthy, good working relationships is the extreme lack of tech understanding among most politicians and government bureaucrats. more»