Privacy

Privacy / Recently Commented

Selling DONA Snake Oil at the ITU

A venerable old ITU tradition got underway today. Its Telecommunication Standardization body, known as the ITU-T, gathered, as it has done every four years for much of the past 100 years in a conclave of nations, to contemplate what they should be doing at their Geneva intergovernmental standards meetings for the next four years. The gathering is called the WTSA... Old intergovernmental institutional habits still continue, so the participants are gathered in a remote location in Tunisia called Hammamet. more»

Writing the Next Chapter for the Historic One-Time Pad

The OTP, or One-Time Pad, also known as the Vernam cipher, is, according to the NSA, "perhaps one of the most important in the history of cryptography." If executed correctly, it provides uncrackable encryption. It has an interesting and storied history, dating back to the 1880s, when Frank Miller, a Yale graduate, invented the idea of the OTP. Communication was expensive and difficult in the age of telegrams, and few messages were easily encrypted. more»

IP Addresses Are Not Telephone Numbers - The Fundamental Flaw with the FCC's Proposed Privacy Rules

Last month the FCC released a Notice of Proposed Rulemaking (NPRM) on Customer Proprietary Network Information (CPNI), the information telcos collect about consumers' phone calls. The Commission's proposed rules would adapt and apply privacy rules that have historically applied to the traditional telephone space to broadband carriers. It would also regulate how broadband providers use and share that data. more»

We Need You: Industry Collaboration to Improve Registration Data Services

For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities... The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. more»

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

Problems With the Burr-Feinstein Bill

What appears to be a leaked copy of the Burr-Feinstein on encryption back doors. Crypto issues aside -- I and my co-authors have written on those before -- this bill has many other disturbing features. (Note: I've heard a rumor that this is an old version. If so, I'll update this post as necessary when something is actually introduced.) One of the more amazing oddities is that the bill's definition of "communications" (page 6, line 10) includes "oral communication", as defined in 18 USC 2510. more»

The Second Machine Age Calls for Vision and Leadership

This post I've been pondering on for a long time, but never found the right angle and perhaps I still haven't. Basically I have these observations, thoughts, ideas and a truckload of questions. Where to start? With the future prospects of us all. Thomas Picketty showed us the rise of inequality. He was recently joined by Robert J. Gordon who not only joins Picketty, but adds that we live in a period of stagnation, for decades already. "All great inventions lie over 40 years and more behind us", he points out. more»

Head of UK Intelligence Agency Says Tech Companies Should Provide a Way Around Encryption

In a speech at the Internet Policy Research Initiative at MIT, British intelligence agency GCHQ director Robert Hannigan said Monday that law enforcement and intelligence officials want only targeted ways to stop what he called "abuse of encryption" by ISIS and other terrorists and criminals. more»

FBI vs Apple: A Bit Of Light Reading

Encryption is key to commerce online. Anything that weakens it is a threat to the digital economy, so the FBI vs Apple case is something that a lot of people are watching very closely... The most recent development is that Apple has filed "Motion to Vacate the Order Compelling Apple Inc. to Assist Agents in Search, and Opposition to the Government's Motion to Compel Assistance." Legal filings aren't light bedtime reading, but this one explores the legal issues as well as the privacy and security implications from multiple angles and underlines why this case is so important. more»

Security, Backdoors and Control

Encryption is a way to keep private information private in the digital world. But there are government actors, particularly here in the US, that want access to our private data. The NSA has been snooping our data for years. Backdoors have been snuck into router encryption code to make it easier to break. Today at M3AAWG we had a keynote from Kim Zetter, talking about Stuxnet and how it spread well outside the control of the people who created it. more»

Encryption = good : Backdoor = bad

Every time there is a tragic attack on people or property, there is a cry from various authorities or politicians for law enforcement to get unfettered access to all kinds of communication tools. But that would cause far more harm than good, and is a really bad idea. The argument goes something like this: 'These bad actors hide behind encrypted communications to plan their evil deeds...' more»

Consumer Trust? Not at ICANN Compliance

Every person and every entity must have a philosophy if they are to be successful. Consumer trust is one of the key issues at the heart of keeping the Internet open as well as prosperous. The ICANN Affirmation of Commitments was signed in 2009 and has been the guiding principle for ICANN's activities going forward. The title of section 9.3 is Promoting competition, consumer trust, and consumer choice. This section is in essence the embodiment of the commitment of ICANN. more»

Officially Compromised Privacy

The essence of information privacy is control over disclosure. Whoever is responsible for the information is supposed to be able to decide who sees it. If a society values privacy, it needs to ensure that there are reasonable protections possible against disclosure to those not authorized by the information's owner. In the online world, an essential technical component for this assurance is encryption. If the encryption that is deployed permits disclosure to those who were not authorized by the information's owner, there should be serious concern about the degree of privacy that is meaningfully possible. more»

Governments Shouldn't Play Games with the Internet

Governments often use small players as pawns in their global games of chess. Two weeks ago the European Court of Justice invalidated the EU-US Safe Harbor ("Safe Harbor") framework, turning Internet businesses into expendable pawns in a government game. But for the past fifteen years, Safe Harbor allowed data flows across the Atlantic -- fostering innovation and incredible economic development. more»

New Bill Bans Internet Companies From Offering Unbreakable Encryption

Companies such as Apple, Google and others will be banned from offering encryption so advanced that even they cannot decipher it when asked to under the UK's Investigatory Powers Bill. more»